With Windows 2000, you can disable NetBIOS over TCP/IP (NetBT) for each network connection. This feature is intended for computers that only use DNS name registration and resolution techniques, and communicate by using the Client for Microsoft Networks and the File and Print Sharing for Microsoft Networks components with other computers where NetBT is disabled. Examples of disabling NetBT include computers in specialized or secured roles for your network, such as an edge proxy server or bastion host in a firewall environment, where NetBT support is not required or desired.
The following are considerations for disabling NetBT on computers running Windows 2000:
The computer no longer listens for traffic to the NetBIOS datagram service at User Datagram Protocol (UDP) port 138, the NetBIOS name service at UDP port 137, and the NetBIOS session service at Transmission Control Protocol (TCP) port 139.
TCP/IP-based connections that use the Client for Microsoft Networks and the File and Print Sharing for Microsoft Networks components are possible only to other computers that have NetBT disabled. This affects the capability to see computers on the network and to connect to file shares and network printers.
NetBIOS name-resolution techniques such as WINS, local subnet broadcasts, and the Lmhosts file are no longer used. All name resolution occurs through DNS queries and the Hosts file.
If the computer needs to participate in WINS as a client, it must have NetBT enabled on at least one network connection.
If a Windows 2000 Server computer needs to run the WINS service, it must have NetBT enabled on at least one network connection.
A good example of disabling NetBT is for a server computer that has a connection to a private network and connection to an external network, such as the Internet. In this case, NetBT is not required for the Internet connection. By disabling NetBT on only the Internet connection, the dual-homed computer continues to function as either a WINS server or client for the internal network, and WINS clients are still serviced for connections made by using other physical network adapters installed on the computer.
You can disable NetBT on the WINS tab in the properties of the TCP/IP protocol. You can also disable NetBT through DHCP by using a Microsoft vendor-specific DHCP option.