This article describes how to disable the dynamic Domain Name System (DNS) registration behavior of Windows 2000 client computers with a Windows 2000 Group Policy. Windows 2000 supports dynamic DNS updates (refer to Request for Comments [RFC] 2136). This behavior is enabled by default for Windows 2000 DNS clients.
: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
For additional information about how to disable Windows 2000 clients from dynamically registering with a DNS server by using various registry values, click the article number below to view the article in the Microsoft Knowledge Base:
How to Enable/Disable Windows 2000 Dynamic DNS Registrations
A Windows 2000 Group Policy can be used to make some of these registry changes to disable dynamic DNS updates. A custom administrative template can be used to add the policy to a Group Policy object (GPO) which can then be linked to a computer, site, domain, or organizational unit.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. The following is an example of a custom administrative template that adds the previously described policy:
End Category ;;DNS Client
End Category ;;AdministrativeServices
DisableDynamicUpdate="Disable Dynamic Update"
DisableDynamicUpdate_Help="Stops the client from dynamically registering all adapters with DNS.\n\nWhen this setting is enabled it changes the DisableDynamicUpdate value to 1 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\n\nWhen this setting is disabled, the value is set back to its default of zero. Note that when the policy is disabled, the registry value may be deleted from the registry.\n\nSee Q246804 for more details."
;End of Strings
To import the custom administrative template into an existing GPO:
- Cut and paste the preceding example into a text file and save it as DisableDynamicUpdate.adm.
- Start Active Directory Users and Computers. Right-click the target organizational unit or domain, click Properties, click the Group Policy tab, and then edit the GPO to which you want to add the policy.
- Under the Computer Configuration section of the GPO, click the Administrative Templates folder. On the Microsoft Management Console (MMC), click View, and then click to clear the Show Policies Only check box. This action can enable you to view the new policy when the template has been imported.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
ADM File Is Loaded But Certain Policies Are Not Displayed
- Under the Computer Configuration section of the GPO, right-click the Administrative Templates folder, and then click Add/Remove Templates.
- Click Add on the Add/Remove Templates dialog box.
- Click the DisableDynamicUpdate.adm file that had been saved in step 1 and click Close.
- Under Computer Configuration, expand the Administrative Templates folder, expand the System folder, and then click the DNS Client folder. In the right pane of the MMC, double-click the Disable Dynamic Update policy.
- Click Enable and click OK.
The next time the policy is applied, the new policy setting is going to be in effect. Active Directory Sites and Services can be used to import the template into a policy linked to a site, if needed.NOTE
: When this policy is enabled, the Register this connection's addresses in DNS
option located on the DNS
tab of each network interface Transmission Control Protocol/Internet Protocol (TCP/IP) Advanced Properties
dialog box, is not affected. If this option had been enabled before the policy had been enabled, it remains enabled after the policy is enabled. The registry setting made by the policy is a global setting that affects all network interfaces, not an adapter-specific setting. This global setting is not exposed in the user interface.
This policy causes a persistent setting. If a computer on which this policy has been applied is moved to a different domain or organizational unit without this specific policy setting, dynamic updates can still be disabled on the computer. If dynamic updates need to be enabled again, add the administrative template to the new organizational unit or domain and change the Disable Dynamic Update
setting to Disabled
. If you do not want this policy setting on the new organizational unit or domain, the registry can be edited directly on the computer to enable dynamic updates. The registry location to be modified is outlined in the previously mentioned Q246804 article.