Forum Discussion
Karl-WE
Apr 23, 2022MVP
Feature Request: NetBIOS and WINS deprecation / removal
It is 2022. While having a good course to remove SMB 1 in Windows Server and Windows Client we still have the following things enabled by default, which are not enhancing security and performance.
Please consider the following related changes:
- Introduce an ADMX Template to disable LMhosts, to raise security
- Introduce an ADMX Template to disable NetBIOS over TCP/IP for Network interfaces to raise security.
- try to remove WINS from Windows Server feature and support of NetBIOS altogether as you gradually did with SMB1.
- try to remove dependencies (also in PowerShell) that somehow rely on using NT4 authentication format (domainname\username) instead of UPN (username@domainname.tld)
- Another reference from a security expert and MVP
https://www.imab.dk/reduce-your-attack-surface-by-disabling-netbios-using-powershell-and-microsoft-intune/ it could be late to the party of Windows Server 2025 release, hence could you consider this Feature Request with a WS 2025 post release roadmap?
I mean Microsoft teams hustle hard, touching big wheels like NTLM, but WINS (deprecated) is still an available feature plus this Netbios over TCP/IP is enabled default on every NIC and vNIC.
Sure one can manage it here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-using-dhcp
But just thinking what could potential blockers could be making a move.
Thank you once again for your time and consideration.- see also https://techcommunity.microsoft.com/t5/networking-blog/aligning-on-mdns-ramping-down-netbios-name-resolution-and-llmnr/ba-p/3290816
Windows Server vNext should not use NetBIOS as a preference over DNS.
Just maybe we might get rid of NetBIOS altogether and the unholy limit of 15 chars for machine names π
I am aware this could break a lot of things but maybe we might take baby or bigger steps into this direction to remove that limit. It is upon time π
Last but not least "it's always DNS, no one mentions NetBIOS."