Managing & Configuring NETBIOS in Windows Using PowerShell

Key Takeaways

  • NETBIOS is a legacy Windows networking protocol with potential security risks.
  • The provided PowerShell script automates NETBIOS configuration across network adapters.
  • The script checks for administrative rights, ensuring elevated execution.
  • It uses modern CIM methods but falls back to WMI for older systems.
  • Automation, like this script, offers consistency and reduces human errors compared to manual configurations.
  • Always test scripts in non-critical environments before full deployment.
  • Proper NETBIOS configuration is essential for network security, especially with legacy systems.
  • Tools like NinjaOne can integrate and streamline such scripts for centralized IT management.

In the evolving landscape of network management, understanding how to configure settings that affect communication protocols is essential. Among these, NETBIOS (Network Basic Input/Output System) stands out due to its widespread use in Windows networking for legacy reasons. This post delves deep into a PowerShell script tailored for configuring NETBIOS in Windows across network adapters.

Background

NETBIOS has been a staple in Windows networking for years, playing a role in local name resolution. It can, however, pose a potential security risk if left unchecked. IT professionals and Managed Service Providers (MSPs) often find a need to centrally manage and configure NETBIOS settings, either to optimize network performance, ensure compliance, or heighten security. This is where PowerShell scripts, like the one provided, come into play, giving a robust and automatable solution.

The Script

#Requires -Version 2.0

<#
.SYNOPSIS
    Disables or Enables NETBIOS on all network adapters
.DESCRIPTION
    Disables or Enables NETBIOS on all network adapters
.EXAMPLE
    No parameters needed.
    Sets the default of "Use NetBIOS setting from the DHCP server" on all network adapters
.EXAMPLE
    -Disable
    Disables NETBIOS on all network adapters
.EXAMPLE
    -Enable
    Enables NETBIOS on all network adapters
.OUTPUTS
    None
.NOTES
    General notes
    Release Notes:
    Initial Release
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
.COMPONENT
    ProtocolSecurity
#>

[CmdletBinding()]
param (
    [Parameter()]
    [switch]
    $Enable,
    [Parameter()]
    [switch]
    $Disable
)

begin {
    function Test-IsElevated {
        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        $p = New-Object System.Security.Principal.WindowsPrincipal($id)
        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
    }
}
process {
    if (-not (Test-IsElevated)) {
        Write-Error -Message "Access Denied. Please run with Administrator privileges."
        exit 1
    }
    $NetBios = if ($PSBoundParameters.ContainsKey("Enable")) {
        # 1 - Enable NetBIOS over TCP/IP
        1
    }
    elseif ($PSBoundParameters.ContainsKey("Disable")) {
        # 2 - Disable NetBIOS over TCP/IP
        2
    }
    elseif ($PSBoundParameters.ContainsKey("Enable") -and $PSBoundParameters.ContainsKey("Disable")) {
        Write-Error "Can not enable and disable at the same time."
        exit 1
    }
    else {
        # 0 - Use NetBIOS setting from the DHCP server
        0
    }

    if ($(Get-Command "Get-CimInstance" -ErrorAction SilentlyContinue).Name -like "Get-CimInstance") {
        $Arguments = @{
            TcpipNetbiosOptions = [UInt32]($NetBios)
        }
        $Session = New-CimSession
        $Query = 'Select * From Win32_NetworkAdapterConfiguration'
        $Response = Invoke-CimMethod -Query $Query -Namespace Root/CIMV2 -MethodName SetTcpipNetbios -Arguments $Arguments -CimSession $Session
        if ($Response.ReturnValue -is [int] -and $Response.ReturnValue -gt 1) {
            # 0 and 1 are success return values
            # https://powershell.one/wmi/root/cimv2/win32_networkadapterconfiguration-SetTcpipNetbios#return-value
            Write-Error "SetTcpipNetbios returned error code ($($Response.ReturnValue))"
            Remove-CimSession -CimSession $Session
            exit 1
        }
        Write-Host "Netbios set to $NetBios"
        Remove-CimSession -CimSession $Session
    }
    else {
        $Adapters = $(Get-WmiObject -Class win32_networkadapterconfiguration)
        Foreach ($Adapter in $Adapters) {
            try {
                $Adapter.SetTcpipNetbios($NetBios)
            }
            catch {
                # Do nothing if error occurs
            }
            $Adapter | Select-Object Description, TcpipNetbiosOptions
        }
    }
}
end {}

 

Access 300+ scripts in the NinjaOne Dojo

Get Access

Detailed Breakdown

The script presented is developed in PowerShell, a potent tool in the hands of administrators. Here’s a step-by-step breakdown:

  • Initial Comments and Metadata: These provide a description, usage examples, and other metadata about the script’s functionality.
  • Cmdlet Binding: Allows advanced functions to act similarly to cmdlets.
  • Parameters: Defines two switches, ‘Enable’ and ‘Disable’, to manage NETBIOS.
  • Elevation Check: It’s crucial to run such scripts with administrative rights. The ‘Test-IsElevated’ function ensures this by checking if the current user possesses administrative privileges.
  • NETBIOS Configuration: Based on the provided switch (Enable/Disable), the script sets the relevant NETBIOS option.
  • Implementation: If the ‘Get-CimInstance’ command exists (typical in modern PowerShell versions), it uses CIM (Common Information Model) to configure network adapters. If not, it falls back to the older WMI (Windows Management Instrumentation) method.
  • Feedback & Cleanup: The script provides feedback on the applied settings and cleans up any created sessions.

Potential Use Cases

Imagine an MSP overseeing the IT infrastructure for a company expanding its footprint by merging with another entity. They have a mix of modern and legacy systems. This MSP needs to standardize NETBIOS settings across hundreds of machines to ensure seamless inter-networking and reduce potential security vulnerabilities. By deploying this script, they can automate the process, saving time and minimizing human error.

Comparisons

While there are GUI-based tools and manual methods to configure NETBIOS settings on individual machines, this script’s advantage lies in automation. It can be integrated into larger deployment scripts or systems management tools. Compared to manual configurations, this script reduces the chance of oversight and provides a consistent, reproducible method.

FAQs

  • Can I run this on any Windows machine? 
    Yes, as long as you have PowerShell, but always test on a non-critical machine first.
  • What if I mistakenly enable and disable NETBIOS simultaneously? 
    The script has built-in checks and will throw an error if you try this.
  • Is there any feedback if the settings were applied successfully? 
    Yes, the script provides feedback on the NETBIOS configuration applied.

Implications

Misconfiguration of NETBIOS can leave machines open to various attacks, especially on open networks. Ensuring the correct settings is crucial for IT security. While NETBIOS is less prevalent in modern networks, legacy systems still depend on it, making the management of its settings significant.

Recommendations

  • Always run scripts in a test environment before deploying in production.
  • Ensure you understand each script component to troubleshoot if needed.
  • Regularly review and update scripts as networking standards evolve.

Final Thoughts

Automation tools, like NinjaOne, further streamline processes and can integrate scripts like this, providing centralized control, reporting, and monitoring. As we navigate the intricate world of network configurations, tools and scripts that simplify tasks become invaluable for IT professionals everywhere.

 

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Remote Script Deployment, check out a live tour, or start your free trial of the NinjaOne platform.

Categories:

You might also like

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).