If you’ve been working with the ISA or TMG firewall for awhile, you might know that you can find tune security for RPC connections through the firewall using UUID information in custom RPC protocol definitions. The main challenge to getting this to work is know the right UUIDs to include in your Protocol Definitions.
To this end, Mohit Saxena from Microsoft PSS come to your aid with a list of UUIDs that he’s kept track of. When using these UUIDs for your RPC Protocol Definitions, make sure you test them first in your lab environment before deploying them into production.
I actually made this list of UUIDs for myself but hopefully it can help J. Might not have all the UUIDs you are looking for though.
BROWSER Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Browser service. This consists of the NetServerEnum API. Also contains the RPC specific data structures for these API.
DRS AD Replication
ELF Event Log APIs
ENDPTMAPPER Responsible for tracking which service is listening on which point. When a service starts, it registers itself with the End Point Mapper and asks the End Point Mapper to assign it a port number. The End Point Mapper is always listening on port 135 for TCP/IP on the End Point Mapper’s UUID. Q159298
LSA Updated for .NET
NSPI MS Exchange Directory NSPI Proxy
PNP PnP APIs which are used to remote the plug-and-play APIs to the local or remote server via RPC.
SAM Updated for .NET
SMB Command code definitions
SRVSRC.IDL Contains the Netr (Net Remote) RPC interface specification for the API associated with the Server Service.
SVCCTL RPC interface for the remotable NetService API.
TERMSERV Terminal Server Licensing
WKSSVC.IDL Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Workstation service
Replication Between 2 CSS Servers
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer