Q. How can I disable the DNS management snap-in from being used remotely?

A. You can normally make remote connections to a DNS server using a dynamic remote procedure call (RPC) port allocation (ports 49152 to 65535). If you want to disable this remote ability, you can make a registry change and then stop and start the DNS service.

  1. Start the registry editor (regedit.exe).
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters.
  3. From the Edit menu, select New, DWORD value.
  4. Enter a name of RpcProtocol and press Enter.
  5. Double-click the new value and set it to 4.
  6. Click OK.
  7. Restart the DNS Server service with the commands
net stop dns
net start dns

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.