Detections
Analytics
1.1.1.2.1.29 Configure 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)'
Information
The registry value entry Hidden was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\ registry key. The entry appears as MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) in the SCE. You can configure a computer so that it does not send announcements to browsers on the domain. If you do so, you hide the computer from the Browse list, which means that the computer will stop announcing itself to other computers on the same network. An attacker who knows the name of a computer can more easily gather additional information about the system. You can enable this setting to remove one method that an attacker might use to gather information about computers on the network. Also, this setting can help reduce network traffic when enabled. However, the security benefits of this setting are small because attackers can use alternative methods to identify and locate potential targets. For this reason, Microsoft recommends to configure this setting to Enabled in high security environments, and to configure it to Not Defined in enterprise environments. For additional information, see the Knowledge Base article 321710, HOW TO: Hide a Windows 2000-Based Computer from the Browser List. An attacker who knows the name of a computer can more easily gather additional information about the computer. If you enable this entry, you remove one method that an attacker might use to gather information about computers on the network. Also, if you enable this entry you can help reduce network traffic. However, the vulnerability is small because attackers can use alternative methods to identify and locate potential targets.Solution
Configure the following Group Policy setting in a manner that is consistent with the security and operational requirements of your organization-Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS- (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
Impact- The computer will no longer appear on the Browser list or in Network Neighborhood on other computers on the same network.
See Also
Item Details
Audit Name: CIS Windows 2003 DC v3.1.0
Category: ACCESS CONTROL
References: 800-53|AC-6(10), CCE|CCE-8380-8
Plugin: Windows
Control ID: d643642e1a7436e2b4a36709a533993e035d067b210d36c6bf552d2bb1548b52