Windows Server

Consider running the browser service on Windows Server 2008 DCs

Although NetBIOS is reportedly on the way out, it is still a critical part of most Windows Server environments. Rick Vanover explains why, in some configurations, the browser service should be running to facilitate NetBIOS.

Many Windows administrators, myself included, are trying to stop using NetBIOS and switch to DNS exclusively for name resolution. But under certain situations, a Windows Server 2008 domain controller may not display networks correctly when browsing the network. (Read more details about these situations in a TechNet team member's blog.)

For Windows Server 2008 installations, the computer browser is disabled by default, and dcpromo does not change the configuration of the service when Active Directory is installed. The network browsing is convenient for drive mappings and quick access to systems, and this browsing depends on the short name features of NetBIOS.

One way to correct these computer display issues is to configure the computer browser service to be an automatic starting service. There are a number of ways to do this, including the sc command. Figure A shows the sc command used to configure the service to be automatic and then immediately start the computer browser service. Figure A

Figure A

If you have this configuration for domain controllers running, the flexible single master operation (FSMO) role can prevent the browse-ready computers from being removed from display. However, this service has been set with a default state of Disable and should only be changed if your browse-ready list of computers is shrinking or is only a local subnet.

NetBIOS resolution is handy except for very large Active Directory networks. Larger networks are better use the Windows Server 2008 GlobalNames zone.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

6 comments
jerickson
jerickson

I went and looked at my 2008 DC on my home test network. The service was running and set to automatic. I forgot that I set polices long ago that set all the computers in the domain (default domain policy) to disable their computer browser server, and for the domain controllers (default domain controller policy) to set it to automatic. So even if my DC was disabled to start with, the policy turned it on. You don't need every computer on the network running that service.

DoubleJava
DoubleJava

We are an IT consulting company and we have explicitly disabled all NetBIOS funcionality on nearly all customer networks that we have setup/inherited since day one of Windows 2000 shipping. The ONLY exceptions have been when the customer had a home-grown application that required NetBIOS and even in those cases we have worked through getting those applications modified or replaced. Many software companies have taken the "safe road" when it comes to specifying their sorftware "requirements". The bottom line is that many software companies/developers didn't know if their software required NetBIOS or not, so they simply said, "yes, it does". In reality, such software often runs fine without NetBIOS. Even MS Exchange has continued to call out the NetBIOS requirement in their documentation all the way up until Exchange 2007. However, we haven't used NetBIOS with Exchange, since version 5.x. Yes, there are a couple of specific scenarios where NetBIOS might be required for Exchange 200x; however, probably more than 85% of Exchange implementations will work fine or even better without it. As for Network Browsing (a la "My Network Places" et al), that is the last thing you want on your network...unless you are talking about a two or three PC network at your house. But, in that case, you probably won't be running Windows Server 2008 anyway. On real networks, the Network Browsing service slows down the network, it can be unreliable, it is not scalable (unless it is implemented with WINS and even then it is not exactly super robust), and it makes a hacker's job at least 10 times easier. We have dramitically reduced the number of support calls from customers over the years, and a big part of that has been getting away from NetBIOS. Granted, in SOME cases NetBIOS can cover a multitude of sins in lieu of following best practices and proper implementation. However, if best practices are followed for network configuration, DNS configuration, Active Directory/Group Policy configuration, DHCP configuration, etc. then a NetBIOS-free network is a better, happier, faster, more reliable, more predictable, easier to troubleshoot, more secure network.

Doug Vitale
Doug Vitale

DNS has supposedly replaced the functionality of NetBIOS and WINS in Windows 2000/2003/2008 domains. But as Mr. Vanover explains, NetBIOS still may prove useful even if it is not necessary. This article reminds me of a similar piece that appeared on Tech Republic a few years ago describing how WINS may still be required for Exchange 2000/2003 to achieve their fullest potential: http://articles.techrepublic.com.com/5100-10878_11-5820760.html You might want to disable NetBIOS on public servers for security reasons, by the way: http://blogs.techrepublic.com.com/security/?p=423 http://blogs.techrepublic.com.com/security/?p=196

nick.cockayne
nick.cockayne

although a lot of work is involved with removing NetBIOS from a mature organisation, it is well worth the effort, there are plenty of ways around browsing the network without NetBIOS/Computer Browser, start with publishing shares in AD if you haven't already removed NetBIOS then this article is applicable if you require this functionality, but I'm sure most of us can live without it

b4real
b4real

Sometimes it makes sense. Tod's post in the MS blog brought up a good case for this configuration.

blyas
blyas

What do you do (short of upgrading) pre 2000 systems trying to use shares on a 2008 controller? We are able to connect but not transfer files.

Editor's Picks