I have a Windows 2012 R2 domain controller that doesn't need any Filter and Printer sharing ports open, so in an attempt to harden the server I've tried disabling the rules in the "File and Printer Sharing" group.
However, every time I reboot, the rules keep getting enabled. I've tried removing it everywhere, include the Windows Firewall "Allow features" settings as well on the NIC connection settings. But it keeps getting enabled when I reboot.
Short of writing a script to disable the rules and adding it to the scheduled tasks, how do I get the disabled rules to stay disabled?
Thanks.
Update:
Sorry, I should have been clearer. I'm only using this server for running Exchange, no other clients will be connecting to the domain controller for authentication. I realize it's not a recommended configuration (running it on the domain controller), but it's only for a few users. It's sitting facing the internet, and I'd like to only allow port 25 and 443 (for owa and rpc over http).
Best Answer
Blocking File and Printer Sharing will break Active Directory Domain Services. If you review the Active Directory and Active Directory Domain Services Port Requirements you'll notice that following ports need to be open. The reason the rules get re-enabled is when you install Roles that require certain services and their ports to be open Windows will automatically enable those rules.