Apr 23 2022 01:04 PM - edited Apr 23 2022 01:12 PM
It is 2022. While having a good course to remove SMB 1 in Windows Server and Windows Client we still have the following things enabled by default, which are not enhancing security and performance.
Please consider the following related changes:
- Introduce an ADMX Template to disable LMhosts, to raise security
- Introduce an ADMX Template to disable NetBIOS over TCP/IP for Network interfaces to raise security.
- try to remove WINS from Windows Server feature and support of NetBIOS altogether as you gradually did with SMB1.
- try to remove dependencies (also in PowerShell) that somehow rely on using NT4 authentication format (domainname\username) instead of UPN (username@domainname.tld)
Apr 23 2022 01:11 PM
Mar 28 2024 12:50 PM - edited Mar 28 2024 12:52 PM
Mar 28 2024 12:50 PM - edited Mar 28 2024 12:52 PM
it could be late to the party of Windows Server 2025 release, hence could you consider this Feature Request with a WS 2025 post release roadmap?
I mean Microsoft teams hustle hard, touching big wheels like NTLM, but WINS (deprecated) is still an available feature plus this Netbios over TCP/IP is enabled default on every NIC and vNIC.
Sure one can manage it here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-usin...
But just thinking what could potential blockers could be making a move.
Thank you once again for your time and consideration.