how to disable feature that opened port 445 on windows server?

Following is just quotation of two different sources which I used to successfully disable port 445 on Windows XP machines. I was closing port 445 and 135, 137 - 139, so I followed all instruction in the article and it worked for me.

General information about port 445 (archive link)

Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

At its simplest NetBIOS on your LAN may just be a necessary evil for legacy software. NetBIOS on your WAN or over the Internet, however, is an enormous (read foolish...) security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS. It really is in your best interests to ensure that NetBIOS never leaves your network.

If you are using a multi-homed machine i.e. more than 1 network card, then you should disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.

How to disable port 445

To disable Port 445:

Add the following registry key:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0

Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.

(the registry keys are different for Windows 7 onwards, see this Microsoft article)

Start-run-services.msc, disable Server service.

Use TCPView to find out which program is listening on port 445.

If the listener is svchost.exe, this is then a system service. To guess which one, note down its PID, go to Task Manager, tab Services and click on PID to sort by it. There will be several services with this PID, and all of them are candidates. If you cannot decide which one, post the names of the candidate services so we can comment on them.

Please note that an open port does not need to have a listener. A port is called "open" when it is not blocked by the firewall.

Port 445 = SMB = Printer and File Sharing. So disable the file sharing in the network connection options to close the port.