Should I use Link Layer Topology Discovery in a Windows Server 2008 environment

Posted on 2009-02-19
Last Modified: 2012-05-06
I'm about to set up a new site at work with a new domain and everything. It will mostly be hostin windows 2003, windows 2008 and linux (centos5) servers.

The domain controllers will be windows server 2008 x64. I need to lock this environment down so it will be secure etc.

1) Would you use "link layer topology discovery" in a business server environment? Is it secure? Should I just remove (disable) it?
2) As AD is relying on DNS, is there any reason to keep "Netbios over TCP/IP" running? All windows servers will be joined in the domain, linux will use AD as DNS servers.
Question by:Joffer
    LVL 58

    Accepted Solution


    The main job of the LLTD (Link Layer Topology Discovery) is to enable the server to build the 'Network Map' which you can find in the Network and Sharing Centre, in Control Panel. In a domain environment, that feature is usually disabled anyway, and there is pretty much no additional reason to keep LLTD enabled. You can disable it. However, it shouldn't really matter, since it's not a major security risk if it is enabled.

    I would always leave NetBios over TCP/IP enabled for the sake of backwards compatibility. The server should survive on DNS resolution, and your Linux clients aren't going to use NetBIOS at all. However, NetBios is something which has its roots deep in the Windows operating system, so leave it enabled and you will save yourself a lot of hassle.

    LVL 1

    Author Comment

    Thanks for the answers Matt.

    I will disable the LLTD since I don't have much use for the network map, I got the network already drawn in visio and have control on my cisco switches :)

    As for NetBIOS over TCP/IP, I hear what you are saying, but I'm going to leave it disabled for now, but not it in the documents for possible throubleshooting. This is going to be a clean and new environment, with windows 2003 r2 being the "legacy" OS installed. Thanks for the suggestion though.
    LVL 1

    Author Closing Comment

    It didn't go very deep into why to keep NetBIOS, but it was not the main issue/question.
    LVL 1

    Author Comment

    I actually ended up enabling NetBIOS at the moment so I am able to ping just the hostname instead of hostname.domainname.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now