I am attempting to disable LLMNR on all of our endpoints. I found an article describing the process here.
Essentially the process goes like –
Create GPO -> Computer Configuration -> Administrative Templates -> Network -> DNS Client
Enable Turn Off Multicast Name Resolution policy by changing its value to Enabled
So I applied the GPO and then I ran gpupdate /force
on my machine to update it to the last GPOs. Then I ran gpresult /Scope Computer /v
and the output lists the GPO as:
GPO: Disable LLMNR
Folder Id: SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
Value: 0, 0, 0, 0
State: Enabled
Which to me look as if the GPO is getting applied. But it does not look like it is actually enforcing it. Hence the value of 0.0.0.0
.
Is there any method I can test to see if it is working?
Best Answer
The Value field in the output of GPResult (
0, 0, 0, 0
in your case, which is not the same as0.0.0.0
) does not indicate that the Group Policy is not being enforced. Rather, it is a field that displays any additional information related to the settings of a GPO.For example, I've got a GPO that shows this in the Value portion of GPResult:
Those are ASCII values (104='h', 116='t', 116='t', 112='p', 115='s', 58=':', and so on) that show that the value of a setting related to that GPO is
https://...
.Because the EnableMulticast setting only has Enabled or Disabled, there is no additional information to be displayed in the Value field. The line that tells you
State: Enabled
is what you need to know.If you want to examine a client and confirm that the GPO had the desired effect, you can look at the registry. Look for
EnableMulticast
insideHKLM\Software\Policies\Microsoft\Windows NT\DNSClient
. If it is0
, then Multicast Name Resolution is not enabled.