I am attempting to disable LLMNR on all of our endpoints. I found an article describing the process here.
Essentially the process goes like –
Create GPO -> Computer Configuration -> Administrative Templates -> Network -> DNS Client
Enable Turn Off Multicast Name Resolution policy by changing its value to Enabled
So I applied the GPO and then I ran gpupdate /force on my machine to update it to the last GPOs. Then I ran gpresult /Scope Computer /v and the output lists the GPO as:
GPO: Disable LLMNR
Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
Value: 0, 0, 0, 0
State: Enabled
Which to me look as if the GPO is getting applied. But it does not look like it is actually enforcing it. Hence the value of 0.0.0.0.
Is there any method I can test to see if it is working?
Best Answer
The Value field in the output of GPResult (
0, 0, 0, 0in your case, which is not the same as0.0.0.0) does not indicate that the Group Policy is not being enforced. Rather, it is a field that displays any additional information related to the settings of a GPO.For example, I've got a GPO that shows this in the Value portion of GPResult:
Those are ASCII values (104='h', 116='t', 116='t', 112='p', 115='s', 58=':', and so on) that show that the value of a setting related to that GPO is
https://....Because the EnableMulticast setting only has Enabled or Disabled, there is no additional information to be displayed in the Value field. The line that tells you
State: Enabledis what you need to know.If you want to examine a client and confirm that the GPO had the desired effect, you can look at the registry. Look for
EnableMulticastinsideHKLM\Software\Policies\Microsoft\Windows NT\DNSClient. If it is0, then Multicast Name Resolution is not enabled.