Mohit Saxena’s List of UUIDs for ISA/TMG Firewall Control over RPC

If you’ve been working with the ISA or TMG firewall for awhile, you might know that you can find tune security for RPC connections through the firewall using UUID information in custom RPC protocol definitions. The main challenge to getting this to work is know the right UUIDs to include in your Protocol Definitions.

To this end, Mohit Saxena image from Microsoft PSS come to your aid with a list of UUIDs that he’s kept track of. When using these UUIDs for your RPC Protocol Definitions, make sure you test them first in your lab environment before deploying them into production.

=========================================================

I actually made this list of UUIDs for myself but hopefully it can help J. Might not have all the UUIDs you are looking for though.

6bffd098_a112_3610_9833_012892020162
BROWSER  Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Browser service.  This consists of the NetServerEnum API. Also contains the RPC specific data structures for these API.                                                                                                                                                   

3dde7c30_165d_11d1_ab8f_00805f14db40          CryptoAPI                                                                                                                                                                          

50abc2a4_574d_40b3_9d66_ee4fd5fba076          DNS                                                                                                                                                                      

e3514235_4b06_11d1_ab04_00c04fc2dcd2
DRS AD Replication                                                                                                                                                  

82273FDC-E32A-18C3-3F78-827929DC23EA
ELF Event Log APIs                                                                                                                                                 

e1af8308_5d1f_11c9_91a4_08002b14a0fa
ENDPTMAPPER Responsible for tracking which service is listening on which point. When a service starts, it registers itself with the End Point Mapper and asks the End Point Mapper to assign it a port number. The End Point Mapper is always listening on port 135 for TCP/IP on the End Point Mapper’s UUID. Q159298                                                                                                                                              

82273fdc_e32a_18c3_3f78_827929dc23ea            EventLog                                                                                                                                                                            

f5cc59b4_4264_101a_8c59_08002b2f842               FRSRPC                                                                                                                                                                

12345778_1234_abcd_ef00_0123456789ab
LSA Updated for .NET                                                                                                                                                            

12345678_1234_abcd_ef00_01234567cffb            NETLOGON                                                                                                                                                                        

f5cc5a18_4264_101a_8c59_08002b2f8426
NSPI      MS Exchange Directory NSPI Proxy                                                                                                                                                         

8d9f4e40_a03d_11ce_8f69_08003e30051b
PNP PnP APIs which are used to remote the plug-and-play APIs to the local or remote server via RPC.                                                                                                                                                 

338cd001_2244_31f1_aaaa_900038001003           REGSRV                                                                                                                                                                               

12345778_1234_abcd_ef00_0123456789ac
SAM Updated for .NET                                                              

SMB Command code definitions                                                                                                                                                                                             

4b324fc8_1670_01d3_1278_5a47bf6ee188
SRVSRC.IDL Contains the Netr (Net Remote) RPC interface specification for the API associated with the Server Service.                                                                                                                                                 

367abb81_9844_35f1_ad32_98f038001003
SVCCTL RPC interface for the remotable NetService API.                                                                                                                                                              

3d267954_eeb7_11d1_b94e_00c04fa3080d
TERMSERV Terminal Server Licensing                                                                                                                                                            

6bffd098_a112_3610_9833_46c3f87e345a
WKSSVC.IDL Contains the Netr (Net Remote) RPC interface specification for the APIs associated with the Workstation service

 

ISA Related

a9b96d49-2c75-4917-a178-06b6f08261cc

ISASTGCTRL

b347203c-14bb-4878-8b7a-0a12f9b8076a
ISA MMC

b3df47c0-a95a-11cf-aa26-00aa00c148b9
Replication Between 2 CSS Servers

=========================================================

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top