I've got an interesting software configuration (Alfresco CIFS) that requires me to block access to the Windows SMB port for proper operation. I tried adding a new inbound firewall rule at the top that blocks 445/tcp, but it seems to be ignored. If I try to edit the preexisting Windows SMB rule, I'm unable due to a "This rule has been applied by the system administrator and cannot be modified". I am the system administrator and am running this as an escalated process… What's the best (or any workable) way to block 445/tcp on Windows 2012R2 DataCenter?
How to block the SMB (445/tcp) port on Windows 2012R2 Data Center
server-message-blockwindows-firewallwindows-server-2012-r2
Related Topic
- Windows firewall blocks nearly all traffic after reboot
- Why does GPO for firewall inbound connections still allows change from “Block (Default)” to “Block all connections”
- Security – Windows Server 2012 R2: closing smtp/pop3/imap ports (or deactivating the related services)
- Windows Firewall: Remote Desktop block action by local policy
- Windows 10: Group Policy fails to apply directly after boot, succeeds later
Best Answer
I'm having the same problem. I can actually disable the 445 in rules. I can also set them to block as well as the explicit block rule. I'm suspecting there is something working differently in 2012 than 2008, I gave my host a different name, disabled the Alfresco SMB server and I can still enumerate default file shares on the host (admin$, C$, Z$). It shouldn't give me anything back when I'm querying //alfresco instead of the real name of the server... With Wireshark I can see the client trying to use 445, failing a few times and then falling back to port 139. What seems to work is disabling Windows file and print sharing on the network interface (network control panel, select interface, properties, untick file and printer sharing) I still can't get the CIFS authentication with AD to work, but at least the attempt is hitting the right engine now!