Americas

  • United States

Shutting off Windows DCOM

Opinion
Sep 15, 20032 mins
NetworkingPatch Management SoftwareVulnerabilities

* Dr. Internet columnist Steve Blass helps a reader figure out how to disable DCOM

Can we completely disable DCOM in Windows and shut down Port 135 altogether? We have patched systems being compromised again by the same worms, and we just want to close the port.

Microsoft Knowledge Base Article 825750 (https://support.microsoft.com/default.aspx?kbid=825750) says changing the EnableDCOM string value to ‘N’ in the HKEY_LOCAL_MACHINESoftwareMicrosoftOLE registry key will disable DCOM.

Also, a nice utility called DCOMbobulator (https://www.grc.com/dcom/) from Gibson Research checks whether the MS-RPC patch has been installed correctly while letting you turn off DCOM at the click of a button.

Disabling DCOM on Windows 9x/ME systems will close Port 135. On Windows NT, 2000 and XP systems, there are two other Microsoft services that listen on the same port. One is the Distributed Transaction Coordinator, and the other is the Task Scheduler. Both can be turned off through the services icon in the administrative tools section of the control panel.

Turning off the Distributed Transaction Coordinator will not affect most users, but the Task Scheduler is used by the XP pre-fetch system for start-up performance improvement and by a number of programs for automatic update retrieval.

Blass is a network architect at Change@Work in Houston. He can be reached at dr.internet@changeatwork.com.