Update security level

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

Specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the following values: Unsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused. Only unsecure - the DNS client sends only nonsecure dynamic updates. Only secure - The DNS client sends only secure dynamic updates. If you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. If you disable this policy setting, or if you do not configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.

• Computer
  Allow DNS suffix appending to unqualified multi-label name queries

  At least Windows Vista
• Computer
  Allow NetBT queries for fully qualified domain names

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  Configure Discovery of Designated Resolvers (DDR) protocol

  At least Windows 11 Version 23H2
• Computer
  Configure encrypted name resolution

  At least Windows Server 20H2, Windows 10 Version 20H2
• Computer
  Configure multicast DNS (mDNS) protocol

  At least Windows Server 2016, Windows 10 Version 1703
• Computer
  Configure NetBIOS settings

  At least Windows Vista
• Computer
  Connection-specific DNS suffix

  Windows XP Professional only