Windows Networking - Port 445 Only? RRS feed

  • Question

  • I am trying to find the answer to a simple question...

    I have two Windows servers separated by a firewall. (Win2k/Win2k3)

    I need to transfer files using robocopy to a local file share on one server, using a local account on that server.

    Can I open just Port 445 between the two servers and be able to access the file share?

    This requires authenticating to the local account and the ability to transfer files.

    If your answer is for me to open 137, 138, 139 or even (shudder) 135 then you'd better have a real reason for suggesting they be opened and provide collaborative documentation, not just linking to outdated pages that suggest opening those ports.
    Thursday, April 14, 2011 3:15 PM


  • That's a good question.

    Microsoft uses port 445 (SMB over TCPIP) as a more secure alternative to NetBios over TCPIP 135-139.  If NetBIOS over TCPIP is enabled, the server system would be listening on all those ports.  The client will attempt to connect on 445 first.  If its unable, then it will try 135-139.  If you disable NetBIOs over TCPIP on the server, then the only option is 445.

    So, yes, blocking 135-139 and allowing only allowing 445 will allow you to share files between the systems without the additional exposure to NetBios over TCPIP.

    Visit: anITKB.com, an IT Knowledge Base.
    • Marked as answer by Rick Tan Thursday, April 21, 2011 1:45 AM
    Friday, April 15, 2011 1:36 AM