I am not able to send snmp or wmi requests to the is server 2004 proxy and firewall even when i precise to open all ports to the network management console to the the isa server 2004 local host. Can you please help me concerning this issue.
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet Edit the Ports multi-string to your liking. I use 5000-5100, this should be fine amount for a non application server.(see kb above) Ports 5000-5100 (multi-string)
2. create two basic custom protocols for SMB and dcom,
cust_smb 445 tcp outbound 445 udp send (no related application filters ticked!)
cust_dcom 135 tcp outbound 5000-5100 tcp outbound (no related application filters ticked!)
4. create the rule, allow, source = trusted admin/monitor box(es), destination localhost, protocols: cust_smb, cust_dcom, all users
5. Edit the System policy Untick the 'enable' for Microsoct Management Console, you don't need it now because we have created a better rule for our trusted box(es) ( note having this ticked will create a hidden rule that can break wmi scripts and alike). Untick the 'force strict rpc compliance' option for Active Dicrectory
Click ok, apply new configuration, restart the isa server
now when the isa box has booted back up, from your monitoring box. you can use mmc consoles, vbscripts, wmi scripts to monitor/admin the isa 2004 server. fyi do a netstat -an and you wil se the listening dcom servers in your configured range.
This methods allows for the best of both worlds, secure admin/scripting of the the isa box and no less secure isa box because the rpc filter is still active and being used by isa server other default/custom access or publishing rules.