Quick links
FAQ
Register
Login
This completely slipped my mind when I was making the other tweaking guides, and now I'm only finally getting around to posting about it nearly two years later. I like to do this for security on my systems, as NetBIOS is a known security risk and other the components could be as well.
2000/XP:
Right click on the taskbar network icon, or go to Control Panel, and click Open Network (and Dial-up) Connections.
Vista+:
Right click on the taskbar network icon, or go to Control Panel, and click Open Network and Sharing Center.
For Vista, under tasks on the left pane, click Manage network connections.
For 7+, on the left pane, click Change adapter settings.
Now you will find your network adapter(s), on these, right click and select Properties.
Now you have a list of network components/features the connection uses, and you can untick or uninstall the components/features you don't use or want. Do note that on Windows 10+ trying to uninstall these results in an error. Microsoft still hasn't fixed this, and I've heard this might be intentional even, making it so your network adapter defaults with all of the security/telemetry risks. However you can still untick them for each adapter. If you accidentally uninstall a feature you didn't intend to or want to get any of these back later, you can reinstall these features by using the Install button.
This list includes:
Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol (TCP/IP)
IPv4, what the entire internet uses. It is required for network access. It can't be uninstalled.
Internet Protocol Version 6 (TCP/IPv6)
IPv6, the successor to IPv4. I don't use it, but it also can't be uninstalled, so I disable it.
Client for Microsoft Networks and Link-Layer Topology Discovery Mapper I/O Driver
Required for SMBv2 NAS, so I keep these enabled where I know I'll use it. On VMs or systems where I know I won't ever use SMBv2, I uninstall these.
File and Printer Sharing for Microsoft Networks
Not sure what this is used for, so I uninstall it. SMB is a Microsoft network, but it sure isn't required for it.
QoS Packet Scheduler
The name and description makes it seem like you should keep it, but I've heard bad things about it in the past. Also 2000 does not have it, and network access on 2000 is completely fine, so I uninstall it.
Link-Layer Topology Discovery Responder
I suspect this may be required if you host a SMB NAS on Windows, but it's not required to access a BSD/Linux hosted SMB share, so I uninstall it.
Microsoft LLDP Protocol Driver
Windows 8+ exclusive. This sounds like an unnecessary security risk, so I uninstall it.
Microsoft Network Adapter Multiplexor Protocol
Windows 8+ exclusive, but only installed by default on 10+. Might be good if you intend to use multiple network adapters at the same time for internet access.
Excluding special configs, the only component you need is Internet Protocol Version 4 (TCP/IPv4). or if you use IPv6 then Internet Protocol Version 6 (TCP/IPv6) as well. If you use a SMBv2 NAS, that will also require Client for Microsoft Networks and Link-Layer Topology Discovery Mapper I/0 Driver. For 2000/XP, the OS doesn't come with IPv6, so you just have Internet Protocol (TCP/IP) without the Version 4. 2000/XP also only supports the insecure SMBv1 with a hard requirement for NetBIOS. It doesn't have the Link-Layer components. I don't use SMBv1, so I don't know what it needs here. If I'm not going to use SMB, or am on 2000/XP, I uninstall every component except TCP/IP, which you can't uninstall anyways.
When it comes to disabling the unused components, I uninstall them. This is mostly for convenience sake, so I don't have to untick them across every network adapter, or when I add a new network adapter, or after a driver update. When you uninstall an component, it will ask you to restart. I suggest you hit no until you uninstall every component and disable NetBIOS, which I will get into below. It will also prompt you to restart when you close the properties window, I also hit no here until I disable NetBIOS on the other adapters I have in my system.
After disabling and uninstalling these, I also go to the Internet Protocol Version 4 (TCP/IPv4) component, and click Properties, then Advanced, and then WINS. Here I select Disable NetBIOS over TCP/IP, and OK out of the windows opened. NetBIOS is a known security risk, so I disable it. You will need to do this for every network adapter though. (I suspect disabling NetBT and TCP/IP NetBIOS Helper services from our services tweaking guide would be good enough here. However you need those services for SMBv2 even though it doesn't use NetBIOS. Also it's better to ensure it's off here as well.) For other adapters, if I know I'm not going to be using SMB through them, I like to untick Client for Microsoft Networks and Link-Layer Topology Discovery Mapper I/O Driver for them. It may be more secure to use a separate network adapter, disconnected from the wider internet, for SMB.
You may also have other components not listed here, for example VMware and Virtualbox add their own components for networking. I like to disable these for adapters that I know they won't be used on. So for example, VMware doesn't try to bridge the wrong adapter and result in no internet in my bridged VM.
Then, I reboot, and the the changes are fully applied. The system will be more secure.
 |
Eclipse Community |
