Every exception in my windows server firewall that starts with "File and Printer Sharing" is disabled (ordered by name, so that includes domain, public (active), and private profiles).
The Network and Sharing Center's options for everything except password protected sharing are off.
Why would I still be able to access a network share on that server via an address like "\\my.server.com\" over the internet?
The firewall is on for all profiles and blocking incoming connections by default. A "netstat -an" command on the server reveals the share connection is occurring over port 445 (SMB). I restarted the client to ensure it was actually re-establishing a new connection successfully.
Is the "Password protected sharing: On" option in Network and Sharing Center bypassing the firewall restrictions, or adding some other exception somewhere that I'm missing?
EDIT: "Custom" rules are not the problem. It's the "built-in" rules for Terminal Services that was the problem. Can you believe port 445 (File Sharing Port) has to be wide open to the internet to use Terminal Services Licensing?)
Best Answer
I think you're confusing things a bit, Triynko. Those ports don't have to open to the Internet for internet connected clients to connect. They only have to be open between your Remote Desktop Server and your Remote Desktop Licensing server. They're also used for remote management of the Remote Desktop Services. The description fields on those firewall rules say as much.
The only port(s) that needs to be open to the Internet if you haven't reconfigured the defaults are 3389 for direct connections or 443 to your RDS Gateway server.