if NetBIOS is disabled on windows 2000 (w2k)...

  • Thread starter Thread starter jdc_tech
  • Start date Start date
J

jdc_tech

over tcpip, no lmhost lookup, and file/printer sharing is removed to
make a pure w2k network. (ie- no downlevel clients.
(nt4/w9x/w3.11/etc.)) How can a workstation make use of prior server
'shares' and server lpt1 attached printers?

Network model is (10) w2k pro workstations, and (2) w2k adv servers.
Each has a static IP and associated fwd/rev lookup records in DNS, all
these machines are part of a single AD domain, AND they are all
pingable between each other and names resolve on each mach properly
(via DNS.) How at this point can a workstation connect to a server
'share' or make a drive map to a server, or attach to a
server-attached-printer without the means of the file/printer sharing
service? (And NO, DHCP is not wanted nor setup in this scenario,
unless to go pure TCPIP it's needed?)

I'm aware some disable the NBT stuff on the workstation, BUT, run the
NBT stuff on the servers to make it accessible, or try. So, is the
case here, that w2k actually cannot become a PURE TCPIP network even
w/an AD infrastructure? If you can disable NBT on workstations
(disable their sharing) and do the same on servers, how can you map a
network drive to that server?


trying to figure this out,
Thanks,

jdc
 
Ok, great, thanks for your reply. And 'browsing' means this is the
only means to map drives or connect to printers, therefore netbios
over tcpip needs to be enabled. So in effect, netbios cannot be
disabled without disabling sharing in a w2k environment.


jdc
 
You can do "blind mapping" - you just can't browse.

net use \\servername\sharename will work, even if you can't see it in your
network neighborhood.

Not sure what you mean by "So in effect, netbios cannot be
disabled without disabling sharing in a w2k environment." - you're still
Click to expand...
sharing. You just aren't browsing.

What's the reason you wanted to disable it, just out of curiosity?
 
Blind Mapping

-I couldn't get this to work via \\machname\sharename,
\\10.0.0.x\sharename, or \\machname.domain.name\share, but I see what
ur saying.

Not sure what you mean by "So in effect, netbios cannot be
disabled without disabling sharing in a w2k environment."
Click to expand...

-If I can blind map, this makes TCPIP w/o NBT 'work' for tech/admin
types, but not a solution for an enterprise or SOHO environment
w/regular users.

What's the reason you wanted to disable it, just out of curiosity?
Click to expand...

-Just wanted to answer some questions and understand how a 'pure'
tcpip w2k 'native' environment worked, because it sounded like NetBIOS
could be eliminated for w2k+, but in reality it isn't practical to do
so. (ie- desiring to eliminate the broadcasts of NBT, and shut the
doors on ports 137/138/139 for security purposes, but if done u
effectively shutdown the standard 'browsing/sharing' model of w2k.)

Either way, ok by me, wanted to answer/understand the advertising of a
'pure tcpip environment' vs 'pure tcpip w/netbios environment.'
Appreciate ur reply, I got started by removing NBT/FileShareService
and worked backwards, but fully expected to be able to 'see' the
network, and map to shares w/out netbios. (blind map works for me at
those times.) So for the W2k Pro/XP workstation connected to a
broadband modem, removing NBT is security conscious, but in a defined
domain at a company/organization, NBT is unpractical to remove.


jdc
 
Found the info from another post in .technet. Works out this way, 2
parts (NBT over TCPIP), and (File/PrintSharing Service). NBT over
TCPIP, self explanatory. File/PrintSharing Service w/o NBT over TCPIP
forces 'it' into being an SMB host (by default, and global). So if
NBT is disabled over TCPIP, u leave File/PrintSharing installed and
this defaults to SMB host to provide the service. ....And that's how
it's done and works as a NetBIOS disabled network.

-thnx jhayes from ms.public.technet, he posted these 2 kb's:

http://support.microsoft.com/default.aspx?scid=kb;RU;299977
http://support.microsoft.com/default.aspx?scid=kb;ZH-TW;204279
J's link: See the link below for an explanation of what's happening.
Click to expand...
http://ntsecurity.nu/papers/port445/


jdc
 
Back
Top