In a new or existing GPO:
1. On Computer configuration, choose Policies, choose Security Settings, choose Windows Firewall with Advanced Security.
2. On Windows Firewall with Advance Settings, choose Inbound Rules, right click and choose New Rule
3. On Rule Type, select Predefined and choose Network Discovery, choose Next
4. Choose only the following rules:
a. Network Discovery (LLMNR-UDP-In)
b. Network Discovery (NP-Name-In)
c. Network Discovery (Pub-WSD-In)
d. Network Discovery (SSDP-In)
5. On Action choose Block the connection
6. Press Finish
7. On Inbound Rules, right click and choose New Rule, select Next
8. Choose only the following Rule:
a. Network Discovery (NB-Datagram-In)
9. On Action choose Allow the connection
10. Press Finish
11. On Windows Firewall with Advance Settings, choose Outbound Rules, right click and choose New Rule
12. On Rule Type, select Predefined and choose Network Discovery, choose Next
13. Choose only the following rules:
a. Network Discovery (LLMNR-UDP Out)
b. Network Discovery (NB-Name Out)
c. Network Discovery (Pub-WSD Out)
d. Network Discovery (SSDP Out)
14. On Action choose Block the connection
15. Press Finish
16. On Outbound Rules, right click and choose New Rule, select Next
17. Choose only the following Rule:
a. Network Discovery (NB-Datagram Out
18. On Action choose Allow the connection
19. Press Finish
20. On Computer configuration, choose Policies, choose Security Settings, choose System Services
21. Choose Computer Browser Service
22. Select Define this policy setting
23. Choose Disabled, choose Apply and Ok.
24. Repeat steps (21-23) for the following services:
a. SSDP Discovery
b. UPnP Device Host
c. Function Discovery Resource Publication
d. Function Discovery Provider host
e. Link-Layer Topology Discovery Mapper
After configuring the GPO, link this GPO to our target OU, and we can run gpupdate/force to immediately update group policy.
1. On Computer configuration, choose Policies, choose Security Settings, choose Windows Firewall with Advanced Security.
2. On Windows Firewall with Advance Settings, choose Inbound Rules, right click and choose New Rule
3. On Rule Type, select Predefined and choose Network Discovery, choose Next
4. Choose only the following rules:
a. Network Discovery (LLMNR-UDP-In)
b. Network Discovery (NP-Name-In)
c. Network Discovery (Pub-WSD-In)
d. Network Discovery (SSDP-In)
5. On Action choose Block the connection
6. Press Finish
7. On Inbound Rules, right click and choose New Rule, select Next
8. Choose only the following Rule:
a. Network Discovery (NB-Datagram-In)
9. On Action choose Allow the connection
10. Press Finish
11. On Windows Firewall with Advance Settings, choose Outbound Rules, right click and choose New Rule
12. On Rule Type, select Predefined and choose Network Discovery, choose Next
13. Choose only the following rules:
a. Network Discovery (LLMNR-UDP Out)
b. Network Discovery (NB-Name Out)
c. Network Discovery (Pub-WSD Out)
d. Network Discovery (SSDP Out)
14. On Action choose Block the connection
15. Press Finish
16. On Outbound Rules, right click and choose New Rule, select Next
17. Choose only the following Rule:
a. Network Discovery (NB-Datagram Out
18. On Action choose Allow the connection
19. Press Finish
20. On Computer configuration, choose Policies, choose Security Settings, choose System Services
21. Choose Computer Browser Service
22. Select Define this policy setting
23. Choose Disabled, choose Apply and Ok.
24. Repeat steps (21-23) for the following services:
a. SSDP Discovery
b. UPnP Device Host
c. Function Discovery Resource Publication
d. Function Discovery Provider host
e. Link-Layer Topology Discovery Mapper
After configuring the GPO, link this GPO to our target OU, and we can run gpupdate/force to immediately update group policy.
