I have a problem in win2k3 domain and Windows XP Cients. I want to completely block Netbios over TCP/IP on all Windows XP Clients and on Servers 2003 not. My First Question is that port 445 is part of Netbios or not ? My Second Question is that all clients get IP from DHCP server. If I completely disable Netbios over TCP/IP can I get Ip from DCHP server. All clients connect with network drive and Shared Printers on server. Can Client access Shared Resources from servers. My Case Study is that I want all clients cannot access shared Folders, which are exits on client Machine (i.e \\machinename\shared), but can access Shared Printers which is shared on client machines & servers and also wants to connect Network Drive which is Shared on Server machine only. Regards Muhammad Imranimran

Hello, for ports: NetBIOS name service: 137 NetBIOS datagram service: 138 NetBIOS session service: 139 Reference: http://technet.microsoft.com/en-us/library/bb727063.aspx My Second Question is that all clients get IP from DHCP server. If I completely disable Netbios over TCP/IP can I get Ip from DCHP server. All clients connect with network drive and Shared Printers on server. Can Client access Shared Resources from servers. Yes you can get an IP address from the DHCP server. My Case Study is that I want all clients cannot access shared Folders, which are exits on client Machine (i.e \\machinename\shared), but can access Shared Printers which is shared on client machines & servers and also wants to connect Network Drive which is Shared on Server machine only. You have to configure NTFS and share permissions correctly. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

Hi, Thanks for Reply, I want to completely block Port 135,137,138,139,445 on all windows XP clients. My Question is that if I disable these ports can all windows XP client, then these clients can access Shared Folders and Printers from server. My XP clients users have local admin rights, that's why they can share folders on there PC. So I want to setup a policy, even if any user share any folder with everyone rights on there PC can not access to other windows xp client but if any window Xp client share Printer on there pc can access to other windows xp client. I don't want to do this with NTFS permission, because I don't know which permission given by user to a folder on his PC. I again clear you what I want. Firewall is disabled on all client machines. If i type at Run prompt (\\pc1.testdomain.com) on a client pc, then it shows balnk screen to users. (Which indicate to user no folder is shared on accessed PC1.testdomain.com). But want to show shared printer. If I type at Run Prompt (\\server1.testdomain.com) on a client pc, then it shows all shared folders and printers to user. Regards.imran

Hi imran, Thanks for posting here. >So I want to setup a policy, even if any user share any folder with everyone rights on there PC can not access to other windows xp client but if any window Xp client share Printer on there pc can access to other windows xp client. If I understand you correctly that you are going to only allow the shard printer could be accessed from other computer but folder , am I correct ? A workaround that posted in the blog article below may help you to prevent user to share their folders by GUI : Disable File Sharing Through Group Policies http://blog.box.com.ph/2006/03/20/disable-file-sharing-through-group-policies/ Meanwhile, the gold should be more easily achieved if you are using Windows 7 or above versions: Enable or disable File Sharing with Group Policy http://technet.microsoft.com/en-us/library/cc754359(WS.10).aspx Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Triger Li, Yes my goal is to stop sharing on all Xp client computers. But I have another assignment is that to disable Port 135,137,138,139,445 an all client computers, but want to allow clients to access shared folders and printers which are shared on server 2003. Port 135,137,138,139 can be disable in following way. In the 'Advanced TCP/IP Settings' window click on WINS. Select 'Disable NetBIOS over TCP/IP' To disable port 445 on your computer. I do this Start Registry Editor (Regedit.exe). Locate the following key in the registry: HKLM\System\CurrentControlSet\ Services\NetBT\Parameters In the right-hand side of the window find an option called TransportBindName. Double click that value, and then delete the default value, thus giving it a blank value. If I disable these ports, then how i can access shared printers and Folders from server 2003. Because in our environment all printers and folders are shared on servers. One Mapped network Drive. Regardsimran