Microsoft Knowledge Base Article 908472 contains the following summary:
This article describes how to configure RPC to use a specific dynamic port range and how to help secure the ports in that range by using an Internet Protocol security (IPsec) policy. By default, RPC uses ports in the ephemeral port range (1024-5000) when it assigns ports to RPC applications that have to listen on a TCP endpoint. This behavior can make restricting access to these ports challenging for network administrators. This article discusses ways to reduce the number of ports available to RPC applications and how to restrict access to these ports by using a registry-based IPsec policy.
Because the steps in this article involve computer-wide changes that require the computer to be restarted, all these steps should be performed first in nonproduction environments to identify any application-compatibility issues that may occur as the result of these changes.