- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
- Switch between Windows Terminal and the legacy console - Thu, Nov 16 2023
If a host has multiple addresses in the Domain Name System, Windows prefers IPv6 over IPv4. A poorly maintained IPv6 network can therefore lead to recurring issues, including difficulties in finding domain controllers.
During troubleshooting, admins often focus solely on the IPv4 configuration, which may appear to be correct, without considering that Windows prioritizes Version 6.
Remove binding from the network adapter
Most how-to guides on the web recommend unbinding IPv6 from the network adapters to disable it. To do so, open the adapter settings and clear the check box next to Internet Protocol Version 6 (IPv6).
This task can be achieved more efficiently using PowerShell. You can enter the following command to display all adapters to which IPv6 is bound:
Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true
To remove the binding from all adapters in a single pass, you can pipe the output to Disable-NetAdapterBinding:
Get-NetAdapterBinding -ComponentID "ms_tcpip6" | where Enabled -eq $true | Disable-NetAdapterBinding -ComponentID "ms_tcpip6"
Conversely, you can reenable the protocol using Enable-NetAdapterBinding.
While PowerShell is more efficient than manually clicking through the graphical adapter settings, this method does not scale well when configuring multiple PCs. Additionally, this approach leaves the IPv6 stack untouched, and mysterious network issues may still occur.
Disable IPv6 or change priority
Microsoft provides a registry key if you want to disable IPv6, and not just remove it from a network adapter. You can create it using PowerShell with the following command:
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ ` -Name DisabledComponents -Type DWord -Value 255
The value 255 (hex 0xFF) disables IPv6.
However, Microsoft advises against disabling IPv6 completely as Windows functions could be affected. Instead, the company recommends downgrading the priority of IPv6 so that IPv4 is preferred. For this purpose, the value 32 is used instead of 255 in the above command:
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ ` -Name DisabledComponents -Type DWord -Value 32
Instead of using PowerShell, you can save the following code in a file with the extension .reg and execute it by double-clicking:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] "DisabledComponents"=dword:00000020
In a Windows domain environment, you can distribute the registry entry using Group Policy Preferences. To do so, create a new GPO for the desired OU or domain, and open it in the editor.
There, navigate to Computer Configuration > Preferences > Windows Settings > Registry and select the New > Registry Item command from the context menu.
In the following dialog box, select HKEY_LOCAL_MACHINE as the hive and enter SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ as the key path. Set the name to DisabledComponents and enter 32 as the value. If you want to disable IPv6, use 255 instead.
The changes should take effect the next time the group policies are updated or after gpupdate /force is run.
It is often mistakenly recommended to remove the protocol binding from the network adapters to disable IPv6. While this approach may achieve the desired result, it is relatively cumbersome and leaves the IPv6 stack untouched.
Subscribe to 4sysops newsletter!
The official method involves adding a key to the registry. However, for the sake of system stability, Microsoft recommends not disabling IPv6 by using a value of 255. Instead, you should downgrade its priority against IPv4 by entering 32 (hex 0x20) as the value.