Check or Attack Name: Primary Domain Controller

The machine has been identified as a primary domain controller (PDC). This information could be used by an attacker to focus domain-wide structured attacks.

False Positives: If the host is inside the firewall, then this vulnerability is purely informational.

If NetBIOS ports are available, then determining if a host is a domain controller cannot be prevented. If the host is outside of a firewall, ports 135-139 should be filtered. If the PDC is inside the firewall, this vulnerability is purely informational.