In this article, we will demonstrate how to disable the LLMNR on Windows server 2022. Before going into the procedure, we should know what LLMNR is and what risks are involved for a user by enabling the LLMNR on your system.
What is LLMNR?
LLMNR is a short abbreviation of Link-Local Multicast Name Resolution, a protocol that allows IPV4 and IPV6 clients to resolve the name resolution without using a DNS (Domain Name System) server. The LLMNR uses the port UDP/5355. This protocol takes the host-to-IP based on multicast packets and sends them to the entire local network. LLMNR is only needed if the DNS server is not available in the domain. When the process starts, it asks all listening network interfaces to replay, if the hostname is authoritative. Windows Server uses the LMNR to identify the specific hostname on the network such as file-share servers. In response, it sends the current user’s information including credentials directly to the server.
Why do we need to disable LLMNR on Windows server?
LLMNR is a built-in name resolution service in windows servers to identify the address names on the same network. When a request for DNS fails, using the LMNR windows attempts to ask different devices on the current network to resolve that address. Therefore, if the intermediary attacker receives the LLMNR reply, the windows server sends the user’s credentials hash to the third-party server. These details are enough for an attacker to violate the system’s security.
LLMNR protocol is only used in modern servers for compatibility with older Windows versions. However, using this protocol may cause spoofing and MITM (Man in the Middle) attacks. However, to overcome the network security issues, it is important to disable it on your Windows server or domain networks.
Steps to Disable the LLMNR on Windows Server 2022
To mitigate the risks of MITM attacks, we need to disable the LLMNR on the windows server / Windows 10. Using the following key steps, you can easily disable LLMNR in-group policy on the Windows server:
- If you are on the domain network then, navigate into the ‘Group Policy Management Editor’.Here, you can create a new group policy or you can also update the existing one.
Alternatively, move into the “Local Group policy editor” in Windows server.
- Navigate into DNS client locationusing the following directory tree:
Computer Configuration > Administrative Templates > Network > DNS Client
- Now, click on the field “Turn off multicast name resolution” from the list and set the policy as ‘Enabled’.
- Click on the ‘Apply’ to save changes.
Disable LLMNR on Windows Server 2022 using PowerShell commands
You can also disable the LLMNR on the windows server using the following PowerShell command syntax:
We have discussed in this guide how to disable the LLMNR on Windows server 2022. The recommended way is to disable both protocols the LLMNR and NetBIOS over TCP/IP protocols (Used in legacy Windows version 2000, XP) to improve your network security. By following the above steps, you can easily disable the LLMNR on window server 2022. Thanks!
- Your search to the best windows hosting can end by clicking here.