When dynamically re-registering DNS, the DNS client attempts to send a secure dynamic update only when a non-secure dynamic update has been refused.
Using REG.EXE, built into Windows XP and Windows Server 2003, or from the Windows 2000 Support Tools, I have scripted CFGSNSDNS.bat to configure a DNS client to send secure updates only, non-secure updates only, or the default, described above.
The syntax for using CFGSNSDNS.bat is:
CFGSNSDNS X
Where X is:
D - The default, send a secure dynamic update only when a non-secure dynamic update has been refused. S - Send secure updates only. N - Send non-secure updates only.NOTE: You must shutdown and restart your client for this entry to become effective.
NOTE: See Your Windows Server 2003 domain controller System event log records event ID 5774?
CFGSNSDNS.bat contains:
@echo off setlocal if \{%1\}==\{\} goto err set type=%1 if /i "%type%" EQU "D" set X=0&goto setit if /i "%type%" EQU "N" set X=16&goto setit if /i "%type%" EQU "S" set X=256&goto setit goto err :setit call :quiet>nul 2>&1 endlocal goto :EOF :quiet REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V UpdateSecurityLevel /T REG_DWORD /F /D %X% goto :EOF :err @echo Syntax: CFGSNSDNS Type endlocal
0 comments
Hide comments