The Following is a list of the Microsoft Windows service details. Data is sourced from Microsoft.com
Active Directory (Local Security Authority)
Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephmeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in 224196: Restricting Active Directory replication traffic to a specific port.
Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.
System service name: LSASS
|
Application protocol
|
Protocol
|
Ports
|
|
Global Catalog Server
|
TCP
|
3269
|
|
Global Catalog Server
|
TCP
|
3268
|
|
LDAP Server
|
TCP
|
389
|
|
LDAP Server
|
UDP
|
389
|
|
LDAP SSL
|
TCP
|
636
|
|
LDAP SSL
|
UDP
|
636
|
|
IPsec ISAKMP
|
UDP
|
500
|
|
NAT-T
|
UDP
|
4500
|
|
RPC
|
TCP
|
135
|
|
RPC randomly allocated high TCP ports
|
TCP
|
1024 - 65536
|
Application Layer Gateway Service
This subcomponent of the Internet Connection Sharing (ICS)/Internet Connection Firewall (ICF) service provides support for plug-ins that allow network protocols to pass through the firewall and work behind Internet Connection Sharing. Application Layer Gateway (ALG) plug-ins can open ports and change data (such as ports and IP addresses) that are embedded in packets. File Transfer Protocol (FTP) is the only network protocol with a plug-in that is included with Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition. The ALG FTP plug–in is designed to support active FTP sessions through the network address translation (NAT) engine that these components use. The ALG FTP plug–in supports these sessions by redirecting all traffic that passes through the NAT and that is destined for port 21 to a private listening port in the range of 3000 to 5000 on the loopback adapter. The ALG FTP plug–in then monitors and updates FTP control channel traffic so that the FTP plug-in can forward port mappings through the NAT for the FTP data channels. The FTP plug–in also updates ports in the FTP control channel stream.
System service name: ALG
|
Application protocol
|
Protocol
|
Ports
|
|
FTP control
|
TCP
|
21
|
ASP.NET State Service
ASP.NET State Service provides support for ASP.NET out-of-process session states. ASP.NET State Service stores session data out-of-process. The service uses sockets to communicate with ASP.NET that is running on a Web server.
System service name: aspnet_state
|
Application protocol
|
Protocol
|
Ports
|
|
ASP.NET Session State
|
TCP
|
42424
|
Certificate Services
Certificate Services is part of the core operating system. By using Certificate Services, a business can act as its own certification authority (CA). In this way, the business can issue and manage digital certificates for programs and protocols such as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL), Encrypting File System (EFS), IPsec, and smart card logon. Certificate Services relies on RPC and on DCOM to communicate with clients by using random TCP ports that are higher than port 1024.
System service name: CertSvc
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Cluster Service
The Cluster service controls server cluster operations and manages the cluster database. A cluster is a collection of independent computers that act as a single computer. Managers, programmers, and users see the cluster as a single system. The software distributes data among the nodes of the cluster. If a node fails, other nodes provide the services and data that was formerly provided by the missing node. When a node is added or repaired, the cluster software migrates some data to that node.
System service name: ClusSvc
|
Application protocol
|
Protocol
|
Ports
|
|
Cluster Services
|
UDP
|
3343
|
|
RPC
|
TCP
|
135
|
|
Cluster Administrator
|
UDP
|
137
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Computer Browser
The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it. The Computer Browser service is used by Windows-based computers to view network domains and resources. Computers that are designated as browsers maintain browse lists that contain all shared resources that are used on the network. Earlier versions of Windows programs, such as My Network Places, the net view command, and Windows Explorer, all require browsing capability. For example, when you open My Network Places on a computer that is running Microsoft Windows 95, a list of domains and computers appears. To display this list, the computer obtains a copy of the browse list from a computer that is designated as a browser.
System service name: Browser
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Name Resolution
|
UDP
|
137
|
|
NetBIOS Session Service
|
TCP
|
139
|
DHCP Server
The DHCP Server service uses the Dynamic Host Configuration Protocol (DHCP) to automatically allocate IP addresses. By using this service, you can adjust the advanced network settings of DHCP clients. For example, you can configure network settings such as Domain Name System (DNS) servers and Windows Internet Name Service (WINS) servers. You can establish one or more DHCP servers to maintain TCP/IP configuration information and to provide that information to client computers.
System service name: DHCPServer
|
Application protocol
|
Protocol
|
Ports
|
|
DHCP Server
|
UDP
|
67
|
|
MADCAP
|
UDP
|
2535
|
Distributed File System
The Distributed File System (DFS) integrates disparate file shares that are located across a local area network (LAN) or wide area network (WAN) into a single logical namespace. The DFS service is required for Active Directory domain controllers to advertise the SYSVOL shared folder.
System service name: Dfs
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
LDAP Server
|
TCP
|
389
|
|
LDAP Server
|
UDP
|
389
|
|
SMB
|
TCP
|
445
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Distributed Link Tracking Server
The Distributed Link Tracking Server system service stores information so that files that are moved between volumes can be tracked to each volume in the domain. The Distributed Link Tracking Server service runs on each domain controller in a domain. This service enables the Distributed Link Tracking Client service to track linked documents that have been moved to a location in another NTFS file system volume in the same domain.
System service name: TrkSvr
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Distributed Transaction Coordinator
The Distributed Transaction Coordinator (DTC) system service is responsible for coordinating transactions that are distributed across multiple computer systems and resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The DTC system service is required if transactional components are configured through COM+. It is also required for transactional queues in Message Queuing (also known as MSMQ) and SQL Server operations that span multiple systems.
System service name: MSDTC
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
DNS Server
The DNS Server service enables DNS name resolution by answering queries and update requests for DNS names. DNS servers are required to locate devices and services that are identified by using DNS names and to locate domain controllers in Active Directory.
System service name: DNS
|
Application protocol
|
Protocol
|
Ports
|
|
DNS
|
UDP
|
53
|
|
DNS
|
TCP
|
53
|
Event Log
The Event Log system service logs event messages that are generated by programs and by the Windows operating system. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes events that are sent by programs, by services, and by the operating system to log files. The events contain diagnostic information in addition to errors that are specific to the source program, the service, or the component. The logs can be viewed programmatically through the event log APIs or through the Event Viewer in an MMC snap-in.
System service name: Eventlog
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Microsoft Exchange Server and Outlook clients
Versions of Microsoft Exchange Server and Exchange clients have various port and protocol requirements. These requirements depend upon which version of Exchange Server or Exchange client is in use.
For Outlook clients to connect to versions of Exchange prior to Exchange 2003, direct RPC connectivity to the Exchange server is required. RPC connections made from Outlook to the Exchange server will first contact the RPC endpoint mapper (Port TCP 135) to request information on the port mappings of the various endpoints required. The Outlook client then tries to make connections to the Exchange server directly by using these endpoint ports.
Exchange 5.5 uses two ports for client communication. One port is for the Information Store, and one port is for the Directory. Exchange 2000 and 2003 use three ports for client communication. One port is for the Information Store, one is for Directory Referral (RFR), and one port is for DSProxy/NSPI.
In most cases, these two or three ports will be mapped randomly into the range TCP 1024-65534. If required, these ports can be configured to always bind to a static port mapping rather than to use the ephemeral ports.
For more information about how to configure static TCP/IP ports in Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:
270836 (http://support.microsoft.com/kb/270836/) Exchange Server static port mappings
Outlook 2003 clients support direct connectivity to Exchange servers by using RPC. However, these clients can also communicate with Exchange 2003 servers that are hosted on Windows Server 2003-based computers on the Internet. The use of RPC over HTTP communication between Outlook and Exchange server eliminates the need to expose unauthenticated RPC traffic across the Internet. Instead, traffic between the Outlook 2003 client and the Exchange Server 2003 computer is tunneled within HTTPS packets over TCP port 443 (HTTPS).
RPC over HTTP requires that port TCP 443 (HTTPS) be available between the Outlook 2003 client and the server that is functioning as the "RPCProxy" device. The HTTPS packets are terminated at the RPCProxy server and the unwrapped RPC packets are then passed to the Exchange server on three ports, in similar fashion to the direct RPC traffic described above. These RPC over HTTP ports on the Exchange server are statically mapped to TCP 6001 (the Information Store), TCP 6002 (Directory Referral), and TCP 6004 (DSProxy/NSPI). No endpoint mapper must be exposed when using RPC over HTTP communication between Outlook 2003 and Exchange 2003, since Outlook 2003 knows to use these statically mapped endpoint ports. In addition, no global catalog needs to be exposed to the Outlook 2003 client because the DSProxy/NSPI interface on the Exchange 2003 server will provide this functionality.
There may be additional items to consider for your specific environment. For further information and for help planning an Exchange implementation, visit the following Microsoft Web site:
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
270836 (http://support.microsoft.com/kb/270836/) Exchange 2000 and Exchange 2003 static port mappings
278339 (http://support.microsoft.com/kb/278339/) TCP/UDP ports used by Exchange 2000 Server
280132 (http://support.microsoft.com/kb/280132/) Exchange 2000 Windows 2000 connectivity through firewalls
282446 (http://support.microsoft.com/kb/282446/) DSProxy configuration for static ports on Exchange cluster
827330 (http://support.microsoft.com/kb/827330/) How to troubleshoot client RPC over HTTP connection issues in Office Outlook 2003
833401 (http://support.microsoft.com/kb/833401/) How to configure RPC over HTTP on a single server in Exchange Server 2003
Exchange Server can also provide support for other protocols, such as SMTP, Post Office Protocol 3 (POP3), and IMAP.
|
Application protocol
|
Protocol
|
Ports
|
|
IMAP
|
TCP
|
143
|
|
IMAP over SSL
|
TCP
|
993
|
|
POP3
|
TCP
|
110
|
|
POP3 over SSL
|
TCP
|
995
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
|
RPC
|
TCP
|
135
|
|
RPC over HTTP
|
TCP
|
443
|
|
SMTP
|
TCP
|
25
|
|
SMTP
|
UDP
|
25
|
|
Information Store
|
TCP
|
6001
|
|
Directory Referral
|
TCP
|
6002
|
|
DSProxy/NSPI
|
TCP
|
6004
|
Fax Service
Fax Service, a Telephony API (TAPI)–compliant system service, provides fax capabilities. By using Fax Service, users can send and receive faxes from their desktop programs by using either a local fax device or a shared network fax device.
System service name: Fax
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
|
SMB
|
TCP
|
445
|
File Replication
The File Replication service (FRS) is a file-based replication engine that automatically copies updates to files and folders between computers that are participating in a common FRS replica set. FRS is the default replication engine that is used to replicate the contents of the SYSVOL folder between Windows 2000-based and Windows Server 2003-based domain controllers that are located in a common domain. FRS may be configured to replicate files and folders between targets of a DFS root or link by using the DFS Administration tool.
System service name: NtFrs
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
File Server for Macintosh
By using the File Server for Macintosh system service, Macintosh computer users can store and access files on a computer that is running Windows Server 2003. If this service is turned off or blocked, Macintosh clients cannot access or store files on that computer.
System service name: MacFile
|
Application protocol
|
Protocol
|
Ports
|
|
File Server for Macintosh
|
TCP
|
548
|
FTP Publishing Service
FTP Publishing Service provides FTP connectivity. By default, the FTP control port is 21. However, you can configure this system service through the Internet Information Services (IIS) Manager snap-in. The default data (that is used for active mode FTP) port is automatically set to one port less than the control port. Therefore, if you configure the control port to port 4131, the default data port is port 4130. Most FTP clients use passive mode FTP. This means that the client initially connects to the FTP server by using the control port, the FTP server assigns a high TCP port between ports 1025 and 5000, and then the client opens a second connection to the FTP server for transferring data. You can configure the range of high ports by using the IIS metabase.
System service name: MSFTPSVC
|
Application protocol
|
Protocol
|
Ports
|
|
FTP control
|
TCP
|
21
|
|
FTP default data
|
TCP
|
20
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Group Policy
To successfully apply Group Policy, a client must be able to contact a domain controller over the DCOM, ICMP, LDAP, SMB, and RPC protocols. If any one of these protocols are unavailable or blocked between the client and a relevant domain controller, policy will not apply or refresh. For a cross-domain logon, where a computer is in one domain, and the user account is in another, these protocols may be required for the client, the resource domain, and the account domain to communicate. ICMP is used for slow link detection. For more information about slow link detection, click the following article number to view the article in the Microsoft Knowledge Base:
227260 (http://support.microsoft.com/kb/227260/) How a slow link is detected for processing user profiles and Group Policy
System service name: Group Policy
|
Application protocol
|
Protocol
|
Ports
|
|
DCOM
|
TCP + UDP
|
random port number between 1024 - 65534
|
|
ICMP (ping)
|
UCP
|
20
|
|
LDAP
|
TCP
|
389
|
|
SMB
|
TCP
|
445
|
|
RPC
|
TCP
|
135, random port number between 1024 - 65534
|
HTTP SSL
The HTTP SSL system service enables IIS to perform SSL functions. SSL is an open standard for establishing an encrypted communications channel to help prevent the interception of critical information, such as credit card numbers. Although this service is designed to work on other Internet services, it is primarily used to enable encrypted electronic financial transactions on the World Wide Web (WWW). You can configure the ports for this service through the Internet Information Services (IIS) Manager snap-in.
System service name: HTTPFilter
|
Application protocol
|
Protocol
|
Ports
|
|
HTTPS
|
TCP
|
443
|
Internet Authentication Service
Internet Authentication Service (IAS) performs centralized authentication, authorization, auditing, and accounting of users who are connecting to a network. These users can be on a LAN connection or on a remote connection. IAS implements the Internet Engineering Task Force (IETF) standard Remote Authentication Dial-In User Service (RADIUS) protocol.
System service name: IAS
|
Application protocol
|
Protocol
|
Ports
|
|
Legacy RADIUS
|
UDP
|
1645
|
|
Legacy RADIUS
|
UDP
|
1646
|
|
RADIUS Accounting
|
UDP
|
1813
|
|
RADIUS Authentication
|
UDP
|
1812
|
Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
This system service provides NAT, addressing, and name resolution services for all computers on your home network or your small-office network. When the Internet Connection Sharing feature is enabled, your computer becomes an "Internet gateway" on the network, and other client computers can then share one connection to the Internet, such as a dial-up connection or a broadband connection. This service provides basic DHCP and DNS services but will work with the full-featured Windows DHCP or DNS services. When ICF and Internet Connection Sharing act as a gateway for the rest of the computers on your network, they provide DHCP and DNS services to the private network on the internal network interface. They do not provide these services on the external-facing interface.
System service name: SharedAccess
|
Application protocol
|
Protocol
|
Ports
|
|
DHCP Server
|
UDP
|
67
|
|
DNS
|
UDP
|
53
|
|
DNS
|
TCP
|
53
|
Kerberos Key Distribution Center
When you use the Kerberos Key Distribution Center (KDC) system service, users can log on to the network by using the Kerberos version 5 authentication protocol. As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: the Authentication Service and the Ticket-Granting Service. The Authentication Service issues ticket granting tickets, and the Ticket-Granting Service issues tickets for connection to computers in its own domain.
System service name: kdc
|
Application protocol
|
Protocol
|
Ports
|
|
Kerberos
|
TCP
|
88
|
|
Kerberos
|
UDP
|
88
|
License Logging
The License Logging system service is a tool that was originally designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model. License Logging was introduced with Microsoft Windows NT Server 3.51. By default, the License Logging service is disabled in Windows Server 2003. Because of legacy design constraints and evolving license terms and conditions, License Logging may not provide an accurate view of the total number of CALs that are purchased compared to the total number of CALs that are used on a particular server or across the enterprise. The CALs that are reported by License Logging may conflict with the interpretation of the End-User License Agreement (EULA) and with Product Use Rights (PUR). License Logging will not be included in future versions of the Windows operating system. Microsoft recommends that only users of the Microsoft Small Business Server family of operating systems enable this service on their servers.
System service name: LicenseService
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
SMB
|
TCP
|
445
|
Message Queuing
The Message Queuing system service is a messaging infrastructure and development tool for creating distributed messaging programs for Windows. These programs can communicate across heterogeneous networks and can send messages between computers that may be temporarily unable to connect to each other. Message Queuing helps provide security, efficient routing, support for sending messages within transactions, priority-based messaging, and guaranteed message delivery.
System service name: MSMQ
|
Application protocol
|
Protocol
|
Ports
|
|
MSMQ
|
TCP
|
1801
|
|
MSMQ
|
UDP
|
1801
|
|
MSMQ-DCs
|
TCP
|
2101
|
|
MSMQ-Mgmt
|
TCP
|
2107
|
|
MSMQ-Ping
|
UDP
|
3527
|
|
MSMQ-RPC
|
TCP
|
2105
|
|
MSMQ-RPC
|
TCP
|
2103
|
|
RPC
|
TCP
|
135
|
Messenger
The Messenger system service sends messages to or receives messages from users and computers, administrators, and the Alerter service. This service is not related to Windows Messenger. If you disable the Messenger service, notifications that are sent to computers or users who are currently logged on the network are not received. Additionally, the net send command and the net name command no longer function.
System service name: Messenger
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
Microsoft Exchange MTA Stacks
In Microsoft Exchange 2000 Server and Microsoft Exchange Server 2003, the Message Transfer Agent (MTA) is frequently used to provide backward-compatible message transfer services between Exchange 2000 Server-based servers and Exchange Server 5.5-based servers in a mixed-mode environment.
System service name: MSExchangeMTA
|
Application protocol
|
Protocol
|
Ports
|
|
X.400
|
TCP
|
102
|
Microsoft Operations Manager 2000
Microsoft Operations Manager (MOM) 2000 delivers enterprise-class operations management by providing comprehensive event management, proactive monitoring and alerting, reporting, and trend analysis. After you install MOM 2000 Service Pack 1 (SP1), MOM 2000 no longer uses a clear text communications channel, and all traffic between the MOM agent and the MOM server is encrypted over TCP port 1270. The MOM Administrator console uses DCOM to connect to the server. This means that administrators who manage the MOM server over the network must have access to random high TCP ports.
System service name: one point
|
Application protocol
|
Protocol
|
Ports
|
|
MOM-Clear
|
TCP
|
51515
|
|
MOM-Encrypted
|
TCP
|
1270
|
Microsoft POP3 Service
Microsoft POP3 Service provides e-mail transfer and retrieval services. Administrators can use this service to store and manage e-mail accounts on the mail server. When you install Microsoft POP3 Service on the mail server, users can connect to the mail server and can retrieve e-mail by using an e-mail client that supports the POP3 protocol, such as Microsoft Outlook.
System service name: POP3SVC
|
Application protocol
|
Protocol
|
Ports
|
|
POP3
|
TCP
|
110
|
MSSQLSERVER
MSSQLSERVER is a system service in Microsoft SQL Server 2000. SQL Server provides a powerful and comprehensive data management platform. You can configure the ports that each instance of SQL Server uses by using the Server Network Utility.
System service name: MSSQLSERVER
|
Application protocol
|
Protocol
|
Ports
|
|
SQL over TCP
|
TCP
|
1433
|
|
SQL Probe
|
UDP
|
1434
|
MSSQL$UDDI
The MSSQL$UDDI system service is installed during the installation of the Universal Description, Discovery, and Integration (UDDI) feature of the Windows Server 2003 family of operating systems. MSSQL$UDDI provides UDDI capabilities in an enterprise. The SQL Server database engine is the core component of MSSQL$UDDI.
System service name: MSSQLSERVER
|
Application protocol
|
Protocol
|
Ports
|
|
SQL over TCP
|
TCP
|
1433
|
|
SQL Probe
|
UDP
|
1434
|
Net Logon
The Net Logon system service maintains a security channel between your computer and the domain controller to authenticate users and services. It passes the user's credentials to a domain controller and returns the domain security identifiers and user rights for the user. This is typically referred to as pass-through authentication. Net Logon is configured to start automatically only when a member computer or domain controller is joined to a domain. In the Windows 2000 Server and Windows Server 2003 families, Net Logon publishes service resource locator records in the DNS. When this service runs, it relies on the Server service and on the Local Security Authority service to listen for incoming requests. On domain member computers, Net Logon uses RPC over named pipes. On domain controllers, it uses RPC over named pipes, RPC over TCP/IP, mailslots, and Lightweight Directory Access Protocol (LDAP).
System service name: Netlogon
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Name Resolution
|
UDP
|
137
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
SMB
|
TCP
|
445
|
NetMeeting Remote Desktop Sharing
The NetMeeting Remote Desktop Sharing system service allows authorized users to remotely access your Windows desktop from another personal computer over a corporate intranet by using Windows NetMeeting. You must explicitly enable this service in NetMeeting. You can disable or shut down this feature by using an icon in the Windows notification area.
System service name: mnmsrvc
|
Application protocol
|
Protocol
|
Ports
|
|
Terminal Services
|
TCP
|
3389
|
Network News Transfer Protocol (NNTP)
The Network News Transfer Protocol (NNTP) system service allows computers that are running Windows Server 2003 to act as news servers. Clients can use a news client, such as Microsoft Outlook Express, to retrieve newsgroups from the server and to read the headers or the bodies of the articles in each newsgroup.
System service name: NNTPSVC
|
Application protocol
|
Protocol
|
Ports
|
|
NNTP
|
TCP
|
119
|
|
NNTP over SSL
|
TCP
|
563
|
Performance Logs and Alerts
The Performance Logs and Alerts system service collects, based on preconfigured schedule parameters, performance data from local or remote computers and then writes that data to a log or triggers a message. Based on the information that is contained in the named log collection setting, the Performance Logs and Alerts service starts and stops each named performance data collection. This service only runs if at least one performance data collection is scheduled.
System service name: SysmonLog
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Session Service
|
TCP
|
139
|
Print Spooler
The Print Spooler system service manages all local and network print queues and controls all print jobs. Print Spooler is the center of the Windows printing subsystem. It manages the print queues on the system and communicates with printer drivers and input/output (I/O) components, such as the USB port and the TCP/IP protocol suite.
System service name: Spooler
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
SMB
|
TCP
|
445
|
Remote Installation
You can use the Remote Installation system service to install Windows 2000, Windows XP, and Windows Server 2003 on Pre-Boot eXecution Environment (PXE) remote boot-enabled client computers. The Boot Information Negotiation Layer (BINL) service, the primary component of Remote Installation Server (RIS), answers PXE client requests, checks Active Directory for client validation, and passes client information to and from the server. The BINL service is installed when you either add the RIS component from Add/Remove Windows Components, or select it when you initially install the operating system.
System service name: BINLSVC
|
Application protocol
|
Protocol
|
Ports
|
|
BINL
|
UDP
|
4011
|
Remote Procedure Call (RPC)
The Remote Procedure Call (RPC) system service is an interprocess communication (IPC) mechanism that enables data exchange and invocation of functionality that reside in a different process. The different process can be on the same computer, on the LAN, or in a remote location, and can be accessed over a WAN connection or over a VPN connection. The RPC service serves as the RPC endpoint mapper and Component Object Model (COM) Service Control Manager. Many services depend on the RPC service to start successfully.
System service name: RpcSs
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
RPC over HTTP
|
TCP
|
593
|
Remote Procedure Call (RPC) Locator
The Remote Procedure Call (RPC) Locator system service manages the RPC name service database. When this service is turned on, RPC clients can locate RPC servers. This service is turned off by default.
System service name: RpcLocator
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
SMB
|
TCP
|
445
|
Remote Storage Notification
The Remote Storage Notification system service notifies users when they read from or write to files that are only available from a secondary storage media. Stopping this service prevents this notification.
System service name: Remote_Storage_User_Link
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Remote Storage Server
The Remote Storage Server system service stores infrequently used files on a secondary storage medium. If you stop this service, users cannot move or retrieve files from the secondary storage media.
System service name: Remote_Storage_Server
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Routing and Remote Access
The Routing and Remote Access service provides multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and NAT routing services. Additionally, the Routing and Remote Access service also provides dial-up and VPN remote access services. Although Routing and Remote Access can use all the following protocols, the service typically uses only a subset of them. For example, if you configure a VPN gateway that lies behind a filtering router, you will probably use only one technology. If you use L2TP with IPsec, you must allow IPsec ESP (IP protocol 50), NAT-T (UDP on port 4500), and IPsec ISAKMP (UDP on port 500) through the router.
Note Although NAT-T and IPsec ISAKMP are required for L2TP, these ports are actually monitored by the Local Security Authority. For additional information about this, see the "References" section of this article.
System service name: RemoteAccess
|
Application protocol
|
Protocol
|
Ports
|
|
GRE (IP protocol 47)
|
GRE
|
n/a
|
|
IPsec AH (IP protocol 51)
|
AH
|
n/a
|
|
IPsec ESP (IP protocol 50)
|
ESP
|
n/a
|
|
L2TP
|
UDP
|
1701
|
|
PPTP
|
TCP
|
1723
|
Server
The Server system service provides RPC support and file, print, and named pipe sharing over the network. The Server service allows the sharing of local resources, such as disks and printers, so that other users on the network can access them. It also allows named pipe communication between programs that are running on the local computer and on other computers. Named pipe communication is memory that is reserved for the output of one process to be used as input for another process. The input-accepting process does not have to be local to the computer.
System service name: lanmanserver
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Name Resolution
|
UDP
|
137
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
SMB
|
TCP
|
445
|
SharePoint Portal Server
With the SharePoint Portal Server system service, you can develop an intelligent portal that seamlessly connects users, teams, and knowledge so that people can take advantage of relevant information across business processes. Microsoft SharePoint Portal Server 2003 provides an enterprise business solution that integrates information from various systems into one solution through single sign-on and enterprise application integration capabilities.
|
Application protocol
|
Protocol
|
Ports
|
|
HTTP
|
TCP
|
80
|
|
HTTPS
|
TCP
|
443
|
Simple Mail Transfer Protocol (SMTP)
The Simple Mail Transfer Protocol (SMTP) system service is an e-mail submission and relay agent. It accepts and queues e-mail for remote destinations, and it retries at specified intervals. Windows domain controllers use the SMTP service for intersite e-mail-based replication. The Collaboration Data Objects (CDO) for the Windows Server 2003 COM component can use the SMTP service to submit and to queue outbound e-mail.
System service name: SMTPSVC
|
Application protocol
|
Protocol
|
Ports
|
|
SMTP
|
TCP
|
25
|
|
SMTP
|
UDP
|
25
|
Simple TCP/IP Services
Simple TCP/IP Services implements support for the following protocols:
|
•
|
Echo, port 7, RFC 862
|
|
•
|
Discard, port 9, RFC 863
|
|
•
|
Character Generator, port 19, RFC 864
|
|
•
|
Daytime, port 13, RFC 867
|
|
•
|
Quote of the Day, port 17, RFC 865
|
System service name: SimpTcp
|
Application protocol
|
Protocol
|
Ports
|
|
Chargen
|
TCP
|
19
|
|
Chargen
|
UDP
|
19
|
|
Daytime
|
TCP
|
13
|
|
Daytime
|
UDP
|
13
|
|
Discard
|
TCP
|
9
|
|
Discard
|
UDP
|
9
|
|
Echo
|
TCP
|
7
|
|
Echo
|
UDP
|
7
|
|
Quotd
|
TCP
|
17
|
|
Quoted
|
UDP
|
17
|
SMS Remote Control Agent
SMS Remote Control Agent is a system service in Microsoft Systems Management Server (SMS) 2003. SMS Remote Control Agent provides a comprehensive solution for change and for configuration management for the Microsoft operating systems. With this solution, organizations can provide relevant software and updates to users.
System service name: Wuser32
|
Application protocol
|
Protocol
|
Ports
|
|
SMS Remote Chat
|
TCP
|
2703
|
|
SMS Remote Chat
|
UDP
|
2703
|
|
SMS Remote Control (control)
|
TCP
|
2701
|
|
SMS Remote Control (control)
|
UDP
|
2701
|
|
SMS Remote Control (data)
|
TCP
|
2702
|
|
SMS Remote Control (data)
|
UDP
|
2702
|
|
SMS Remote File Transfer
|
TCP
|
2704
|
|
SMS Remote File Transfer
|
UDP
|
2704
|
SNMP Service
SNMP Service allows incoming Simple Network Management Protocol (SNMP) requests to be serviced by the local computer. SNMP Service includes agents that monitor activity in network devices and report to the network console workstation. SNMP Service provides a method of managing network hosts (such as workstation or server computers, routers, bridges, and hubs) from a centrally-located computer that is running network management software. SNMP performs management services by using a distributed architecture of management systems and agents.
System service name: SNMP
|
Application protocol
|
Protocol
|
Ports
|
|
SNMP
|
UDP
|
161
|
SNMP Trap Service
SNMP Trap Service receives trap messages that are generated by local or by remote SNMP agents and then forwards those messages to SNMP management programs that are running on your computer. SNMP Trap Service, when configured for an agent, generates trap messages if any specific events occur. These messages are sent to a trap destination. For example, an agent can be configured to initiate an authentication trap if an unrecognized management system sends a request for information. Trap destinations include the computer name, the IP address, or the Internetwork Packet Exchange (IPX) address of the management system. The trap destination must be a network-enabled host that is running SNMP management software.
System service name: SNMPTRAP
|
Application protocol
|
Protocol
|
Ports
|
|
SNMP Traps Outbound
|
UDP
|
162
|
SQL Analysis Server
The SQL Analysis Server system service is a component of SQL Server 2000. With SQL Analysis Server, you can create and manage OLAP cubes and data mining models. The analysis server may access local or remote data sources for creating and storing cubes or data mining models.
|
Application protocol
|
Protocol
|
Ports
|
|
SQL Analysis Services
|
TCP
|
2725
|
SQL Server: Downlevel OLAP Client Support
This system service is used by SQL Server 2000 when the SQL Analysis Server service has to support connections from downlevel (OLAP Services 7.0) clients. These are the default ports for OLAP services that are used by SQL 7.0.
|
Application protocol
|
Protocol
|
Ports
|
|
OLAP Services 7.0
|
TCP
|
2393
|
|
OLAP Services 7.0
|
TCP
|
2394
|
SSDP Discovery Service
SSDP Discovery Service implements Simple Service Discovery Protocol (SSDP) as a Windows service. SSDP Discovery Service manages receipt of device presence announcements, updates its cache, and passes these notifications along to clients with outstanding search requests. SSDP Discovery Service also accepts registration of event callbacks from clients, turns these into subscription requests, and monitors for event notifications. It then passes these requests along to the registered callbacks. This system service also provides hosted devices with periodic announcements. Currently, the SSDP event notification service uses TCP port 5000. Starting with the next Windows XP service pack, it will rely on TCP port 2869.
Note At the time of this writing, the current Windows XP service pack level is Windows XP Service Pack 1 (SP1).
System service name: SSDPRSR
|
Application protocol
|
Protocol
|
Ports
|
|
SSDP
|
UDP
|
1900
|
|
SSDP event notification
|
TCP
|
2869
|
|
SSDP legacy event notification
|
TCP
|
5000
|
Systems Management Server 2.0
Microsoft Systems Management Server (SMS) 2003 provides a comprehensive solution for change and configuration management for Microsoft operating systems. With this solution, organizations can provide relevant software and updates to users quickly and cost-effectively.
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Datagram Service
|
UDP
|
138
|
|
NetBIOS Name Resolution
|
UDP
|
137
|
|
NetBIOS Session Service
|
TCP
|
139
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
TCP/IP Print Server
The TCP/IP Print Server system service enables TCP/IP–based printing by using the Line Printer Daemon (LPD) protocol. The LPD service on the server receives documents from Line Printer Remote (LPR) utilities that are running on UNIX computers.
System service name: LPDSVC
|
Application protocol
|
Protocol
|
Ports
|
|
LPD
|
TCP
|
515
|
Telnet
The Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. A Telnet server supports two types of authentication and supports the following four types of terminals:
American National Standards Institute (ANSI)
VT-100
VT-52
VTNT
System service name: TlntSvr
|
Application protocol
|
Protocol
|
Ports
|
|
Telnet
|
TCP
|
23
|
Terminal Services
Terminal Services provides a multi-session environment that allows client devices to access a virtual Windows desktop session and Windows-based programs that are running on the server. Terminal Services allows multiple users to be connected interactively to a computer.
System service name: TermService
|
Application protocol
|
Protocol
|
Ports
|
|
Terminal Services
|
TCP
|
3389
|
Terminal Services Licensing
The Terminal Services Licensing system service installs a license server and provides licenses to registered clients when the clients connect to a terminal server (a server that has Terminal Server enabled). Terminal Services Licensing is a low-impact service that stores the client licenses that have been issued for a terminal server, and then tracks the licenses that have been issued to client computers or terminals.
System service name: TermServLicensing
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
|
SMB (named pipes)
|
TCP
|
139, 445
|
Terminal Services Session Directory
The Terminal Services Session Directory system service allows clusters of load-balanced terminal servers to correctly route a user's connection request to the server where the user already has a session running. Users are routed to the first-available terminal server, regardless of whether they are running another session in the server cluster. The load-balancing functionality pools the processing resources of several servers by using the TCP/IP networking protocol. You can use this service with a cluster of terminal servers to increase the performance of a single terminal server by distributing sessions across multiple servers. Terminal Services Session Directory keeps track of disconnected sessions on the cluster and makes sure that users are reconnected to those sessions.
System service name: Tssdis
|
Application protocol
|
Protocol
|
Ports
|
|
RPC
|
TCP
|
135
|
|
Randomly allocated high TCP ports
|
TCP
|
random port number between 1024 - 65534
|
Trivial FTP Daemon
The Trivial FTP Daemon system service does not require a user name or a password and is an integral part of the Remote Installation Services (RIS). The Trivial FTP Daemon service implements support for the Trivial FTP Protocol (TFTP) that is defined by the following RFCs:
RFC 1350 - TFTP
RFC 2347 - Option extension
RFC 2348 - Block size option
RFC 2349 - Timeout interval, and transfer size options
Trivial File Transfer Protocol (TFTP) is a file transfer protocol that is designed to support diskless boot environments. The TFTP service listens on UDP port 69 but responds from a randomly allocated high port. Therefore, enabling this port will let the TFTP service receive incoming TFTP requests, but will not let the selected server respond to those requests. The service is free to respond to any such request from any source port it wishes, and the remote client will then use that port for the duration of the transfer. Communication is bidirectional. If you need to enable this protocol through a firewall, it may be useful to open UDP port 69 inbound. You can then rely on other firewall features, which dynamically allow the service to respond through temporary holes on any other port.
System service name: tftpd
|
Application protocol
|
Protocol
|
Ports
|
|
TFTP
|
UDP
|
69
|
Universal Plug and Play Device Host
The Universal Plug and Play Host discovery system service implements all the components that are required for device registration, control, and the response to events for hosted devices. The information that is registered that pertains to a device (the description, the lifetimes, and the containers) are optionally stored to disk and are announced on the network after registration, or when the operating system restarts. The service also includes the Web server that serves the device, in addition to service descriptions and a presentation page.
System service name: UPNPHost
|
Application protocol
|
Protocol
|
Ports
|
|
UPNP
|
TCP
|
2869
|
Windows Internet Name Service (WINS)
Windows Internet Name Service (WINS) enables NetBIOS name resolution. This service helps you locate network resources by using NetBIOS names. WINS servers are required unless all domains have been upgraded to the Active Directory directory service and unless all computers on the network are running Windows 2000 or later. WINS servers communicate with network clients by using NetBIOS name resolution. WINS replication is only required between WINS servers.
System service name: WINS
|
Application protocol
|
Protocol
|
Ports
|
|
NetBIOS Name Resolution
|
UDP
|
137
|
|
WINS Replication
|
TCP
|
42
|
|
WINS Replication
|
UDP
|
42
|
Windows Media Services
Windows Media Services in Windows Server 2003 replaces the following four services that are included in Windows Media Services versions 4.0 and 4.1:
Windows Media Monitor Service
Windows Media Program Service
Windows Media Station Service
Windows Media Unicast Service
Windows Media Services is now a single service that runs on Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. Its core components were developed by using the COM, and it has a flexible architecture that you can customize for specific programs. It supports a greater variety of control protocols, including Real Time Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP.
System service name: WMServer
|
Application protocol
|
Protocol
|
Ports
|
|
HTTP
|
TCP
|
80
|
|
MMS
|
TCP
|
1755
|
|
MMS
|
UDP
|
1755
|
|
MS Theater
|
UDP
|
2460
|
|
RTCP
|
UDP
|
5005
|
|
RTP
|
UDP
|
5004
|
|
RTSP
|
TCP
|
554
|
Windows Time
The Windows Time system service maintains date and time synchronization on all Windows XP and Windows Server 2003-based computers on a network. This service uses Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or timestamp is assigned for network validation and for resource access requests. The implementation of NTP and the integration of time providers help make Windows Time a reliable and scalable time service for your enterprise. For computers that are not joined to a domain, you can configure Windows Time to synchronize time with an external time source. If this service is turned off, the time setting for local computers is not synchronized with a time service in the Windows domain or with an externally configured time service. Windows Server 2003 uses NTP. NTP runs on UDP port 123. The Windows 2000 version of this service uses Simple Network Time Protocol (SNTP). SNTP also runs on UDP port 123.
System service name: W32Time
|
Application protocol
|
Protocol
|
Ports
|
|
NTP
|
UDP
|
123
|
|
SNTP
|
UDP
|
123
|
World Wide Web Publishing Service
World Wide Web Publishing Service provides the infrastructure that is necessary to register, to manage, to monitor, and to serve Web sites and programs that are registered with IIS. This system service contains a process manager and a configuration manager. The process manager controls the processes where custom applications and Web sites reside. The configuration manager reads the stored system configuration for World Wide Web Publishing Service and makes sure that Http.sys is configured to route HTTP requests to the appropriate application pools or operating system processes. You can configure the ports that are used by this service through the Internet Information Services (IIS) Manager snap-in. If the administrative Web site is enabled, a virtual Web site is created that uses HTTP traffic on TCP port 8098.
System service name: W3SVC
|
Application protocol
|
Protocol
|
Ports
|
|
HTTP
|
TCP
|
80
|
|
HTTPS
|
TCP
|
443
|
|
Application protocol
|
Protocol
|
Ports
|
|
HTTP
|
TCP
|
80
|
|
HTTPS
|
TCP
|
443
|
Ports and protocols
The following table summarizes the information from the "System services ports" section of this article. This table is sorted by port number instead of by the service name.
|
Port
|
Protocol
|
Application protocol
|
System service name
|
|
n/a
|
GRE
|
GRE (IP protocol 47)
|
Routing and Remote Access
|
|
n/a
|
ESP
|
IPsec ESP (IP protocol 50)
|
Routing and Remote Access
|
|
n/a
|
AH
|
IPsec AH (IP protocol 51)
|
Routing and Remote Access
|
|
7
|
TCP
|
Echo
|
Simple TCP/IP Services
|
|
7
|
UDP
|
Echo
|
Simple TCP/IP Services
|
|
9
|
TCP
|
Discard
|
Simple TCP/IP Services
|
|
9
|
UDP
|
Discard
|
Simple TCP/IP Services
|
|
13
|
TCP
|
Daytime
|
Simple TCP/IP Services
|
|
13
|
UDP
|
Daytime
|
Simple TCP/IP Services
|
|
17
|
TCP
|
Quotd
|
Simple TCP/IP Services
|
|
17
|
UDP
|
Quotd
|
Simple TCP/IP Services
|
|
19
|
TCP
|
Chargen
|
Simple TCP/IP Services
|
|
19
|
UDP
|
Chargen
|
Simple TCP/IP Services
|
|
20
|
TCP
|
FTP default data
|
FTP Publishing Service
|
|
21
|
TCP
|
FTP control
|
FTP Publishing Service
|
|
21
|
TCP
|
FTP control
|
Application Layer Gateway Service
|
|
23
|
TCP
|
Telnet
|
Telnet
|
|
25
|
TCP
|
SMTP
|
Simple Mail Transfer Protocol
|
|
25
|
UDP
|
SMTP
|
Simple Mail Transfer Protocol
|
|
25
|
TCP
|
SMTP
|
Exchange Server
|
|
25
|
UDP
|
SMTP
|
Exchange Server
|
|
42
|
TCP
|
WINS Replication
|
Windows Internet Name Service
|
|
42
|
UDP
|
WINS Replication
|
Windows Internet Name Service
|
|
53
|
TCP
|
DNS
|
DNS Server
|
|
53
|
UDP
|
DNS
|
DNS Server
|
|
53
|
TCP
|
DNS
|
Internet Connection Firewall/Internet Connection Sharing
|
|
53
|
UDP
|
DNS
|
Internet Connection Firewall/Internet Connection Sharing
|
|
67
|
UDP
|
DHCP Server
|
DHCP Server
|
|
67
|
UDP
|
DHCP Server
|
Internet Connection Firewall/Internet Connection Sharing
|
|
69
|
UDP
|
TFTP
|
Trivial FTP Daemon Service
|
|
80
|
TCP
|
HTTP
|
Windows Media Services
|
|
80
|
TCP
|
HTTP
|
World Wide Web Publishing Service
|
|
80
|
TCP
|
HTTP
|
SharePoint Portal Server
|
|
88
|
TCP
|
Kerberos
|
Kerberos Key Distribution Center
|
|
88
|
UDP
|
Kerberos
|
Kerberos Key Distribution Center
|
|
102
|
TCP
|
X.400
|
Microsoft Exchange MTA Stacks
|
|
110
|
TCP
|
POP3
|
Microsoft POP3 Service
|
|
110
|
TCP
|
POP3
|
Exchange Server
|
|
119
|
TCP
|
NNTP
|
Network News Transfer Protocol
|
|
123
|
UDP
|
NTP
|
Windows Time
|
|
123
|
UDP
|
SNTP
|
Windows Time
|
|
135
|
TCP
|
RPC
|
Message Queuing
|
|
135
|
TCP
|
RPC
|
Remote Procedure Call
|
|
135
|
TCP
|
RPC
|
Exchange Server
|
|
135
|
TCP
|
RPC
|
Certificate Services
|
|
135
|
TCP
|
RPC
|
Cluster Service
|
|
135
|
TCP
|
RPC
|
Distributed File System
|
|
135
|
TCP
|
RPC
|
Distributed Link Tracking
|
|
135
|
TCP
|
RPC
|
Distributed Transaction Coordinator
|
|
135
|
TCP
|
RPC
|
Event Log
|
|
135
|
TCP
|
RPC
|
Fax Service
|
|
135
|
TCP
|
RPC
|
File Replication
|
|
135
|
TCP
|
RPC
|
Group Policy
|
|
135
|
TCP
|
RPC
|
Local Security Authority
|
|
135
|
TCP
|
RPC
|
Remote Storage Notification
|
|
135
|
TCP
|
RPC
|
Remote Storage Server
|
|
135
|
TCP
|
RPC
|
Systems Management Server 2.0
|
|
135
|
TCP
|
RPC
|
Terminal Services Licensing
|
|
135
|
TCP
|
RPC
|
Terminal Services Session Directory
|
|
137
|
UDP
|
NetBIOS Name Resolution
|
Computer Browser
|
|
137
|
UDP
|
NetBIOS Name Resolution
|
Server
|
|
137
|
UDP
|
NetBIOS Name Resolution
|
Windows Internet Name Service
|
|
137
|
UDP
|
NetBIOS Name Resolution
|
Net Logon
|
|
137
|
UDP
|
NetBIOS Name Resolution
|
Systems Management Server 2.0
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Computer Browser
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Messenger
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Server
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Net Logon
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Distributed File System
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
Systems Management Server 2.0
|
|
138
|
UDP
|
NetBIOS Datagram Service
|
License Logging Service
|
|
139
|
TCP
|
NetBIOS Session Service
|
Computer Browser
|
|
139
|
TCP
|
NetBIOS Session Service
|
Fax Service
|
|
139
|
TCP
|
NetBIOS Session Service
|
Performance Logs and Alerts
|
|
139
|
TCP
|
NetBIOS Session Service
|
Print Spooler
|
|
139
|
TCP
|
NetBIOS Session Service
|
Server
|
|
139
|
TCP
|
NetBIOS Session Service
|
Net Logon
|
|
139
|
TCP
|
NetBIOS Session Service
|
Remote Procedure Call Locator
|
|
139
|
TCP
|
NetBIOS Session Service
|
Distributed File System
|
|
139
|
TCP
|
NetBIOS Session Service
|
Systems Management Server 2.0
|
|
139
|
TCP
|
NetBIOS Session Service
|
License Logging Service
|
|
143
|
TCP
|
IMAP
|
Exchange Server
|
|
161
|
UDP
|
SNMP
|
SNMP Service
|
|
162
|
UDP
|
SNMP Traps Outbound
|
SNMP Trap Service
|
|
389
|
TCP
|
LDAP Server
|
Local Security Authority
|
|
389
|
UDP
|
LDAP Server
|
Local Security Authority
|
|
389
|
TCP
|
LDAP Server
|
Distributed File System
|
|
389
|
UDP
|
LDAP Server
|
Distributed File System
|
|
443
|
TCP
|
HTTPS
|
HTTP SSL
|
|
443
|
TCP
|
HTTPS
|
World Wide Web Publishing Service
|
|
443
|
TCP
|
HTTPS
|
SharePoint Portal Server
|
|
443
|
TCP
|
RPC over HTTP
|
Exchange Server 2003
|
|
445
|
TCP
|
SMB
|
Fax Service
|
|
445
|
TCP
|
SMB
|
Print Spooler
|
|
445
|
TCP
|
SMB
|
Server
|
|
445
|
TCP
|
SMB
|
Remote Procedure Call Locator
|
|
445
|
TCP
|
SMB
|
Distributed File System
|
|
445
|
TCP
|
SMB
|
License Logging Service
|
|
445
|
TCP
|
SMB
|
Net Logon
|
|
464
|
TCP
|
Kerberos Password V5
|
Net Logon
|
|
500
|
UDP
|
IPsec ISAKMP
|
Local Security Authority
|
|
515
|
TCP
|
LPD
|
TCP/IP Print Server
|
|
548
|
TCP
|
File Server for Macintosh
|
File Server for Macintosh
|
|
554
|
TCP
|
RTSP
|
Windows Media Services
|
|
563
|
TCP
|
NNTP over SSL
|
Network News Transfer Protocol
|
|
593
|
TCP
|
RPC over HTTP endpoint mapper
|
Remote Procedure Call
|
|
593
|
TCP
|
RPC over HTTP
|
Exchange Server
|
|
636
|
TCP
|
LDAP SSL
|
Local Security Authority
|
|
636
|
UDP
|
LDAP SSL
|
Local Security Authority
|
|
993
|
TCP
|
IMAP over SSL
|
Exchange Server
|
|
995
|
TCP
|
POP3 over SSL
|
Exchange Server
|
|
1067
|
TCP
|
Installation Bootstrap Service
|
Installation Bootstrap protocol server
|
|
1068
|
TCP
|
Installation Bootstrap Service
|
Installation Bootstrap protocol client
|
|
1270
|
TCP
|
MOM-Encrypted
|
Microsoft Operations Manager 2000
|
|
1433
|
TCP
|
SQL over TCP
|
Microsoft SQL Server
|
|
1433
|
TCP
|
SQL over TCP
|
MSSQL$UDDI
|
|
1434
|
UDP
|
SQL Probe
|
Microsoft SQL Server
|
|
1434
|
UDP
|
SQL Probe
|
MSSQL$UDDI
|
|
1645
|
UDP
|
Legacy RADIUS
|
Internet Authentication Service
|
|
1646
|
UDP
|
Legacy RADIUS
|
Internet Authentication Service
|
|
1701
|
UDP
|
L2TP
|
Routing and Remote Access
|
|
1723
|
TCP
|
PPTP
|
Routing and Remote Access
|
|
1755
|
TCP
|
MMS
|
Windows Media Services
|
|
1755
|
UDP
|
MMS
|
Windows Media Services
|
|
1801
|
TCP
|
MSMQ
|
Message Queuing
|
|
1801
|
UDP
|
MSMQ
|
Message Queuing
|
|
1812
|
UDP
|
RADIUS Authentication
|
Internet Authentication Service
|
|
1813
|
UDP
|
RADIUS Accounting
|
Internet Authentication Service
|
|
1900
|
UDP
|
SSDP
|
SSDP Discovery Service
|
|
2101
|
TCP
|
MSMQ-DCs
|
Message Queuing
|
|
2103
|
TCP
|
MSMQ-RPC
|
Message Queuing
|
|
2105
|
TCP
|
MSMQ-RPC
|
Message Queuing
|
|
2107
|
TCP
|
MSMQ-Mgmt
|
Message Queuing
|
|
2393
|
TCP
|
OLAP Services 7.0
|
SQL Server: Downlevel OLAP Client Support
|
|
2394
|
TCP
|
OLAP Services 7.0
|
SQL Server: Downlevel OLAP Client Support
|
|
2460
|
UDP
|
MS Theater
|
Windows Media Services
|
|
2535
|
UDP
|
MADCAP
|
DHCP Server
|
|
2701
|
TCP
|
SMS Remote Control (control)
|
SMS Remote Control Agent
|
|
2701
|
UDP
|
SMS Remote Control (control)
|
SMS Remote Control Agent
|
|
2702
|
TCP
|
SMS Remote Control (data)
|
SMS Remote Control Agent
|
|
2702
|
UDP
|
SMS Remote Control (data)
|
SMS Remote Control Agent
|
|
2703
|
TCP
|
SMS Remote Chat
|
SMS Remote Control Agent
|
|
2703
|
UPD
|
SMS Remote Chat
|
SMS Remote Control Agent
|
|
2704
|
TCP
|
SMS Remote File Transfer
|
SMS Remote Control Agent
|
|
2704
|
UDP
|
SMS Remote File Transfer
|
SMS Remote Control Agent
|
|
2725
|
TCP
|
SQL Analysis Services
|
SQL Analysis Server
|
|
2869
|
TCP
|
UPNP
|
Universal Plug and Play Device Host
|
|
2869
|
TCP
|
SSDP event notification
|
SSDP Discovery Service
|
|
3268
|
TCP
|
Global Catalog Server
|
Local Security Authority
|
|
3269
|
TCP
|
Global Catalog Server
|
Local Security Authority
|
|
3343
|
UDP
|
Cluster Services
|
Cluster Service
|
|
3389
|
TCP
|
Terminal Services
|
NetMeeting Remote Desktop Sharing
|
|
3389
|
TCP
|
Terminal Services
|
Terminal Services
|
|
3527
|
UDP
|
MSMQ-Ping
|
Message Queuing
|
|
4011
|
UDP
|
BINL
|
Remote Installation
|
|
4500
|
UDP
|
NAT-T
|
Local Security Authority
|
|
5000
|
TCP
|
SSDP legacy event notification
|
SSDP Discovery Service
|
|
5004
|
UDP
|
RTP
|
Windows Media Services
|
|
5005
|
UDP
|
RTCP
|
Windows Media Services
|
|
6001
|
TCP
|
Information Store
|
Exchange Server 2003
|
|
6002
|
TCP
|
Directory Referral
|
Exchange Server 2003
|
|
6004
|
TCP
|
DSProxy/NSPI
|
Exchange Server 2003
|
|
42424
|
TCP
|
ASP.Net Session State
|
ASP.NET State Service
|
|
51515
|
TCP
|
MOM-Clear
|
Microsoft Operations Manager 2000
|
|
1024-65534
|
TCP
|
RPC
|
Randomly allocated high TCP ports
|
Active Directory port and protocol requirements
Application servers, client computers and domain controllers that are located in common or external forests have service dependencies so that user and computer initiated operations like domain join, logon authentication, remote administration, and Active Directory replication work correctly. Such services and operations require network connectivity over specific port and networking protocols.
A summarized list of services, ports and protocols required for member computers and domain controllers to inter-operate with each other or for application servers to access Active Directory include but are not limited to the following:
|
1.
|
Active Directory / LSA
|
|
2.
|
Certificate Services (required for specific configurations)
|
|
3.
|
Computer Browser
|
|
4.
|
DHCP Server (if so configured)
|
|
5.
|
Distributed File System
|
|
6.
|
Distributed Link Tracking Server (optional but on by default on Windows 2000 computers)
|
|
7.
|
Distributed Transaction Coordinator
|
|
8.
|
DNS Server (if so configured)
|
|
9.
|
Event Log
|
|
10.
|
Fax Service (if so configured)
|
|
11.
|
File Replication
|
|
12.
|
File Server for Macintosh (if so configured)
|
|
13.
|
HTTP SSL
|
|
14.
|
Internet Authentication Service (if so configured)
|
|
15.
|
Kerberos Key Distribution Center
|
|
16.
|
License Logging (on by default)
|
|
17.
|
Messenger
|
|
18.
|
Net Logon
|
|
19.
|
Performance Logs and Alerts
|
|
20.
|
Print Spooler
|
|
21.
|
Remote Installation (if so configured)
|
|
22.
|
Remote Procedure Call (RPC)
|
|
23.
|
Remote Procedure Call (RPC) Locator
|
|
24.
|
Remote Storage Notification
|
|
25.
|
Remote Storage Server
|
|
26.
|
Routing and Remote Access
|
|
27.
|
Server
|
|
28.
|
Simple Mail Transfer Protocol (SMTP) (if so configured)
|
|
29.
|
SNMP Service
|
|
30.
|
SNMP Trap Service
|
|
31.
|
TCP/IP Print Server
|
|
32.
|
Telnet
|
|
33.
|
Terminal Services
|
|
34.
|
Terminal Services Licensing
|
|
35.
|
Terminal Services Session Directory
|
|
36.
|
WINS
|
|
37.
|
Windows Time
|
|
38.
|
World Wide Web Publishing Service
|