JSI Tip 10502. How can I prevent ADS (Automated Deployment Services) from using undocumented ports to deploy images on Windows Server 2003?

ADS on Windows Server 2003 may use undocumented ports to deploy images, which can result in it using ports that are restricted by your firewall or router.

I have scripted ADSportrange.bat to configure a port range that ADS can use to deploy images.

The syntax for using ADSportrange.bat is:

\[Call\] ADSportrange PortsStart PortsEnd


PortsStart is the port number for the start of the port range.

PortsEnd   is the port number for the end of the port range, and must be a higher number than PortsStart
ADSportrange.bat contains:
@echo off
If \{%2\}==\{\} goto err
@echo %1|findStr "\[^0-9\]">nul
if %ERRORLEVEL% NEQ 1 goto err
@echo %2|findStr "\[^0-9\]">nul
if %ERRORLEVEL% NEQ 1 goto err
set /a PortsStart=%1
set /a PortsEnd=%2
if %PortsEnd% LEQ %PortsStart% goto err
call :quiet>nul 2>&1
goto :EOF
@echo Syntax: ADSprtrange PortsStart PortsEnd
goto :EOF
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ADSImgSvc\Parameters" /V PortsStart /T REG_DWORD /F /D %PortsStart%
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ADSImgSvc\Parameters" /V PortsEnd /T REG_DWORD /F /D %PortsEnd%
net stop ADSImgsvc
net start ADSImgsvc

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.