Disable automatic share and print discovery in Windows XP

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Windows XP automatically searches the network for shares and printers upon connecting to the network. This is probably useful in a SOHO or home network but not the enterprise. To disable XP automatic discovery:
  • In Explorer, click Tools
  • Click Folder Options
  • Click the View tab,
  • Uncheck Automatically Search for Network Folders and Printers in Advanced settings list.
It is important to disable this setting in Windows XP because it is the basis of a seriouse security flaw in XP. When you click My Network Places, your logon password may be transmitted automatically to numerous unspecified computers on the LAN. Windows XP tries to acquire the shared resources list of all computers on the LAN. At that time, the users local logon password is used when the password for the shared resource is not known. Your PC transmits the LMhash version of you password.

If there are NT4.0 or any other pre-Windows 2000 PCs on the LAN, XP will transmit your password to the pre-Windows 2000 PCs during its share and print search. It transmits the LM hash which is significantly weaker than XP or Windows 2000 hashes. In order to protect the LM hash, XP has a registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash which if set to 1 will prevent XP or Windows 2000 from generating the LM hash. pwdump will not be able to acquire the LM hash, which is a good thing.

Saddly, NoLMHash does not affect LM authentication. Even if NoLMHash has been set, XP will still transmit the LM hash to a NT4.0 machine when My Network Places is clicked.

There are tools to capture LM hashes on the LAN, among others : LMscoop.

See Also

Featured Links