J
Joel D. Kraft
I have been considering disabling NetBIOS over TCP/IP in the
computers in my domain. I have a couple of computers with it
turned off, and there haven't seemed to be any problems with
this setup. I just want to run my observations by and see if
there are any glaring errors.
The domain is a Windows 2000 native domain with Windows 2003
servers, and all of the clients are running Windows XP. I've
never been a fan of NetBIOS, but in an educational environment,
it just screams for trouble. So the biggest advantage of change
seems to be the disabling of computer disovery through browsing
from both the client and server perspective. I think this is
great because it should reduce our exposure for student network
scanning "experiments", as well as for viruses that might use
NetBIOS. It also keeps folks on our machines from browsing for
other machines to get into mischief at work. (I know they can
still access things if they know the name of the computer.)
Other than that, everything else appears to work exactly the same
as before! I can still share files and printers, access shared
files and printers, and use the remote management tools. Is there
any functionality that might be hampered that I am missing? Is
there anything that might happen by doing this on a server? or
a domain contoller?
If I decide to proceed, is there a way to get this to happen
across the entire domain via Group Policy or in the registry?
Thanks,
Joel (jdk6 at case dot edu)
Joel D. Kraft
Case Western Reserve University
computers in my domain. I have a couple of computers with it
turned off, and there haven't seemed to be any problems with
this setup. I just want to run my observations by and see if
there are any glaring errors.
The domain is a Windows 2000 native domain with Windows 2003
servers, and all of the clients are running Windows XP. I've
never been a fan of NetBIOS, but in an educational environment,
it just screams for trouble. So the biggest advantage of change
seems to be the disabling of computer disovery through browsing
from both the client and server perspective. I think this is
great because it should reduce our exposure for student network
scanning "experiments", as well as for viruses that might use
NetBIOS. It also keeps folks on our machines from browsing for
other machines to get into mischief at work. (I know they can
still access things if they know the name of the computer.)
Other than that, everything else appears to work exactly the same
as before! I can still share files and printers, access shared
files and printers, and use the remote management tools. Is there
any functionality that might be hampered that I am missing? Is
there anything that might happen by doing this on a server? or
a domain contoller?
If I decide to proceed, is there a way to get this to happen
across the entire domain via Group Policy or in the registry?
Thanks,
Joel (jdk6 at case dot edu)
Joel D. Kraft
Case Western Reserve University