What’s the best way to temporarily disable the Windows 2003 File Sharing service(s)? Sorta like the equivalent to shutting down Samba on a Linux box.
You can stop the “Server” service. This is going to stop the “Netlogon” and “Computer Browser” services, too. (On a domain controller computer, stopping the “Netlogon” service can potentially cause problems with client computers being able to allow logons with domain acconts.)
If this is something you want to do long-term, you might be better off to rename the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanManServerShares registry key to something else, create a new “Shares” key with a “Security” subkey, then briefly stop and restart the “Server” service (and dependent services). This will effectively disable all “shares” on the box.
When you’re ready to bring the shares back, delete the temporary “Shares” key, rename the old one back to “Shares”, and bounce the service again.
You can definitely do this on a temporary basis and it’ll be fine. Microsoft has been known to assume that this service is “always on” (have a look at http://www.markwilson.co.uk/blog/2005/10/sysprep-fails-on-windows-xp-sp2.htm
for an example of weird behaviour in one part of the product based on that assumption).
The “right way” to handle not exporting shares via SMB is probably one of the following (based on your tolerance for risk and desired to deal with potential “strangeness”):
- Don’t share anything, but leave service running.
- Firewall the machine to prevent access to ports 139 and 445, but leave service running.
- Unbind “File and Print Sharing for Microsoft Networks” from the box’s NIC.
- Just stop the service and hope for the best.