I was wondering if someone here has had an enterprise experience running a "NetBIOS-free" network. I have in mind a mid to big Windows-based network.
I found some good posts here, here and here.
I would like to know if someone actually works (or worked) in a company that completely disabled NetBIOS? Was this scenario achieved painlessly?
What motivated me to ask this is that when I run certain tools to identify security problems in my network, most of them are related to NetBIOS. Of course I could try to do hardening, but since NetBIOS seems to be deprecated, why not completely turn it off?
Our main WINS server is scheduled to be decommissioned, and the WINS service was turn off a few weeks early unknown to us (Network Support). We started to get random users complaining that they couldn't get to computer resources by name. We found that the commonality of the devices was that they were not joined to the Windows domain (no Dynamic DNS) and did not have DNS entries for their names on our non-Windows DNS servers.
Adding the DNS entries fixed the problems. I found the following page at Microsoft's site very useful in figuring out the problem:
http://support.microsoft.com/kb/172218
At my previous job, we had no problems disabling NetBIOS entirely as we had one department that controlled the servers, workstations, and network, so we didn't run into a case where users lost functionality because we made sure everything resolved correctly before disabling the service. I vaguely remember having an issue with one of our flexLM license servers because the version used was so old, it didn't use DNS to resolve names. Updating the version fixed the issue.
So as long as you communicate to users that the functionality is going away and let them know what they need to do to get around it or fix it, I don't see any problem with doing away with it.
We're totally NetBios-free, but we migrated from NetWare/IPX to Win2K/IP almost 10 years ago, so we designed things to run that way and were never in a position where we had to disable it.
In theory the only hassle you should have is if you have any legacy network apps that are hard-coded to use NetBios and with no option of switching.
As I understand it, you can't pull NetBIOS out if you're still running Exchange 2003, but 2007 upwards will operate without NetBIOS.