|Platform: win2012r2||Date: (C)2015-10-08 (M)2018-07-10|
MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
The registry value entry Hidden was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\ registry key. The entry appears as MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) in the SCE.
You can configure a computer so that it does not send announcements to browsers on the domain. If you do so, you hide the computer from the Browse list, which means that the computer will stop announcing itself to other computers on the same network. An attacker who knows the name of a computer can more easily gather additional information about the system. You can enable this setting to remove one method that an attacker might use to gather information about computers on the network. Also, this setting can help reduce network traffic when enabled. However, the security benefits of this setting are small because attackers can use alternative methods to identify and locate potential targets. For this reason, Microsoft recommends to configure this setting to Enabled in high security environments, and to configure it to Not Defined in enterprise environments.
For additional information, see the Knowledge Base article 321710, 'HOW TO: Hide a Windows 2000-Based Computer from the Browser List.'
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters!Hidden
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:27668|