/build/static/layout/Breadcrumb_cap_w.png

Build a KACE SMA Script to disable IPv6 using Windows Registry

Endorsed by Nick The Ninja

This is a guide that will help you build a Script to Disable IPv6 on all non tunnel interfaces and on IPv6 tunnel interfaces.

Things to consider:

1- Test the script in a controlled lab or Test device first.

2- The DisabledComponents registry value does not affect the state of the check box. Therefore, even if the DisabledComponents registry key is set to disable IPv6, the check box in the Networking tab for each interface can still be checked. This is expected behavior.

3- For this effects to take place, the computer needs a restart.

4- I only tested this with Windows 7 and Windows 10 x64.

5- You could use this PowerShell Script to verify if IPv6 is disabled or not:
https://gallery.technet.microsoft.com/scriptcenter/Ipv6-enabled-420e0123#content

6- I am using KACE Systems Management Appliance Version 9.0, and agent version 9.x.

Steps:

1- We are going to the Windows Registry, to make sure the key needed to disable IPv6 is not there:
Location:         HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\



2- We go to our KACE SMA Appliance and Build a new script:

3- Add your target devices, and make sure you have Windows OS selected, if you select ALL, some options will not be available later, the Run As needs to be a user with enough permissions to edit the registry, in this case, I am using a Local Administrator Account.

4-Select if you would like to notify your users about the Script, I am doing it because my script includes a task (optional) that will reboot the device.

5- I'm not using Schedule Options, as I prefer to run it manually.

6- Add a new Task, this will be Task 1.
  A- We will verify if the Key already exists and if it has the value we need\want. (check the Microsoft link at the top).

 

  B- On success (That means the key exists and the value matches), I am logging a status message, this is not visible to users, it will help you troubleshoot the Script in case it fails.
  

  C- Remediation (what's going to happen if the key is not there or the value is different), I am creating a new key named "DisabledComponents" with a Decimal value of 17. Again, check the Microsoft's URL in regards different IPv6 settings.
 

  D- Remediation Success (what's going to happen if the key is changed successfully), I am logging a message about the success.
  

7- At this point the registry key should be there (remember, you will need to re open regedit or refresh it).


8-You could reboot the machine manually, with a different script, or add another Task to this script to reboot it:
(Make sure the On Failure for Task 1 is set Continue)

Task number 2 will force a reboot 60 seconds after changing\adding the registry key, that is why I am notifying the users about running the Script or not.

You could use this PowerShell Script to verify if IPv6 is disabled or not, remember the checkmark for IPv6 will still be there:

https://gallery.technet.microsoft.com/scriptcenter/Ipv6-enabled-420e0123#content

If you wish to perform a different IPv6 configuration step\task, check this post from Microsoft, and edit this script accordingly:
https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users






Posted 5 years ago 3106 views

Comments

This post is locked

Posted by:

Channeler Red Belt
Ninja since: 7 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login
Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ