<div>
We needn't 139 &amp;&nbsp;445 port if the machine don' share files or printers to other machines.<br />
You can close these ports in firewall.
</div>


<div>
If you do a lot or remote management, you will still need those ports open. If you're afraid for security reasons, limit these ports to the managing server only (needs to be done in Advanced Settings in the Firewall setttings, with a new custom rule)
</div>


<div>
Agree with Kimputer.<br />
<br />
If your environment happens to be very sensitive about security, please take the following into consideration: if you, the admin, wants to use the c$ share or execute remote commands (like psexec), or do other admin stuff, you need those ports accessible from your own workstation only. So what do you do? Do you create a GPO that sets up some rule that will simply allow your IP? That would be unwise.<br />
<br />
Anyone with a little insider knowledge will know the IP of the admin's workstation. So for an attack, he will simply wait for the admin to turn off his workstation and give his own computer that IP.<br />
So IP-based firewall rules are insecure as h***.<br />
<br />
If you really mean to setup secure rules, you need to establish ipsec firewall rules.
</div>


<div>
We do not want to implement the firewall on individual workstations due to the headaches that will come after.<br />
Should I remove/disable/turn off the service that causes the workstations to listen on those ports? <br />
Is the following correct to turn these services off on the workstation?<br />
Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings\Turn on file and print share
</div>


<div>
None of our workstations have local firewall enabled. They were disabled open deployment. I do believe its a good idea to turn it on but thats not our policy at the moment.<br />
<br />
I wanted to verify if closing file and print sharing on workstations will effectively cause the workstation to stop listening on 139 and 445.
</div>


<div>
Yes, unless no other software that is installed at these machines listens on those ports, they will be closed, if default windows settings are still applied.
</div>


<div>
perfect! thanks brah and have a good weekend!
</div>


<div>
<div class="content wysiwyg-content">
Do I need ports 139/445 open(listening) on the workstations that are Windows 7 machine? I know 139/445 needs to be open on the fileserver/printserver but not sure if it needs to be on the workstations if they are not sharing files or printers from the workstation.
</div>
</div>


Do I need ports 139/445 open(listening) on the workstations that are Windows 7 machine? I know 139/445 needs to be open on the fileserver/printserver but not sure if it needs to be on the workstations if they are not sharing files or printers from the workstation.

Do I need Ports 139 and 445 for workstations opened?

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.