Solved

Disabling IPV6

Posted on 2014-03-20
3
509 Views
Last Modified: 2014-03-28
We have over 4k machines on our network using Windows 7. What is the best way to disable IPV6 across our domain? Do you guys see an issue with this being on the machines if we are only using IPV4? We been having some DNS issues ever since we upgraded from XP. Thanks
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943189
Best bet is to disable via group policy.

http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx

Its no big deal to have it enabled however. DNS issues likely are not related to IPV6 being enabled UNLESS you have it enabled on your servers as well.
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 39943192
You can use the attached files and deploy it via active directory.

Note to remove the .txt from the files as EE won't allow the admx / adml.

Credit:
http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html
IPv6Configuration.zip
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39944019
I would strongly discourage you from disabling IPv6. ESPECIALLY since it is only conjecture that this is the problem. Microsoft has increasingly been building functionality on IPv6, and there are a few cases where services talk to each other via the IPv6 loopback. Since IPv6 supports IPSec natively, this is a more secure channel than IPv4. So even if your *network* doesn't use IPv6, windows does. And while it will "fall back" to IPv4, it is less secure, and there is a greater risk that something won't work as tested and as expected.

As previously mentioned, chances are your DNS issues are not IPv6 related. And by that, I'll reiterate and say it in stronger terms. The chances that your issues are because of IPv6 are *extremely* slim.

It is more likely that you always had DNS issues, but upgrading from XP to Win7 is just bringing them to the surface. Disabling IPv6 would not solve your issue if this speculation is accurate. This is not that uncommon actually. XP was more lenient in both following DNS specifications (hence many of the DNS security patches since XP was released) and more readily used NetBIOS as a fallback...just as Win7 will fall back to IPv4 when IPv6 fails internally. With Vista, Microsoft started reallly stripping out NetBIOS support from some services meaning DNS *had* to work. And Win7 continued that trend with deprecating NetBIOS in even more services than Vista had.

Many of the "Vista woes" that were so popular in the media were bad networks that upgrading to Vista just "uncovered." And then the networks got fixed, so by the time Win7 shipped it *seemed* like a great OS compared to Vista. But if you skipped Vista and jumped to Win7 and still had those network issues, it could be just as painful.

...but I digress...

The point of all of the above is to illustrate just how these issues come about. Yes, you are seeing it in Win7. And yes, win7 does run IPv6. But it also relies on DNS more heavily than XP ever did. Correlation does not always mean causation. And in this case, disabling IPv6 could very well be a red herring and would still leave you annoyed *and* weaken your network in the process.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question