In NT and 2000 there is a function called "IP security" settings (under TCP/IP settings) were you can allow or disallow ports..

This is a real basic packet filter, I have used it to lock down computers but always as a first defence and even if using this port blocking feature I would recomend a firewall.

XP has a simple firewall function aswell, still I would recomend to use better thirdparty softwares as ZA or other personal firewalls.

About to lock down ports manually from the command line!? Nope I have never heard or used such a command.. And it would maybe be a nice feature but I would still recomend a firewall and a good security policy to achive protection.