How can I turn off IPv6 temporary addresses in a enterprise environment
So in a default configuration Vista and Windows 7 clients will use IPv6 temporary address (per RFC 3041), but I would like to be able to disable this with a GPO. I know I can do this by using a startup script tied to a GPO using the netsh interface ipv6 set privacy state=disabled store=persistent but I really do not want to run a logon script especially when as you can see in the command it is a persistent setting. Any ideas on using a registry based GPO for this?
June 1st, 2011 12:29am

Hi, You may refer to the following link. http://support.microsoft.com/kb/929852Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2011 12:05pm

Hi, You may refer to the following link. http://support.microsoft.com/kb/929852 Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” Hi and thank you for the reply. That KB doesn't reference RFC 3041 temporary addresses. It does provide a method to disable IPv6, and/or various aspects of the MS implementation of IPv6 like tunneling, but it does not provide for setting privacy on a NIC.
June 2nd, 2011 9:41pm

Hi, OK, I understand what you want. But after I use the Process Monitor to capture the behavior, I found that a lot of registry keys would be changed. So you can not set it via registry unless the IPv6 is disabled. Thanks for understanding. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2011 11:24am

Hi, OK, I understand what you want. But after I use the Process Monitor to capture the behavior, I found that a lot of registry keys would be changed. So you can not set it via registry unless the IPv6 is disabled. Thanks for understanding. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” Thank you again for the answer. As a follow up question... How does one suggest/request a change in default behavior in a MS product? While the RFC 3041 addresses might be nice to have for the average consumer they are not ideal in a enterprise environment. I have found that the temporary addresses will register in DNS, but this doesn't completely solve the issue of tracking and accountability, you would still need a application to query, correlate and store that information. So it would be nice if the business versions of Windows Vista/7/2K8 and the next client OS would not have this behavior by default.
June 3rd, 2011 10:20pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics