Major performance boost: Disable NETBIOS and related on all Windows NICs

article #1557, updated 194 days ago

NETBIOS is a very legacy protocol, security of it is very poor. Substantial performance gains by disabling it have been noticed. This is probably because when active it broadcasts constantly to every single NIC on its LAN, creating NIC and switch contention. Also, a large proportion of security violation exploits use it, so disabling becomes a very good idea in general. The only exceptions occur when there are needs to do SMB sharing with very old machines, machines all long out of support. By default, it is still active on all current Microsoft Windows operating systems.

Here is a paste to Powershell that does it all:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

The various bits are below.

Turn off NETBIOS over TCP/IP, for each NIC:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Where-Object -Property 'TcpipNetbiosOptions' -ne $null | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }

Get rid of all WINS entries, if present (sorry, no CimInstance code yet):

Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='True'" | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')

Uncheck of LMHOSTS lookups:

$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)

Disable the service “TCP/IP NetBIOS Helper”:

Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"

If Microsoft DHCP is in use, DHCP can tell clients to do the simple disable, the first item above:

learn.microsoft.com/en-us/troubleshoot/windows-server/networking/disable-netbios-tcp-ip-using-dhcp

And if you want to combine the above with a new Microsoft standard preventing Windows port exhaustion:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = [UInt32](2) }
Get-WmiObject Win32_NetworkAdapterConfiguration | Invoke-WmiMethod -Name SetWINSServer -ArgumentList @('','')
$nicall = [wmiclass]'Win32_NetworkAdapterConfiguration'
$nicall.enablewins($false,$false)
Set-Service -Name "lmhosts" -StartupType Disabled
Stop-Service -Name "lmhosts"
netsh int ipv4 set dynamic tcp start=49152 num=16384
netsh int ipv4 set dynamic udp start=49152 num=16384



Below is another script, to reenable the protocols, though it does not try to put back any WINS server IPs that may have been deleted, and it cannot override Microsoft DHCP:

Get-CimInstance -ClassName 'Win32_NetworkAdapterConfiguration' | Invoke-CimMethod -MethodName 'SetTcpipNetbios' -Arguments @{ 'TcpipNetbiosOptions' = 0 }

$DisableLMHosts_Class=Get-WmiObject -list Win32_NetworkAdapterConfiguration
$DisableLMHosts_Class.EnableWINS($true,$true)
Set-Service -Name "lmhosts" -StartupType Manual
Start-Service -Name "lmhosts"

Categories: