how to disable feature that opened port 445 on windows server?

I would like to extend this answer

Port 445 in Windows is by default used by "Server" service (real name is "lanmanserver") to provide file sharing via SMB protocol. To prevent Windows from listening on this port you need to stop and disable this service.

1. You need to have Admin rights or be able to elevate to admin.
2. Open command prompt as Administrator.
3. Type sc stop lanmanserver, press Enter.
4. For some reason at this point the port will still be active (from my experience, did this today). You need to reboot the system to prevent it from listening on the port, but the service will restart after reboot, so you need to disable it from starting:
5. Type sc config lanmanserver start=disabled, press Enter.
6. Reboot.
7. Verify in command prompt with netstat -n -a | findstr "LISTENING" | findstr ":445", it should print a blank line, meaning that nothing is listening on the port. (command may vary for non-English versions of Windows, not sure, you may need to change "LISTENING" to a translated variant)

There are various reasons to free port 445 in Windows, one of them is imo quite interesting and it is to allow SMB tunneling through SSH - when Windows does not use the port you now can tell Putty / Cygwin'ed SSH to use it and forward to a remote host via a secure connection - then you can access the remote fileshare securely via \\localhost.

Following is just quotation of two different sources which I used to successfully disable port 445 on Windows XP machines. I was closing port 445 and 135, 137 - 139, so I followed all instruction in the article and it worked for me.

General information about port 445 (archive link)

Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

At its simplest NetBIOS on your LAN may just be a necessary evil for legacy software. NetBIOS on your WAN or over the Internet, however, is an enormous (read foolish...) security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS. It really is in your best interests to ensure that NetBIOS never leaves your network.

If you are using a multi-homed machine i.e. more than 1 network card, then you should disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.

How to disable port 445

To disable Port 445:

Add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.

(the registry keys are different for Windows 7 onwards, see this Microsoft article)