Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Should I use Link Layer Topology Discovery in a Windows Server 2008 environment

Posted on 2009-02-19
Medium Priority
Last Modified: 2012-05-06
I'm about to set up a new site at work with a new domain and everything. It will mostly be hostin windows 2003, windows 2008 and linux (centos5) servers.

The domain controllers will be windows server 2008 x64. I need to lock this environment down so it will be secure etc.

1) Would you use "link layer topology discovery" in a business server environment? Is it secure? Should I just remove (disable) it?
2) As AD is relying on DNS, is there any reason to keep "Netbios over TCP/IP" running? All windows servers will be joined in the domain, linux will use AD as DNS servers.
Question by:Joffer
  • 3
LVL 58

Accepted Solution

tigermatt earned 375 total points
ID: 23683840

The main job of the LLTD (Link Layer Topology Discovery) is to enable the server to build the 'Network Map' which you can find in the Network and Sharing Centre, in Control Panel. In a domain environment, that feature is usually disabled anyway, and there is pretty much no additional reason to keep LLTD enabled. You can disable it. However, it shouldn't really matter, since it's not a major security risk if it is enabled.

I would always leave NetBios over TCP/IP enabled for the sake of backwards compatibility. The server should survive on DNS resolution, and your Linux clients aren't going to use NetBIOS at all. However, NetBios is something which has its roots deep in the Windows operating system, so leave it enabled and you will save yourself a lot of hassle.


Author Comment

ID: 23687304
Thanks for the answers Matt.

I will disable the LLTD since I don't have much use for the network map, I got the network already drawn in visio and have control on my cisco switches :)

As for NetBIOS over TCP/IP, I hear what you are saying, but I'm going to leave it disabled for now, but not it in the documents for possible throubleshooting. This is going to be a clean and new environment, with windows 2003 r2 being the "legacy" OS installed. Thanks for the suggestion though.

Author Closing Comment

ID: 31548850
It didn't go very deep into why to keep NetBIOS, but it was not the main issue/question.

Author Comment

ID: 23690321
I actually ended up enabling NetBIOS at the moment so I am able to ping just the hostname instead of hostname.domainname.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question