¹ For more information about how to customize this port, see Domain controllers and Active Directory in the References section. Users are routed to the first-available terminal server regardless of whether they are running another session in the server cluster. Immer wieder ist von offenen Ports zu lesen, über die Angreifer Zugriff auf Ihr Windows-System erlangen können. System services: System services are programs that load automatically as part of an application's startup process or as part of the operating system startup process. The IPAM client UI communicates with the IPAM server to perform remote management. Dazu müssen Sie aber die richtigen Ports in Ihrem Router freigeben. In diesem Fall wird das Ereignis 5820 protokolliert: Protokoll Name: System ASP.NET State Service stores session data out-of-process. The Network News Transfer Protocol (NNTP) system service lets computers that are running Windows Server 2003 act as news servers. The TCP/IP suite of protocols includes TCP, User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The Event Log system service logs event messages that are generated by programs and by the Windows operating system. Communication is bidirectional. Print Spooler is the center of the Windows printing subsystem. Außerdem zeigen frühere Erfahrungen, dass mindestens 100 Ports geöffnet werden sollten, da mehrere Systemdienste diese RPC-Ports für die Kommunikation miteinander verwenden. Port 139 communications depend on Internet Control Message Protocol (ICMP) echo messages. You can use the Internet Information Services (IIS) Manager snap-in to configure the ports that are used by this service. 1. Remote Procedure Call (RPC) ist ein Protokoll, das vom Betriebssystem Windows verwendet wird. The Terminal Services Session Directory system service enables clusters of load-balanced terminal servers to correctly route a user's connection request to the server where the user already has a session running. On domain member computers, Net Logon uses RPC over named pipes. Windows-Downloads gibt es als 32 Bit- und 64 Bit-Version. The Boot Information Negotiation Layer (BINL) service, the primary component of Remote Installation Server (RIS), answers PXE client requests, checks Active Directory for client validation, and passes client information to and from the server. Terminal Services Licensing offers its services by using RPC over named pipes. Wenn Y ist, werden die Prozesse, die die Standardeinstellung verwenden, Ports aus der Gruppe der Ports zugewiesen, die im Internet verfügbar sind (wie zuvor definiert). These Microsoft client, server, and server program products use different network ports and protocols to communicate with client systems and with other server systems over the network. Der standardmäßige dynamische Portbereich für TCP/IP hat sich seit Windows Vista und in Windows Server 2008 geändert. The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it. Ebene: Fehler If there is no WINS infrastructure and broadcasts can't work, you should either disable NetBt or set the computers and servers to NodeType=2. For example, if you configure a VPN gateway that is behind a filtering router, you will probably use only one protocol. For more information, see Protocols in TLS/SSL (Schannel SSP). Dfsrdiag.exe can set the server RPC port that is used for administration and replication. Terminal Services Licensing is a low-impact service that stores the client licenses that are issued for a terminal server and tracks the licenses that are issued to client computers or terminals. It helps people take advantage of relevant information across business processes. Wenn N, werden die Prozesse, die die Standardeinstellung verwenden, Ports aus der Gruppe der reinen Intranet-Ports zugewiesen. Internet Authentication Service (IAS) performs centralized authentication, authorization, auditing, and accounting of users who are connecting to a network. The Server system service provides RPC support and file sharing, print sharing, and named pipe sharing over the network. The Terminal Services Licensing system service installs a license server and provides licenses to registered clients when the clients connect to a terminal server (a server that has Terminal Server enabled). If your computer network environment uses only Windows Server 2012, you must enable connectivity over the high port range of 49152 through 65535. The list of services on which Active Directory depends: The list of services that require Active Directory services: The Help files for each Microsoft product that is described in this article contain more information that you may find useful to help configure your programs. The Net Logon system service maintains a security channel between your computer and the domain controller to authenticate users and services. TCP/IP and UDP/IP ports that are higher than port 1024 are used. Auch wenn Sie den vom Client für die Kommunikation mit dem Server verwendeten Port konfigurieren können, muss der Client in der Lage sein, den Server über seine tatsächliche IP-Adresse zu erreichen. Terminal Services Session Directory keeps track of disconnected sessions on the cluster and makes sure that users are reconnected to those sessions. Remote Procedure Call (RPC) dynamic port allocation is used by server applications and remote administration applications such as Dynamic Host Configuration Protocol (DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on. A cluster is a collection of independent computers that act as a single computer. By using Certificate Services, a business can act as its own certification authority (CA). The CALs that are reported by License Logging may conflict with the interpretation of the Microsoft Software License Terms and with Product Use Rights (PUR). NTP runs on UDP port 123. UseInternetPorts REG_SZ Y oder N (Groß-/Kleinschreibung wird nicht beachtet. These include Real Time Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP. Im Normalfall werden die aufgerufenen Funktionen auf einem anderen Computer als das aufrufende Programm ausgeführt. The Distributed Transaction Coordinator (DTC) system service coordinates transactions that are distributed across multiple computer systems and resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The Primary Computer system for Windows is part of the Roaming User Profile and Offline Files services. If you are running only Windows Vista and later versions of Windows, the browser service is no longer required. When you install POP3 service on the mail server, users can connect to the mail server and can retrieve email messages by using an email client that supports the POP3 protocol, such as Microsoft Outlook. The configuration manager reads the stored system configuration for World Wide Web Publishing Service and makes sure that Http.sys is configured to route HTTP requests to the appropriate application pools or operating system processes. Dies kann sich auch auf Windows-RPC-Server auswirken, beispielsweise Netlogon. It's the range in TMG. Der Netlogon-Dienst konnte die Authz-RPC-Schnittstelle nicht hinzufügen. You can disable or shut down this feature by using an icon that is displayed in the Windows notification area. Sie können die Registrierung wiederherstellen, wenn ein Problem auftritt. By default, the License Logging service is disabled in Windows Server 2003. When the Windows Time service uses a Windows domain configuration, the service requires domain controller location and authentication services. In diesem Artikel werden außerdem die RPC-Server aufgelistet, und welche RPC-Server für die Verwendung von benutzerdefinierten Serverports jenseits der von der RPC-Laufzeitumgebung bereitgestellten Dienste konfiguriert sind. The Windows 2000 version of this service uses Simple Network Time Protocol (SNTP). Ports may be blocked by a hardware firewall or a software firewall. You view reports in Event Viewer. Damit Sie selbst die Kontrolle haben, welche Ports … Application servers, client computers, and domain controllers that are located in common or external forests have service dependencies so that user-initiated and computer-initiated operations such as domain join, logon authentication, remote administration, and Active Directory replication work correctly. For an explanation of how the Directory System Agent, LDAP, and the local system authority are related, see Directory System Agent. In addition, the Microsoft LDAP client uses ICMP pings to verify that an LDAP server it has a pending request with is still present on the network. For information about ports, authentication, and encryption for all data paths that are used by Microsoft Exchange Server, see Network ports for clients and mail flow in Exchange. The Message Queuing system service is a messaging infrastructure and development tool for creating distributed messaging programs for Windows. You can use the DFS Administration tool to configure FRS to replicate files and folders between targets of a DFS root or link. For more information, see the Using Windows Server 2003 with Service Pack 1 in a Managed Environment: Controlling Communication with the Internet. The process manager controls the processes where custom applications and websites reside. The ALG FTP plug-in supports these sessions by redirecting all traffic that meets the following criteria to a private listening port in the range of 3000 to 5000 on the loopback adapter: The ALG FTP plug-in then monitors and updates FTP control channel traffic so that the FTP plug-in can forward port mappings through the NAT for the FTP data channels. List of Ports ; Other Languages. To display this list, the computer obtains a copy of the browse list from a computer that is designated as a browser. When a node is added or repaired, the cluster software migrates some data to that node. By default, the FTP control port is 21. Beispielsweise kann ein einzelner Port durch 5984 dargestellt werden, und eine Reihe von Ports kann durch 5000-5100 dargestellt werden. Administrators can use this service to store and manage email accounts on the mail server. Standardisierte Ports (0–1023) Auf Unix-artigen Betriebssystemen darf nur das Root-Konto Dienste betreiben, die auf Ports unter 1024 liegen. Port 445 is used by DFSR only when creating a new empty replicated folder. The Distributed File Replication Service includes the Dfsrdiag.exe command-line tool. Table of Contents. System service names: ProfSvc, CscService. ² It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. This system runs programs and solutions that you can use to obtain, analyze, and share information quickly and easily. If any one of these protocols is unavailable or blocked between the client and a relevant domain controller, Group Policy will not apply or update. If no member is specified, Dfsrdiag.exe uses the local computer. Bei Microsoft-Kunden, die Server unter Windows Server 2008 bereitstellen und im internen Netzwerk Firewalls verwenden, können Probleme auftreten, die sich auf die RPC-Kommunikation zwischen Servern auswirken. Von Boris Hofferbert ; am 8. For example, many services rely on the Remote Procedure Call (RPC) or DCOM features in Microsoft Windows to assign them dynamic TCP ports. This system service provides NAT, addressing, and name resolution services for all computers on your home network or your small-office network. ³ It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. ³ The NETBIOS ports are optional and are not required when DFSN is using FQDN Server names. When this service is turned on, RPC clients can locate RPC servers. Windows Server 2012 support the initiation of remote group policy update against Windows Server 2012 computers. Hier, im Bereich der sogenannten System Ports oder auch well-known ports, ist die höchste Konzentration an offiziellen und bekannten Ports zu finden.. 0 … 99 Firewall not allowing DNS resolution. These ports are also informally known as random RPC ports. The ephemeral port range depends on the server operating system that the client operating system is connected to. Die folgenden Registrierungseinträge gelten für Windows NT 4,0 und höher. You can then rely on other firewall features that dynamically let the service respond through temporary holes on any other port. You can configure the range of high ports by using the IIS metabase. The UPnP Device Host discovery system service implements all the components that are required for device registration, control, and the response to events for hosted devices. A summarized list of services, ports, and protocols required for member computers and domain controllers to inter-operate with one another or for application servers to access Active Directory include but are not limited to the following. Because portmap provides coordination between RPC services and the port numbers used to communicate with them, it is useful to view the status of current RPC services using portmap when troubleshooting. RPC does not use only the hard-coded ports that are listed in the table. The Distributed File System Namespaces (DFSN) integrates different file shares that are located on a local area network (LAN) or wide area network (WAN) into a single logical namespace. This system was added in Windows Server 2012. For a detailed description of RPC, see Remote Procedure Call (RPC). Ereignis-ID: 5820 If you stop this service, users cannot move or retrieve files from the secondary storage media. Darüber verrichten das Betriebssystem und die Programme Ihre Dienste, beispielweise indem Sie Informationen senden oder empfangen. Many services depend on the RPC service to start successfully. Jede Zeichenfolge stellt einen einzelnen Port oder einen inklusivsatz von Ports dar. Dieser Artikel unterstützt Sie beim Ändern der RPC-Parameter in der Registrierung, um sicherzustellen, dass die dynamische RPC-Portzuweisung mit Firewalls funktionieren kann. Mit dem Registrierungs-Editor können Sie die folgenden Parameter für RPC ändern. This port is used only by the ISA management MMC during remote server and service status monitoring. ASP.NET State Service provides support for ASP.NET out-of-process session states. Erforderlich sind dafür neben dem WMI-Service winmgmt auch DCOM. For information about Active Directory Domain Services firewalls and ports, see How to configure a firewall for Active Directory domains and trusts. For more information about how to help secure Windows Server and for sample IPsec filters for specific server roles, see Microsoft Security Compliance Manager. Weitere Informationen finden Sie unter Sichern und Wiederherstellen der Registrierung in Windows. Mit dem Remote Desktop Protokoll (RDP) greifen Sie auf fremde Windows-PCs zu und steuern diese. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests. Italian (it-IT) Brazilian Portuguese; Spanish (es-MX) Related Knowledge Base topics; Related Topics; List of Ports. Windows Media Services in Windows Server 2003 and later versions replaces the following services that are included in Windows Media Services versions 4.0 and 4.1: Windows Media Services is now a single service that runs on Windows Server. Beispielsweise wird der neue Registrierungsschlüssel wie folgt angezeigt: Ports: REG_MULTI_SZ: 5000-6000 In diesen Fällen verlassen sich RPC-Clients darauf, dass die RPC-Endpunktzuordnung Ihnen mitteilt, welche … Kunden, die Firewalls verwenden, möchten möglicherweise steuern, welche Ports von RPC verwendet werden, sodass der Firewall-Router so konfiguriert werden kann, dass nur diese UDP-und TCP-Ports (Transmission Control Protocol) weitergeleitet werden. You can receive more information and help planning an Exchange implementation from the following Microsoft websites: For more information, see Configure Outlook Anywhere in Outlook 2013. For example, when you open My Network Places on a computer that is running Microsoft Windows 95, a list of domains and computers appears. Port 3702 (UDP) is used to discover the availability of cached content on a client. The rpcinfo command shows each RPC-based service with port numbers, an RPC program number, a version number, and an IP protocol type (TCP or UDP). If the administrative website is enabled, a virtual website is created that uses HTTP traffic on TCP port 8098. für \"Remote Registry\", Druckdienste, Backup, Eventlog, Taskplaner und auch Outlook/Exchange bedient sich der Dienste des \"Portmappers\" um die aktuellen Ports für die gewünschten Dienste zu erhalten. For more information about slow link detection, see Group Policy Slow Link Detection. Original product version:   Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 10, version 2004, Windows 10, version 1909, Windows 10, version 1903, Windows 7 Service Pack 1 Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM application (s). Low port range of 1025 through 5000. The Remote Procedure Call service coordinates requests by other system services that use RPC or DCOM to communicate with client computers. FWC application transport and protocols are negotiated within the FWC control channel. 0. The trap destination must be a network-enabled host that is running SNMP management software. SSDP Discovery Service also accepts the registration of event callbacks from clients. The DFSN service is required for Active Directory domain controllers to advertise the SYSVOL shared folder. High port range of 49152 through 65535 Please note that TMG extends the default dynamic port ranges in Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. Although the Routing and Remote Access service can use all the following protocols, the service typically uses only a few of them. Geben Sie einen Port frei, den Sie nicht zu oft … Windows Server Firewall Ports - Unidirectional or Bidirectional? The Remote Storage system service stores infrequently used files on a secondary storage medium. The ALG FTP plug-in supports active FTP sessions through the network address translation (NAT) engine that these components use. SSL is an open standard for establishing an encrypted communications channel to help prevent the interception of extremely important information, such as credit card numbers. Although this information may also apply to Windows XP and to Microsoft Windows 2000 Professional, this article is focused on server-class operating systems. The Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. Die dynamische Portzuweisung (Remote Procedure Call, RPC) wird von Serveranwendungen und Remoteverwaltungsanwendungen wie dem DHCP-Manager (Dynamic Host Configuration Protocol), dem WINS-Manager (Windows Internet Name Service) usw. Windows 10 has built-in support for port forwarding but it’s not exposed in the Settings interface. Die unten beschriebenen RPC-Port Schlüsselwerte befinden sich alle im folgenden Schlüssel in der Registrierung: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\Entry name Data Type. Diese Ports werden auch als zufällige RPC-Ports informell bezeichnet. ¹ It's the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista. verwendet. Fax Service, a Telephony API (TAPI) compliant system service, provides fax capabilities. A windows port of ONC/RPC library. Because of legacy design constraints and evolving license terms and conditions, License Logging may not provide an accurate view of the total number of CALs that are purchased compared to the total number of CALs that are used on a particular server or across the enterprise. If this service is turned off, the time setting for local computers is not synchronized with a time service in the Windows domain or with an externally configured time service. On domain controllers, it uses RPC over named pipes, RPC over TCP/IP, mail slots, and Lightweight Directory Access Protocol (LDAP). Other client computers can then share one connection to the Internet, such as a dial-up connection or a broadband connection. Standardmäßig verwendet RPC Ports im Bereich der temporären Ports (1024-5000), wenn es Ports zu RPC-Anwendungen zuordnet, die einen TCP-Endpunkt überwachen müssen. The service uses sockets to communicate with ASP.NET that is running on a web server. Windows XP and Windows Server 2003 additionally require the ICMP protocol. Der folgende Fehler ist aufgetreten: der Parameter ist falsch. As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: the Authentication Service and the Ticket-Granting Service. Es existieren viele Implementierungen dieser Technik, die in der Regel untereinander nicht kompatibel sind. WINS servers communicate with network clients by using NetBIOS name resolution. These programs can communicate across heterogeneous networks and can send messages between computers that may be temporarily unable to connect to one another. To view this organization's list of TCP/IP port assignments, see Service Name and Transport Protocol Port Number Registry. WINS replication is only required between WINS servers. ISA 2004 and 2006 use TCP. The RPC Endpoint Mapper also offers its services by using named pipes. Terminal Services enables multiple users to be connected interactively to a computer. For more information about the ports that are used by Microsoft Message Queuing, see TCP ports, UDP ports, and RPC ports that are used by Message Queuing. Remote Procedure Call (RPC) ist ein Mechanismus, der es Windows-Prozessen ermöglicht, miteinander zu kommunizieren, entweder zwischen einem Client und Server über ein Netzwerk oder innerhalb eines einzigen Systems. The Event Log service writes events that are sent to log files by programs, by services, and by the operating system. This section also includes remote WMI and DCOM communications first used in Windows Server 2012 domain controller promotion during prerequisite validation and with the Server Manager tool. These users can be on a LAN connection or on a remote connection. American National Standards Institute (ANSI), RFC 2349 - Time-out interval, and transfer size options, Distributed File System Replication (if not using FRS for SYSVOL replication), File Replication Service (if not using DFSR for SYSVOL replication), WINS (in Windows Server 2003 SP1 and later versions for backup Active Directory replication operations, if DNS is not working), Certificate Services (required for specific configurations), Distributed File System Namespaces (if using domain-based namespaces). What is the sequence of Windows RPC ports 135, 137, 139 (and higher ports)? Dies liegt daran, dass DCOM unformatierte IP-Adressen in der Schnittstelle zum Marshallen von Paketen speichert, und wenn der Client keine Verbindung mit der im Paket angegebenen Adresse herstellen kann, ist dies nicht möglich. 1. The way I normally troubleshoot this type of network connectivity is with the SysInternals PortQry.exe utility, which can be downloaded from the Microsoft website. Die Antwort hat die Portnummer des Servers, und eine nachfolgende RPC-Bindung an diesem Port kann dann übergeben werden. You can use this service together with a cluster of terminal servers to increase the performance of a single terminal server by distributing sessions across multiple servers. The FTP plug-in also updates ports in the FTP control channel stream. Original Version des Produkts:   Windows Server 2012 R2 Restart-Server Powershell Port. If your computer network environment uses only Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535. Dieser bietet nämlich unter anderem eine Verbindung zum Messenger-Dienst, so dass net send diesen Weg als Alternative versucht, wenn der normale Zugang über Port 139 fehlschlägt. Gibt eine Reihe von IP-Portbereichen an, die entweder aus allen verfügbaren Ports im Internet oder aus allen Ports bestehen, die nicht über das Internet verfügbar sind. This system service also provides periodic announcements to hosted devices. This port was originally part of the TACO project. This service has the same firewall requirements as the File and Printer Sharing feature. Die restlichen Ports zwischen 49152 und 65535 sind dynamisch. However, you can configure this system service through the Internet Information Services (IIS) Manager snap-in. Windows Server 2012 support the initiation of remote group policy update against Windows Server 2012 computers. Mit vielen RPC-Servern in Windows können Sie den Serverport in benutzerdefinierten Konfigurationselementen wie Registrierungseinträgen angeben. This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. ² For more information about how to customize these ports, see Remote Procedure Calls and DCOM in the References section. For more information about the ports that are used by SMS 2003, see Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server. Wenn ein Konfigurationsfehler vorliegt, wird der Fehlercode 87 (0x57) ERROR_INVALID_PARAMETER. Windows Internet Name Service (WINS) enables NetBIOS name resolution. This is typically known as pass-through authentication. Wenn Sie RPC mit TCP/IP oder mit UDP/IP als Transport verwenden, werden eingehende Ports bei Bedarf häufig dynamisch Systemdiensten zugewiesen. The ONC/RPC is an implementation of a remote procedure call protocol for distributing applications over one or more computers. Durch die falsche Bearbeitung der Registrierung können schwerwiegende Probleme verursacht werden. Windows domain controllers use the SMTP service for intersite e-mail-based replication. Other services rely on HTTP or on Hypertext Transfer Protocol Secure (HTTPS). When you initiate remote group policy results reporting from a Windows Server 2012 computer, access to the destination computer's event log is required. The License Logging system service is a tool that was originally designed to help customers manage licenses for Microsoft server products that are licensed in the server client access license (CAL) model. These capabilities exist in all supported Microsoft operating systems. Port 135 is consistently on of the most attacked ports on the Internet. Then, the client opens a second connection to the FTP server for transferring data. When SNMP Trap Service is configured for an agent, the service generates trap messages if any specific events occur. The License Logging service uses RPC over named pipes. Clients connect to RPC Endpoint Mapper on port 135. For information about how to configure Windows Firewall, see Windows Firewall with Advanced Security. These protocols are provided by Internet Information Services (IIS). Its core components were developed by using COM, and it has a flexible architecture that you can customize for specific programs. You can use this service to adjust the advanced network settings of DHCP clients. Ephemeral range ports that are used by Active Directory and other components occur over RPC in the ephemeral port range. When the Internet Connection Sharing feature is enabled, your computer becomes an Internet gateway on the network. Berücksichtigen Sie dies beim Einschränken des Portbereichs. Additionally, for successful validation on Windows Failover Clusters on 2008 and above, allow inbound and outbound traffic for ICMP4, ICMP6, and port 445/TCP for SMB. If IP version 6 (IPv6) is not installed, port 445 communications will also depend on ICMP for name resolution. SSDP Discovery Service then monitors for event notifications and sends these requests to the registered callbacks. Computers that are designated as browsers maintain browse lists that contain all shared resources that are used on the network. I wrote this because many firewall teams have a difficult time with RPC, and For example, an agent can be configured to start an authentication trap if an unrecognized management system sends a request for information. ³ This protocol is required only by Windows XP and Windows Server 2003 acting as clients. The RPC service serves as the RPC Endpoint Mapper and Component Object Model (COM) Service Control Manager. The Computer Browser service is used by Windows-based computers to view network domains and resources. The various binary files that make up the Group Policy Microsoft Management Console (MMC) snap-in features primarily use COM calls to send or to receive information. TCP/IP protocols operate at a lower level than the application protocols. Verwenden Sie die in diesem Artikel beschriebene Methode nur, wenn der RPC-Server keine Möglichkeit zum Definieren des Serverports bietet. In Windows Server 2008 and later versions, and in Windows Vista and later versions, the default dynamic port range changed to the following range: Windows 2000, Windows XP, and Windows Server 2003 use the following dynamic port range: For more information about the default dynamic port range, see The default dynamic port range for TCP/IP has changed. Although NAT-T and IPsec ISAKMP are required for L2TP, these ports are monitored by the Local Security Authority. For more information about how to configure RPC to work with a firewall, see How to configure RPC dynamic port allocation to work with firewalls. Wenn Sie einen dedizierten Serverport angeben können, wissen Sie, welcher Datenverkehr zwischen den Hosts über die Firewall fließt, und Sie können definieren, welcher Datenverkehr in einer gezielteren Weise zulässig ist.