将“远程桌面会话主机”卷添加到服务器后,下列防火墙规则将创build并在默认情况下处于启用状态。
Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Allowed Users Allowed Computers Terminal Services - WMI (DCOM-In) Terminal Services All Yes Allow No %systemroot%\system32\svchost.exe Any Any TCP 135 Any Any Any Terminal Services - WMI (TCP-In) Terminal Services All Yes Allow No %systemroot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any Terminal Services (NP-In) Terminal Services All Yes Allow No System Any Any TCP 445 Any Any Any Terminal Services (RPC) Terminal Services All Yes Allow No %systemroot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any Terminal Services (RPC-EPMAP) Terminal Services All Yes Allow No %systemroot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any 什么是terminal服务,它需要启用WMI,RPC和NetBIOS?
基于粗略的Googlesearch,它看起来像是与RDS许可证服务器通信以及RDSangular色的远程pipe理。