Edit

Share via

netsh rpc

The netsh rpc command enables administrators to configure, manage, and troubleshoot Remote Procedure Call (RPC) service settings, including selective binding, firewall filtering, and access control for RPC traffic.

Syntax

netsh rpc [add | delete | dump | filter | help | reset | show | ?]

netsh rpc add <subnet>

netsh rpc delete <subnet>

netsh rpc dump

netsh rpc filter add condition [field=]<string> [matchtype=]<string> [data=]<string>
netsh rpc filter add filter
netsh rpc filter add rule [layer=]<string> [actiontype=]<string> [[filterkey=]<string>]
                          [persistence=]volatile [audit=]enable [auditparameters=]enable

netsh rpc reset

netsh rpc show

Parameters

Command Description
rpc add Adds one or more subnets (IP address) to an "add" list managed by the RPC service.
rpc delete Adds one or more subnets (IP address) to a "delete" list, implying these subnets are to be removed from existing configurations.
rpc dump Creates a script containing the current context configuration. The script can be saved to a file and used to restore settings if they're altered or need to be replicated on another system.
rpc filter add condition Creates precise firewall rules to control RPC traffic based on specific conditions.

field=<string> - Specifies the aspect of the RPC communication where the condition applies. For um (User Mode), acceptable values are:
  • if_uuid - Interface UUID
  • if_version - Interface version
  • if_flag - Interface flag
  • dcom_app_id - DCOM Application ID
  • image_name - The executable image involved in the RPC call
  • protocol - Protocol used (like TCP)
  • auth_type - Type of authentication used
  • auth_level - Level of authentication enforced
  • sec_encrypt_alg - Security encryption algorithm
  • sec_key_size - Size of the security key
  • remote_user_token - Token for remote user authentication
  • local_addr_v4 - Local IPv4 address
  • local_addr_v6 - Local IPv6 address
  • remote_addr_v4 - Remote IPv4 address
  • remote_addr_v6 - Remote IPv6 address
  • local_port - Local communication port
  • pipe - Named pipe used in the connection
  • opnum - Operation number

    • For epmap (Endpoint Mapper), acceptable values are:
  • Similar values as user mode but without opnum.
    For ep_add (Endpoint Address), acceptable values are:
  • process_with_if_uuid - Process associated with the interface UUID
  • protocol: Protocol used
  • ep_value - Endpoint value
  • ep_flags - Flags related to the endpoint.

    • For proxy_conn (Proxy Connection), acceptable values are: server_name: Name of the server involved
  • server_port - Port on the server
  • proxy_auth_type - Type of proxy authentication
  • client_token - Token for client authentication
  • client_cert_key_name - Name of the client's certificate key
  • client_cert_oid - OID of the client's certificate

    • For proxy_if (Proxy Interface), acceptable values are:
  • Similar to proxy_conn, with some overlapping fields.

    matchtype=<string> - Determines the type of comparison or match conducted on the field's value. Acceptable values are:
  • equal - Exact match
  • greater - Greater than a specified value
  • less - Less than a specified value
  • greater_or_equal - Greater than or equal to a specified value
  • less_or_equal - Less than or equal to a specified value
  • range - Within a specified range
  • all_set - Bitwise matching commonly used for flags or settings that use bit fields
  • any_set - Bitwise matching commonly used for flags or settings that use bit fields
  • none_set - Bitwise matching commonly used for flags or settings that use bit fields

    • data=<string> - The actual value used in the condition that corresponds to the specified field.
    rpc filter add filter Adds an RPC firewall filter. Before you can add a filter, you must first define at least one rule and one or more conditions.
    rpc filter add rule Adds an RPC firewall filter rule.

    layer=<string> - Specifies the layer where the filter is applied. Acceptable values are:
  • um - User Mode
  • epmap - Endpoint Mapper
  • ep_add - Endpoint Address
  • proxy_conn - Proxy Connection
  • proxy_if - Proxy Interface

    • actiontype=<string> - Defines the action to take when the filter matches. Acceptable values are:
  • block - Blocks the RPC traffic
  • permit - Allows the RPC traffic.
  • continue - Continues to the next filter for evaluation.

    • filterkey=<string> - Specifies a unique UUID that identifies the RPC firewall filter. Useful for managing or referencing specific filters.
    persistence - Determines whether the filter remains after a reboot. By default, filters are persistent.
    audit - Enables auditing for this filter. Only filters with the "permit" action type can have auditing enabled. Auditing isn't supported at the ep_add layer.
    auditparameters - Enables auditing of RPC call parameter buffers for this filter. Requires audit to be enabled. Auditing of parameters is only supported at the um layer.
    rpc reset Resets the selective binding configuration so that the system listens on all network interfaces (no subnets are restricted).
    rpc show Displays the current selective binding configuration, listing each subnet and its binding state on the system.
    help or ? Displays a list of commands and their descriptions in the current context.

    Examples

    To add the specified subnet 192.168.1.0 to the RPC "add list", run the following command:

    netsh rpc add 192.168.1.0

    To add a filter condition that applies to RPC traffic where the local IPv4 address is exactly 192.168.1.10, run the following command:

    netsh rpc filter add condition field=local_addr_v4 matchtype=equal data=192.168.1.10

    To apply a rule to the Endpoint Mapper layer permitting traffic for a specific UUID, along with persistence after a reboot and logged for auditing, run the following command:

    netsh rpc filter add rule layer=epmap actiontype=permit filterkey={Your-UUID} persistence=yes audit=yes

    See also

    • Last updated on