Is NetBIOS over TCPIP necessary for an Active Directory
Technically "No." For most people the practical answer is
"Yes."
You require NetBIOS if you will support "legacy systems (NT/9x)"
OR "legacy applications (which includes Network Places and/or
Network Neighborhood).
There are several other (minor to most people) issues with disabling
NetBIOS but the disabling of browsing stops most people from
removing NetBIOS on INTERNAL networks.
Perfectly fine for most to remove it on 'exposed' (bastion or sacrificial)
hosts connected to the PUBLIC Internet.
Is there any documentation mentioning the use of the
default-enabled system services on Win2k and when can we
disabled them?
Try"
"Guide to the Secure Configuration and Administration of
Microsoft Internet Information Services 5.0(c)" by the
Network Applications Team of the
Systems and Network Attack Center (SNAC) -- it is
relative easy to find at
http://www.NSA.gov