======Microsoft - Scripting - PowerShell - Snippets - Disable/Enable LLMNR======
A snippet to disable LLMNR at the start of a script, so a DNS name resolution call would not get resolved with LLMNR [System.Net.Dns]::GetHostAddresses("SERVERNAME") , and re-enable LLMNR at the end of the script.
See [[microsoft:scripting:powershell:snippets:logging]] for the Log-* funtions.
=====Start with Disable=====
$bLLMNRPolicyState = 0
Log-Info "Disabling LLMNR"
# Disable LLMNR.
# If the DNSClient is not present, create it and the EnableMulticast value.
if (-Not (Test-Path -Path "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient")) {
Log-Info "DNSClient key not present, creating it and the EnableMulticast value."
$bLLMNRPolicyState = 1 # Value not present.
try {
Log-Info "Creating the DNSClient policy key."
# Create the DNSClient key.
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -ErrorAction Stop
Log-Info "Creating the EnableMulticast property with value."
# Create the EnableMulticast value set to 0.
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" `
-Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null
Log-Info "Restarting the DNS Client service."
# Restart the DNS Client service to enforce the change.
Restart-Service -Name "dnscache" -Force
} catch {
Log-Error "Could not disable LLMNR on the local system."
Log-Error $Error[0]
Exit
}
# If the DNSClient is present, check and correct the EnableMulticast value.
} else {
Log-Info "DNSClient key is already present, checking EnableMulticast value."
$objEnableMulticast = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -PSProperty "EnableMulticast" -ErrorAction SilentlyContinue
# If it's set to 0 it is already disabled.
if ($objEnableMulticast.EnableMulticast -eq 0) {
Log-Info "LLMNR is already disabled. Not changing this."
$bLLMNRPolicyState = 2 # Already disabled.
} elseif ($objEnableMulticast.EnableMulticast -eq 1) {
Log-Info "LLMNR is explicitly enabled. Setting it to disabled."
try {
# Overwrite the value.
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" `
-Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null
# Restart the DNS Client service to enforce the change.
Restart-Service -Name "dnscache" -Force
} catch {
Log-Error "Could not disable LLMNR on the local system."
Log-Error $Error[0]
Exit
}
$bLLMNRPolicyState = 3 # Disabled by this script.
} else {
Log-Info "The EnableMulticast value is not present. Creating it."
try {
# Create the policy property with value.
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" `
-Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null
# Restart the DNS Client service to enforce the change.
Restart-Service -Name "dnscache" -Force
} catch {
Log-Error "Could not disable LLMNR on the local system."
Log-Error $Error[0]
Exit
}
$bLLMNRPolicyState = 1 # Value not present.
}
Clear-Variable objEnableMulticast
}
=====End with Enable=====
Log-Info "Restoring LLMNR settings."
# Restore the LLMNR setting to the value it had before starting the script.
switch ($bLLMNRPolicyState) {
# LLMNR key was not present
1 {
try {
# Delete the key.
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -Name "EnableMulticast" -Force -ErrorAction Stop
# Restart the DNS Client service to enforce the change.
Restart-Service -Name "dnscache" -Force -ErrorAction Stop
} catch {
Log-Error "Failed to delete the EnableMulticast value."
Log-Error $Error[0]
}
}
# LLMNR was already set to disabled.
2 {
Log-Info "LLMNR was already set to disabled. Not changing."
}
# LLMNR was disabled by this script.
3 {
try {
# Overwrite the value.
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" `
-Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force -ErrorAction Stop | Out-Null
# Restart the DNS Client service to enforce the change.
Restart-Service -Name "dnscache" -Force -ErrorAction Stop
} catch {
Log-Error "Failed to restore the LLMNR setting to enabled."
Log-Error $Error[0]
}
}
Default {
Log-Warning "Unexpected value of $bLLMNRPolicyState for bLLMNRPolicyState. Not changing LLMNR registry setting."
}
}