How can I block the SMB (445/tcp) port on Windows 2012R2 Data Center?

windows-server-2012-r2 server-message-block windows-firewall
7,002

I'm having the same problem. I can actually disable the 445 in rules. I can also set them to block as well as the explicit block rule. I'm suspecting there is something working differently in 2012 than 2008, I gave my host a different name, disabled the Alfresco SMB server and I can still enumerate default file shares on the host (admin$, C$, Z$). It shouldn't give me anything back when I'm querying //alfresco instead of the real name of the server... With Wireshark I can see the client trying to use 445, failing a few times and then falling back to port 139. What seems to work is disabling Windows file and print sharing on the network interface (network control panel, select interface, properties, untick file and printer sharing) I still can't get the CIFS authentication with AD to work, but at least the attempt is hitting the right engine now!

Share:
7,002

Related videos on Youtube

Brian Knoblauch
Author by

Brian Knoblauch

Just another nobody out in the world, banging out some code from time to time...

Updated on September 18, 2022

Comments

  • Brian Knoblauch
    Brian Knoblauch almost 2 years

    I've got an interesting software configuration (Alfresco CIFS) that requires me to block access to the Windows SMB port for proper operation. I tried adding a new inbound firewall rule at the top that blocks 445/tcp, but it seems to be ignored. If I try to edit the preexisting Windows SMB rule, I'm unable due to a "This rule has been applied by the system administrator and cannot be modified". I am the system administrator and am running this as an escalated process... What's the best (or any workable) way to block 445/tcp on Windows 2012R2 DataCenter?

    • Get-HomeByFiveOClock
      Get-HomeByFiveOClock over 9 years
      May want to check either Group Policy or local Security policy to see if that port is opened by either of those.
    • Brian Knoblauch
      Brian Knoblauch over 9 years
      No policies applied that involve the firewall.
    • Get-HomeByFiveOClock
      Get-HomeByFiveOClock over 9 years
      That is indeed strange then!? Are you sure an explicit DENY rule on the firewall doesn't block it? Windows firewall should evaluates DENY rules before the ALLOWS see. Another option is to block it later (after passing through the windows firewall) with your anti-virus, given that your particular antivirus software will allow you to block individual ports.
    • Brian Knoblauch
      Brian Knoblauch over 9 years
      I just had another thought. I blocked 445/TCP on IPv6 and IPv4. I wonder if Alfresco only listens on 135 on IPv4? Clients normally try IPv6 first and if Alfresco isn't overriding that too, Windows would snag it...
  • RalfFriedl
    RalfFriedl over 4 years
    But how is that related to the question?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Allow FTP passthrough on Windows server 2012
Witness Client failed to find a Witness Server
Windows Server 2012 R2: closing smtp/pop3/imap ports (or deactivating the related services)
How do I configure the Windows Firewall to allow specific computers to connect to a SQL Server Instance?
Remote Computer Management from Active Directory Snap-In fails with DCOM error 10006
Windows Firewall: Remote Desktop block action by local policy
Cache of share in windows server
Windows 2012 R2 disables SMB1
Curious about some failures with DCDIAG
SCCM SUP cannot connect with WSUS Server - WSUS Server version 3.0 SP2 or above is not installed