Netbeui and security



Eddie
07-09-2005, 10:51 PM
under the network card's properties in the wins section should I disable
netbeui for a windows 2003 native mode domain?

Roger Abell
07-09-2005, 10:51 PM
You are saying Netbeui but you are meaning NetBios.
These are quite different. Most deployments do need
to allow NetBIOS over Tcp/Ip, but only testing with
your specific deployment will tell whether and where
your environment has dependencies on it being allowed.
If disallowed, much will switch over to use of direct
hosting on Tcp 445, but older apps will likely fail if
they have a dependency.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Eddie" <Eddie@discussions.microsoft.com> wrote in message
news:A32D6477-2C1A-4AC5-A80B-C16BE74BD3F6@microsoft.com...
> under the network card's properties in the wins section should I disable
> netbeui for a windows 2003 native mode domain?

Karl Levinson, mvp
07-09-2005, 10:51 PM
Agreed. You could however try disabling it on a test workstation and see if
anything breaks. Theoretically, in a native Windows 2003 network with no
Windows NT, 9x or ME, not much should break.


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23UDUDRvWFHA.3996@TK2MSFTNGP09.phx.gbl...
> You are saying Netbeui but you are meaning NetBios.
> These are quite different. Most deployments do need
> to allow NetBIOS over Tcp/Ip, but only testing with
> your specific deployment will tell whether and where
> your environment has dependencies on it being allowed.
> If disallowed, much will switch over to use of direct
> hosting on Tcp 445, but older apps will likely fail if
> they have a dependency.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> news:A32D6477-2C1A-4AC5-A80B-C16BE74BD3F6@microsoft.com...
> > under the network card's properties in the wins section should I disable
> > netbeui for a windows 2003 native mode domain?
>
>

Eddie
07-09-2005, 10:51 PM
ok thanks.

"Roger Abell" wrote:

> You are saying Netbeui but you are meaning NetBios.
> These are quite different. Most deployments do need
> to allow NetBIOS over Tcp/Ip, but only testing with
> your specific deployment will tell whether and where
> your environment has dependencies on it being allowed.
> If disallowed, much will switch over to use of direct
> hosting on Tcp 445, but older apps will likely fail if
> they have a dependency.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> news:A32D6477-2C1A-4AC5-A80B-C16BE74BD3F6@microsoft.com...
> > under the network card's properties in the wins section should I disable
> > netbeui for a windows 2003 native mode domain?
>
>
>

Jim Carlock
07-09-2005, 10:51 PM
Just curious... does anyone know of a specific application that would
break if NetBIOS is turned off ? I've turned NetBIOS off in the past
and have never noticed any problems, specifically when the name
resolving is handled by a localized DNS server. Win9x hooked up
fine and everything seemed to talk properly over TCP/IP alone.

--
Jim Carlock
Please post replies to newsgroup.

"Karl Levinson, mvp" <levinson_k@despammed.com> wrote:
Agreed. You could however try disabling it on a test workstation and see if
anything breaks. Theoretically, in a native Windows 2003 network with no
Windows NT, 9x or ME, not much should break.


"Roger Abell" <mvpNOSpam@asu.edu> wrote:
> You are saying Netbeui but you are meaning NetBios.
> These are quite different. Most deployments do need
> to allow NetBIOS over Tcp/Ip, but only testing with
> your specific deployment will tell whether and where
> your environment has dependencies on it being allowed.
> If disallowed, much will switch over to use of direct
> hosting on Tcp 445, but older apps will likely fail if
> they have a dependency.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> news:A32D6477-2C1A-4AC5-A80B-C16BE74BD3F6@microsoft.com...
> > under the network card's properties in the wins section should I disable
> > netbeui for a windows 2003 native mode domain?
>
>

Byron Hynes [MVP]
07-09-2005, 10:51 PM
The biggest example is a Microsoft Exchange Cluster.
http://support.microsoft.com/default.aspx?scid=kb;en-us;837391

There are a few others around, but I can't find a link that has them all
in one place. The more systems you have that are older than Windows Server
2003 and Windows XP, the more likely you will have trouble.

- Byron Hynes


> Just curious... does anyone know of a specific application that would
> break if NetBIOS is turned off ? I've turned NetBIOS off in the past
> and have never noticed any problems, specifically when the name
> resolving is handled by a localized DNS server. Win9x hooked up
> fine and everything seemed to talk properly over TCP/IP alone.

Roger Abell
07-09-2005, 10:52 PM
AFAIK it is mostly NT4/Win9x era applications, or applications
from vendors that are still attempting to live back in the past.
I hesitate to name names, but do know of a widely used third-party
contact management application that even requires LM be enabled
in the currently sold version !!

--
Roger Abell
Microsoft MVP (Windows Security)
"Jim Carlock" <anonymous@localhost> wrote in message
news:eb03KvLXFHA.3488@tk2msftngp13.phx.gbl...
> Just curious... does anyone know of a specific application that would
> break if NetBIOS is turned off ? I've turned NetBIOS off in the past
> and have never noticed any problems, specifically when the name
> resolving is handled by a localized DNS server. Win9x hooked up
> fine and everything seemed to talk properly over TCP/IP alone.
>
> --
> Jim Carlock
> Please post replies to newsgroup.
>
> "Karl Levinson, mvp" <levinson_k@despammed.com> wrote:
> Agreed. You could however try disabling it on a test workstation and see
if
> anything breaks. Theoretically, in a native Windows 2003 network with no
> Windows NT, 9x or ME, not much should break.
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote:
> > You are saying Netbeui but you are meaning NetBios.
> > These are quite different. Most deployments do need
> > to allow NetBIOS over Tcp/Ip, but only testing with
> > your specific deployment will tell whether and where
> > your environment has dependencies on it being allowed.
> > If disallowed, much will switch over to use of direct
> > hosting on Tcp 445, but older apps will likely fail if
> > they have a dependency.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "Eddie" <Eddie@discussions.microsoft.com> wrote in message
> > news:A32D6477-2C1A-4AC5-A80B-C16BE74BD3F6@microsoft.com...
> > > under the network card's properties in the wins section should I
disable
> > > netbeui for a windows 2003 native mode domain?
> >
> >
>
>
>

Jim Carlock
07-09-2005, 10:52 PM
"Roger Abell" <mvpNOSpam@asu.edu> wrote:
> I hesitate to name names, but do know of a widely used third-party
> contact management application that even requires LM be enabled
> in the currently sold version !!

What if I name the name and you say yay or nay? ACT? <g> I think I
saw that on one system in the past (about 1996 or there abouts).

--
Jim Carlock
Please post replies to newsgroup.

Roger Abell
07-09-2005, 10:52 PM
You evidently saw all the clues I had put in the post !!

Right

--
Roger
"Jim Carlock" <anonymous@localhost> wrote in message
news:uYbUeeZXFHA.3732@TK2MSFTNGP10.phx.gbl...
> "Roger Abell" <mvpNOSpam@asu.edu> wrote:
> > I hesitate to name names, but do know of a widely used third-party
> > contact management application that even requires LM be enabled
> > in the currently sold version !!
>
> What if I name the name and you say yay or nay? ACT? <g> I think I
> saw that on one system in the past (about 1996 or there abouts).
>
> --
> Jim Carlock
> Please post replies to newsgroup.
>
>


Netbeui and security