Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, June 27, 2018 8:28 PM
I know they are both the older protocols used on LAN environment when dns is unavailable. Currently we only have one or two machines on xp. The rest are either windows 10, windows 7, Windows 2008, Windows 2012, or Windows 2016. We are 2008 R2 domain environment and only have one forest and one domain. Therefore I do not foresee any problem in disabling netbios but I am still not 100% sure of disabling LLMNR. Any concern about disabling LLMNR shold I be aware of?
Please advise!
Thank you very much!
All replies (6)
Thursday, June 28, 2018 2:58 AM ✅Answered
Hi,
Thanks for your question.
LLMNR is a protocol defined in RFC 4795 that allows both IPv6 and IPv4 hosts to perform name resolution for the names of neighboring computers without requiring a DNS server or DNS client configuration.
IPv4 hosts can use NetBIOS over TCP/IP (NetBT) to resolve computer names to IPv4 addresses for neighboring hosts by broadcasting a NetBIOS Name Query Request message to the local subnet broadcast address. The node that owns the queried name sends back a unicast NetBIOS Name Query Response message to the requestor and the name is resolved. However, NetBT only works over IPv4, not IPv6. Additionally, IT administrators can disable NetBT in an environment in which DNS is exclusively used for name resolution. With NetBT disabled on a network without DNS servers, you must add entries to the Hosts file to resolve names.
LLMNR allows name resolution on networks where a DNS server is not present or practical. A good example is the temporary subnet formed by a group of computers that form an ad hoc IEEE 802.11 wireless network. With LLMNR, hosts in the ad hoc wireless network can resolve each other computer names without having to configure one of the computers as a DNS server and the other computers with the IP address of the computer acting as the DNS server.
For more information about this topic, we could refer to the following article,
Link-Local Multicast Name Resolution
https://technet.microsoft.com/en-us/library/bb878128.aspx
In order to benefit from LLMNR, you need to enable Network Discovery on all nodes on the local subnet, a host will not respond to the LLMNR request if Network Discovery is not enabled. In Microsoft operating systems, this option and LLMNR functionality are only included on Windows Vista and Windows Server 2008 or newer version.
Reference link:
Furthermore, we could configure local computer policy or set GPO for clients to turn off LLMNR as the following figure, enabled this policy at least Windows vista.
Hope above information can help you.
Highly appreciate your effort and time. If you have any question and concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, June 28, 2018 12:43 PM
thank you very much!!!!
Thursday, June 28, 2018 3:47 PM
I enabled the policy to turn off multicast name resolution. After i verified the registry key, it shows the key named EnableMulticast is 0x00000000(0). I am confused. I thought it should be 1 as disabled and 0 as enabled. What did I miss? Before the policy pushed down, there is no such key for EnableMulticast existing in the workstation. Also if I use dpcp to disable netbios over tcp/ip, will it affect end users' normal work?
Please advise!
thank you!
Friday, June 29, 2018 6:26 AM
Hi,
Thanks for your reply.
The registry key EnableMulticast with the value 0 indicates disabling LLMNR as the GPO enabled. EnableMulticast with the value 1 indicates enabling LLMNR as the GPO disabled. If the GPO is not configured, this registry key won’t exist.
According to my test, I think the registry key shows value 0 is right. Now disabled LLMNR.
For another question, Yes! We can use DHCP option to have DHCP clients disabled NetBIOS. Please refer to the following articles for more detailed,
How to disable NetBIOS over TCP/IP by using DHCP server options
DISABLE NETBIOS ON WINDOWS SERVER 2008 R2 DHCP SERVER SCOPES
Furthermore, without LLMNR and NetBIOS, we need DNS server or hosts file entries in our environment for name resolution.
Hope above information can help you.
Highly appreciate your effort and time. If you have any question and concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, June 29, 2018 9:09 PM
Can you share how to test llmnr? Thank you.
Also after I disabled netbios using dhcp server option, I reboot the workstation but I still see netbios on the first option. I wonder if I should choose "Microsoft Windows 2000 Options" . We have dhcp running on windows 2008 dc but most workstations are running windows 10. Please advise!
Thank you very much!!!!
**
Friday, July 6, 2018 10:09 AM
Hi,
Sorry for my delay.
The article is older. Please configure the standard DHCP option 43 "Vendor Specific Info" on the DHCP server as below. I made this test, it can work.
For this implementation detailed, please refer to the following link,
http://www.astorinonetworks.com/2011/09/09/disabling-nbt-via-dhcp-option-43/
In addition, we could try to use third party tool NMAP for LLMNR detection.
https://www.verifyit.nl/wp/?p=175893
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope above information can help you.
Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.
Best regards,
Michael
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]