1) if you start using ALL_DCE_RPC than verify that you do not have a TCP service on port 135 it can get you troubles on this ALG mechanism
2) those service DCE_RPC dot not apply to "ANY" traffic meaning you must put this service inside the rule you want to use for example traffic from Clients to the Domain Controllers
3) if you have traffic on port 135 which is not DCE_RPC there is an SK that you can enable non DCE_RPC traffic on this DCE_RPC service (so you wont configure a tcp service on port 135
4) from security concerns DCE_RPC connections is the right way to open this traffic
some things on RPC it uses as discussed tcp port 135 for the "Control data" for example it want to access some resource on the remote computer. than the remote computer returns the client the port to connect to acess this resource.
you can also vie GPO / Registry keys can harden the range that the Remote computer will use to avoid opening all high ports if you dont use RPC