How to enable or disable LLTD binds with PowerShell

In an enterprise environment, as it grows bigger and bigger, policy regulations will be enforced. One of those regulations will most likely be disable the LLTD components LLTDIO and RSPNDR on all the client machines. With a GPO this is a piece of cake, but disabling these “binds” via GPO causes an issue with machines that have a virtual NIC installed (Let it be a VMWare net adapter, or a Hyper-V NIC, etc). In this post I’ll briefly describe the issue generated in the above scenario and how to script a resolution to the issue, which is disable LLTDIO and RSPNDR on the virtual NIC itself.

Issue & Cause: When disabling LLTDIO and RSPNDR via group policy and the client computer has a virtual NIC installed, the network connection bounces (Disconnect and connects again). Depending on the network speed and reliability, the network location may stay stuck in “UnIdentified” or “Public”, which will most likely block quite a few services depending on your firewall rules.

What is LLTDIO and RSPNDR? These components are part of the Link-Layer Topology Discovery protocol, whose function is to create a graphical map of the network the host computer is connected to. More info on LLTD here: LLTD Wiki

Solution: If we were talking of Windows 8 and later, the solution would be a simple : Set-NetAdapterBinding -Name <AdapterName> -ComponentID MS_RSPNDR -Enabled $False in a PowerShell console, but life ain’t that easy, is it? In Windows 7, this magical cmdlet is not available, and the ONLY way to script and deploy this binding change as described below:

First of, download the NVSPBIND.EXE tool from here. The link will take you to the Microsoft Gallery to download a tool written by Keith Mange. This tool allows you to disable protocol bindings from a command line.

Second, you’ll need to figure out the NIC adapter GUID. Each adapter has a different GUID and this will be different on every computer. To get right GUID, we can leverage the power of WMI queries like this:  Get-WmiObject -Query (‘Select Name, GUID from Win32_NetworkAdapter where Name like “%VMWARE%”‘) or Get-WmiObject -Class Win32_NetworkAdapter | Where {$_.Name -like “*VMWARE*”), whichever you prefer.

Third, build the command line with the GUID/s obtained from the WMI query and the protocol bind name to modify: Start-Process .\NVSPBIND.exe -ArgumentList “$GUID -d MS_RSPNDR” where the switch -d is to disable the protocol bind specified.

Now that you have the information, it’s as easy as 1 2 3, but, you want to be able to deploy a script that can automatically disable the protocol binds accounting for all scenarios, and you probably want to be able to store a log with historical data and new data as the script is executed. Well, I’ll explain a few more points before giving you the script I wrote and deployed in my enterprise environment.

For the historical data -what was before, and what is after script execution- we will query a registry value which has the NIC adapter GUIDs of the adapters where LLTDIO or RSPNDR is enabled (This really applies to any protocol bind, there is a key/directory/folder/object for each one) . The key is in HKLM:\System\CurrentControlSet\Services\LLTDIO<or>RSPNDR\Linkage  and the value we are looking for is BIND.  What you may want to do to keep it simple (like me) is just throw the output of this query to your log file.

 

The script can be found in the link below:

LLTDIO&RSPNDR_Disable

 

 

I hope this post is helpful to you. Please share it with your colleagues and friends and keep tuned for more content.

Regards,

Miguel Mojica