Disable NetBIOS in W2K/XP/2003

by Daniel Petri - January 8, 2009

NetBIOS is an ancient session-level interface and transport protocol developed by IBM to network together PCs. It is a broadcast-based, non-routable and insecure protocol, and it scales poorly mostly because it was designed with a flat namespace. Since the late 1980s Microsoft has adopted NetBIOS for their LAN Manager product, and from there it found its way into early versions of Windows and all the way into Windows NT.

Since Windows 2000 however, DNS has become the default name resolution method for Windows-based networks and is required if you want to deploy Active Directory domains, as seen in the How to Install Active Directory on Windows 2000, Install and Configure Windows 2000 DNS Server to Prepare for AD and the How to Install Active Directory on Windows 2003 articles.

Although Windows 2000, Windows XP, and Windows Server 2003 provide for the ability to disable NetBIOS over TCP/IP (NetBT), many corporate networks will remain reluctant to do so because of the fact that most of them still have legacy (Windows 9x or Windows NT) machines on their network. These machines need NetBIOS to function properly on a network because they use NetBIOS to logon to domains, find one another, and establish sessions for accessing shared resources. But for networks that are "free" of legacy systems you may want to consider disabling the NetBT transport altogether on all computers (it can be easily accomplished by using DHCP) or at least on critical file and print servers.

In order to disable NetBIOS over TCP/IPin Windows 2000/XP/2003 you should right-click on My Network Places and select Properties. Then right-click on the appropriate Local Area Connection icon, and select Properties.

Next, click on Internet Protocol (TCP/IP) and Properties.

Now click Advanced, and select the WINS tab.

There you can enable or disable NetBIOS over TCP/IP.

The changes take effect immediately without rebooting the system.

Optionally, you can select the Use NetBIOS setting from the DHCP server if you are using a DHCP server that can selectively enable and disable NetBIOS configurations through DHCP option types. NetBIOS over TCP/IP can also be disabled for computers that are running Windows 2000/2003 by using the advanced DHCP option types that are supported by the Windows 2000/2003 DHCP Server service.

Note: Computers that are running an operating system prior to Windows 2000 will be unable to browse, locate, or create file and print share connections to a Windows 2000/XP/2003 computer with NetBIOS disabled.

Problems

  • Computers Running Windows 2000

The computer no longer listens for traffic to the NetBIOS datagram service at User Datagram Protocol (UDP) port 138, the NetBIOS name service at UDP port 137, or the NetBIOS session service at Transmission Control Protocol (TCP) port 139.

If the computer needs to participate in WINS as a client, it must be physically multihomed (that is, it must have other physical network connections active and available for its use) for it to continue communicating with and using a WINS server.

  • Computers Operating as WINS Clients

The computer can no longer function as a WINS server to service WINS clients over the connection unless NetBT is re-enabled.

For those adapters to use WINS, you must either manually configure a list of WINS servers on the NetBT-enabled connections or provide such a list to these connections from a DHCP server.

Note: WINS servers that are configured in TCP/IP properties for the disabled network adapter do not apply for other installed network adapters.

  • Down-Level Clients, Services and Programs

NetBIOS defines a software interface and a naming convention, not a protocol. NetBIOS over TCP/IP provides the NetBIOS programming interface over the TCP/IP protocol, extending the reach of NetBIOS client and server programs to the WAN, and providing interoperability with various other operating systems. The Workstation service, Server service, Browser, Messenger, and NetLogon services are all direct NetBT clients. They use TDI (Transport Driver Interface) to communicate with NetBT. Microsoft Windows NT and Windows 2000 also include a NetBIOS emulator. The emulator takes standard NetBIOS requests from NetBIOS programs and translates them to equivalent TDI primitives.

Windows 2000/XP/2003 uses NetBIOS over TCP/IP to communicate with prior versions of Windows NT and other clients, such as Microsoft Windows 95. Careful testing should be done before disabling NetBIOS over TCP/IP in any production environment. Programs and services that depend on NetBIOS no longer function after you disable NetBT services, so it is important that you verify that your clients and programs no longer need NetBIOS support before you disable it.

  • Cross-Forest trusts

NetBIOS is still used in the trust creation process. Forests that have the same NetBIOS name for their Forest Root Domains will not be able to create trusts between them, and the only method around that is to re-install one of the forests and to re-create it from scratch.

  • Pre-Windows 2000 Logon names

NetBIOS is also used in the Windows domain logon screen, and it will not allow you to log on to domains that happen to have similar NetBIOS names. It will only show you the first domain and will not let you select the other domain names. This can be worked around by logging on with the User Principal Name (UPN) in the logon box, for example joesmith@test.com.

Related articles

You may find these related articles of interest to you:

Links

Configure TCP/IP Networking While NetBIOS Is Disabled in Windows 2000 Server - 299977

Configure TCP/IP Networking While NetBIOS Is Turned Off on a Server Running Windows Server 2003 - 323357

Windows 2000 NetBIOS over TCP Configuration Parameters

Disable NetBIOS Over TCP/IP By Using DHCP Server Options - 313314

W2K Server Documentation - Microsoft vendor-specific options

Understanding NetBIOS and Windows Server 2003



Join The Petri Insider - Weekly IT Tutorial and Tips, Whitepaper and Webinars