343 questions
Hello,
I had to disable Netbios on the connected NIC, i think there is something wrong windows Windows Server 2019.
I will test on Windows server 2016 if it will also need to disable Netbios.
LLMNR not disabled on Windows Server 2019
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hello,
I have a gpo to disable LLMNR, NBT-NS, WPAD, IPv6 on all my servers, the GPO works fine Windows all 2016 server, but it's doesn't with 2019 server.
The registry key to disable LLMNR is already existe with value 0, but Won't not take it into consideration.
Here are the registry values from one of my 2019 Servers.
GPO : Sec_Disable_LLMNR_WPAD_mDNS_IPv6
ID de dossier: Software\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
Valeur: 0, 0, 0, 0
Etat : Activ‚
Here is the result from the responder.
Windows for business | Windows Server | Networking | Network connectivity and file sharing
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
2 answers
Sort by: Most helpful
-
Anonymous
2024-07-03T23:13:11+00:00 -
Anonymous
2024-07-03T23:45:06+00:00 i had to disable NETBIOS on NIC to mitigate the attack.
LLMNR = Disable, Netbios = Enable => injection done (My Case)
LLMNR = Enable, Netbios = disabled => injection done
LLMNR = Disable, Netbios = disabled => attack stopped