{
    "componentChunkName": "component---src-templates-post-js",
    "path": "/blog/Disable-NetBios",
    "result": {"data":{"markdownRemark":{"html":"<p>Disabling NetBios can enhance security by reducing the exposure of your network to potential vulnerabilities and attacks. NetBios is an older protocol that can be exploited by attackers to gain unauthorised access, spread malware, and perform various types of attacks. Disabling it can prevent these risks and help safeguard your network. However, before doing so, ensure that it won't disrupt any legitimate services that rely on NetBios.</p>\n<p>To first assess your estate you can deploy the detection script to all devices in your estate. This will identify devices where NetBios is still enabled.</p>\n<h2>PowerShell</h2>\n<div class=\"gatsby-code-title\">Detect-NetBios.ps1</div>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token variable\">$Path</span> = <span class=\"token string\">\"HKLM:SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\"</span>\n\n<span class=\"token variable\">$Interfaces</span> = <span class=\"token function\">Get-ChildItem</span> <span class=\"token variable\">$Path</span> <span class=\"token punctuation\">|</span> <span class=\"token function\">Select-Object</span> <span class=\"token operator\">-</span>ExpandProperty PSChildName\n\n<span class=\"token keyword\">foreach</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$Interface</span> in <span class=\"token variable\">$Interfaces</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token variable\">$NetBiosCheck</span> = <span class=\"token function\">Get-ItemProperty</span> <span class=\"token operator\">-</span>path <span class=\"token string\">\"<span class=\"token variable\">$Path</span>\\<span class=\"token variable\">$Interface</span>\"</span> <span class=\"token operator\">-</span>Name <span class=\"token string\">\"NetbiosOptions\"</span>\n    <span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span><span class=\"token variable\">$NetBiosCheck</span><span class=\"token punctuation\">.</span>NetbiosOptions <span class=\"token operator\">-ne</span> 2<span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n        <span class=\"token variable\">$Detect</span> = <span class=\"token boolean\">$true</span>\n    <span class=\"token punctuation\">}</span><span class=\"token keyword\">ELSE</span><span class=\"token punctuation\">{</span>\n        <span class=\"token variable\">$Detect</span> = <span class=\"token boolean\">$false</span>\n    <span class=\"token punctuation\">}</span>\n<span class=\"token punctuation\">}</span>\n\n<span class=\"token keyword\">if</span> <span class=\"token punctuation\">(</span><span class=\"token variable\">$Detect</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token function\">Write-Warning</span> <span class=\"token string\">\"Not Compliant\"</span>\n    <span class=\"token keyword\">Exit</span> 1\n<span class=\"token punctuation\">}</span> <span class=\"token keyword\">else</span> <span class=\"token punctuation\">{</span>\n    <span class=\"token function\">Write-Output</span> <span class=\"token string\">\"Compliant\"</span>\n    <span class=\"token keyword\">Exit</span> 0\n<span class=\"token punctuation\">}</span></code></pre></div>\n<h2>Intune Configuration</h2>\n<p>In <a href=\"https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/remediations\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Intune</a> you will need to got to <code class=\"language-text\">Devices</code> > <code class=\"language-text\">Remediations</code></p>\n<p>Select <code class=\"language-text\">Create Script Package</code></p>\n<p>Enter the Name and add a Description</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 700px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/b14421656d9ff58bdc32a6f4389f99ab/3b627/Basic.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 50.28571428571429%; position: relative; bottom: 0; left: 0; background-image: url('data:image/svg+xml,%3csvg%20xmlns=\\'http://www.w3.org/2000/svg\\'%20width=\\'400\\'%20height=\\'202\\'%20viewBox=\\'0%200%20400%20202\\'%20preserveAspectRatio=\\'none\\'%3e%3cpath%20d=\\'M0%207v7h401V0H0v7\\'%20fill=\\'%2364ffda\\'%20fill-rule=\\'evenodd\\'/%3e%3c/svg%3e'); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"Basic\"\n        title=\"Basic\"\n        src=\"/static/b14421656d9ff58bdc32a6f4389f99ab/39600/Basic.png\"\n        srcset=\"/static/b14421656d9ff58bdc32a6f4389f99ab/1aaec/Basic.png 175w,\n/static/b14421656d9ff58bdc32a6f4389f99ab/98287/Basic.png 350w,\n/static/b14421656d9ff58bdc32a6f4389f99ab/39600/Basic.png 700w,\n/static/b14421656d9ff58bdc32a6f4389f99ab/3b627/Basic.png 1004w\"\n        sizes=\"(max-width: 700px) 100vw, 700px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n  </a>\n    </span></p>\n<p>Browse and select the detection and remediation scripts. If you just want to identify devices with NetBios enabled just add a detection script.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 700px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/90f2eac356a55ad0ad7419e890695738/1a820/Settings.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 78.28571428571428%; position: relative; bottom: 0; left: 0; background-image: url('data:image/svg+xml,%3csvg%20xmlns=\\'http://www.w3.org/2000/svg\\'%20width=\\'400\\'%20height=\\'313\\'%20viewBox=\\'0%200%20400%20313\\'%20preserveAspectRatio=\\'none\\'%3e%3cpath%20d=\\'M0%208v7h401V0H0v8m222%20244c-1%202%200%205%202%206h11c9-1%2011-2%2010-5s-21-3-23-1m0%2022c-3%204%201%206%2011%206%209%200%2012-1%2012-5%200-1-2-2-11-2l-12%201m0%2015c-3%204%201%206%2011%206%2011%200%2012-1%2012-4%200-2-1-3-11-3l-12%201\\'%20fill=\\'%2364ffda\\'%20fill-rule=\\'evenodd\\'/%3e%3c/svg%3e'); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"Settings\"\n        title=\"Settings\"\n        src=\"/static/90f2eac356a55ad0ad7419e890695738/39600/Settings.png\"\n        srcset=\"/static/90f2eac356a55ad0ad7419e890695738/1aaec/Settings.png 175w,\n/static/90f2eac356a55ad0ad7419e890695738/98287/Settings.png 350w,\n/static/90f2eac356a55ad0ad7419e890695738/39600/Settings.png 700w,\n/static/90f2eac356a55ad0ad7419e890695738/1a820/Settings.png 1025w\"\n        sizes=\"(max-width: 700px) 100vw, 700px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n  </a>\n    </span></p>\n<p>Apply any scope tags and assign the remditiaion to the users or devices groups you wish to deploy the remediation to.</p>\n<h2>Disable Script</h2>\n<p>The disable script checks for the registry key for each interface for the value of the key <code class=\"language-text\">NetbiosOptions</code>. If NetBios is detected as enabled the <code class=\"language-text\">Disable-NetBios.ps1</code> script will loop through all the interfaces and set the value to <code class=\"language-text\">2</code> which will disable NetBios after a system restart.</p>\n<h2>PowerShell</h2>\n<div class=\"gatsby-code-title\">Disable-NetBios.ps1</div>\n<div class=\"gatsby-highlight\" data-language=\"powershell\"><pre class=\"language-powershell\"><code class=\"language-powershell\"><span class=\"token variable\">$Path</span> = <span class=\"token string\">\"HKLM:SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\"</span>\n\n<span class=\"token variable\">$Interfaces</span> = <span class=\"token function\">Get-ChildItem</span> <span class=\"token variable\">$Path</span><span class=\"token punctuation\">|</span> <span class=\"token function\">Select-Object</span> <span class=\"token operator\">-</span>ExpandProperty PSChildName\n\n<span class=\"token keyword\">foreach</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$Interface</span> in <span class=\"token variable\">$Interfaces</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">{</span>\n\n    <span class=\"token function\">Set-ItemProperty</span> <span class=\"token operator\">-</span>Path <span class=\"token string\">\"<span class=\"token variable\">$Path</span>\\<span class=\"token variable\">$Interface</span>\"</span> <span class=\"token operator\">-</span>Name <span class=\"token string\">\"NetbiosOptions\"</span> <span class=\"token operator\">-</span>Value 2\n\n<span class=\"token punctuation\">}</span></code></pre></div>\n<h2>Resources</h2>\n<ul>\n<li><a href=\"https://github.com/ELLISB1000/Disable-NetBios\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Github - Disable-NetBios</a></li>\n</ul>","frontmatter":{"title":"Disable NetBios","description":"A PowerShell script to detect and disable NetBios on all Interfaces.","date":"2023-08-31T00:00:00.000Z","slug":"/blog/Disable-NetBios","tags":["Intune","PowerShell"],"canonical":null}}},"pageContext":{}},
    "staticQueryHashes": ["1994492073","2009693873","2031412112","3825832676"]}