Policy

Update security level

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryNetwork > DNS Client
Supported onAt least Windows Server 2003 operating systems or Windows XP Professional

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

Specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the following values: Unsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused. Only unsecure - the DNS client sends only nonsecure dynamic updates. Only secure - The DNS client sends only secure dynamic updates. If you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. If you disable this policy setting, or if you do not configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.

Internal name
DNS_UpdateSecurityLevel
Policy ID
629239f38859
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Update security level:
ID DNS_UpdateSecurityLevel_Box
enum
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
Type REG_DWORD
Options: Only secure (256), Only unsecure (16), Unsecure followed by secure (0)

Other policies in this category

Explore related policies at the same level.

View all policies in this category