When dynamically re-registering DNS, the DNS client attempts to send a secure dynamic update only when a non-secure dynamic update has been refused.
Using REG.EXE, built into Windows XP and Windows Server 2003, or from the Windows 2000 Support Tools, I have scripted CFGSNSDNS.bat to configure a DNS client to send secure updates only, non-secure updates only, or the default, described above.
The syntax for using CFGSNSDNS.bat is:
CFGSNSDNS X
Where X is:
D - The default, send a secure dynamic update only when a non-secure dynamic update has been refused. S - Send secure updates only. N - Send non-secure updates only.NOTE: You must shutdown and restart your client for this entry to become effective.
NOTE: See Your Windows Server 2003 domain controller System event log records event ID 5774?
CFGSNSDNS.bat contains:
@echo off
setlocal
if \{%1\}==\{\} goto err
set type=%1
if /i "%type%" EQU "D" set X=0&goto setit
if /i "%type%" EQU "N" set X=16&goto setit
if /i "%type%" EQU "S" set X=256&goto setit
goto err
:setit
call :quiet>nul 2>&1
endlocal
goto :EOF
:quiet
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V UpdateSecurityLevel /T REG_DWORD /F /D %X%
goto :EOF
:err
@echo Syntax: CFGSNSDNS Type
endlocal
0 comments
Hide comments
