Home » Features » How to disable NetBios over TCP/IP

How to disable NetBios over TCP/IP

Key Points
Introduction: Explains why keeping NetBIOS over TCP/IP enabled increases your attack surface and when disabling it is recommended for security hardening.
What is NetBIOS over TCP/IP: Describes what NetBIOS over TCP/IP is used for, why it is considered a legacy protocol, and how leaving it enabled can expose services that aid discovery and lateral movement.
Quick setup: Shows how to detect the “NetBIOS over TCP/IP is not disabled” misconfiguration in Vulnerability Manager Plus and provides the exact Windows steps to disable NetBIOS over TCP/IP on affected network adapters.
Frequently Asked Questions: Answers common questions about NetBIOS over TCP/IP, including whether it is required, what risks it introduces, which ports are typically associated with it, and how to check if it is enabled on Windows devices.

Introduction

NetBIOS over TCP/IP is a legacy setting that may remain enabled for compatibility, but if you don’t rely on NetBIOS-based name resolution or file and printer sharing in your environment, disabling it helps reduce unnecessary exposure. On roaming devices, NetBIOS traffic can become reachable on less trusted networks, and NetBIOS-related services can reveal system and network details that aid discovery and lateral movement. If your environment needs NetBIOS for specific legacy systems, limit it to only those endpoints and disable it everywhere else.

You can detect this misconfiguration (NetBios over TCP/IP is not disabled) using Vulnerability Manager Plus. using Vulnerability Manager Plus. This misconfiguration comes under the category of Legacy Protocols and has a Critical severity.

Spot NetBios over TCP/IP and similar misconfigurations quickly using Vulnerability Manager Plus.

Spot Now

What is NetBIOS over TCP/IP?

NetBIOS over TCP/IP is a legacy networking feature that lets older Windows applications and services use NetBIOS naming and session services over TCP/IP networks. Historically, it was used for functions such as computer name resolution on local networks and supporting file and printer sharing in environments that relied on older discovery methods.

In modern Windows networks, these functions are typically handled by newer, more secure mechanisms (for example, DNS-based name resolution and directory-based service discovery). Because of this, NetBIOS over TCP/IP is generally considered a legacy protocol and is not required in many environments unless you still run older applications or systems that depend on it.

When NetBIOS over TCP/IP is enabled, endpoints may expose NetBIOS-related services that can help an attacker discover devices, enumerate network shares, and identify domain or system information. This can make reconnaissance easier and, in some cases, support lateral movement within a network. Disabling NetBIOS over TCP/IP where it is not needed is a common security-hardening step to reduce the attack surface of Windows endpoints.

Quick Setup

To detect this misconfiguration:

  • Open the Vulnerability Manager Plus console and go to Threats---> System Misconfiguration, and you can see the detected misconfigurations list.
  • In the misconfiguration list, use the search box to type NetBios and filter results to focus only on related findings.
  • Open the misconfiguration named NetBios over TCP/IP is not disabled, confirm it matches the expected finding, and review the details to understand why it is flagged.
  • Check the affected endpoints list to identify which devices need a fix, then prioritize devices where the service is reachable and not required.
  • For each affected device, plan remediation to disable NetBios over TCP/IP consistently and document the remediation goal.

To remediate the misconfiguration:

  • Open the Control Panel.
  • Click on Programs, then select Programs and Features.
  • Click Turn Windows features on or off.
  • Disable NetBios over TCP/IP.
  • Click OK to apply the changes.Your devices are now hardened against this misconfiguration. This remediation does not require reboot.

Potential Operational Impact: Legacy protocols are present to support operations of legacy applications and services. Disabling them would cause those applications to stop functioning.

Scheduling reports keeps teams informed without needing to log in manually.

Refer to this page to know in detail more about misconfiguration hardening

Start your 30-day free trial and disable NetBios over TCP/IP across your endpoints with fast detection and remediation.

Frequently Asked Questions

How do I disable NetBIOS over TCP IP?

On Windows (per network adapter):

  • Open Control Panel > Network and Internet > Network Connections.
  • Right-click your active adapter > Properties.
  • Select Internet Protocol Version 4 (TCP/IPv4) > Properties > Advanced.
  • Go to the WINS tab > choose Disable NetBIOS over TCP/IP > OK.
Is it safe to disable TCP/IP NetBIOS helper?

In most modern environments, yes—especially on end-user devices. The TCP/IP NetBIOS Helper service supports legacy name resolution and NetBIOS-related functions. Disabling it can break older dependencies like legacy discovery, older apps, or environments that still rely on NetBIOS/WINS.

Tip: If you still use legacy SMB browsing or WINS-based name resolution, test before enforcing broadly.

What is NetBIOS over TCP/IP used for?

NetBIOS over TCP/IP (NetBT) is a legacy mechanism used for:

  • Name resolution (NetBIOS names) via broadcasts or WINS.
  • Network browsing and legacy device discovery.
  • Older Windows file and printer sharing behaviors in legacy networks.

Modern networks generally prefer DNS and newer discovery mechanisms instead of NetBIOS.

How do I disable NetBIOS IPv4?

NetBIOS over TCP/IP is configured under IPv4 settings. To disable it:

  • Open adapter Properties > Internet Protocol Version 4 (TCP/IPv4) > Properties > Advanced.
  • Go to WINS tab > select Disable NetBIOS over TCP/IP.

This disables NetBIOS over IPv4 for that adapter.

Why should you disable NetBIOS?

Disabling NetBIOS is commonly recommended because it reduces exposure to legacy behaviors and unnecessary network chatter, such as:

  • Broadcast-based name resolution that can aid reconnaissance.
  • Legacy service footprint that is rarely needed in modern networks.
  • Unnecessary legacy compatibility paths that expand attack surface.

If your environment doesn’t require NetBIOS/WINS, disabling it is a good hardening step.

How do I turn off TCPIP?

On Windows, you generally should not “turn off TCP/IP” because it’s the core networking stack. If your goal is to disable network connectivity, use one of these safer options:

  • Disable the network adapter (Network Connections > right-click adapter > Disable).
  • Disable a specific protocol binding (e.g., uncheck IPv4/IPv6 in adapter properties) only if you understand the impact.

Note: Disabling IPv4/IPv6 can break domain access, browsing, and most network apps.

Is NetBIOS disabled by default?

It depends on the Windows version and network configuration. In many modern setups, NetBIOS is not required and may be set to:

  • Default (DHCP-controlled) or
  • Disabled in hardened environments.

The reliable way is to check the adapter setting in IPv4 > Advanced > WINS.

How to check if TCP/IP is enabled?

On Windows:

  • Open Control Panel > Network Connections.
  • Right-click your adapter > Properties.
  • Verify Internet Protocol Version 4 (TCP/IPv4) and/or Internet Protocol Version 6 (TCP/IPv6) are checked.

If IPv4/IPv6 are unchecked, that protocol is disabled for the adapter.

How to change TCP IP settings?

On Windows:

  • Open Settings > Network & Internet > your connection (Wi-Fi/Ethernet).
  • Select Edit next to IP settings (or go to adapter options).
  • Choose Automatic (DHCP) or Manual and set IP address, Subnet, Gateway, and DNS.

Tip: In managed environments, IP settings are typically controlled by DHCP or policy.

How do I reset my TCP/IP settings?

You can reset the Windows network stack using built-in options:

  • Settings > Network & Internet > Advanced network settings > Network reset.

Or via an elevated Command Prompt:

  • netsh int ip reset
  • ipconfig /flushdns

Restart the device after resetting for changes to fully apply.

How to disable TCP/IP properties in Windows 10?

If you mean disabling the TCP/IP protocol binding on an adapter:

  • Open Control Panel > Network Connections.
  • Right-click your adapter > Properties.
  • Uncheck Internet Protocol Version 4 (TCP/IPv4) and/or Internet Protocol Version 6 (TCP/IPv6).

Warning: This will likely break most networking (domain access, internet, and many apps). Prefer disabling NetBIOS over TCP/IP or the adapter if your goal is hardening or isolation.

How do I check my TCP/IP settings?

Quickest methods on Windows:

  • Run ipconfig /all in Command Prompt to see IP, gateway, DNS, and DHCP status.
  • Go to Settings > Network & Internet > your connection to view IP assignment.
How to enable TCP/IP in Windows?

To enable TCP/IP protocol bindings on an adapter:

  • Open Control Panel > Network Connections.
  • Right-click the adapter > Properties.
  • Check Internet Protocol Version 4 (TCP/IPv4) and/or Internet Protocol Version 6 (TCP/IPv6).

If settings are managed by policy, you may need administrator access or your IT team to re-enable them.

How do I check my TCP connection status?

On Windows:

  • Use netstat -an to view active TCP connections and listening ports.
  • Use Resource Monitor > Network tab to see per-process connections.
  • Use Test-NetConnection in PowerShell (e.g., Test-NetConnection example.com -Port 443) to validate reachability.

These checks help confirm whether a port is reachable and whether a TCP session is established.