I have Windows 7 Professional 32-bit and 64-bit on home computers. I would like to be able to connect to the VPN at my office and use connection specifix DNS suffixes for the VPN connections. Under Windows XP you could simply add the additional connection suffixes to the Advanced options for the network connection properties. However, under Windows 7 this option is unavailable.I looked around and found the solution:1. Edit the Group Policy and do the following changes: start >run > type gpedit.msc Navagate to Computer Config > Administrative Templates > Network > DNS Client 2. Enable the following two entries: - allow dns suffix appending to unqualified multi-label name queries - Primary DNS Suffix Devolution.3. Restart the computer or force apply the policy.This solution HAS NOT WORKED for me. The ability to append DNS Suffixes remains greyed out for all accept the default LAN connection.My home machines are NOT on a domain and are simply workgrouped. I do not wish to join my home machines to the company's domain as I do not wish to have all of the GPOs apply.Is there some additional configuration or some other way to have connection specific DNS suffixes apply to my VPN connections? There are a considerable amount of sub-domains and resources that I have to work with so a host file would become unwieldly quickly. It seems ridiculous to me that this functionality can't be enabled, so I must just not be checking the right boxes or something.Any help would be GREATLY appreciated.Thanks.

Ok... cool Mr. Xie,Same question, but in relation to Win7 Home Premium. I need to access our work VPN which requires a DNS suffix be added and I am unable to. Since there is no group policy management - no gpedit console (or any local user or group management whatsoever, so I just found out) am I SOL? I would think it's rather rediculous that I can not connect to a VPN which is, in part, the entire purpose of said VPN, from HOME with an OS with the name 'HOME' in it.Thx... here's keeping my fingers crossed.Jeff.

Thanks again for your attention to this thread Arthur!My only concern with this solution and the others I've seen from Microsoft is that they are not per-connection solutions. Adding in the search suffixes either in a GPO or the Registry seems to be equivalent to adding them in to the primary connection's search suffix fields. In essence making these suffixes apply to all connections and not specifically called/utilized when a VPN/Secondary connection is active. As you may imagine, there can be cases when these search suffixes may provide inconsistent and inaccurate results when private intranet suffixes are applied to the public internet (name collisions, lack of split horizon DNS resources). I understand the security concerns around split tunneling, but am I to understand that versions of Windows moving forward will be without per connection suffix inclusion and we are forced to using one set of suffixes for all connections?Thanks again!Christian Quackenbush

Hi Christian, Generally we consider that the DNS Suffix will be provided by your default gateway. I fully understand your concern. This was a change since Windows Vista as we know. Now I cannot tell you if we need to work with it in every later operation systems. We will report your concern to our proper department. Arthur Xie - MSFT

Hi, I have the same issue. Any update on this considering its been about eight months now??

The group policy reg keys for the searchlist are: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\"SearchList"="domain1,domain2,domain3" and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DNSClient\"SearchList"="domain1,domain2,domain3"

Hmmm, the last link in Montago's post above ("apparently it can be solved") does NOT work for me using Win8. I'm using a Win8 Pro 64-bit system at home (workgroup based), with a standard Microsoft PPTP VPN to my office (domain based). Not sure why Microsoft has changed the rules of engagement, but it sure sucks that there is no way to override the "greyed out" feature. An ongoing reminder, in case anyone forgets, of the arrogance that is Microsoft. As (one of) the domain administrators at work I have been similarly frustrated by the converse problem, namely that the Windows DHCP servers will not allow sending a DNS search list (using the standard DHCP options for that purpose), with the rationale that "some Windows clients cannot utilize that information". So we can no longer add a search list to the client, and we cannot add it to the server because some (really old I presume) Microsoft clients can't use the information. Totally Brilliant!