disabling network discovery
TRANSCRIPT
-
7/30/2019 Disabling Network Discovery
1/8
Disabling Network Discovery/Network Resources
We often get requests from people asking how to disable Network Discovery because they
either don't want to see any machines in the Network Resources list or they perceive aperformance issue with the feature. I am writing the blog to discuss this feature and explain
some of the potential options.
What is Network Discovery?
Network discovery is not a single thing. In general terms it is the process of gatheringinformation about the Network resources near you. It consists of a group of protocols that all
report to the Function Discovery platform. Probably the most well-known protocol is
NetBIOS Browsing, but it also includes WSD, UPNP, SSDP, and even the registry. Typically
you see this information in Network Resources/Network Neighborhood, but any application
can potentially be programmed to use it.
Figure 1. Network Resources/Network Neighborhood
1
-
7/30/2019 Disabling Network Discovery
2/8
What is the Function Discovery Platform?
Before Windows Vista, various Discovery protocols were independent of each other and an
application/process had to know the details of how to use a particular protocol. In WindowsVista, the Function Discovery Platform was created to aggregate the information from various
protocols into a single place that applications can retrieve it from without having to know the
details for accessing a specific protocol. This makes it easier for an application to support this
kind of functionality while at the same time making it less dependent on a single protocol that
may have been retired. A list of the built-in providers can be found at this link:
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx
Figure 2. Function Discovery Architecture
Network Discovery and the Windows Firewall
The interaction between Network Discovery and the Windows Firewall is relatively
straightforward. The Windows Firewall has default rules both inbound and outbound to block
the Network Discovery protocols, but by default the outbound rule is not enabled, thus
allowing this traffic.
Figure 3. The Network Discovery rules in the Windows Firewall.
2
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx -
7/30/2019 Disabling Network Discovery
3/8
In addition in Network and Sharing Center you can enable/disable the inbound rules as a
group.
Figure 4. Network Discovery Settings
LLTD (Link Layer Topology Discovery) is generally associated with the Network Map but
can also be used to gather information for Network Discovery and can be uninstalled from the
properties of a given network connection.
Figure 5. LLTD Settings
3
-
7/30/2019 Disabling Network Discovery
4/8
Disabling Network Discovery?
The official guidance for disabling Network Discovery is to disable it in the Network and
Sharing Center GUI or in the Windows Firewall interface itself, but people are often confused
because they continue to see machines in the Network Resources list even after selecting this
option. The thing to remember is that not all the providers are Network Protocols. There is the
registry and Windows Connect Now for example. Disabling the Network Discovery via theFirewall will stop the incoming network traffic but it wont stop other non-network sources. It
also doesnt block outgoing traffic so the machine will still broadcast via NetBIOS for
example.
Another reason people want to disable Network Discovery is that they have a performance
issue and the knee-jerk reaction is to disable the feature instead of resolving the performance
issue.
So what to do if you disabled Network Discovery in the Firewall and still see machines in the
Network Resources list? Or still see a performance issue? Network Discovery is made of
multiple protocols. You need to identify which service/port is being used to gather the data orhaving the performance issue and troubleshoot that.
4
-
7/30/2019 Disabling Network Discovery
5/8
Here is a list of the services involved:
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx
Computer Browser
SSDP Discovery UPnP Device Host
Registry
Function Discovery Resource Publication
Function Discovery Provider host
Link-Layer Topology Mapper
Note: LLMNR is also used
There are predefined rules for Network Discovery - or you can manually block these ports:
TCP 2869 - UPNP
TCP 5357 - WSDAPIEvents
TCP 5358 - WSDEvents Secure
UDP 5355 - LLMNR
UPD 3702 - WSD publishing
UDP 1900 - SSDP
Note: You also need to block NetBIOS but that can affect more than just Network Discovery.
UDP 138 - NetBIOS Datagram
UDP 137 - NetBIOS Name
Other options you may want to consider:
It may be enough to simply disable the Network Resource option in the GUI.
This will still allow the machine to populate local resources but will prevent network
resources from displaying in Explorer.
Figure 6. Explorer with Network Resources enabled
5
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx -
7/30/2019 Disabling Network Discovery
6/8
Figure 7. Explorer with Network Resources disabled
6
http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-55-08-metablogapi/4466.clip_5F00_image007_5F00_097DF96C.jpg -
7/30/2019 Disabling Network Discovery
7/8
Notice that the local resources and a wireless router are still visible. It is only the remote PCs
that don't appear in the list now. To disable this setting you need to modify the GUID in the
ParsingName value.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}ParsingName REG_SZ ::{208D2C60-3AEA-1069-A2D7-08002B30309D}
Note: This change requires a reboot
To re-enable this setting you have to change the ParsingName back to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}
ParsingName REG_SZ ::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
Note: This change requires a reboot
Another option is to hide Network (formerly Network Places) from Explorer.
Notice that the Network option in the lower left corner is no longer present in the following
screenshot.
Figure 8. Explorer with Network Resources hidden
You can hide Network by adding a GUID with a value of 1 to the NonEnum Key.
7
-
7/30/2019 Disabling Network Discovery
8/8
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}=dword:00000001
Note: This change requires a reboot
Summary
Network Discovery is a useful feature that most people will not want to disable. In the event
you are having trouble with it you need to keep in mind that it is not a single service/protocol.
If you can identify the problem service/protocol, that will allow most of the features to remain
enabled. Other options may be to disable Network Resources or hide the Network option
altogether in Explorer.
Hope this helps you determine the best way to handle disabling Network Discovery if needed.
Note: The screenshots are from Windows 7 but they are similar in Windows Vista.
8