How to Disable Windows 2000 Dynamic Domain Name System Registrations with Group Policy
This article was previously published under Q294832
This article has been archived. It is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
This article describes how to disable the dynamic Domain Name System (DNS) registration behavior of Windows 2000 client computers with a Windows 2000 Group Policy. Windows 2000 supports dynamic DNS updates (refer to Request for Comments [RFC] 2136). This behavior is enabled by default for Windows 2000 DNS clients.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
For additional information about how to disable Windows 2000 clients from dynamically registering with a DNS server by using various registry values, click the article number below to view the article in the Microsoft Knowledge Base:
246804 How to Enable/Disable Windows 2000 Dynamic DNS RegistrationsA Windows 2000 Group Policy can be used to make some of these registry changes to disable dynamic DNS updates. A custom administrative template can be used to add the policy to a Group Policy object (GPO) which can then be linked to a computer, site, domain, or organizational unit.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. The following is an example of a custom administrative template that adds the previously described policy:
Category !!DNSClientEnd Category ;;AdministrativeServices
Policy !!DisableDynamicUpdateEnd Category ;;DNS Client
Keyname "System\CurrentControlSet\Services\Tcpip\Parameters"End Policy
DisableDynamicUpdate="Disable Dynamic Update"
DisableDynamicUpdate_Help="Stops the client from dynamically registering all adapters with DNS.\n\nWhen this setting is enabled it changes the DisableDynamicUpdate value to 1 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\n\nWhen this setting is disabled, the value is set back to its default of zero. Note that when the policy is disabled, the registry value may be deleted from the registry.\n\nSee Q246804 for more details."
;End of Strings
To import the custom administrative template into an existing GPO:
- Cut and paste the preceding example into a text file and save it as DisableDynamicUpdate.adm.
- Start Active Directory Users and Computers. Right-click the target organizational unit or domain, click Properties, click the Group Policy tab, and then edit the GPO to which you want to add the policy.
- Under the Computer Configuration section of the GPO, click the Administrative Templates folder. On the Microsoft Management Console (MMC), click View, and then click to clear the Show Policies Only check box. This action can enable you to view the new policy when the template has been imported.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:228723 ADM File Is Loaded But Certain Policies Are Not Displayed
- Under the Computer Configuration section of the GPO, right-click the Administrative Templates folder, and then click Add/Remove Templates.
- Click Add on the Add/Remove Templates dialog box.
- Click the DisableDynamicUpdate.adm file that had been saved in step 1 and click Close.
- Under Computer Configuration, expand the Administrative Templates folder, expand the System folder, and then click the DNS Client folder. In the right pane of the MMC, double-click the Disable Dynamic Update policy.
- Click Enable and click OK.
NOTE: When this policy is enabled, the Register this connection's addresses in DNS option located on the DNS tab of each network interface Transmission Control Protocol/Internet Protocol (TCP/IP) Advanced Properties dialog box, is not affected. If this option had been enabled before the policy had been enabled, it remains enabled after the policy is enabled. The registry setting made by the policy is a global setting that affects all network interfaces, not an adapter-specific setting. This global setting is not exposed in the user interface.
This policy causes a persistent setting. If a computer on which this policy has been applied is moved to a different domain or organizational unit without this specific policy setting, dynamic updates can still be disabled on the computer. If dynamic updates need to be enabled again, add the administrative template to the new organizational unit or domain and change the Disable Dynamic Update setting to Disabled. If you do not want this policy setting on the new organizational unit or domain, the registry can be edited directly on the computer to enable dynamic updates. The registry location to be modified is outlined in the previously mentioned Q246804 article.
Article ID: 294832 - Last Review: 10/26/2013 06:10:00 - Revision: 5.0
Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition
- kbnosurvey kbarchive kbenv kbhowto KB294832