Home > Cisco, LAN, Security, Windows > How to automate a change of NetBIOS settings in properties of a network connection in Windows

How to automate a change of NetBIOS settings in properties of a network connection in Windows

NetBIOS and LLMNR protocols is a really bad legacy in Windows (from security perspective). They should be disabled in all networks where DNS is sufficient means of name resolution.

There are three options:

  1. Change manually:
    NetBIOS over TCP/IP
  2. Script via GPO:

    wmic nicconfig where (TcpipNetbiosOptions!=Null and TcpipNetbiosOptions!=2) call SetTcpipNetbios 2

  3. Leave as Default and set via DHCP.
    This is how you configure relevant scope option in Windows:
    Windows DHCP option to disable NetBIOS
    a
    nd this is how you configure the same on Cisco IOS:

    option 43 hex 0104.0000.0002

It is important to also disable LLMNR at the same time as NetBIOS as when Windows does not find NetBIOS it tries to use LLMNR instead and vice versa:

Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Turn off Multicast Name Resolution -> set to “Enabled”
Advertisements
  1. icemangunnar
    June 6, 2015 at 9:18 am

    To disable NetBIOS with GPO its better to edit the regkeys of the clients instead of running a script in the background

    HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces. – Select each interface GUID. and set to 2

    • June 8, 2015 at 8:40 am

      fair comment about direct editing of the registry but how are you going to create a universal .reg file taking into account that all interface GUIDs are different from machine to machine?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: