I have Windows 7 Professional 32-bit and 64-bit on home computers. I would like to be able to connect to the VPN at my office and use connection specifix DNS suffixes for the VPN connections. Under Windows XP you could simply add the additional connection suffixes to the Advanced options for the network connection properties. However, under Windows 7 this option is unavailable.I looked around and found the solution:1. Edit the Group Policy and do the following changes: start >run > type gpedit.msc Navagate to Computer Config > Administrative Templates > Network > DNS Client 2. Enable the following two entries: - allow dns suffix appending to unqualified multi-label name queries - Primary DNS Suffix Devolution.3. Restart the computer or force apply the policy.This solution HAS NOT WORKED for me. The ability to append DNS Suffixes remains greyed out for all accept the default LAN connection.My home machines are NOT on a domain and are simply workgrouped. I do not wish to join my home machines to the company's domain as I do not wish to have all of the GPOs apply.Is there some additional configuration or some other way to have connection specific DNS suffixes apply to my VPN connections? There are a considerable amount of sub-domains and resources that I have to work with so a host file would become unwieldly quickly. It seems ridiculous to me that this functionality can't be enabled, so I must just not be checking the right boxes or something.Any help would be GREATLY appreciated.Thanks.

This behavior is by design. We have found same behavior on our side. You can configure a DNS suffix search list as a workaround. The policy is under Computer Configuration\Administrative Templates\Network\DNS ClientArthur Xie - MSFT

Ok... cool Mr. Xie,Same question, but in relation to Win7 Home Premium. I need to access our work VPN which requires a DNS suffix be added and I am unable to. Since there is no group policy management - no gpedit console (or any local user or group management whatsoever, so I just found out) am I SOL? I would think it's rather rediculous that I can not connect to a VPN which is, in part, the entire purpose of said VPN, from HOME with an OS with the name 'HOME' in it.Thx... here's keeping my fingers crossed.Jeff.

Hi Jeff, If your system is Windows 7 Home Premium, you can configure it via Registry. The location is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Under this branch, find the value SearchList. Please enter the search list in the value data. Arthur Xie - MSFT

Thanks again for your attention to this thread Arthur!My only concern with this solution and the others I've seen from Microsoft is that they are not per-connection solutions. Adding in the search suffixes either in a GPO or the Registry seems to be equivalent to adding them in to the primary connection's search suffix fields. In essence making these suffixes apply to all connections and not specifically called/utilized when a VPN/Secondary connection is active. As you may imagine, there can be cases when these search suffixes may provide inconsistent and inaccurate results when private intranet suffixes are applied to the public internet (name collisions, lack of split horizon DNS resources). I understand the security concerns around split tunneling, but am I to understand that versions of Windows moving forward will be without per connection suffix inclusion and we are forced to using one set of suffixes for all connections?Thanks again!Christian Quackenbush

Hi Christian, Generally we consider that the DNS Suffix will be provided by your default gateway. I fully understand your concern. This was a change since Windows Vista as we know. Now I cannot tell you if we need to work with it in every later operation systems. We will report your concern to our proper department. Arthur Xie - MSFT

Hi, I have the same issue. Any update on this considering its been about eight months now??

Hi Christian, Generally we consider that the DNS Suffix will be provided by your default gateway. I fully understand your concern. This was a change since Windows Vista as we know. Now I cannot tell you if we need to work with it in every later operation systems. We will report your concern to our proper department. Arthur Xie - MSFT This is a really big problem for me at the moment... Due to the limitations of WINS , im unable to ping hostnames over a VPN connection, only FQDN names are pingable ! some parts of this issue is discussed here: http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/075637fd-d32a-4cce-bd04-c380eba08980/ I've been struggling over 3 days now, how to provide VPN clients with the DNS suffix, to resolve the issue of accessing hostnames using their short name rather then FQDN names. Edit: apparently it can be solved : http://www.windowsreference.com/windows-vista/fix-for-append-these-dns-suffixes-is-grayed-out-in-vista-vpn/