Can we completely disable DCOM in Windows and shut down Port 135 altogether? We have patched systems being compromised again by the same worms, and we just want to close the port.

Microsoft Knowledge Base Article 825750 says changing the EnableDCOM string value to 'N' in the HKEY_LOCAL_MACHINE\Software\Microsoft\OLE registry key will disable DCOM.

Also, a nice utility called DCOMbobulator
from Gibson Research checks whether the MS-RPC patch has been installed correctly while letting you turn off DCOM at the click of a button.

Disabling DCOM on Windows 9x/ME systems will close Port 135. On Windows NT, 2000 and XP systems, there are two other Microsoft services that listen on the same port. One is the Distributed Transaction Coordinator, and the other is the Task Scheduler. Both can be turned off through the services icon in the administrative tools section of the control panel.

Turning off the Distributed Transaction Coordinator will not affect most users, but the Task Scheduler is used by the XP pre-fetch system for start-up performance improvement and by a number of programs for automatic update retrieval.

Blass is a network architect at Change@Work in Houston. He can be reached at dr.internet@changeatwork.com.