- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
- Switch between Windows Terminal and the legacy console - Thu, Nov 16 2023
If a host has multiple addresses in the Domain Name System, Windows prefers IPv6 over IPv4. A poorly maintained IPv6 network can therefore lead to recurring issues, including difficulties in finding domain controllers.
During troubleshooting, admins often focus solely on the IPv4 configuration, which may appear to be correct, without considering that Windows prioritizes Version 6.
Remove binding from the network adapter
Most how-to guides on the web recommend unbinding IPv6 from the network adapters to disable it. To do so, open the adapter settings and clear the check box next to Internet Protocol Version 6 (IPv6).
Remove the binding of IPv6 from a network adapter using the GUI
This task can be achieved more efficiently using PowerShell. You can enter the following command to display all adapters to which IPv6 is bound:
Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true
To remove the binding from all adapters in a single pass, you can pipe the output to Disable-NetAdapterBinding:
Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Disable-NetAdapterBinding -ComponentID "ms_tcpip6"
Unbind IPv6 from network adapters using PowerShell
Conversely, you can reenable the protocol using Enable-NetAdapterBinding.
While PowerShell is more efficient than manually clicking through the graphical adapter settings, this method does not scale well when configuring multiple PCs. Additionally, this approach leaves the IPv6 stack untouched, and mysterious network issues may still occur.
Disable IPv6 or change priority
Microsoft provides a registry key if you want to disable IPv6, and not just remove it from a network adapter. You can create it using PowerShell with the following command:
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ ` -Name DisabledComponents -Type DWord -Value 255
The value 255 (hex 0xFF) disables IPv6.
Disable IPv6 using registry keys and PowerShell
However, Microsoft advises against disabling IPv6 completely as Windows functions could be affected. Instead, the company recommends downgrading the priority of IPv6 so that IPv4 is preferred. For this purpose, the value 32 is used instead of 255 in the above command:
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ ` -Name DisabledComponents -Type DWord -Value 32
Instead of using PowerShell, you can save the following code in a file with the extension .reg and execute it by double-clicking:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] "DisabledComponents"=dword:00000020
In a Windows domain environment, you can distribute the registry entry using Group Policy Preferences. To do so, create a new GPO for the desired OU or domain, and open it in the editor.
There, navigate to Computer Configuration > Preferences > Windows Settings > Registry and select the New > Registry Item command from the context menu.
In the following dialog box, select HKEY_LOCAL_MACHINE as the hive and enter SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ as the key path. Set the name to DisabledComponents and enter 32 as the value. If you want to disable IPv6, use 255 instead.
Distribute the registry key for downgrading IPv6 priority via Group Policy Preferences
The changes should take effect the next time the group policies are updated or after gpupdate /force is run.
Summary
It is often mistakenly recommended to remove the protocol binding from the network adapters to disable IPv6. While this approach may achieve the desired result, it is relatively cumbersome and leaves the IPv6 stack untouched.
Subscribe to 4sysops newsletter!
The official method involves adding a key to the registry. However, for the sake of system stability, Microsoft recommends not disabling IPv6 by using a value of 255. Instead, you should downgrade its priority against IPv4 by entering 32 (hex 0x20) as the value.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
Good information and I used to disable IP6 from all our workstations and servers. I started seeing odd errors and found a couple of articles which Microsoft was recommending a as a best practice to leave IP6 enabled. Apparently under Server 2019/22 there are a number of background servers which AD uses to communicate between servers in the domain. Once I reenabled IP6, authentications and zone transfers where quicker and the odd errors disappeared. Just my two cents
How about a post how to configure ipv6 correçtly, and include all the ipv6 protocols like isatap dns settings and dhcpv6 please.
We have a series that discusses how to configure iPv6. Of course, these eight articles only scratch the surface.
We were informed by MS never to disable IPv6 in a Domain environment, the DC’s use it to replicate much more efficiently and some services are dependant on it.
From – https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows#:~:text=We%20do%20not%20recommend%20that%20you%20disable%20IPv6,IPv6%20in%20prefix%20policies%20instead%20of%20disabling%20IPV6.
Important
Internet Protocol version 6 (IPv6) is a mandatory part of Windows Vista and Windows Server 2008 and newer versions. We do not recommend that you disable IPv6 or its components. If you do, some Windows components may not function.
We recommend using Prefer IPv4 over IPv6 in prefix policies instead of disabling IPV6.
This is exactly what I have written in this article.
You lost me at the “However, Microsoft advises against disabling IPv6 completely as Windows functions could be affected. Instead, the company recommends downgrading the priority of IPv6 so that IPv4 is preferred.” part as well…..