Disabling NetBIOS via ConfigMgr DSC




If you’ve ever studied IT security you’ll know that one task you need to complete on your network is to disable NetBIOS.  The NetBIOS API dates back to 1983 and is often left enabled for fear of breaking legacy applications and systems.  From a security perspective NetBIOS can mostly be considered a reconnaissance risk and so should be disabled.  For more information check out:

NetBIOS Over TCP/IP (Microsoft)

Securing Windows Workstations: Developing a Secure Baseline

With NetBIOS enabled one can remotely query devices, without authentication, to reveal information about the host.

The simplest way to disable NetBIOS on your Windows clients is via DHCP option 001.  You will find information on how to do this elsewhere.  But what if you have no control over the DHCP server or you want to ensure that it stays disabled if the device is connected to other networks?

A ConfigMgr configuration item can be created to discover the state of NetBIOS and the remediate if required.


The code below will discover any network adapters, which are IP enabled and return the NetBIOS options.  This can return one of three values:

  • EnableNetbiosViaDhcp (0)
  • EnableNetbios (1)
  • DisableNetbios (2)



$adapters= $null
$adapters=(gwmi win32_networkadapterconfiguration -Filter 'ipenabled = "true"')
Foreach ($nic in $adapters) {
write-host $nic.TcpIPNetBiosOptions



For compliance, we are looking for a return code of 2 (DisableNetbios).



If we discover any adapters which do not return a value of 2 we will run the following to remediate and disable NetBIOS.


$nics = (gwmi Win32_NetworkAdapterConfiguration -Filter 'ipenabled = "true"')
foreach ($nic in $nics) {
If ($nic.TcpipNetbiosOptions -ne 2) {


Simply create a configuration item with the above scripts.  Then make a baseline which includes the configuration item and deploy.  Sit back and watch your devices disable NetBIOS the next time they evaluate their compliance data.



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s