Removal of Netbios in Windows

Windows 98 and Friends

I found that Windows 98 likes to install the Client for Microsoft Networks feature whenever new network components are installed. I didn't like this, as it actually opens ports 135 137 138 139 445 etc to provide peer to peer file sharing in a system called netbios.

It's well known this is or can be a security problem as they say close all services you don't want to use. I don't use it anyway as I can use ftp (i.e. vsftpd) for file sharing and lpd (i.e. printtool + lprng) for printer sharing. Windows XP does support lpr, but Windows 98 requires a client such as

This leaves the problem of removing it. If windows has been freshly installed with an ethernet adapter, then netbios can be removed by declining the request for a reboot, then going straight for the network control panel and removing the client.

If the client has already been installed by a reboot, simply removing client for microsoft networks may not close those ports. On removal, the OS may also complain that the network is not complete. Simply continue. It's also necessary to remove the drivers and registry entries

Windows XP

On windows XP and beyond, there is a built in firewall. It is best to use that, as it protects the remote control features adequately, and can always be enabled, even if a machine is part of a "domain"

Enabling "file and print sharing" to local lan if needing to do centralised login, but note that other machines there may compromise yours if there is a problem.

Alternativly it is passible to close all the ports, but it is preferable to use the built-in firewall.

C:\Documents and Settings\User>netstat -nao

Active Connections

  Proto  Local Address          Foreign Address        State           PID

C:\Documents and Settings\User>

We set up Windows XP Services like this. Don't enable anything not absolutly necessary, they've been seen to open ports other than the obvious ones.

NameStartup Type
Application Layer Gateway ServiceManual
Application ManagementManual
Automatic UpdatesAutomatic
Background Intelligent Transfer ServiceManual
COM+ Event SystemManual
COM+ System ApplicationManual
Cryptographic ServicesManual
DHCP ClientAutomatic
Distributed Link Tracking ClientManual
Distributed Transaction CoordinatorManual
DNS ClientManual
Error Reporting ServiceManual
Event LogManual
Fast User Switching CompatibilityManual
FTP PublishingManual
Help and SupportManual
Human Interface Device AccessManual
IIS AdminManual
IMAPI CD-Burning COM ServiceManual
Indexing ServiceManual
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)Manual
IPSEC ServicesManual
IPv6 Helper ServiceAutomatic
IPv6 Internet Connection FirewallAutomatic
Logical Disk ManagerManual
Logical Disk Manager Administrative ServiceManual
Message QueuingManual
Message Queuing TriggersManual
MS Software Shadow Copy ProviderManual
NetMeeting Remote Desktop SharingManual
Network ConnectionsManual
Network DDEManual
Network DDE DSDMManual
Network Location Awareness (NLA)Manual
Peer Name Resolution ProtocolManual
Peer NetworkingManual
Peer Networking Group AuthenticationManual
Peer Networking Identity ManagerManual
Performance Logs and AlertsManual
Plug and PlayAutomatic
Portable Media Serial Number ServiceManual
Print SpoolerManual
Protected StorageManual
QoS RSVPManual
Remote Access Auto Connection ManagerManual
Remote Access Connection ManagerManual
Remote Desktop Help Session ManagerManual
Remote Procedure Call (RPC)Automatic
Remote RegistryManual
Removable StorageManual
RIP ListenerManual
Routing and Remote AccessDisabled
Secondary LogonManual
Security Accounts ManagerManual
Shell Hardware DetectionManual
Simple Mail Transfer Protocol (SMTP)Manual
Simple TCP/IP ServicesManual
Smart CardManual
Smart Card HelperManual
SNMP ServiceManual
SNMP Trap ServiceManual
SSDP Discovery ServiceDisabled
System Event NotificationManual
System Restore ServiceManual
Task SchedulerManual
TCP/IP NetBIOS HelperManual
TCP/IP Print ServerManual
Terminal ServicesManual
Uninterruptible Power SupplyManual
Universal Plug and Play Device HostManual
Upload ManagerManual
Volume Shadow CopyManual
Windows AudioAutomatic
Windows Image Acquisition (WIA)Manual
Windows InstallerManual
Windows Management InstrumentationManual
Windows Management Instrumentation Driver ExtensionsManual
Windows TimeManual
Wireless Zero ConfigurationAutomatic
WMI Performance AdapterManual
World Wide Web PublishingManual

I applied this patch to the registry to shut off NetBT etc

Windows Registry Editor Version 5.00


"DCOM Protocols"=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,73,00,70,00,78,00,\


Enter my network places, and remove microsoft client and network services, thus disabling netbios.

You may also want to install NetBEUI off setup disk, so netbios will bind that instead of TCP/IP

Enter folder options (in windows explorer) and switch off simple file sharing.

Get into Component Services in the control panel, branch down into my computer properties, enter tabs MSDTC, security and untick network DTC and XA. Get into Default properties, ensure DCOM is disabled and in Default protocols, remove all dcom protocols, especially TCP/IP

check netstat -nao again, and if you see open ports (having closed all windows, MSN messenger etc) use PIDS to locate tasks in "tasklist /svc" and in the CTRL+ALT+DEL task manager, (you can see processes and can enable a PID column), killing a task may close it's port.