Policy
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). Note: To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Netlogon\Parameters\IgnoreIncomingMailslotMessages | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerBlock NetBIOS-based discovery for domain controller locationWindows10
- ComputerDo not use NetBIOS-based discovery for domain controller location when DNS-based discovery failsAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerForce Rediscovery IntervalAt least Windows Vista
- ComputerReturn domain controller address typeAt least Windows Vista
- ComputerSet Priority in the DC Locator DNS SRV recordsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSet TTL in the DC Locator DNS RecordsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSet Weight in the DC Locator DNS SRV recordsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSpecify address lookup behavior for DC locator pingAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerSpecify DC Locator DNS records not registered by the DCsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSpecify dynamic registration of the DC Locator DNS RecordsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSpecify Refresh Interval of the DC Locator DNS recordsAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerSpecify sites covered by the application directory partition DC Locator DNS SRV recordsAt least Windows Server 2003 operating systems or Windows XP Professional