CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

5.37 (L2) Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)

Description:

This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.

The recommended state for this setting is: Disabled .

Note: In the first two releases of Windows 10 (R1507 & R1511), the display name of this service was initially named Windows Push Notifications Service - but it was renamed to Windows Push Notifications System Service starting withWindows 10 R1607.

Rationale:

Windows Push Notification Services (WNS) is a mechanism to receive 3rd-party notifications and updates from the cloud/Internet. In a high security environment, external systems, especially those hosted outside the organization, should be prevented fromhaving an impact on the secure workstations.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpnService:Start

Remediation:

To establish the recommended configuration via GP, set the following UI path to: Disabled .

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Windows Push Notifications System Service

Impact:

Live Tiles and other features will not get live updates.

368 | P a g e