Disabling IPv6 on Servers/Workstations using Group Policy Preferences.

Prashant Girennavar
CERTIFIED EXPERT
Published:
I am sure this will help administrator who wants to disable IPv6 in Servers/Workstations. But before you start make very sure that is what you really need to do. It might create other problems for you, but it did solve our specific problem.

The Problem we had :

We have some Lotus Notes email servers (Around 30 Servers) , which were causing slow down in sending and receiving emails and were not able to reply to the frequent ping.

We started investigating the issue and found that it is due to IPv6 registration in DNS server.

All Lotus Notes servers were registering both IPv4 and IPv6 .

Next task which we encoutered was how to disable the IPv6 on all the Lotus Notes servers. So we started digging how we can fullfill this task.

The Fix we found :

We needed to make use of Group policy preference ( Available in windows server 2008 or later). Below are the steps that worked for us.

1.Create a GPO and Link it to the appropriate OU ( I am linking it to domain level).

  Create a GPO and Link it to the appropriate OU

2. Name the GPO as per your Naming methodology.

Name the GPO as per your Naming methodology
3.Right Click on the GPO Object and click on Edit

Fill in the infomation as shown below
4. Navigate to Computer Configurations----->Preferences------->windows settings------>Registry----->New------>Registry Item

 Navigate
5. Fill in the infomation as shown below ,

infomation
6.Once this is done , you will be having a new Registry entry in Create for the GPO.
 
  Registry entry
7. Wait for replication to happen , One can test this by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters  path on a Server/Workstations . There should be an entry with DisabledCompnonets with the Value 0xffffffff. By doing this there is no need to creating a manual entry of disabledComponents in above path , GPO will take care of this entry creation.

DNS server will take time to replicate the changes to all the DNS server (I am assuming all the DNS servers are AD Integrated).

 I have implemented this at our site for lotus notes and it works like a charm. Hope this information will help you if you have similar problems.

Please Note Microsoft does not recommend disabling IPv6, so please double check before you begin. Please see : http://support.microsoft.com/kb/929852 and for further reading please see the IPv6 site on Microsoft : http://technet.microsoft.com/en-us/network/bb530961.aspx

Thanks,

_Prashant_
0
27,806 Views
Prashant Girennavar
CERTIFIED EXPERT

Comments (1)

Commented:
Always keep in mind protocol ipv6
Open to unicast attack !!
As much as possible not to use it

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.