18.5.4.1 Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)') (MS Only)
Info
This parameter determines which method NetBIOS over TCP/IP (NetBT) will use to register and resolve names.
A B-node (broadcast) system only uses broadcasts.
A P-node (point-to-point) system uses only name queries to a name server (WINS).
An M-node (mixed) system broadcasts first, then queries the name server (WINS).
An H-node (hybrid) system queries the name server (WINS) first, then broadcasts.
The recommended state for this setting is: 'NodeType - 0x2 (2)' (P-node / point-to-point).
Rationale:
In order to help mitigate the risk of NetBIOS Name Service (NBT-NS) poisoning attacks, setting the node type to Pnode will prevent the system from sending out NetBIOS broadcasts.
Solution
To establish the recommended configuration, set the following Registry value to '0x2 (2) (DWORD)':
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT\Parameters:NodeType
Note: This change does not take effect until the computer has been restarted.
Note #2: Although Microsoft does not provide an ADMX template to configure this registry value, a custom .ADM template ('Set-NetBIOS-node-type-KB160177.adm') is provided in the CIS Benchmark Remediation Kit to facilitate its configuration. Be aware though that simply turning off the group policy setting in the .ADM template will not 'undo' the change once applied. Instead, the opposite setting must be applied to change the registry value to the opposite state.
Impact:
NetBIOS name resolution queries will require a defined and available WINS server for external NetBIOS name resolution. If a WINS server is not defined or not reachable, and the desired hostname is not defined in the local cache, local LMHOSTS or HOSTS files, NetBIOS name resolution will fail.
18.5.4.1 Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)') (MS Only)
Info
Solution
See NetBIOS Node Type