During a network review, we noticed that some surface hub that are joined to the domain did not have port 135 (msrpc) opened.
What is the difference between having surface book with port 135 opened, and the others? Considering that both work perfectly in the Active Directory environment.
Thanks.
Port 135 is the RPC Endpoint Mapper service. It is a service that allows other systems to discover what services are advertised on a machine and what port to find them on. It is mostly associated with remote access and remote management.
It is a sensitive port that is associated with a slew of security vulnerabilities and should never be exposed to the internet.
However, Port 135 is needed in an active directory and server/client environment for many services to operate properly. For a client, such as a surface, the port can probably be safely closed because services that depend on Port 135 are typically exposed on a server. But, that does come with some drawback that certain remote management functionality will be shutdown - specifically WMI access will be blocked. So, as an admin responsible for managing those devices "remotely," you may want to leave the port open but restrict access to it on the windows firewall to only your local IP addresses for security purposes.
You will not be able to block this port on Active Directory servers or it will break things.
If you would like to see what services depend on Port 135 you can review this document:
