DNS Zone Transfer security RRS feed

  • Question

  • Hello,

    thanks in advance for your help!

    I have 32 DC servers, we have 3 DCs (Windows 2008 R2 Ent.) that have been identified with the setting :

    Allow zone transfer checked, and also To any server (which is unsecure)

    with some reading I found that those settings are in the registry under: HKLM:SOFTWARE\Microsoft\Windows Nt\CurrentVersion\DNS Server\Zones\$ZoneName

    All the server via policy are blocked to run scripts on itself.

    I have installed RMT  in my workstation to run scripts with PowerShell v5. I am domain admin but My script will always read 

    but if I connect directly to the server and verify with DNSMGR and Regedit I get the image above and SecureSecondaries is set to 0

    My question is:

    Since I have to change this configuration for evryone of the zones on the server, Can I do it via script remotely? or I have to do it locally directly on the server? (bypassing production GPO. OR there is a way to do it in a single place that will do it for all zones in the server.

    I have been looking for a way to configure this via any DNS tool possible via PowerShell, and couldnt find anythig... Can you pleas bring some light? I am new to PS I am can do it with VBScrpti... but I need to find where to change the values.

    Thank you again and have a great day!

    Alexis Lamonja

    Monday, May 7, 2018 11:09 PM