jayroos.com

Microsoft is not known for it’s quality security practices. As a result most people who run a Microsoft operating system have the security holes already built in. In this tip I’ll show how to add just a little more security to your Windows 2000 setup.

If you are using file and printer sharing or any other service that depends on netbios you shouldn’t use this tip. If you are unsure you certainly shouldn’t bother.

Open the Network Control Panel. Then right click on your Local Area Connection and choose properties. The first step in securing netbios is to uninstall File and Printer Sharing if it is listed. This goes for any operating system and any protocol. If you don’t need a protocol then it’s just another security hole. The next thing to do is disable netbios over TCP. Click on Internet Protocol (TCP/IP) and choose properties. Next choose Advanced… and click the WINS tab. On this page uncheck Enable LMHOSTS lookup and choose Disable NetBIOS over TCP/IP. Click OK and if it asks you “This connection has an empty primary WINS address. Do you want to continue?” click yes. Click OK and OK and then close the control panel. You should reboot. Now any scanner looking for netbios information will turn up empty. One less hole.

Modified 2001-03-08