Microsoft KB Archive/254542
Article ID: 254542
Article Last Modified on 3/1/2007
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q254542
Two Windows 2000-based computers may be able to communicate using SMB traffic over TCP/IP even though they have different NetBIOS scope IDs assigned. This occurs even though NetBIOS scopes define boundaries across which NetBIOS communication is not possible.
Windows 2000 implements a "NetBIOS-less" transport for SMB traffic that directly hosts SMB traffic on the TCP protocol. Because this transport does not use NetBIOS, scope IDs (which are implemented at the NetBIOS level) do not apply to the transport. NetBIOS Scope IDs still limit traffic that travels over the NetBIOS-over-TCP/IP (NBT) transport.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
If you have implemented NetBIOS scopes for security reasons, you may need to evaluate other mechanisms to meet the same goals. In Windows 2000, the use of NetBIOS scopes is discouraged, and there are no guarantees that NetBIOS scopes will be supported in future releases of Microsoft products.
NOTE: The use of NetBIOS scopes as described in this article is included only as a convenience for limited situations in which they absolutely must be used, and no other alternatives exist (such as VLANs, IPSec, more restrictive use of NTFS and share security, and so on). The use of NetBIOS scopes is discouraged, and there are no guarantees that NetBIOS scopes will be supported in future releases of Microsoft products. For more information about the direct hosting of SMBs on TCP, see the following article in the Microsoft Knowledge Base:
204279 Direct Hosting of SMB
Keywords: kbnetwork kbprb kbsmb KB254542