A few weeks ago, I was using sc.exe to manage services on a remote machine in the same domain. The problem was that it was super slow - every call took about 30 seconds. I would have loved to use Remote Desktop, PowerShell, WMI, or really anything else, but the firewall was blocking all those things and I didn't want to open any ports unless absolutely necessary. (The RPC Endpoint Mapper was already open, which is why SC worked at all.)
After placing a 50-rep bounty on a Server Fault question, I learned that it was indeed the firewall causing this issue. The answer said that I should do some registry tweaking to change the RPC dynamic ports to something that can go through my firewall. I wasn't all that jazzed about tweaking the registry, but that answer did inspire me to my own solution, which I posted as an answer in that same thread.
Windows Firewall can open just the dynamic RPC ports, which shouldn't be bound to any application and so not much additional attack surface will be exposed. Since SC apparently uses a dynamic port that it negotiates with the RPC Endpoint Mapper, I'm not sure how it worked at all (maybe it timed out at each port and counted up until it found an open one?), but opening the dynamic ports made SC super fast even across the network.
No comments:
Post a Comment