disable Multicast Name Resolution (LLMNR) with Intune

I'm looking for a way to disable Multicast Name Resolution (LLMNR) using Intune. I've checked the MDM Security baseline and all Device configuration policies, but was unable to find the setting. I ra...

Intune

mobile device management (mdm)

security

AadLutgert
Feb 22, 2020
Basher81 I haven't recieved an answer. The best way to do this is creating a powershell script to add the following registry setting:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"EnableMulticast"=dword:00000000

You can deploy this by either packaging with the win32 prep tool (application) or deploy it as a powershell script.

Hope this will help you.

AadLutgert

Brass Contributor

Feb 13, 2021

Martijn Steffens

Hi Martijn,

I'm seeing the same behaviour in the GPedit setting, but when I'm testing it using Kali Linux as described in this article https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/ it does seem to work.

best regards,

Aad Lutgert

AadLutgert

Brass Contributor

Feb 13, 2021

There is also a new policy setting available In the latest Windows 10 Insider Preview Build named:

ADMX_DnsClient/Turn_Off_Multicast

Using this policy setting LLMNR can be disabled on client computers. more info can be found here:

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-dnsclient