5

For security reasons my company needs to disable LLMNR and I just want to find out if anyone's had issues with this? I understand that its just one step above DNS (similar function) that is used primarily to resolve names to older machines (windows XP/Server 2003) but before we disable this on all of our systems windows visa on up. I was wondering if anyone has had trouble when they disabled this in the past?

it will be disabled from about 500 systems and I have been researching online but haven't been able to find much on this. I'll be pushing the GPO out the start of next week.

Thank you for your help guys! And thanks for taking the time to read this.

Have a great day.

LbakerIT
  • 67
  • 1
  • 8

1 Answers1

7

As far as I can tell, if you have a functional DNS, you should not need LLMNR at all. It was designed for scenarios in which there is no DNS, such as ad-hoc networks and very small workgroups on a single subnet.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Hey Michael, Thanks for your speedy reply! That's how I understand it as well. Theres a massive amount of posts with people trying to get it to work in corporate environments so it made me a little uneasy just removing it. – LbakerIT May 22 '13 at 22:48
  • I was able to find http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Overview-Link-Local-Multicast-Name-Resolution.html after I had posted. That goes through it in pretty good depth. Thanks again for the reassurance! – LbakerIT May 22 '13 at 22:49
  • Exactly. Since LLMNR is limited in scope to a single subnet, it's useless in your environment. – Michael Hampton May 22 '13 at 22:50