Member-only story
How to Disable NetBIOS and LLMNR Protocols in Windows and Intune
What are they?
NetBIOS over TCP/IP and LLMNR are broadcast protocols primarily used for compatibility with older Windows systems. However, both are vulnerable to spoofing and MITM attacks. Tools like Metasploit offer pre-built modules that exploit vulnerabilities in these protocols to intercept user credentials on local networks, including NTLMv2 hashes. To enhance your network security, it’s essential to disable these protocols within your domain network. This guide explains how to disable LLMNR and NetBIOS protocols in Windows 10 and Windows Server 2019, either manually or via Group Policies.
NetBIOS and LLMNR protocols allow computers on the local network to find each other if the DNS server is unavailable. Perhaps they are needed in a workgroup environment, but in a domain network, both of these protocols can be disabled.
How to disable LLMNR in Windows?
In the domain environment, LLMNR broadcasts can be disabled on computers and servers using Group Policy. To do it:
- Open the
gpmc.msc, create a new GPO or edit an existing one that is applied to all workstations and servers; - Go to Computer Configuration -> Administrative Templates -> Network -> DNS Client;
