Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Using Symantec Firewall to block Windows 7 Network Discovery

Updated: 04 Apr 2011 | 4 comments
Aeonus's picture
Aeonus
0 0 Votes
Login to vote

Hello All,

 

We use mandatory Windows profiles that are locked down for public use.

 

One issue I've come across is with Windows 7, when in File Explorer the "Network" option is bringing up a list of all computers/servers on our domain. I've researched into this and it looks like Microsoft has failed to provide an option to disable that within Group Policy and there really isn't a way to disable this.

The only thing I can think of is using Symantec's firewall to block the ports being used. Can anyone please add some assistance as to how to configure this please?

 

I've attached a screenshot of the tab I'm referring to.

 

Discussion Filed Under:
, , , ,

Comments

Mithun Sanghavi's picture
04
Apr
2011
0 Votes 0
Login to vote
Mithun Sanghavi
Technical Support
Accredited

Contact Microsoft.

Hello,

Did you contact Microsoft?

Check the Below Links:

 

Disable network discovery on domain clients
 

Windows 7 - Network Discovery

http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7624adf9-a7c6-48f4-820e-ae36a2cbce8c

 

I personally would not recommend you to Disable the Network Discovery as Symantec itself uses the Network Discovery Services for Remote Deployment.Please check this:

 

Symantec Endpoint Protection: Preparing computers that run Windows Vista for remote client deployment
 
http://www.symantec.com/business/support/index?page=content&id=TECH102442&actp=search&viewlocale=en_US&searchid=1301942768367
 

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3

Follow me on Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo

Brian81's picture
04
Apr
2011
0 Votes 0
Login to vote
Brian81

I thought there was a GPO to

I thought there was a GPO to enable/disable.

By default, it should be disabled in a domain environment

Check this link and post by Sherif Talaat

http://social.technet.microsoft.com/forums/en-US/winserverDS/thread/710116be-3071-4b96-a194-a1b697febaee/

Endpoint Knowledge Base

Security Best Practices

Chetan Savade's picture
05
Apr
2011
0 Votes 0
Login to vote
Chetan Savade
Technical Support

Hi, Have you tried this ? If

Hi,
 
Have you tried this ?
 
If your computer is connected to a network, network policy settings might prevent you from completing these steps.
 
By default, Windows Firewall blocks network discovery (formerly called UPnP technology), but you can enable it.
 
Open Network and Sharing Center by clicking the Start button , clicking Control Panel, clicking Network and Internet, and then clicking Network and Sharing Center.
 
If network discovery is off, click the arrow button ‌ to expand the section.
 
Click Turn on network discovery, and then click Apply.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation                                                        
                                 
http://www.dkszone.net/enable-disable-network-discovery-windows-7  

Thanks and Regards, 

Chetan Savade

Technical Support Analyst,

End Point Security, Enterprise Technical Support

ejhardinsysadmin's picture
05
Apr
2011
0 Votes 0
Login to vote
ejhardinsysadmin

Aeonus, On the Network screen

Aeonus,

On the Network screen select the details options. This will list the discovery method. Nine times out of ten it is netbios that is populating the list of computers. You can disable netbios via dhcp. Also it you have a machine on the same network as the one in the screen shot and you use wireshark you can see that a lot of your networks broadcast traffic is from netbios.   

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017