All Blog Posts

Disable NetBios

 — #Intune#PowerShell

Disabling NetBios can enhance security by reducing the exposure of your network to potential vulnerabilities and attacks. NetBios is an older protocol that can be exploited by attackers to gain unauthorised access, spread malware, and perform various types of attacks. Disabling it can prevent these risks and help safeguard your network. However, before doing so, ensure that it won't disrupt any legitimate services that rely on NetBios.

To first assess your estate you can deploy the detection script to all devices in your estate. This will identify devices where NetBios is still enabled.

PowerShell

Detect-NetBios.ps1
$Path = "HKLM:SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"

$Interfaces = Get-ChildItem $Path | Select-Object -ExpandProperty PSChildName

foreach($Interface in $Interfaces) {
    $NetBiosCheck = Get-ItemProperty -path "$Path\$Interface" -Name "NetbiosOptions"
    if ($NetBiosCheck.NetbiosOptions -ne 2) {
        $Detect = $true
    }ELSE{
        $Detect = $false
    }
}

if ($Detect) {
    Write-Warning "Not Compliant"
    Exit 1
} else {
    Write-Output "Compliant"
    Exit 0
}

Intune Configuration

In Intune you will need to got to Devices > Remediations

Select Create Script Package

Enter the Name and add a Description

Basic

Browse and select the detection and remediation scripts. If you just want to identify devices with NetBios enabled just add a detection script.

Settings

Apply any scope tags and assign the remditiaion to the users or devices groups you wish to deploy the remediation to.

Disable Script

The disable script checks for the registry key for each interface for the value of the key NetbiosOptions. If NetBios is detected as enabled the Disable-NetBios.ps1 script will loop through all the interfaces and set the value to 2 which will disable NetBios after a system restart.

PowerShell

Disable-NetBios.ps1
$Path = "HKLM:SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces"

$Interfaces = Get-ChildItem $Path| Select-Object -ExpandProperty PSChildName

foreach($Interface in $Interfaces) {

    Set-ItemProperty -Path "$Path\$Interface" -Name "NetbiosOptions" -Value 2

}

Resources