Microsoft logo

Microsoft logo

 

What is NetBIOS you ask? In a nutshell, NetBIOS is a traditional Microsoft protocol, still in use by some of its underlying network technologies.
In other words, NetBIOS allows you to call your computers by name (it even works when you don't have or need a Domain Name Server!).

So why disable NetBIOS (given it is "somewhat useful")?!

You may consider to Disable NetBIOS:

  1. When you start anew - Say when you are building a new Windows network and you'd like to solely rely on (secured) DNS Server(s) to call computers by name.
  2. You are able to prove that your LAN is bloody slow due to NetBIOS.
  3. Your Boss wants you to do so ("political reasons", that is).
  • Don't disable NetBIOS if you already have a consolidated environment that "just works". In this case, my recommendation is to embrace NetBIOS (ie. by using one or more WINS Server(s)).
  • Disabling NetBIOS may cause you some trouble. That is especially true if your shares are mapped by short NetBIOS names (ie. instead of using Fully Qualified Domain Names).

Fine - If you think you no longer want or need NetBIOS (on your Windows-based Network), you may disable it in 2 steps.

That is because:

  1. I am assuming your Windows clients (ie. XP, Vista, 7, 8, 8.1 & 10), normally obtain an (automatically assigned) IP Address from your Windows DHCP Server.
  2. Your Servers might have a Statically assigned IP Address.

 

 

Disable NetBIOS off your Windows clients via DHCP.

Windows is a beast of an OS, but if you teach it how to behave, it gets orderly into line!

To disable NetBIOS off your Windows DHCP Clients, you can configure your Windows DHCP Server to instruct Windows DHCP clients not to use NetBIOS.

Proceed as follows:

  1. Open your DHCP Server snap-in ("dhcpmgmt.msc").
  2. Locate and expand the Scope from which you wish to disable NetBIOS.
    DHCP Server Scope

    DHCP Server Scope.

  3. Right Click on "Scope Options" and Click on "Configure Options...".
    DHCP Scope Server Options

    DHCP Scope Server Options.

    The "Scope Options"-window will popup.

  4. Click on the "Advanced"-tab and Click on the "Vendor Class:"-dropdown Menu.
  5. Select "Microsoft Windows 2000 Options".
    DHCP-Server-Showing-HowTo-Disable-NetBIOS

    DHCP-Server-Showing-HowTo-Disable-NetBIOS

    NOTE: The "vendor class"-Dropdown will display you a few "Microsoft XYZ Options".

    • Absolutely make sure you select "Microsoft Windows 2000 Options" (otherwise this setting will simply get ignored).
  6. CHECK "001 Microsoft Disable Netbios Option" to enable this option.
  7. On the "Data entry"-area, set the "Long"-value to "0x2" as shown above.

 

Now, when your DHCP clients will scream for an IP Address, your DHCP Server will:

  • Politely provide them one.
  • Command them to stop yelling NetBIOS.

For further details, please refer to the following article: https://support.microsoft.com/en-us/help/313314/how-to-disable-netbios-over-tcp-ip-by-using-dhcp-server-options

 

Disable NetBIOS from your Static IP Hosts.

Once you disable NetBIOS from your Windows DHCP Clients, I guess 80% of your job is complete.

What's left is your Static IP Addresses hosts (ie. your servers), which would have NetBIOS enabled by Default (most likely due to the fact that they wouldn't obtain a dynamic IP Address from your DHCP Server).

But then, if you are 100% confident about your AD/DNS/DHCP setup, you might as well wish (profanity follows!) to leave your servers as "Dynamic", because "who cares about IP Addresses?!" - Just leave numbers to Computers and get humans to call things by name (as long as you don't get too creative - such as naming your servers "Locutus-From-Star-Trek").

But I digress - If your servers are just a bunch of VMs, you might as well manually disable NetBIOS off them and call it a day:

  • Open the Network Adapter's TCP/IPv4 Advanced Properties (WINS-tab) then check "Disable NetBIOS over TCP/IP".

If you have many servers that you restart every now and then, another solution could be a Computer Startup (VB)Script, deployed via Group Policy and applied to your Domain Controllers & Domain Servers OUs.

To deploy a Computer Startup (VB)Script, you may proceed as follows:

  • Run gpmc.msc and create a new empty GPO (ie. name it "Disable NetBIOS Startup Script") then Edit it.

On the new GPO, browse to:

  • "Computers Configuration".
    • +"Policies".
      • +"Windows Settings".
        • +"Scripts".
          • +"Startup Scripts" (Double Click to open).
  • On the Startup Properties dialog Click on the Add Button to add a New Startup Script.
  • Now Click on Browse to open the (GPO's default) Startup Script intended/default location.
  • On the "Browse" Window, Right Click on a blank area and Select "New" -> "Text Document".
    That will create a "New Text Document.txt".
  • Rename "New Text Document.txt" To, say, "disable-netbios.vbs".
  • Right Click on "disable-netbios.vbs" and Click on "Edit".

Paste the following code on your "disable-netbios.vbs"-VBScript:

'  Title:      Configure NetBIOS over TCP/IP
'   Date:      2/25/2013
'Updated:
' Author:      Gregory Strike
'    URL:      http://www.gregorystrike.com/2013/02/25/configure-netbios-over-tcpip-group-policy/
'
'Purpose:      The following script will itterate through all NICs on a computer
'              to configuure NetBIOS over TCP/IP.  It finds the NICs listed under:
'              HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces
'
'              For each NIC under the key, it sets the NetbiosOptions value to one
'              of the below.  (Be sure to uncomment the setting you desire.)
'
'              0 - Default: Use DHCP setting from the DHCP Server
'              1 - Enable NetBIOS over TCP/IP
'              2 - Disable NetBIOS over TCP/IP
'
'License:      This script is free to use given the following restrictions are followed.
'              1. When used the Author and URL above must remain in place, unaltered.
'              2. Do not publish the contents of this script anywhere. Instead a link
'                 must be provided back to the URL listed above.
'
'Requirements: Administrative Privileges
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set ObjWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
'Set the path to the Network Interfaces
strKeyPath = "SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces"
'Get all the known interfaces
ObjWMI.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
'If there was a problem getting strKeyPath, exit the script before throwing an error.
If IsNull(arrSubKeys) Then WScript.Quit
'WScript.Echo Now() & " - Searching for Network Adapaters."
' Above commented by amatesi - uncomment to display Output.
'Loop through all Network Interface Cards and disable NetBIOS over TCP/IP
For Each Adapter In arrSubKeys
WScript.Echo Now() & " - Disabling NetBIOS over TCP/IP on '" & Adapter & "'"
'Default: Use DHCP setting from the DHCP Server
'objWMI.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath & "\" & Adapter, "NetbiosOptions", 0
'Enable NetBIOS over TCP/IP
'objWMI.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath & "\" & Adapter, "NetbiosOptions", 1
'Disable NetBIOS over TCP/IP
objWMI.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath & "\" & Adapter, "NetbiosOptions", 2
Next
'WScript.Echo Now() & " - Completed."
' Above commented by amatesi - uncomment to display Output.

The above VBScript has been snatched as-is from http://www.gregorystrike.com/2013/02/25/configure-netbios-over-tcpip-group-policy/ and it will simply Disable NetBIOS from all your Static IP hosts.

Once you have the script, link the GPO to your desired OUs (just remember to link it to the OUs that have hosts with Static IP Addresses).

For example, on gpmc, you might wish to:

  • Right Click on the "Domain Controllers"-OU.
  • Click on "Link an existing GPO...".
  • Select the "Disable NetBIOS Startup Script"-GPO and Click on OK to confirm.
  • Run "gpupdate" to apply the GPO to your "Domain Controllers".

If you've followed the above example, upon your next Server Restart, your DCs won't talk NetBIOS anymore.

Do you know any other ways on how to disable NetBIOS? Leave a comment then!

3.3/5 - (45 votes)