JSI Tip 10502. How can I prevent ADS (Automated Deployment Services) from using undocumented ports to deploy images on Windows Server 2003?

ADS on Windows Server 2003 may use undocumented ports to deploy images, which can result in it using ports that are restricted by your firewall or router.

I have scripted ADSportrange.bat to configure a port range that ADS can use to deploy images.

The syntax for using ADSportrange.bat is:

\[Call\] ADSportrange PortsStart PortsEnd

Where:

PortsStart is the port number for the start of the port range.

PortsEnd   is the port number for the end of the port range, and must be a higher number than PortsStart
ADSportrange.bat contains:
@echo off
setlocal
If \{%2\}==\{\} goto err
@echo %1|findStr "\[^0-9\]">nul
if %ERRORLEVEL% NEQ 1 goto err
@echo %2|findStr "\[^0-9\]">nul
if %ERRORLEVEL% NEQ 1 goto err
set /a PortsStart=%1
set /a PortsEnd=%2
if %PortsEnd% LEQ %PortsStart% goto err
call :quiet>nul 2>&1
endlocal
goto :EOF
:err
@echo Syntax: ADSprtrange PortsStart PortsEnd
endlocal
goto :EOF
:quiet
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ADSImgSvc\Parameters" /V PortsStart /T REG_DWORD /F /D %PortsStart%
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ADSImgSvc\Parameters" /V PortsEnd /T REG_DWORD /F /D %PortsEnd%
net stop ADSImgsvc
net start ADSImgsvc



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish