How to disable LLMNR and NBNS

Last Updated On October 17, 2018

Suggested read (2):
What is LLMNR?
What is NBNS?

Disabling LLMNR and NBNS can prevent LLMNR/NBNS poisoning attacks in environments where it is not needed. Unfortunately, it is enabled by default from Microsoft, which could result in a malicious attacker performing eavesdropping attacks to discover valuable data.

Disabling LLMNR via Group Policy Object (GPO)

To disable LLMNR via GPO on a Microsoft Windows system, follow the steps below:

  1. Open Group Policy Editor by navigating to Start -> Run (or Windows + R shortcut)
  2. Type in gpedit.msc
  3. Press the Enter key.
  4. Within the Local Group Policy Editor, navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> DNS Client.
  5. Select the option for Turn off Multicast Name Resolution.
  6. By default, this option will be set to Not Configured. Change this option to Enabled to make this policy effective.

Once configured, you can enforce this policy immediately through the following steps:

  1. Open the Microsoft Windows Command Line by navigating to Start -> Run (or Windows + R shortcut).
  2. Type in cmd
  3. Press the Enter key.
  4. Within the Command Line window, type in gupdate /force to enforce Group Policy changes.

Disabling NBNS via Network Interface Card (NIC) Properties

To disable NetBIOS over TCP/IP, follow the procedures below:

  1. Open the Microsoft Windows Command Line by navigating to Start -> Run (or Windows + R shortcut).
  2. Type in ncpa.cpl and press Enter to quickly navigate to the Network Connections section of the Control Panel.
  3. Right click on one of the local interfaces (preferably the one connected to the local network) and select Properties.
  4. In the Properties window, go to Internet Protocol Version 4 (TCP/IPv4) and select Properties.
  5. Click on the Advanced button in the IPv4 properties window.
  6. Navigate to the WINS tab.
  7. Select Disable NetBIOS over TCP/IP.
  8. Click OK and close out the remaining windows.

vonahi footer logo

Meet vPenTest – the leading automated network penetration testing SaaS platform that streamlines the delivery of network pentesting, making it super easy for MSPs to offer SMB clients the ultimate protection. And for internal IT teams, it’s a cost effective and efficient way of evaluating cybersecurity risks in real-time. Say goodbye to manual network pentesting – the future is automated!
Connect with Us

Follow us on social media for the latest vPenTest updates, announcements, and cybersecurity best practices from our security experts.