Disabling Network Discovery/Network Resources

Disabling Network Discovery/Network Resources

  • Comments 1
  • Likes

We often get requests from people asking how to disable Network Discovery because they either don't want to see any machines in the Network Resources list or they perceive a performance issue with the feature. I am writing the blog to discuss this feature and explain some of the potential options.

What is Network Discovery?

Network discovery is not a single thing. In general terms it is the process of gathering information about the Network resources near you. It consists of a group of protocols that all report to the Function Discovery platform. Probably the most well-known protocol is NetBIOS Browsing, but it also includes WSD, UPNP, SSDP, and even the registry. Typically you see this information in Network Resources/Network Neighborhood, but any application can potentially be programmed to use it.

Figure 1. Network Resources/Network Neighborhood

image

What is the Function Discovery Platform?

Before Windows Vista, various “Discovery” protocols were independent of each other and an application/process had to know the details of how to use a particular protocol. In Windows Vista, the Function Discovery Platform was created to aggregate the information from various protocols into a single place that applications can retrieve it from without having to know the details for accessing a specific protocol. This makes it easier for an application to support this kind of functionality while at the same time making it less dependent on a single protocol that may have been retired. A list of the built-in providers can be found at this link: http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx

Figure 2. Function Discovery Architecture

image

Network Discovery and the Windows Firewall

The interaction between Network Discovery and the Windows Firewall is relatively straightforward. The Windows Firewall has default rules both inbound and outbound to block the Network Discovery protocols, but by default the outbound rule is not enabled, thus allowing this traffic.

Figure 3. The Network Discovery rules in the Windows Firewall.

clip_image002

In addition in Network and Sharing Center you can enable/disable the inbound rules as a group.

Figure 4. Network Discovery Settings

clip_image004

LLTD (Link Layer Topology Discovery) is generally associated with the Network Map but can also be used to gather information for Network Discovery and can be uninstalled from the properties of a given network connection.

Figure 5. LLTD Settings

 

clip_image005

Disabling Network Discovery?

The official guidance for disabling Network Discovery is to disable it in the Network and Sharing Center GUI or in the Windows Firewall interface itself, but people are often confused because they continue to see machines in the Network Resources list even after selecting this option. The thing to remember is that not all the providers are Network Protocols. There is the registry and Windows Connect Now for example. Disabling the Network Discovery via the Firewall will stop the incoming network traffic but it won’t stop other non-network sources. It also doesn’t block outgoing traffic so the machine will still broadcast via NetBIOS for example.

Another reason people want to disable Network Discovery is that they have a performance issue and the knee-jerk reaction is to disable the feature instead of resolving the performance issue.

So what to do if you disabled Network Discovery in the Firewall and still see machines in the Network Resources list? Or still see a performance issue? Network Discovery is made of multiple protocols. You need to identify which service/port is being used to gather the data or having the performance issue and troubleshoot that.

Here is a list of the services involved:

http://msdn.microsoft.com/en-us/library/aa363906(v=VS.85).aspx

  • Computer Browser
  • SSDP Discovery
  • UPnP Device Host
  • Registry
  • Function Discovery Resource Publication
  • Function Discovery Provider host
  • Link-Layer Topology Mapper

Note: LLMNR is also used

There are predefined rules for Network Discovery - or you can manually block these ports:

  • TCP 2869 - UPNP
  • TCP 5357 - WSDAPIEvents
  • TCP 5358 - WSDEvents Secure
  • UDP 5355 - LLMNR
  • UPD 3702 - WSD publishing
  • UDP 1900 - SSDP

Note: You also need to block NetBIOS but that can affect more than just Network Discovery.

  • UDP 138 - NetBIOS Datagram
  • UDP 137 - NetBIOS Name

Other options you may want to consider:

It may be enough to simply disable the Network Resource option in the GUI.

This will still allow the machine to populate local resources but will prevent network resources from displaying in Explorer.

Figure 6. Explorer with Network Resources enabled

clip_image007

Figure 7. Explorer with Network Resources disabled

clip_image009

Notice that the local resources and a wireless router are still visible. It is only the remote PCs that don't appear in the list now. To disable this setting you need to modify the GUID in the ParsingName value.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}
ParsingName REG_SZ ::{208D2C60-3AEA-1069-A2D7-08002B30309D}

Note: This change requires a reboot

To re-enable this setting you have to change the ParsingName back to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\
FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}
ParsingName REG_SZ ::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}

Note: This change requires a reboot

Another option is to hide Network (formerly Network Places) from Explorer.

Notice that the Network option in the lower left corner is no longer present in the following screenshot.

Figure 8. Explorer with Network Resources hidden

clip_image011

You can hide Network by adding a GUID with a value of 1 to the NonEnum Key.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}=dword:00000001

Note: This change requires a reboot

Summary

Network Discovery is a useful feature that most people will not want to disable. In the event you are having trouble with it you need to keep in mind that it is not a single service/protocol. If you can identify the problem service/protocol, that will allow most of the features to remain enabled. Other options may be to disable Network Resources or hide the Network option altogether in Explorer.

Hope this helps you determine the best way to handle disabling Network Discovery if needed.

Note: The screenshots are from Windows 7 but they are similar in Windows Vista.

- David Pracht

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Does this work for XP?