How do I close and restore ports 135, 139 and 445?

Microsoft does not recommend shutting down 135 Port and 445 port

About these ports , I communicated with Microsoft engineers by telephone , Microsoft does not recommend shutting down , It is recommended to start from the firewall or security group （ Try to use cloud platform functions , Security group ） Take action instead of closing the port , To access these ports IP paragraph （ Intranet segment ） Release in security group inbound rule , Individual clients that need to access these ports on the Internet IP The section is also released , The rest of the clients IP All access to these ports is forbidden in the section

445 Ports are required by domain services , close 445 port , The domain business is suspended

135 The port is RPC agreement , To shut down 135 Port words , Have to intervene DCOM and RPC, Many underlying services depend on DCOM and RPC, This has too much impact on the system , such as 2008R2、2012R2 System off 135 Open the scheduled task after the port （ function taskschd.msc） Report errors " Remote computer not found "（≥2016 The system does not report an error ）, After rollback , Schedule task recovery , It is found through investigation that Rpc\internet The registry （reg add HKLM\SOFTWARE\Microsoft\Rpc\internet） As a result of .

It is strongly recommended not to close TCP 135 port , A large number of services need this port , Refer to the following documents https://docs.microsoft.com/zh-CN/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

If you really want to close these ports , as follows

https://blog.csdn.net/u013761036/article/details/71915237

This document closes 135、139、445 The port approach applies to all Windows System , But it's too cumbersome , I translated it into an order

all Windows The general code scheme of the system is as follows

use netstat To filter whether there is monitoring

netstat -ano|findstr :445

netstat -ano|findstr :135

netstat -ano|findstr :139

【 close 135 port 】 Restart and take effect

reg add "HKLM\SOFTWARE\Microsoft\Ole" /v "EnableDCOM" /t REG_SZ /d "N" /f

reg add "HKLM\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t reg_multi_sz /d "\0" /f

reg add "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /f

【 Restore 135 port 】 Restart and take effect

reg add "HKLM\SOFTWARE\Microsoft\Ole" /v "EnableDCOM" /t REG_SZ /d "Y" /f

reg add "HKLM\SOFTWARE\Microsoft\Rpc" /v "DCOM Protocols" /t reg_multi_sz /d "ncacn_ip_tcp\0" /f

powershell -Command "Remove-Item HKLM:\SOFTWARE\Microsoft\Rpc\Internet -force -Confirm:0"

or

powershell -Command "Get-Item HKLM:\SOFTWARE\Microsoft\Rpc\Internet | Remove-Item -force -Confirm:0"

Above recovery 135 Port commands apply to all Windows System

Let's talk about it alone reg delete command

perform reg delete "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /f Delete Rpc\Internet Report that you have no authority ,2008R2、2012R2 Open the registry and follow the path to find Rpc\Internet Delete with the mouse ,2016/2019 Use after raising the right reg delete It can be deleted , You can also delete with the mouse

If the right is raised , It is necessary to advance psexec.exe or psexec64.exe Put it in system32 Catalog ,

https://live.sysinternals.com/PsExec.exe

https://live.sysinternals.com/PsExec64.exe

And then execute

【psexec.exe】

psexec.exe -accepteula -nobanner -i -s reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Rpc\Internet" /f

or

psexec.exe -accepteula -nobanner -i -s reg delete "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /f

【psexec64.exe】

psexec64.exe -accepteula -nobanner -i -s reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Rpc\Internet" /f

or

psexec64.exe -accepteula -nobanner -i -s reg delete "HKLM\SOFTWARE\Microsoft\Rpc\Internet" /f

【 Only one network card CVM, close 139 port 】powershell After two lines of code are executed, restart the machine to take effect

$netcardGUID=(getmac /fo list|findstr Tcpip_).split("\")[2]

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\$netcardGUID /v NetBIOSOptions /T REG_DWORD /D 2 /F

【 Only one network card CVM, Restore 139 port 】powershell After two lines of code are executed, restart the machine to take effect

$netcardGUID=(getmac /fo list|findstr Tcpip_).split("\")[2]

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\$netcardGUID /v NetBIOSOptions /T REG_DWORD /D 0 /F

【 Blackstone closed 139 port 】powershell After two lines of code are executed, restart the machine to take effect

$netcardGUID=(getmac /fo list|findstr Tcpip_)[1].split("\")[2]

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\$netcardGUID /v NetBIOSOptions /T REG_DWORD /D 2 /F

【 Black stone restoration 139 port 】powershell After two lines of code are executed, restart the machine to take effect

$netcardGUID=(getmac /fo list|findstr Tcpip_)[1].split("\")[2]

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\$netcardGUID /v NetBIOSOptions /T REG_DWORD /D 0 /F

【Windows 32 Bit system close 445 port 】 Restart the machine to take effect

cmd:

REG ADD HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters /v SMBDeviceEnabled /T REG_DWORD /D 0 /F && sc config LanmanServer start= disabled && net stop lanmanserver /y

【Windows 64 Bit system close 445 port 】 Restart the machine to take effect

cmd:

REG ADD HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters /v SMBDeviceEnabled /T REG_QWORD /D 0 /F && sc config LanmanServer start= disabled && net stop lanmanserver /y

【 Restore 445 port , Universal 32 Bit and 64 position 】 It takes effect without restarting the machine

reg delete HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters /v SMBDeviceEnabled /f

sc.exe config LanmanServer start= auto

sc.exe start LanmanServer