Hi,
When user on VPN network, they can not apply Group Policy since there
is a firewall between VPN network and Internal network. Now, I need to
find out how many ports are required to allow clients to successfully
apply group policy.
Based on KB832017, "To successfully apply Group Policy, a client must
be able to contact a domain controller over the DCOM, ICMP, LDAP, SMB,
and RPC protocols."
Here is the list port information:
Application protocol Protocol Ports
DCOM TCP + UDP random port number between 1024 - 65534
ICMP (ping) ICMP 20
LDAP TCP 389
SMB TCP 445
RPC TCP 135, random port number between 1024 - 65534
It is not feasible to open up so many high ports (1024 - 65534). So do you have any recommendation for this issue?
Thanks in advance!
Andy
- [ActiveDir] Firewall block Group Policy Andy Wang
- RE: [ActiveDir] Firewall block Group Policy Darren Mar-Elia