In reading a SQL installation KB it mentions "Disable NetBIOS and Server Message Block Servers in the perimeter network should have all unnecessary protocols disabled, including NetBIOS and server message block (SMB)". However, other information I have seen indicates that SMB and Netbios are tied to resource sharing and DHCP. I also see, " Port 445, port 445 is deeply embedded in Windows and can be difficult or impossible to safely close. While its closure is possible, other dependent services such as DHCP".... So how can I determine if these can be truned off without inadvertantly effecting network functions such as newotk browsing, printer location ect. Thanks for any help. Keith Naccarato Ulster-Greene ARCkn

Hi Keith, The potential impact of disabling SMB and NetBIOS over TCP/IP is that no computers will be able to connect to the server through SMB. The servers will be unable to access folders shared on the network. Many management tools will be unable to connect to the servers. According the article Implementation of Server Level Security and Object Level Security, when planning a SQL Server installation, you need to consider installing it on a dedicated computer and isolating components from each other. This will minimize the chance that if one component is compromised it could be used to further compromise other components in your system. Your goal is to avoid exposing your server to the vulnerabilities of other software, and vice versa. If you need further assistance regarding SMB and NetBIOS over TCP/IP, for quick and accurate response to the question, it is recommended you ask in the Network forum. The support professional there are more familiar with it and can help you in a more efficient way. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads Thanks for your understanding. Regards, BruceThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

you usually cannot say preciselly. just disable it and see the results and test and potentially reenable it again. ondrej.