Disable LLMNR and NetBIOS using GPO

From Michael's Information Zone
Revision as of 12:35, 12 March 2018 by Michael.mast (talk | contribs) (Created page with "==Purpose== We already know that anything legacy and unsupported should be removed. But recently I learned about LLMNR from an article titled "Gain domain admin from outside a...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

We already know that anything legacy and unsupported should be removed. But recently I learned about LLMNR from an article titled "Gain domain admin from outside active directory".[1] Yet another dangerous service enabled by default. Though my ignorance is showing since I have seen LLMNR in action when looking through packet captures. I thought it was a little odd systems would ask each other for domain names, but I had to troublehsoot a SIP issue damnit!

Regardless, it seemed to be a good idea to disable these features in an environment with strong DNS.

LLMNR

This one is simple using either LGPO or a domain controller. [2] Computer Configuration -> Administrative Templates -> Network -> DNS Client
Enable "Turn Off Multicast Name Resolution"

NetBIOS

Of course Microsoft would be a pain and not have an explicit policy for NetBIOS. Yet they leave it enabled bu default on their operating systems....

A startup script with the following appears to do the trick[3]

wmic nicconfig where (TcpipNetbiosOptions!=Null and TcpipNetbiosOptions!=2) call SetTcpipNetbios 2