You may decide to disable Windows IPv6 for several reasons. Perhaps your IPv4 network doesn't support it, and you want to disable unnecessary protocols. You may have also read that IPv6 breaks Outlook Anywhere on Exchange 2007 Client Access servers.
Most people think that you disable IPv6 by simply unchecking the Internet Protocol Version 6 (TCP/IPv6) checkbox, as shown above. This method disables IPv6 on the particular LAN interface and connection. For other network adapters or connections, users have to repeat the steps to disable IPv6. However, disabling IPv6 this way does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. It also must be done manually and cannot be instrumented or enforced using Group Policy.
In order to truly disable IPv6, you must disable it in the registry in the following key:
Normally, the DisabledComponents value does not exist. If the value does not exist or the value data is 0, IPv6 is enabled on all interfaces.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
Microsoft wrote KB article 929852 to document how to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista (and later) manually using the registry. At the end of the article, Microsoft helpfully wrote, "Note: Administrators must create an ADMX file in order to expose the settings in step 5 in a Group Policy setting." Nice. So, I decided to do just that.
I wrote the attached ADMX and ADML files to enable the configuration of IPv6 using Group Policy. Copy each file to the computer you will use to configure the policy.
IPv6Configuration.zip - This ZIP file contains both the ADMX and ADML files:
- IPv6Configuration.admx - Copy this file to %SYSTEMROOT%\PolicyDefinitions
- IPv6Configuration.adml - Copy this file to %SYSTEMROOT&\PolicyDefinitions\en-US (Replace en-US with your country's language, as necessary)
Here, you can configure the following IPv6 settings:
- Enable all IPv6 components (Windows default)
- Disable all IPv6 components (the setting you probably want)
- Disable 6to4
- Disable ISATAP
- Disable Teredo
- Disable Teredo and 6to4
- Disable all tunnel interfaces
- Disable all LAN and PPP interfaces
- Disable all LAN, PPP and tunnel interfaces
- Prefer IPv4 over IPv6
Please to enjoy!
Posts
.png)
3 comments:
Hi,
Thank you Mr. JEFF for your useful article. I am getting the same issue like Mr. Crus said, after applying this policy in my win 2008 DC. How can disable this permanently from all the systems, when i connect the windows systems in domain.
You must manually clear the checkbox for IPv6 on each network adapter. Unfortunately, there is no way to do this via Group Policy (mainly because each NIC has a unique GUID in the registry).
As a follow up to my earlier comment, if you don't clear the IPv6 setting in the properties of the NIC, an IPv6 address will be assigned to that NIC.
But if you disable IPv6 using the registry or GPO options listed in this article, the computer won't use IPv6 for communication even though it has an IPv6 address.
Post a Comment
Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.