Securing Netbios on Windows 2000

Submitted by jroos on Thu, 03/08/2001 - 13:00

Microsoft is not known for it's quality security practices. As a result most people who run a Microsoft operating system have the security holes already built in. In this tip I'll show how to add just a little more security to your Windows 2000 setup.

If you are using file and printer sharing or any other service that depends on netbios you shouldn't use this tip. If you are unsure you certainly shouldn't bother.

Open the Network Control Panel. Then right click on your Local Area Connection and choose properties. The first step in securing netbios is to uninstall File and Printer Sharing if it is listed. This goes for any operating system and any protocol. If you don't need a protocol then it's just another security hole. The next thing to do is disable netbios over TCP. Click on Internet Protocol (TCP/IP) and choose properties. Next choose Advanced... and click the WINS tab. On this page uncheck Enable LMHOSTS lookup and choose Disable NetBIOS over TCP/IP. Click OK and if it asks you "This connection has an empty primary WINS address. Do you want to continue?" click yes. Click OK and OK and then close the control panel. You should reboot. Now any scanner looking for netbios information will turn up empty. One less hole.

Modified 2001-03-08

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Use the special tag [adsense:format:slot] or [adsense:format:[group]:[channel][:slot]] or [adsense:block:location] to display Google AdSense ads.

More information about formatting options

Due to abuse by spam bots, you need to fill in the captcha below to proceed.
Drupal theme by Kiwi Themes.