11

I was wondering if someone here has had an enterprise experience running a "NetBIOS-free" network. I have in mind a mid to big Windows-based network.

I found some good posts here, here and here.

I would like to know if someone actually works (or worked) in a company that completely disabled NetBIOS? Was this scenario achieved painlessly?

What motivated me to ask this is that when I run certain tools to identify security problems in my network, most of them are related to NetBIOS. Of course I could try to do hardening, but since NetBIOS seems to be deprecated, why not completely turn it off?

Community
  • 1
Bob Rivers
  • 506
  • 4
  • 13

3 Answers3

3

Our main WINS server is scheduled to be decommissioned, and the WINS service was turn off a few weeks early unknown to us (Network Support). We started to get random users complaining that they couldn't get to computer resources by name. We found that the commonality of the devices was that they were not joined to the Windows domain (no Dynamic DNS) and did not have DNS entries for their names on our non-Windows DNS servers.

Adding the DNS entries fixed the problems. I found the following page at Microsoft's site very useful in figuring out the problem:

http://support.microsoft.com/kb/172218

At my previous job, we had no problems disabling NetBIOS entirely as we had one department that controlled the servers, workstations, and network, so we didn't run into a case where users lost functionality because we made sure everything resolved correctly before disabling the service. I vaguely remember having an issue with one of our flexLM license servers because the version used was so old, it didn't use DNS to resolve names. Updating the version fixed the issue.

So as long as you communicate to users that the functionality is going away and let them know what they need to do to get around it or fix it, I don't see any problem with doing away with it.

Joseph
  • 3,787
  • 26
  • 33
2

We're totally NetBios-free, but we migrated from NetWare/IPX to Win2K/IP almost 10 years ago, so we designed things to run that way and were never in a position where we had to disable it.

In theory the only hassle you should have is if you have any legacy network apps that are hard-coded to use NetBios and with no option of switching.

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
1

As I understand it, you can't pull NetBIOS out if you're still running Exchange 2003, but 2007 upwards will operate without NetBIOS.

Chris Thorpe
  • 9,903
  • 22
  • 32
  • 2003 works fine without for us (and 2000 before it). I think the standard MS advice about not being able to pull it out comes with an assumption that you're migrating from (or interoperating with) 5.5, and the experience might be different in different networks. – Maximus Minimus Mar 04 '10 at 23:19
  • 1
    They're pretty specific about things that won't work without NetBIOS name res. Seems true enough that there's no absolute show-stoppers, though: http://support.microsoft.com/kb/837391 – Chris Thorpe Mar 04 '10 at 23:44