• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5033
  • Last Modified:

Should I use Link Layer Topology Discovery in a Windows Server 2008 environment

I'm about to set up a new site at work with a new domain and everything. It will mostly be hostin windows 2003, windows 2008 and linux (centos5) servers.

The domain controllers will be windows server 2008 x64. I need to lock this environment down so it will be secure etc.

1) Would you use "link layer topology discovery" in a business server environment? Is it secure? Should I just remove (disable) it?
2) As AD is relying on DNS, is there any reason to keep "Netbios over TCP/IP" running? All windows servers will be joined in the domain, linux will use AD as DNS servers.
  • 3
1 Solution

The main job of the LLTD (Link Layer Topology Discovery) is to enable the server to build the 'Network Map' which you can find in the Network and Sharing Centre, in Control Panel. In a domain environment, that feature is usually disabled anyway, and there is pretty much no additional reason to keep LLTD enabled. You can disable it. However, it shouldn't really matter, since it's not a major security risk if it is enabled.

I would always leave NetBios over TCP/IP enabled for the sake of backwards compatibility. The server should survive on DNS resolution, and your Linux clients aren't going to use NetBIOS at all. However, NetBios is something which has its roots deep in the Windows operating system, so leave it enabled and you will save yourself a lot of hassle.

JofferAuthor Commented:
Thanks for the answers Matt.

I will disable the LLTD since I don't have much use for the network map, I got the network already drawn in visio and have control on my cisco switches :)

As for NetBIOS over TCP/IP, I hear what you are saying, but I'm going to leave it disabled for now, but not it in the documents for possible throubleshooting. This is going to be a clean and new environment, with windows 2003 r2 being the "legacy" OS installed. Thanks for the suggestion though.
JofferAuthor Commented:
It didn't go very deep into why to keep NetBIOS, but it was not the main issue/question.
JofferAuthor Commented:
I actually ended up enabling NetBIOS at the moment so I am able to ping just the hostname instead of hostname.domainname.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now