1

I just migrated a windows server VPS to a new one (Windows Server 2012 R2) and realized that even though "Turn off file and printer sharing" is selected for all available network profiles (Public/Guest, Private) within the "Network and Sharing Center", it is still possible to externally access the server's shares.

The windows firewall is enabled (and in use) for all network adapters on the system (there is just the one), the default inbound action is to block, and I ensured that all relevant inbound firewall rules are actually disabled ("File and Printer Sharing..." for ports 137, 138 UDP and 139, 445 TCP). "Password protected sharing" is selected as well.

Any idea why it is still possible to see and access the shares?

As a workaround, I am now explicitly blocking the ports, which works as expected, but this should be unnecessary in the first place.

lauxjpn
  • 231
  • 3
  • 8

1 Answers1

3

Alright, so this guy's troubleshooting basically provided the solution:

Why is file sharing over internet still working, despite all firewall exceptions for filesharing being disabled?

He states:

It's the "built-in" rules for Terminal Services that was the problem. Can you believe port 445 (File Sharing Port) has to be wide open to the internet to use Terminal Services Licensing?)

So in my case, it wasn't anything terminal service related, but the following two rules, that were allowing traffic through port 445 TCP:

  • Remote Access Management (NP-In)
  • File Server Remote Management (SMB-In)

Disabling those two firewall rules finally made all shares invisible and inaccessible. Though in the end, I am going to stick with my explicit blocking rules after all, since it is obvious now that a lot of different services are using this ports functionality. And I don't want to have to remember to recheck the accessibility of the shares every time I reconfigure something somewhere in the system.

lauxjpn
  • 231
  • 3
  • 8