PSSecurityUtils

0.2.0

Public/Disable-NetBios.ps1

                                function Disable-NetBios {

    <#

    .SYNOPSIS

        Disables NetBIOS over TCP/IP on all IP-enabled network adapters.

    .DESCRIPTION

        Calls SetTcpipNetbios(2) on every IP-enabled network adapter via the

        Win32_NetworkAdapterConfiguration WMI class, disabling NetBIOS over TCP/IP.

        NetBIOS is a legacy broadcast protocol and a common attack surface for

        network-based attacks including NBNS poisoning. Disabling it reduces the

        attack surface alongside LLMNR (see Disable-Llmnr).

        Changes take effect immediately without requiring a restart.

    .INPUTS

        None. Parameters must be supplied directly.

    .OUTPUTS

        None.

    .PARAMETER ComputerName

        The target computer. Defaults to the local machine.

    .EXAMPLE

        Disable-NetBios

        Disables NetBIOS over TCP/IP on all adapters on the local machine.

    .EXAMPLE

        Disable-NetBios -ComputerName 'Workstation01'

        Disables NetBIOS over TCP/IP on all adapters on Workstation01.

    .NOTES

        Requires Administrator privileges.

        SetTcpipNetbios options: 0 = DHCP default, 1 = Enabled, 2 = Disabled.

        In environments where NetBIOS-dependent legacy applications exist, test before

        deploying broadly.

        Remote operations require WinRM to be configured on the target machine.

    #>

    [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'Medium')]

    [OutputType([void])]

    param (

        [Parameter(Mandatory = $false)]

        [string]$ComputerName = $env:COMPUTERNAME

    )

    $isLocal = ($ComputerName -ieq $env:COMPUTERNAME) -or

               ($ComputerName -ieq 'localhost') -or

               ($ComputerName -eq '127.0.0.1')

    if ($PSCmdlet.ShouldProcess($ComputerName, 'Disable NetBIOS over TCP/IP on all IP-enabled adapters')) {

        $work = {

            $adapters = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration |

                        Where-Object { $_.IPEnabled }

            if (-not $adapters) {

                Write-Verbose 'No IP-enabled adapters found.'

                return

            }

            foreach ($adapter in $adapters) {

                $result = Invoke-CimMethod -InputObject $adapter -MethodName SetTcpipNetbios -Arguments @{ TcpipNetbiosOptions = [uint32]2 }

                if ($result.ReturnValue -eq 0) {

                    Write-Verbose "Disabled NetBIOS on adapter: $($adapter.Description)"

                } else {

                    Write-Warning "Failed to disable NetBIOS on adapter '$($adapter.Description)'. Return code: $($result.ReturnValue)"

                }

            }

        }

        if ($isLocal) {

            & $work

        } else {

            Invoke-Command -ComputerName $ComputerName -ScriptBlock $work

        }

        Write-Verbose "NetBIOS over TCP/IP disabled on '$ComputerName'."

    }

}