Home / server / Questions / 637623
Accepted
JohnLBevan
Asked: 2014-10-17 10:58:16 +0800 CST

Disable windows file shares without losing share config

  • 772

Background

We're currently upgrading an old app from running on Windows Server 2003 to running it on Windows Server 2012.

Users and other systems communicate with this system via HTTP (i.e. users accessing the website), FTP (files to sync data from client devices) and Windows Shares (files to sync data from devices which don't have FTP capabilities).

To do this migration, I'd like to disable the current live system and repoint users to the new one. I want to ensure the old website, FTP and file shares are inaccessible so there's no chance of anyone communicating to the old locations (i.e. I want them to get an error if they somehow reach the old system; so we know there's an issue rather than waiting for someone to notice integrity issues due to (say) files queueing up on the shares).

However, after the migration we'll be running some tests to know if all's worked. If there are issues we may wish to roll back to the current solution - I want this to be painless & as risk free as possible.

For FTP: I'll stop & the FTP (FileZilla) service; meaning for roll back I just have to start this service and it will be instantly accessible, without any additonal configuration (e.g. recreating users & permissions).

For HTTP: I'll stop the IISAdmin and W3Svc services; same reasoning as above.

Question:

Is there a simple way to disable network sharing (i.e. make windows shares innaccessible without changing the permissions on those shares / their config) on Windows Server 2003 without losing configuration settings?

windows-server-2003

3 Answers

  1. Best Answer

    Two methods I can think of that don't require modifying the shares:

    1. Disable the Server service. (ServiceName: LanmanServer. DisplayName: server)

    and/or

    1. Unbind File and Printer Sharing on the NIC.
    • 11

  2. Here's what I'd do.

    • Backup the HKLM\System\CurrentControlSet\Services\LanManServer\Shares registry key and subkeys
    • Delete any shares you want to "disable".
    • Restart the "Server" service.
    • Restore the shares from the registry backup to "enable" them again.

    It's a bit heavy-handed, but I'd prefer that to @TheCleaner's suggestion of changing permission because it makes the shares gone w/ no chance of anybody accessing them, "Domain Admins" member or otherwise.

    • 4

  3. I know this is an old question, but I had a similar requirement recently, albeit on Windows Server 2008 R2. Here is one option that came to mind: Block share access via Windows Firewall:

    In Windows Server 2003 SP1:

    Control Panel > Windows Firewall > Exceptions tab > Untick File and Printer Sharing > OK button.

    In my case I ended up putting a Deny on the share permissions, but since you required a solution that doesn't change existing permissions or config, I thought I'd mention the host firewall option.

    • 1