https://wiki.1701technology.com/index.php?action=history&feed=atom&title=Disable_LLMNR_and_NetBIOS_using_GPODisable LLMNR and NetBIOS using GPO - Revision history2026-05-06T16:00:17ZRevision history for this page on the wikiMediaWiki 1.34.1https://wiki.1701technology.com/index.php?title=Disable_LLMNR_and_NetBIOS_using_GPO&diff=654&oldid=prevMichael.mast: Created page with "==Purpose== We already know that anything legacy and unsupported should be removed. But recently I learned about LLMNR from an article titled "Gain domain admin from outside a..."2018-03-12T17:35:10Z<p>Created page with "==Purpose== We already know that anything legacy and unsupported should be removed. But recently I learned about LLMNR from an article titled "Gain domain admin from outside a..."</p>
<p><b>New page</b></p><div>==Purpose==<br />
We already know that anything legacy and unsupported should be removed. But recently I learned about LLMNR from an article titled "Gain domain admin from outside active directory".<ref>https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html?lipi=urn%3Ali%3Apage%3Ad_flagship3_profile_view_base_recent_activity_details_all%3B512zHgY%2FSL6oMdonsOyiHQ%3D%3D</ref> Yet another dangerous service enabled by default. Though my ignorance is showing since I have seen LLMNR in action when looking through packet captures. I thought it was a little odd systems would ask each other for domain names, but I had to troublehsoot a SIP issue damnit!<br />
<br><br />
<br><br />
Regardless, it seemed to be a good idea to disable these features in an environment with strong DNS.<br />
<br />
==LLMNR==<br />
This one is simple using either LGPO or a domain controller.<br />
<ref>http://woshub.com/how-to-disable-netbios-over-tcpip-and-llmnr-using-gpo/</ref><br />
Computer Configuration -> Administrative Templates -> Network -> DNS Client<br />
<br><br />
Enable "Turn Off Multicast Name Resolution"<br />
==NetBIOS==<br />
Of course Microsoft would be a pain and not have an explicit policy for NetBIOS. Yet they leave it enabled bu default on their operating systems....<br />
<br><br />
<br><br />
A startup script with the following appears to do the trick<ref>https://www.youtube.com/watch?v=1Dm87ivLXr0</ref><br />
<pre><br />
wmic nicconfig where (TcpipNetbiosOptions!=Null and TcpipNetbiosOptions!=2) call SetTcpipNetbios 2<br />
</pre></div>Michael.mast