We help IT Professionals succeed at work.

Should I use Link Layer Topology Discovery in a Windows Server 2008 environment

Medium Priority
5,747 Views
Last Modified: 2012-05-06
I'm about to set up a new site at work with a new domain and everything. It will mostly be hostin windows 2003, windows 2008 and linux (centos5) servers.

The domain controllers will be windows server 2008 x64. I need to lock this environment down so it will be secure etc.

1) Would you use "link layer topology discovery" in a business server environment? Is it secure? Should I just remove (disable) it?
2) As AD is relying on DNS, is there any reason to keep "Netbios over TCP/IP" running? All windows servers will be joined in the domain, linux will use AD as DNS servers.
Comment
Watch Question

Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:

The main job of the LLTD (Link Layer Topology Discovery) is to enable the server to build the 'Network Map' which you can find in the Network and Sharing Centre, in Control Panel. In a domain environment, that feature is usually disabled anyway, and there is pretty much no additional reason to keep LLTD enabled. You can disable it. However, it shouldn't really matter, since it's not a major security risk if it is enabled.

I would always leave NetBios over TCP/IP enabled for the sake of backwards compatibility. The server should survive on DNS resolution, and your Linux clients aren't going to use NetBIOS at all. However, NetBios is something which has its roots deep in the Windows operating system, so leave it enabled and you will save yourself a lot of hassle.

-Matt

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks for the answers Matt.

I will disable the LLTD since I don't have much use for the network map, I got the network already drawn in visio and have control on my cisco switches :)

As for NetBIOS over TCP/IP, I hear what you are saying, but I'm going to leave it disabled for now, but not it in the documents for possible throubleshooting. This is going to be a clean and new environment, with windows 2003 r2 being the "legacy" OS installed. Thanks for the suggestion though.

Author

Commented:
It didn't go very deep into why to keep NetBIOS, but it was not the main issue/question.

Author

Commented:
I actually ended up enabling NetBIOS at the moment so I am able to ping just the hostname instead of hostname.domainname.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.