none
GPO to avoid DNS-Registration in specific networks

    Question

  • Hello everybody,

    I'd like to create a GPO to avoid that our Windows-Clients (Laptops) register their Wifi-IP in DNS.
    Sure - It would be easy to remove the checkbox in Advanced IPv4-Settings via GPO, but that should only happen if the client is in a specific Wireless-network.

    Is there a possibility to do this via GPO?

    Regards
    Miranda

    Tuesday, August 16, 2016 3:12 PM

All replies

  • Hi Miranda,

    Thanks for your post.

    You could configure the registry key DisableDynamicUpdate to 1 to disable DNS updates by GPO. And with the WMI filter to filter specific networks.

    The path of the key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate

    If you want to disable specific NIC, you could add the DisableDynamicUpdate to specific interface under the path below and set it to 1.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    For more information, you could refer to the article below.

    https://support.microsoft.com/zh-cn/kb/246804

    To filter IP address by WMI filter like below:

    SELECT * from Win32_IP4RouteTable

           WHERE ((Mask='0.0.0.0' AND NextHop LIKE '10.31.%'))

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 17, 2016 1:28 AM
    Moderator
  • Hi,

    thanks for your reply!

    I think I got it...Created a Computer-Policy which is updating the Registry-Key "DisableDynamicUpdate". The Registry-Setting has Item-Level-Targeting, so it should only be applied if the machine is in a specific IP-Address-Range...

    I noticed that I get a Warning (Event-ID 8019) If I'm connected in one of the specified networks and try to registerdns manually.

    You think thats normal?

    Thanks
    Miranda

    Friday, August 19, 2016 11:41 AM
  • Hi Miranda,

    For event ID 8019, this information-only event indicates that the requested backup operation is
    completed.

    for more information, please refer to the article below.

    https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=8019&EvtSrc=ntbackup&LCID=1033

    In addition, if the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 23, 2016 7:54 AM
    Moderator
  • Hi,

    EventID 8019 (Source DNS Client Events) has nothing to do with backups?!

    The Event says (sorry have to translate because it is in german):

    ####
    Error at registration of host-ressource-entries (A or AAAA) for the adaptor XY...

    These Ressource entries could not be registered because of a security problem...
    ####

    I think this warning is triggered because of the policy and normal behaviour?!

    Regards
    Thomas

    Wednesday, August 31, 2016 11:16 AM