NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.
Here is a paste to Powershell that does it all:
Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
The various bits are below.
Turn off NETBIOS over TCP/IP, for each NIC:
Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get rid of all WINS entries, if present (sorry, no CimInstance code yet):
Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
Uncheck of LMHOSTS lookups:
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
Disable the service “TCP/IP NetBIOS Helper”:
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:
learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-using-dhcp
And if you want to combine the above with a new Microsoft standard preventing Windows port exhaustion:
Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384
Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:
Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }
$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
$DisableLMHosts_Class.EnableWINS($true,$true)
Set-Service -Name "lmhosts" -StartupType Manual
Start-Service -Name "lmhosts"
Categories:
Networking Analysis, Ports, & Protocols
Performance
An epiphany, after a rental:
My truck doesn’t have any road sensors to malfunction or replace!! And neither does Sweet Lori’s car!!! Yahoo!!!!!
Categories:
Miscellaneous
Appx’s are a method used for application install, first delivered in Windows 8.1.
There are a lot of builtins which take live system resources in hidden fashion, usually not showing up in Task Manager very much or at all. And there have been a lot of changes in this over recent years. Here’s an overview of items for cleanup as of this writing. One can free a lot of resources on machines this way.
The first thing to know is that many appx’s are “provisioned”, they are embedded in the current (“online”) DISM image, and will be automatically activated whenever a new user profile is made. To get a list of these:
Get-AppxProvisionedPackage -Online | Sort-Object | ft DisplayName, PackageName
To get a list of all apps installed for all users, in nicely sorted form:
Get-AppxPackage -AllUsers | Sort-Object | ft
To remove several of these, that I like to have gone in business desktops, both from provisioning and from any user for which any of them may be installed:
#Begin Script
$RemovalItems = @(
"Microsoft.Advertising.Xaml",
"Microsoft.BingWeather",
"Microsoft.BingFinance",
"Microsoft.BingNews",
"Microsoft.BingSports",
"Microsoft.SkypeApp",
"Microsoft.WindowsCommunicationsApps",
"Microsoft.XboxGameOverlay",
"Microsoft.XboxGamingOverlay",
"Microsoft.XboxGameCallableUI",
"Microsoft.Xbox.TCUI",
"Microsoft.XboxApp",
"Microsoft.XboxSpeechToTextOverlay",
"Microsoft.XboxIdentityProvider",
"Microsoft.YourPhone",
"Microsoft.ZuneVideo",
"Microsoft.ZuneMusic",
".DellDigitalDelivery",
".DellSupportAssistforPCs",
".DellUpdate",
".Power2GoforDell",
".PowerDirectorforDell",
".DellDigitalDelivery",
".DellWatchgdogTimer",
".DelltypeCStatus",
".DiscoverHPTouchpointManager",
".HPDesktopSupportUtilities",
".HPEasyClean",
".HPJumpStart",
".HPPCHardwareDiagnosticsWindows",
".HPPowerManage",
".HPPrivacySettings",
".HPProgrammableKey",
".HPQuickDrop",
".myHP",
".HPSupportAssistant",
".HPSystemInformation",
".HPWorkWell",
".HPAccessoryCenter"
)
$ProvisionedItems = Get-AppxProvisionedPackage -Online
foreach ($ProvItem in $ProvisionedItems) {
foreach ($RemItem in $RemovalItems) {
If ($ProvItem.DisplayName -like "*$RemItem*") {
Write-Host "Deprovisioning:" $ProvItem.DisplayName
$error.clear()
try {
Remove-AppXProvisionedPackage -Online -PackageName $ProvItem.PackageName -ErrorAction SilentlyContinue | Out-Null
}
catch { "Failed: Microsoft does not allow, or other error." }
if (!$error) { "Succeeded!" }
}
}
}
$InstalledItems = Get-AppxPackage -AllUsers
foreach ($InstItem in $InstalledItems) {
foreach ($RemItem in $RemovalItems) {
if ($InstItem.Name -like "*$RemItem*") {
Write-Host "User-level removal operation:" $InstItem.Name
$error.clear()
try {
Get-AppxPackage $InstItem.Name -AllUsers | Remove-AppxPackage -Allusers -ErrorAction SilentlyContinue | Out-Null
}
catch { "Failed: Microsoft does not allow, or other error." }
if (!$error) { "Succeeded!" }
}
}
}
# End Script
The above first gets rid of the provisioned, then the user-level for all user profiles, for the whole list. There are some for which Microsoft prevents all removals; errors are thrown for these.
Categories:
Performance
Categories:
Performance
For CIDR to IP range (IP range extraction):
http://bonomo.info/coyote/cidr-calculator.php
For IP range to CIDR:
http://ip2cidr.com/
IP subnet calculator:
ipcalculator.com
Categories:
Internet Networking
LAN Networking
As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.
The following TXT record contents:
v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s
indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be marked such that a spam filter should quarantine it. The =s means “strict”; there is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:
v=DMARC1; p=quarantine; pct=100; aspf=s
which does not look at DKIM; or if you must, this:
v=DMARC1; p=none
which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.
To use the above, create a TXT record of name _dmarc
with chosen contents.
Some more info is here:
www.dmarcanalyzer.com/how-to-create-a-dmarc-record/
Categories:
DNS
Spam/Antispam
My sweet Lori’s 2007 Ford Focus came with a “permanent” air filter, “suitable for the life of the car” by one suggestion. After we had had the car a while, I knew we wanted to keep it running long, long past Ford’s glorious preferences, so I started looking for options. One well-known vendor sold an aftermarket air filter box for about $480. This seemed a bit high to me for a mildly complicated piece of plastic, so I looked further. And lo and behold:
www.rockauto.com/en/moreinfo.php?pk=8624632&cc=1433435&pt=11160&jsn=1
Highly recommendable, and $78 at this writing. I saw some reports which said it made things a tad louder; au contraire I must report, Sweet Lori’s little car is now quieter, much smoother, better power. Yahoo!
Categories:
Miscellaneous
Categories:
Windows Installer, Updates, Patching
BIOS
This can sometimes save a lot of CPU and/or disk cycles. In administrative CMD:
schtasks /Change /Disable /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"
sc delete DiagTrack
sc delete dmwappushservice
echo “” > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v AllowTelemetry /t REG_DWORD /d 0 /f
Categories:
Windows OS-Level Issues
Categories:
Windows Installer, Updates, Patching
BIOS