[rejectfinite]

It's not that disabling any of that on Windows is hard.

It is what MIGHT happen after.

That critical ERP/Invoice/Fileshare Server 2003 and the business critical printer from 2001 might still need SMBv1.

NETBIOS is still used in modern stuff, no?

We can't really just disable it willy-nilly.

>Everything I listed above can be solved by a single sysadmin with group policy and 30 minutes to kill, and they wont reoccur.

Yes, every L2 IT helpdesk can push a GPO out. It's what the GPO does that is the issue.

[britneybitch]

> NETBIOS is still used in modern stuff, no?

Even as a Linux guy I like to have netbios enabled since it gives you automatic DNS entries for all the hostnames on your network. I love being able to `ssh me@my-nas` without having to deal with hosts files and static IPs.

[DiabloD3]

Netbios is off by default in Windows; technically it is auto, but auto only turns it on if it sees a request from another machine on the LAN, or the network's DHCP passes a special field (no Linux dhcpd impl does this by default, or even has that functionality other than a manual custom field; you only see this if Windows Server is fulfilling the AD role and your AD is also your dhcpd, which is rare nowadays).

Windows, since Vista, prefers to use LLMNR/RFC 4795 (as Vista was designed to be an IPv6-first OS; Netbios and SMB for the purposes of legacy interop is purely a IPv4 concept), and as of Windows 10, also supports mDNS/RFC 6763.

LLMNR + WS-Discovery is the Vista and up solution for the entire Zeroconf stack, mDNS + DNS-SD over mDNS is Apple's solution for Zeroconf (and is also implemented via Avahi; Apple's Bonjour is open source and was chosen by Android before being replaced with yet another impl). Netbios + SSDP is this solution (and kinda disjointed, tbh) for pre-Vista.

Edit: My own personal network doesn't use any of these, and I use a local dnsmasq install to do be dns and the dhcpd, serving static assignments via /etc/ethers + /etc/hosts. All machines support DNS, support for the various discovery mechanisms suck in random ways across vendors.

[tracker1]

DNS/DHCP configuration can add a domain suffix to use... You can use something like myoffice.lan or myoffice.localdomain ... Then when you use ssh me@some-box it will use some-box.myoffice.localdomain and you just have to make sure that resolves in your assigned DNS host/forwarder.

[moepstar]

How about mDNS and / or a DHCP-server?

[britneybitch]

Last I checked, mDNS didn't support Windows (requirement for our household) but it looks like it does now. I'll play with it next time I set up a new machine.

[jabroni_salad]

ah but you see, using authentication on a business network is very difficult and we must allow rando anonymous devices to do whatever they want, apparently.

[nisegami]

>We can't really just disable it willy-nilly.

Caedite eos. Novit enim Dominus qui sunt eius.