disabling network discovery

7/30/2019 Disabling Network Discovery

1/8

Disabling Network Discovery/Network Resources

We often get requests from people asking how to disable Network Discovery because they

either don't want to see any machines in the Network Resources list or they perceive aperformance issue with the feature. I am writing the blog to discuss this feature and explain

some of the potential options.

What is Network Discovery?

Network discovery is not a single thing. In general terms it is the process of gatheringinformation about the Network resources near you. It consists of a group of protocols that all

report to the Function Discovery platform. Probably the most well-known protocol is

NetBIOS Browsing, but it also includes WSD, UPNP, SSDP, and even the registry. Typically

you see this information in Network Resources/Network Neighborhood, but any application

can potentially be programmed to use it.

Figure 1. Network Resources/Network Neighborhood

1


2/8

What is the Function Discovery Platform?

Before Windows Vista, various Discovery protocols were independent of each other and an

application/process had to know the details of how to use a particular protocol. In WindowsVista, the Function Discovery Platform was created to aggregate the information from various

protocols into a single place that applications can retrieve it from without having to know the

details for accessing a specific protocol. This makes it easier for an application to support this

kind of functionality while at the same time making it less dependent on a single protocol that

may have been retired. A list of the built-in providers can be found at this link:

http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx

Figure 2. Function Discovery Architecture

Network Discovery and the Windows Firewall

The interaction between Network Discovery and the Windows Firewall is relatively

straightforward. The Windows Firewall has default rules both inbound and outbound to block

the Network Discovery protocols, but by default the outbound rule is not enabled, thus

allowing this traffic.

Figure 3. The Network Discovery rules in the Windows Firewall.

2
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx


3/8

In addition in Network and Sharing Center you can enable/disable the inbound rules as a

group.

Figure 4. Network Discovery Settings

LLTD (Link Layer Topology Discovery) is generally associated with the Network Map but

can also be used to gather information for Network Discovery and can be uninstalled from the

properties of a given network connection.

Figure 5. LLTD Settings

3


4/8

Disabling Network Discovery?

The official guidance for disabling Network Discovery is to disable it in the Network and

Sharing Center GUI or in the Windows Firewall interface itself, but people are often confused

because they continue to see machines in the Network Resources list even after selecting this

option. The thing to remember is that not all the providers are Network Protocols. There is the

registry and Windows Connect Now for example. Disabling the Network Discovery via theFirewall will stop the incoming network traffic but it wont stop other non-network sources. It

also doesnt block outgoing traffic so the machine will still broadcast via NetBIOS for

example.

Another reason people want to disable Network Discovery is that they have a performance

issue and the knee-jerk reaction is to disable the feature instead of resolving the performance

issue.

So what to do if you disabled Network Discovery in the Firewall and still see machines in the

Network Resources list? Or still see a performance issue? Network Discovery is made of

multiple protocols. You need to identify which service/port is being used to gather the data orhaving the performance issue and troubleshoot that.

4


5/8

Here is a list of the services involved:

http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx

Computer Browser

SSDP Discovery UPnP Device Host

Registry

Function Discovery Resource Publication

Function Discovery Provider host

Link-Layer Topology Mapper

Note: LLMNR is also used

There are predefined rules for Network Discovery - or you can manually block these ports:

TCP 2869 - UPNP

TCP 5357 - WSDAPIEvents

TCP 5358 - WSDEvents Secure

UDP 5355 - LLMNR

UPD 3702 - WSD publishing

UDP 1900 - SSDP

Note: You also need to block NetBIOS but that can affect more than just Network Discovery.

UDP 138 - NetBIOS Datagram

UDP 137 - NetBIOS Name

Other options you may want to consider:

It may be enough to simply disable the Network Resource option in the GUI.

This will still allow the machine to populate local resources but will prevent network

resources from displaying in Explorer.

Figure 6. Explorer with Network Resources enabled

5
http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspxhttp://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx


6/8

Figure 7. Explorer with Network Resources disabled

6
http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-55-08-metablogapi/4466.clip_5F00_image007_5F00_097DF96C.jpg


7/8

Notice that the local resources and a wireless router are still visible. It is only the remote PCs

that don't appear in the list now. To disable this setting you need to modify the GUID in the

ParsingName value.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\

FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}ParsingName REG_SZ ::{208D2C60-3AEA-1069-A2D7-08002B30309D}

Note: This change requires a reboot

To re-enable this setting you have to change the ParsingName back to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}

ParsingName REG_SZ ::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}


Another option is to hide Network (formerly Network Places) from Explorer.

Notice that the Network option in the lower left corner is no longer present in the following

screenshot.

Figure 8. Explorer with Network Resources hidden

You can hide Network by adding a GUID with a value of 1 to the NonEnum Key.

7


8/8

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]

{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}=dword:00000001


Summary

Network Discovery is a useful feature that most people will not want to disable. In the event

you are having trouble with it you need to keep in mind that it is not a single service/protocol.

If you can identify the problem service/protocol, that will allow most of the features to remain

enabled. Other options may be to disable Network Resources or hide the Network option

altogether in Explorer.

Hope this helps you determine the best way to handle disabling Network Discovery if needed.

Note: The screenshots are from Windows 7 but they are similar in Windows Vista.

8

disabling network discovery

Documents