You may decide to disable Windows IPv6 for several reasons. Perhaps your IPv4 network doesn't support it, and you want to disable unnecessary protocols. You may have also read that IPv6 breaks Outlook Anywhere on Exchange 2007 Client Access servers.
Most people think that you disable IPv6 by simply unchecking the Internet Protocol Version 6 (TCP/IPv6) checkbox, as shown above. This method disables IPv6 on the particular LAN interface and connection. For other network adapters or connections, users have to repeat the steps to disable IPv6. However, disabling IPv6 this way does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. It also must be done manually and cannot be instrumented or enforced using Group Policy.
In order to truly disable IPv6, you must disable it in the registry in the following key:
Normally, the DisabledComponents value does not exist. If the value does not exist or the value data is 0, IPv6 is enabled on all interfaces.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
Microsoft wrote KB article 929852 to document how to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista (and later) manually using the registry. At the end of the article, Microsoft helpfully wrote, "Note: Administrators must create an ADMX file in order to expose the settings in step 5 in a Group Policy setting." Nice. So, I decided to do just that.
I wrote the attached ADMX and ADML files to enable the configuration of IPv6 using Group Policy. Copy each file to the computer you will use to configure the policy.
IPv6Configuration.zip - This ZIP file contains both the ADMX and ADML files:
- IPv6Configuration.admx - Copy this file to %SYSTEMROOT%\PolicyDefinitions
- IPv6Configuration.adml - Copy this file to %SYSTEMROOT&\PolicyDefinitions\en-US (Replace en-US with your country's language, as necessary)
Here, you can configure the following IPv6 settings:
- Enable all IPv6 components (Windows default)
- Disable all IPv6 components (the setting you probably want)
- Disable 6to4
- Disable ISATAP
- Disable Teredo
- Disable Teredo and 6to4
- Disable all tunnel interfaces
- Disable all LAN and PPP interfaces
- Disable all LAN, PPP and tunnel interfaces
- Prefer IPv4 over IPv6
Please to enjoy!
Posts
.png)
11 comments:
Thanks for this. Nice and easy!
Hi,
thanks for this!
But I got one question:
After I had applied this to my domain all my clients got the registry entry successfully, but the IPv6 Protocol on the network interface properties is already checked?
Have I to disable this manually on each client? Because it seems that it is not enough to only add this registry-key to disable it!
regards,
Crus
I'll add my thanks for the posting, and a followup to the question from Crus:
The references I've found to disabling IPv6 consistently indicate that setting the Registry value above to 0xFF (or 0xFFFFFFFF) is sufficient to block the use of all of the IPv6 components (protocol, Teredo, 6to4 etc.). Are there any exceptions that require additional actions?
And (even if the Registry change really does block IPv6) is there any scripting mechanism that would allow me to cause the IPv6 components to show as unchecked in the network adapter interface definitions? I support a research organization where some of the project laboratories may have a legitimate need to use IPv6 even if the internal network does not yet support it. While it's not a showstopper to the use of Windows 7 I would like to be able to build a distribution image that at sysprep OOBE time automagically unchecks the various IPv6 components in every network interface to visibly show that IPv6 has been disabled. Any suggestions on how to do this?
Hi,
I copied the fils in my local folders.
when I open the Local Group Policy Editor and I navigate to the IPv6 Configuration folder, it is empty.
I tried on another Vista Computer, same thing. Any Ideas?
Make sure that your GPO filters are turned off when viewing Administrative Templates. Click View > Filter Options. Managed, Configured and Commented should be set to ANY.
ok :-) Thanks a lot :-)
Hi,
Thank you Mr. JEFF for your useful article. I am getting the same issue like Mr. Crus said, after applying this policy in my win 2008 DC. How can disable this permanently from all the systems, when i connect the windows systems in domain.
You must manually clear the checkbox for IPv6 on each network adapter. Unfortunately, there is no way to do this via Group Policy (mainly because each NIC has a unique GUID in the registry).
As a follow up to my earlier comment, if you don't clear the IPv6 setting in the properties of the NIC, an IPv6 address will be assigned to that NIC.
But if you disable IPv6 using the registry or GPO options listed in this article, the computer won't use IPv6 for communication even though it has an IPv6 address.
This has been an extremely helpful article. I bookmarked it!
Back in days I've published a script
http://www.curuit.com/disable-ipv6-over-all-interfaces-and-prefer-ipv4-to-ipv6-20090129195/
that does this, and I've been using this script everywhere, but GPO is much better;). Thanks.
P.S.
I've republished this post on my website, and if you want to save a website traffic, everybody welcome to download a .ZIP file from my web site as well.
Post a Comment
Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.