none
GPO to disable network discovery

    Question

  • Hello !

    I am looking for a GPO I could apply on Windows 7 computers so that network discovery is disabled... I tried a few:

    this one :

    Enable: User Configuration | Administrative Templates | Windows Components | Windows Explorer --- No "Entire Network" in my network places AND No "Computers near me" in My Network Places

     is not applicable for Windows 7

    this one : Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\

    should work but it doesnt, when I browsed through the registry of the client, I did not find the registry key "HKLM\Software\Policies\Microsoft\Windows\LLTD" that this GPO is supposed to change...

    Constraint : i cant enable the Windows Firewall, it ll have to be by reg key ...

    Thank you for your help

    Wednesday, March 09, 2016 2:49 PM

Answers

All replies

  • Hi Exc_Adm,

    Network Discovery is made of multiple protocols.

    Here is a list of the services involved:

    • Computer Browser
    • SSDP Discovery
    • UPnP Device Host
    • Registry
    • Function Discovery Resource      Publication
    • Function Discovery Provider host     
    • Link-Layer Topology Mapper

    You could take a look at this one:

    Disabling Network Discovery/Network Resources

    https://blogs.technet.microsoft.com/networking/2010/12/06/disabling-network-discoverynetwork-resources/

    I think you may need create inbound and outbound rules by GPO.

    For detailed information, you could refer to the similar thread below.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/cac9ace7-56f4-4093-ad63-60ed61aab936/gpo-for-disable-network-discovery?forum=winserverGP

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Jay GuModerator Thursday, March 10, 2016 7:55 AM
    • Marked as answer by Exc_Adm Thursday, March 10, 2016 10:22 AM
    Thursday, March 10, 2016 7:55 AM
    Moderator
  • thank you

    EDIT:

    The first link i've already seen. See i tried this one, it is the one I want :

    You can hide Network by adding a GUID with a value of 1 to the NonEnum Key.

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
    {F02C1A0D-BE21-4350-88B0-7367FC96EF3C}=dword:00000001

    Note: This change requires a reboot

    if I created directly on the client it works, however if I do it by GPO it doesnt. even if I force the gpupdate

    can someone please confirm this worked for them?

    Thank you

    • Edited by Exc_Adm Thursday, March 10, 2016 10:25 AM Question
    Thursday, March 10, 2016 10:22 AM
  • Hi,

    Have you tried to restart the machine after running GPupdate /force?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 14, 2016 3:44 AM
    Moderator
  • Thanks,

    I've been testing this on two virtual machines.

    I'll reset them and try again,

    Monday, March 14, 2016 12:06 PM