Build a KACE SMA Script to disable IPv6 using Windows Registry

Endorsed by Nick The Ninja

This is a guide that will help you build a Script to Disable IPv6 on all non tunnel interfaces and on IPv6 tunnel interfaces.

Things to consider:

1- Test the script in a controlled lab or Test device first.

2- The DisabledComponents registry value does not affect the state of the check box. Therefore, even if the DisabledComponents registry key is set to disable IPv6, the check box in the Networking tab for each interface can still be checked. This is expected behavior.

3- For this effects to take place, the computer needs a restart.

4- I only tested this with Windows 7 and Windows 10 x64.

5- You could use this PowerShell Script to verify if IPv6 is disabled or not:

6- I am using KACE Systems Management Appliance Version 9.0, and agent version 9.x.


1- We are going to the Windows Registry, to make sure the key needed to disable IPv6 is not there:
Location:         HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

2- We go to our KACE SMA Appliance and Build a new script:

3- Add your target devices, and make sure you have Windows OS selected, if you select ALL, some options will not be available later, the Run As needs to be a user with enough permissions to edit the registry, in this case, I am using a Local Administrator Account.

4-Select if you would like to notify your users about the Script, I am doing it because my script includes a task (optional) that will reboot the device.

5- I'm not using Schedule Options, as I prefer to run it manually.

6- Add a new Task, this will be Task 1.
  A- We will verify if the Key already exists and if it has the value we need\want. (check the Microsoft link at the top).


  B- On success (That means the key exists and the value matches), I am logging a status message, this is not visible to users, it will help you troubleshoot the Script in case it fails.

  C- Remediation (what's going to happen if the key is not there or the value is different), I am creating a new key named "DisabledComponents" with a Decimal value of 17. Again, check the Microsoft's URL in regards different IPv6 settings.

  D- Remediation Success (what's going to happen if the key is changed successfully), I am logging a message about the success.

7- At this point the registry key should be there (remember, you will need to re open regedit or refresh it).

8-You could reboot the machine manually, with a different script, or add another Task to this script to reboot it:
(Make sure the On Failure for Task 1 is set Continue)