News Stay informed about the latest enterprise technology news and product updates.

Microsoft Browser Service, part two: How does it work?

The Microsoft Browser Service is one of the more important elements of any Windows network. In this, the second part of a series of tutorials, expert Douglas Paddock takes off the covers and looks inside Browser Service.

IT Pro
Doug Paddock

The Microsoft Official Curriculum (MOC) offers little information about the Browser Service. Yet, as I said in part one of this series on the subject, it is one of the more important elements of any Microsoft network.

In this, the second section, of my Browser Service tutorial, I take off the covers and look inside Browser Service.

The Browser Service in Windows 2000 consists of the Master Browser, Backup Browsers and browser clients. If you are running in a mixed mode environment with NT 4.0 domains as part of your network, you will also have Domain Master Browsers, which are almost always the PDCs for the NT 4.0 domain.

Let's start at the bottom with the clients, and work up. It makes more sense when you look at it this way.


When a client running the Server service comes on line, it announces itself to the subnet's Master Browser using a UDP port 137 (NetBIOS Name Service) datagram. It also does this at four- and eight-minute intervals, then every 12 minutes thereafter. If you type "nbtstat –n" at a command prompt, you can see the entry registered with WINS for the Server service, which will be the computer's NetBIOS name followed by a <20>. The purpose of announcing every 12 minutes is to allow for the population of the Master Browser's list in case a previous broadcast was not received, or if a new Master Browser is elected.

When a client wants to find a shared resource the client opens Network Neighborhood or Browse. The first time this is done, it results in a call to the subnet's Master Browser, which will return a list of three backup browsers to the client. The client will keep a copy of these servers for future use. The client then contacts the backup browsers for a list of all systems running the Server service. The backup browsers DO NOT keep a list of actual shares like Active Directory; they simply have a list of who is running the Server service. This cuts down on network traffic for both transmissions to the client and replication.


Backup browsers are used on the local subnet to keep a local copy of the browse list that can tell clients which systems on this particular subnet are running the Server service. This is done when a client clicks on his/her particular operating system's version of Network Neighborhood. A backup browser does not actually connect clients to the share they're looking for, it just tells them what computers are running the Server service. The client will contact the server itself for a list of shares available on that server. When you click on a server's name in the Explorer list, the client queries that server for a list of its shares, and will populate Explorer's list of available shares so the user can make a choice of resources to utilize. Virtually any Windows system from NT 3.1 or Windows for Workgroups up to and including Windows 2000 can be backup browsers. Your "higher level" systems will be chosen before your lower level systems, starting with Windows 2000 and working backwards.


An individual subnet typically does not have that many backup browsers. Often, up to 31 computers on a subnet will have one backup browser. After that, every 32 computers added results in another backup browser being added from the potential browsers. Think of them as systems sitting on the bench, waiting for the coach to send them in. The Master Browser will tell a system when it should assume the role of a backup browser.

Some systems should never be browsers. In both Windows 2000 and NT 4.0, this value is set under the registry entry:

  • HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Browser Parameters
There are three possible entries:
  • No – This computer should never be a browser. This is an excellent entry when you have a lab setup with a test server or computer that is constantly being changed and/or rebooted and the server keeps forcing browser elections upon being rebooted because it is the most qualified to be the local subnet's Master Browser. NO is the computer equivalent of "knock it off and sit down".

  • Yes – This is the default value for Windows and NT 4.0 servers. These systems will either be a Master Browser or a backup browser.

  • Auto – This computer could become a backup browser if needed. The Master Browser will notify it if it's needed. A bench warmer. This is the default for Windows Professional and Windows NT 4.0 workstation systems.
In part three of this series, I take a look at Master Browsers and WINS. Part one was an introduction to using Microsoft's Browser Service.


About the author: Douglas Paddock is a CIW Security Analyst and MCSE, MCT, MCSA, A+, N+ qualified teacher at Louisville Technical Institute in Louisville, Ken.


>> Go back to part one
>> Continue to part three
>> Read Doug Paddock's ATE bio and category

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.