Details
This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context ‘p2p pnrp peer’.
The recommended state for this setting is: Disabled.
Rationale:
Peer Name Resolution Protocol is a distributed and (mostly) serverless way to handle name resolution of clients with each other. In a high security environment, it is more secure to rely on centralized name resolution methods maintained by authorized staff.
Solution
To establish the recommended configuration via GP, set the following UI path to: Disabled.
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsSystem ServicesPNRP Machine Name Publication Service
Impact:
Some peer-to-peer and collaborative applications, such as Remote Assistance, may not function.
Default Value:
Manual
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.