Forum Discussion

KiPe01's avatar
KiPe01
Copper Contributor
Jun 05, 2023

Disabling Netbios name service via new ADMX / GPO does not work as expected (bug?)

Disabling Netbios Name service via GPO, new in Windows 11, does not seeem to work as expected / advertised.

Using the latest Windows 11 build (22H2, 1702 as of June 2023), all patches updates and drivers installed.
This seems to be a bug

 

As mentioned also here [1], the Windows 11 ADMX features a new setting to disable Netbios name resolution.

The option "Configure NetBIOS settings" can be found under Computer Configuration > Policies > Administrative Templates > Network > DNS Client

This option can be set to "Disable Netbios Name Resultion", if activated.

 

Setting it however does not have the desired effect.

Tried locally as well as via the domain controller.

 

Evidence:

 

ipconfig [2] still shows NetBIOS enabled.


Also nbtstat shows names on an interface [3].

 

The fact that this GPO does not work as advertised might be a security relevant topic as people setting this directive will expect Netbios to be disabled, which it seems is not the case. So they will also refrain from taking any other actions to enahance Netbios related security.

 

Cheers

 

[1]

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-an-update/ba-p/3703548

 

[2] excerpt from "ipconfig /all"

..[cut]

NetBIOS over Tcpip. . . . . . . . : Enabled

 

[3] "nbtstat -n"

..cut..

WLAN:
Node IpAddress: [192.168.xx.yy] Scope Id: []

 

                NetBIOS Local Name Table

 

       Name               Type         Status
    ---------------------------------------------
    xxxx           <20>  UNIQUE      Registered

 

 

Resources