RE: Disable NetBIOS and NTLM on Windows 2003 Domain Controllers and Ex

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Andrei Ungureanu (AndreiUngureanu_at_discussions.microsoft.com)
Date: 10/04/04 

Date: Mon, 4 Oct 2004 08:03:03 -0700

hmmm .. about NTLMv1/LM ... I don't think it's a problem disabling them
(maybe only if you have some very old OS on your network). Regarding NETBIOS
... I think the domain controller need this functionality for the
replication. Anyway, for fully disable NETBIOS and SMB check
http://www.microsoft.com/technet/Security/prodtech/win2000/secwin2k/a0604.mspx
(as you can see it's not enough to check Disable Netbios over TCP/IP from
Advanced TCP/IP settings).

Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/

"Research Services" wrote:

> Is it possible to safely DISABLE NetBIOS and/or NTLMv1/LM on all Windows
> 2000 and Windows 2003 Domain Controllers and/or Exchange 2003 servers
> (within our own child domain) without affecting Windows networking
> communications adversely?
> We are a child domain in a single forest, we are NOT Enterprise
> Administrators. Our DCs and Exchange are currently configured to refuse and
> not send LM.
> All clients are Windows XP with NetBIOS already disabled and only talk
> NTLMv2, there are no down-level clients (i.e., Win9x, NT4, Mac) in our child
> domain.
> We are not sure if this will affect AD replication, especially between other
> child domains in the forest not controlled by us - OR if Exchange 2003
> relies on NetBIOS and/or less than NTLMv2 to function correctly.
>
> Thanks for any input or help.
>
>
>
>

Relevant Pages