"* Disable the browser service on anything not one of those designated masters"
+1 I run a GPO here to turn off the browser service on our workstations. Dave -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, August 30, 2011 11:06 AM To: NT System Admin Issues Subject: Re: File and Print Sharing on windows Domain On Tue, Aug 30, 2011 at 12:05 PM, Darin <[email protected]> wrote: > Recently I have been informed that having file and print sharing > turned on takes up considerable bandwidth on the network. As others have said, you need to clarify and quantify that statement. For example, if there's a lot of traffic because people are transferring a lot of large files, well, that's not the protocol's fault. You also need to narrow down the protocols. "File and Printer Sharing", as Microsoft calls it, can involve a lot of things. Name resolution (DNS, NetBIOS, WINS, browse lists), authentication (NTLM, Kerberos, etc.), payload... > I know Appletalk is a very chatty protocol but never was aware that >Microsoft File and Print sharing was. First you said "bandwidth", now you're saying "chatty". The two are not synonymous. One deals primarily with bytes/second, the other with packets/second. In my experience: SMB isn't very chatty by itself. It's not the most efficient protocol (there's a fair bit of unnecessary overhead in the headers), but it's reasonably quiet when idle, and doesn't need *too* much to get going. Now, some of the things which *use* SMB are chatty. Windows Explorer, for example, tends to crawl all over the place looking for file metadata, icons, sizes, etc, etc., and then repeat that at fixed intervals to refresh. Explorer is also extremely sensitive to high latency, so if you've got WAN links, it can start to suck pretty quickly. You can turn some of this off, and I think that's a good idea, especially on any reasonably sized network, or if you have WAN links. The *name resolution* protocols that you get with Windows -- especially the NetBIOS broadcast mechanism and default browser election scheme -- are *very* chatty. You can fix a lot of this. If you can, just disable NetBIOS entirely. (Exactly how feasible this is an open question.) If you need NetBIOS (or just don't want to risk a potential compatibility crisis): * Use WINS * Disable broadcast resolution entirely (AKA "peer node" or "P-node; it's a DHCP option) * Use a very small number of reliable computers as your WINS servers and master browsers * Disable the browser service on anything not one of those designated masters You can even disable the browse list entirely, which is likely a good idea on a sufficiently large network. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
