- May 17, 2010 1. Open the Control Panel on the affected server, click System and Security, and then click Windows Firewall. In the left pane, click Advanced Settings and then click Inbound Rules. Check whether the following rules are enabled and the Action is Allow: File and Printer Sharing (NB-Session-In) File and Printer Sharing (SMB-In) 4.
- Simple file sharing must be disabled; remote UAC must be disabled (on Vista or later Windows versions) file and printer sharing must be enabled; the admin$ administrative share must be enabled; If Ninite can't connect, you can run the following.exe on the remote computer to set these correctly: EnableRemote.exe.
- Note that I'm using a Windows 7 PC as the file server; other versions might need slightly different configuration. In the 'Windows Firewall with Advance Security', there are several 'File and Printer Sharing' rules: File and Printer Sharing (NB-Datagram-In) File and Printer Sharing (NB-Name-In) File and Printer Sharing (NB-Session-In).
- Server Service File And Printer Sharing Ports Blocked Windows 10
- What Is File And Printer Sharing
- File And Printer Sharing Service
- File And Printer Sharing Ports Blocked
- Server Service File And Printer Sharing Ports Blocked On Iphone
The SMB protocol enables “inter-process communication,” which is the protocol that allows applications and services on networked computers to talk to each other – you might say SMB is one of the languages that computers use to talk to each other.
Some of my Windows Server 2008 R2 computers throw an alert from the Server Service: Firewall Status monitor saying 'Server Service: File and Printer Sharing Ports Blocked'. Looking at these servers shows the firewall active and relevant ports inbound allowed for all profiles.
How Does The SMB Protocol Work?
In early versions of Windows, SMB ran on top of the NetBIOS network architecture. Microsoft changed SMB in Windows 2000 to operate on top of TCP and use a dedicated IP port. Current versions of Windows continue to use that same port.
Get the Free Pen Testing Active Directory Environments EBook
![Ports Ports](/uploads/1/1/8/3/118380255/780972276.jpg)
“This really opened my eyes to AD security in a way defensive work never did.”
Microsoft continues to make advancements to SMB for performance and security: SMB2 reduced the overall chattiness of the protocol, while SMB3 included performance enhancements for virtualized environments and support for strong end-to-end encryption.
SMB Protocol Dialects
Just like any language, computer programmers have created different SMB dialects use for different purposes. For example, Common Internet File System (CIFS) is a specific implementation of SMB that enables file sharing. Many people mistake CIFS as a different protocol than SMB, when in fact they use the same basic architecture.
Important SMB implementations include:
- CIFS: CIFS is a common file sharing protocol used by Windows servers and compatible NAS devices.
- Samba: Samba is an open-source implementation of Microsoft Active Directory that allows non-Windows machines to communicate with a Windows network.
- NQ: NQ is another portable file sharing SMB implementation developed by Visuality Systems.
- MoSMB: MoSMB is a proprietary SMB implementation by Ryussi Technologies.
- Tuxera SMB: Tuxera is also a proprietary SMB implementation that runs in either kernel or user-space.
- Likewise: Likewise is a multi-protocol, identity aware network file sharing protocol that was purchased by EMC in 2012.
Server Service File And Printer Sharing Ports Blocked Windows 10
What Are Ports 139 And 445?
SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP port 139 or 445.
- Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network.
- Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.
What Is File And Printer Sharing
How To Keep These Ports Secure
Leaving network ports open to enable applications to function is a security risk. So how do we manage to keep our networks secure and maintain application functionality and uptime? Here are some options to secure these two important and well-known ports.
File And Printer Sharing Service
- Enable a firewall or endpoint protection to protect these ports from attackers. Most solutions include a blacklist to prevent connections from known attackers IP addresses.
- Install a VPN to encrypt and protect network traffic.
- Implement VLANs to isolate internal network traffic.
- Use MAC address filtering to keep unknown systems from accessing the network. This tactic requires significant management to keep the list maintained.
In addition to the network specific protections above, you can implement a data centric security plan to protect your most important resource – the data that lives on your SMB file shares.
![Firewall port for file sharing Firewall port for file sharing](/uploads/1/1/8/3/118380255/363976000.jpg)
Understanding who has access to your sensitive data across your SMB shares is a monumental task. Varonis maps your data and access rights and discovers your sensitive data on your SMB shares. Monitoring your data is essential to detect attacks in progress and protect your data from breaches. Varonis can show you where data is at-risk on your SMB shares and monitor those shares for abnormal access and potential cyberattacks. Get a 1:1 demo to see how Varonis monitors CIFS on NetApp, EMC, Windows, and Samba shares to keep your data safe.
Remote Connection Information
If you're using Active Directory, please make sure you are running the Ninite .exe itself as a domain administrator instead of passing the credentials to Ninite.
In order to run Ninite remotely, the following settings must be seton the remote computer:
- simple file sharing must be disabled
- remote UAC must be disabled (on Vista or later Windows versions)
- file and printer sharing must be enabled
- the admin$ administrative share must be enabled
If Ninite can't connect, you can run the following .exe on the remotecomputer to set these correctly:EnableRemote.exe
Also, the remote computer has to be accessed through an administratoraccount that has a password set (it won't work with an empty password).
File And Printer Sharing Ports Blocked
According to Microsoft TCP ports139 and 445 and UDP ports 137 and 138 should be accessible for Ninite remote to function.
Server Service File And Printer Sharing Ports Blocked On Iphone
If you get an error'Failed - Not enough server storage is available to process the command. 8107'you can fix it by increasing the IRPStackSize value.
These features are only available in Ninite Pro Classic.
We're working on documentation for the new Pro web interface. For now the available help for that is inline in the interface.
Get a Free Trial or Learn more about Ninite Pro