Microsoft starts to phase out NetBIOS and LLMNR to focus on mDNS
Microsoft's Windows operating system supports several multicast name resolution protocols, including NetBIOS and LLMNR. The state of the art protocol that is widely used today is mDNS, while the protocols NetBIOS and LLMNR are not widely used anymore.
In Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR, Microsoft informs Windows system administrators that it plans to disable the old protocols in future versions of Windows to improve device security and decrease the load on the networks they use.
Microsoft is aware that there are still scenarios and "real-world deployments" in which these protocols are used, but the company is convinced that disabling the protocols by default is the right direction to take.
The company has not started the process of disabling LLMNR by default yet, but it has started the process for NetBIOS.
The NetBIOS protocol is already turned off by default on cellular devices according to Microsoft. In the latest Windows Developer and Beta Insider builds, NetBIOS is in learning mode. Learning mode means that NetBIOS is used as a fallback if mDNS and LLMNR queries fail.
The change may lead to connectivity issues in some cases. Administrators may modify a Group Policy or a Registry value to change the behavior of the protocol.
Note: the Group Policy Editor is only available on Professional and Enterprise editions of Windows. Home edition administrators may modify the behavior in the Registry.
Changing NetBIOS in the Group Policy Editor
- Use the keyboard shortcut Windows-R to open the Run box on the system.
- Type gpedit.msc and hit Enter; this should load the Group Policy Editor.
- Navigate to Computer Configuration > Administrative Templates > Network > DNS Client.
- Double-click on the Configure NetBIOS policy.
- Set the policy to Enabled.
- Use the menu that is provided "Configure NetBIOS options" to switch to one of the supported options:
- Allow NetBIOS name resolution -- Enables full NetBIOS support.
- Disable NetBIOS name resolution -- Turns off NetBIOS support on the device.
- Disable NetBIOS name resolution on public networks -- Keeps NetBIOS enabled on private networks, but disables it on public networks.
- NetBIOS learning mode -- NetBIOS is only used as a fallback if mDNS and LLMNR queries fail.
- Select OK to save the new policy setting.
Changing NetBIOS in the Windows Registry
The same options are also available in the Windows Registry.
- Use the keyboard shortcut Windows-R to open the run box.
- Type regedit.exe and hit the Enter-key.
- Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters in the Registry Editor.
- Right-click on Parameters and select New > Dword (32-bit) Value.
- Name the value EnableNetbios.
- Double-click on the new Dword and set it to one of the following values:
- 0 -- Disabled.
- 1 -- Allowed.
- 2 -- Disabled on public networks.
- 3 -- Learning Mode.
- Close the Registry Editor after you have made the change.
Closing Words
LLMNR has not been touched yet, but Microsoft plans to make similar changes to this protocol in future builds and versions of the Windows operating system.
Now You: do you use NetBIOS or LLMNR? (via Deskmodder)
There is no such setting. Netbios over TCP/IP can only be disabled via GUI or registry (GUI or PowerShell). LLMNR can be disabled with policy/GPO.
On my Windows 11 computer, I have navigated to Computer Configuration > Administrative Templates > Network > DNS Client but cannot see the Configure NetBIOS policy.
Does it influence SMB1 access to my satellite receiver?
It all depends on how you find/map that SMB share. Ideally you’d be looking at retiring the use of the SMB1 share and disabling it, as soon as possible, anyhow.
Does this have any consequences for single-PC home users with Windows 7 ?
Both disabled long ago on our corporate lan for security. No issues. About time they make it the default behavior.
I have a home network with 10 Win 10 PCs and a 2012 R2 server. Each PC has about a dozen mapped drives to the server which are used extensively all day.
I believe I will lose the ability to browse the network according to another article I read (which will be a PITA), and there may be issues with net view and net use, both of which I also use extensively.
Can I disable netbios?
I had a read of https://www.ionos.com/digitalguide/server/know-how/multicast-dns/
The disadvantages, particularly the last as mentioned in that article are not very attractive.
@Pet:
“Interesting news….NOT
lol who cares bout that sh1t?”
Found the Microsoft shill!
Not a Microsoft shill, more likely a black hat hacker.
@Jeff
I don’t when MS introduced it, but it must have been a while ago already I guess.
The good thing is it works very well.
Wtf when did MICROSOFT support mDNS? I had no idea Windows 10 supported it. mDNS was Apple’s protocol, implemented in their Bonjour framework. While Windows used initially NetBIOS and since Windows Vista, LLMNR. Now they are phasing out LLMNR too when it works so well for discovering Windows devices at least?
Interesting news….NOT
lol who cares bout that sh1t?
And yet, you had to provide a useless comment.
You should save your comments for more interesting news posts.
Just yesterday, disabled LLMNR and NetBIOS on Win10.
Have to do it on Ubuntu today yet.
https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/