SOLVED

disable Multicast Name Resolution (LLMNR) with Intune

Occasional Contributor

I'm looking for a way to disable Multicast Name Resolution (LLMNR) using Intune. I've checked the MDM Security baseline and all Device configuration policies, but was unable to find the setting. I rather do not want to use Powershell to deploy registry setting, but I do not know another option. 

 

Is there anyone who knows how to disable Multicast Name Resolution? 

 

Thanks in advance

 

 

7 Replies

@Aad Lutgert Hi, As there are a GPO "Turn Off Multicast Name Resolution" you could use an ADMX backed policy and importing the admx file and then deploy it as a configuration Policy.

https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Bac...

That is what I would have tried.

Regards,
Jörgen

@Jörgen Nilsson 

 

Thanks for your suggestion. I've thought about this option, but ingestion is not allowed for the key location used by this setting. The location used is:

 

software\policies\microsoft\windows NT\DNS client

 

And it's not possible to ingest policies for the following key locations:

 

System

Software\Windows

Software\Policies\Microsoft 

 

And there isn't an exception for the key "windows nt" in the exception list. 

 

Please let me know if this isn't correct.

 

@Aad Lutgert DId you ever figure this out? I am running into the same thing now 

best response confirmed by Aad Lutgert (Occasional Contributor)
Solution

@Basher81 I haven't recieved an answer. The best way to do this is creating a powershell script to add the following registry setting:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"EnableMulticast"=dword:00000000

 

You can deploy this by either packaging with the win32 prep tool (application) or deploy it as a powershell script. 

 

Hope this will help you.

@Aad Lutgert :crossed_fingers: maby you can help us out. So i was able to create the reg key EnableMulticast, but when looking at the Gpedit.msc, i still see the Multicast setting ' not configured'. multicast.PNG
Maby is the heat :grinning_face_with_sweat: or i'm missing something. Goal in the end, would be to disable LLMNR and Netbios using Intune.

Kind regards, Martijn

@Martijn Steffens 

 

Hi Martijn,

 

I'm seeing the same behaviour in the GPedit setting, but when I'm testing it using Kali Linux as described in this article LLMNR and NBT-NS Poisoning Using Responder | 4ARMED it does seem to work. 

 

best regards,

 

Aad Lutgert

There is also a new policy setting available In the latest Windows 10 Insider Preview Build named:

 

ADMX_DnsClient/Turn_Off_Multicast

 

Using this policy setting LLMNR can be disabled on client computers. more info can be found here:

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-dnsclient