How to Manage Legacy Network Discovery in Windows using Intune Policy

Hey, let’s talk about How to Manage Legacy Network Discovery in Windows using Intune Policy. This policy controls whether the SMB server allows or blocks remote mailslots over the computer browser service. It helps manage how computers communicate and share information on a local network. Controlling this setting ensures smoother and safer network operations.

The importance of this policy is to maintain stability in network browsing and communication. If not properly configured, the computer browser service may not function correctly. This can affect how devices find and connect to each other on the network.

For users, this policy helps ensure that shared folders and devices appear properly on the network. It prevents unexpected connection problems between computers. By managing this, users can experience smoother file sharing and browsing.

For organizations, this policy improves network security and performance. It allows IT admins to control communication methods and reduce risks from unprotected network messages. For example, disabling remote mailslots can help protect against unwanted or unsafe network broadcasts.

Sign up to get the best of How To Manage Devices straight to your inbox!

What are the Advantages of Enabling this Policy using Intune?

Enabling this policy helps ensure smooth and secure communication between computers on a network. It keeps the computer browser service working correctly and improves overall network reliability.

1. Ensures proper functioning of the computer browser service
2. Improves network stability and performance
3. Reduces connection and browsing issues
4. Makes it easier to access shared files and devices
5. Enhances network control and security for administrators

How to Manage Legacy Network Discovery in Windows using Intune Policy

The Enable Mailslots policy can be easily configured on Windows devices using either Microsoft Intune or by setting a custom OMA-URI (Open Mobile Alliance Uniform Resource Identifier). This blog post will detail both methods.

• Removal of Computer Browser Driver and Service from Windows
• Control Least Privilege App Container Sandbox for Printing Services in Edge Browser using Intune
• How Idle Time Controls Kiosk Browser Session Restart using Intune Policy

Create a Profile

To start deploying a policy in Intune, sign in to the Microsoft Intune Admin Center. Then go to Devices> Configuration under the Manage devices> Policies> Create> New policy.

• Platform – Windows 10 and later

First Step

In the Basic tag, input the Name and Description for the profile. I recommend giving a name (Enable mailslots) and a Description (To Enable Mailslots). The Name is the mandatory field and you have fill this.

Configuration

When you click Next, you will get the Configuration Settings section. In the Configuration Settings section, under Settings Catalog, click Add Settings. Type Lanman Server in the search box and click Search, then select Enable mailslots from the search results.

After closing the Settings Picker, the policy we chose will now be visible in the Configuration Settings. By default, the Enable mailslots is Disabled.

Enable Mailslots

If we Enable or configure this policy, you can enable the Mailslots policy by toggling the switch left to right. After reviewing or adding more settings, you can click the Next button to proceed.

Scope Tag

The next section is the Scope tag which is not a mandatory step. It helps to assign this policy to a defined group of users or devices. To skip this section is preferable.

Assignments

We need to add groups in this section. The assignments in Microsoft Intune determine which users or devices a policy applies to. The selected group (Test_HTMD_Policy) will show on the assignment page. Then, click Next to proceed.

Last Step

This part gives us a summary of the details are we have given for the policy creation. Because Review + Create is the final step of a policy deployment. We can go through it and confirm that all the information given was correct. Just click Create, and then we can see the notification “Enable Mailslots created successfully”.

Monitoring Status

To check the monitoring status, go to Devices > Configuration Policies. In the Configuration policies section, search for the policy we created(Enable Mailslots). We can find the result as 1 Succeeded. Use manual sync in the Company Portal to speed up the process.

Client Side Verification

To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. From the list of policies, use the Filter Current Log option and search for Intune event 813.

How to Remove Assigned Group from Mailslots Policy

Removing an assigned group from a policy is sometimes necessary for security, compliance, or operational efficiency. Open the policy from the Configuration tab and click on the Edit button on the Assignment tab. Click on the Remove button on this section to remove the policy. Click Review + Save after making the change.

For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.

How to Delete Mailslots Policy from Intune

To delete an Intune policy for security or operational reasons. I will demonstrate how to delete an Intune policy through the Enable Mailslot Policy. Click the three dots, then click the Delete option.

For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.

Configuration Service Provider (CSP)

The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains that the Description framework properties, values and Group policy mapping.

Description framework properties

Assigned Values

• 0(Default) – Disabled
• 1 – Enabled

Group policy mapping

OMA-URI Settings

An OMA-URI is a unique address that points to a specific setting controlled by a Configuration Service Provider (CSP). It is a text string that sets custom configurations on Windows 10 and 11 devices, and its format depends on the CSP itself. Here’s a step-by-step guide.

• Sign in to Microsoft Intune
• Go to Devices > Configuration
• Click Create, and then the new policy.
• Choose the platform as Windows 10 or later.
• For Profile type, select Templates and then choose Custom.
• Provide a Name: Enable Mailslots Policy
• Add a Description( e.g To Enable Mailslots Policy)
• Click on + Add under OMA-URI Settings to configure the specific setting.
• To Configure the OMA-URI Setting, do the following
  • Enter a name, such as Enable Mailslots Policy
  • Description: To Enable Mailslots Policy
  • Enter the following OMA-URI path: ./Device/Vendor/MSFT/Policy/Config/LanmanServer/EnableMailslots
  • Set the Data type to Integer.
  • Enter the value
    • 1 to Enable Mailslots Policy.
    • 0 to Disable Mailslots Policy.
• After entering the above details, click the Save button.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.