SOLVED

disable Multicast Name Resolution (LLMNR) with Intune

%3CLINGO-SUB%20id%3D%22lingo-sub-843499%22%20slang%3D%22en-US%22%3Edisable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843499%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20looking%20for%20a%20way%20to%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20using%20Intune.%20I've%20checked%20the%20MDM%20Security%20baseline%20and%20all%20Device%20configuration%20policies%2C%20but%20was%20unable%20to%20find%20the%20setting.%20I%20rather%20do%20not%20want%20to%20use%20Powershell%20to%20deploy%20registry%20setting%2C%20but%20I%20do%20not%20know%20another%20option.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anyone%20who%20knows%20how%20to%20disable%20Multicast%20Name%20Resolution%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-843499%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844817%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844817%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203284%22%20target%3D%22_blank%22%3E%40Aad%20Lutgert%3C%2FA%3E%26nbsp%3BHi%2C%20As%20there%20are%20a%20GPO%20%22Turn%20Off%20Multicast%20Name%20Resolution%22%20you%20could%20use%20an%20ADMX%20backed%20policy%20and%20importing%20the%20admx%20file%20and%20then%20deploy%20it%20as%20a%20configuration%20Policy.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Ingesting-Office-ADMX-Backed-policies-using%2Fba-p%2F354824%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-Ingesting-Office-ADMX-Backed-policies-using%2Fba-p%2F354824%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThat%20is%20what%20I%20would%20have%20tried.%3C%2FP%3E%0A%3CP%3ERegards%2C%3CBR%20%2F%3EJ%C3%B6rgen%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846048%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846048%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13627%22%20target%3D%22_blank%22%3E%40J%C3%B6rgen%20Nilsson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20suggestion.%20I've%20thought%20about%20this%20option%2C%20but%20ingestion%20is%20not%20allowed%20for%20the%20key%20location%20used%20by%20this%20setting.%20The%20location%20used%20is%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3Esoftware%5Cpolicies%5Cmicrosoft%3C%2FSTRONG%3E%5Cwindows%20NT%5CDNS%20client%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnd%20it's%20not%20possible%20to%20ingest%20policies%20for%20the%20following%20key%20locations%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESystem%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ESoftware%5CWindows%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3ESoftware%5CPolicies%5CMicrosoft%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnd%20there%20isn't%20an%20exception%20for%20the%20key%20%22windows%20nt%22%20in%20the%20exception%20list.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EPlease%20let%20me%20know%20if%20this%20isn't%20correct.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1185459%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1185459%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203284%22%20target%3D%22_blank%22%3E%40Aad%20Lutgert%3C%2FA%3E%26nbsp%3BDId%20you%20ever%20figure%20this%20out%3F%20I%20am%20running%20into%20the%20same%20thing%20now%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1188586%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1188586%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F447865%22%20target%3D%22_blank%22%3E%40Basher81%3C%2FA%3E%26nbsp%3BI%20haven't%20recieved%20an%20answer.%20The%20best%20way%20to%20do%20this%20is%20creating%20a%20powershell%20script%20to%20add%20the%20following%20registry%20setting%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5BHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CWindows%20NT%5CDNSClient%5D%3CBR%20%2F%3E%22EnableMulticast%22%3Ddword%3A00000000%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20deploy%20this%20by%20either%20packaging%20with%20the%20win32%20prep%20tool%20(application)%20or%20deploy%20it%20as%20a%20powershell%20script.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20will%20help%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1572815%22%20slang%3D%22en-US%22%3ERe%3A%20disable%20Multicast%20Name%20Resolution%20(LLMNR)%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572815%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203284%22%20target%3D%22_blank%22%3E%40Aad%20Lutgert%3C%2FA%3E%26nbsp%3B%3Acrossed_fingers%3A%20maby%20you%20can%20help%20us%20out.%20So%20i%20was%20able%20to%20create%20the%20reg%20key%26nbsp%3B%3CSPAN%3EEnableMulticast%2C%20but%20when%20looking%20at%20the%20Gpedit.msc%2C%20i%20still%20see%20the%20Multicast%20setting%20'%20not%20configured'.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22multicast.PNG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210977i5767FEAC051956A7%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22multicast.PNG%22%20alt%3D%22multicast.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3EMaby%20is%20the%20heat%20%3Agrinning_face_with_sweat%3A%20or%20i'm%20missing%20something.%20Goal%20in%20the%20end%2C%20would%20be%20to%20disable%20LLMNR%20and%20Netbios%20using%20Intune.%3CBR%20%2F%3E%3CBR%20%2F%3EKind%20regards%2C%20Martijn%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I'm looking for a way to disable Multicast Name Resolution (LLMNR) using Intune. I've checked the MDM Security baseline and all Device configuration policies, but was unable to find the setting. I rather do not want to use Powershell to deploy registry setting, but I do not know another option. 

 

Is there anyone who knows how to disable Multicast Name Resolution? 

 

Thanks in advance

 

 

5 Replies
Highlighted

@Aad Lutgert Hi, As there are a GPO "Turn Off Multicast Name Resolution" you could use an ADMX backed policy and importing the admx file and then deploy it as a configuration Policy.

https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Bac...

That is what I would have tried.

Regards,
Jörgen

Highlighted

@Jörgen Nilsson 

 

Thanks for your suggestion. I've thought about this option, but ingestion is not allowed for the key location used by this setting. The location used is:

 

software\policies\microsoft\windows NT\DNS client

 

And it's not possible to ingest policies for the following key locations:

 

System

Software\Windows

Software\Policies\Microsoft 

 

And there isn't an exception for the key "windows nt" in the exception list. 

 

Please let me know if this isn't correct.

 

Highlighted

@Aad Lutgert DId you ever figure this out? I am running into the same thing now 

Highlighted
Best Response confirmed by Aad Lutgert (New Contributor)
Solution

@Basher81 I haven't recieved an answer. The best way to do this is creating a powershell script to add the following registry setting:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"EnableMulticast"=dword:00000000

 

You can deploy this by either packaging with the win32 prep tool (application) or deploy it as a powershell script. 

 

Hope this will help you.

Highlighted

@Aad Lutgert :crossed_fingers: maby you can help us out. So i was able to create the reg key EnableMulticast, but when looking at the Gpedit.msc, i still see the Multicast setting ' not configured'. multicast.PNG
Maby is the heat :grinning_face_with_sweat: or i'm missing something. Goal in the end, would be to disable LLMNR and Netbios using Intune.

Kind regards, Martijn