A snippet to disable LLMNR at the start of a script, so a DNS name resolution call would not get resolved with LLMNR [System.Net.Dns]::GetHostAddresses(“SERVERNAME”) , and re-enable LLMNR at the end of the script.
See logging for the Log-* funtions.
$bLLMNRPolicyState = 0 Log-Info "Disabling LLMNR" # Disable LLMNR. # If the DNSClient is not present, create it and the EnableMulticast value. if (-Not (Test-Path -Path "HKLM:\Software\policies\Microsoft\Windows NT\DNSClient")) { Log-Info "DNSClient key not present, creating it and the EnableMulticast value." $bLLMNRPolicyState = 1 # Value not present. try { Log-Info "Creating the DNSClient policy key." # Create the DNSClient key. New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -ErrorAction Stop Log-Info "Creating the EnableMulticast property with value." # Create the EnableMulticast value set to 0. New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" ` -Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null Log-Info "Restarting the DNS Client service." # Restart the DNS Client service to enforce the change. Restart-Service -Name "dnscache" -Force } catch { Log-Error "Could not disable LLMNR on the local system." Log-Error $Error[0] Exit } # If the DNSClient is present, check and correct the EnableMulticast value. } else { Log-Info "DNSClient key is already present, checking EnableMulticast value." $objEnableMulticast = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -PSProperty "EnableMulticast" -ErrorAction SilentlyContinue # If it's set to 0 it is already disabled. if ($objEnableMulticast.EnableMulticast -eq 0) { Log-Info "LLMNR is already disabled. Not changing this." $bLLMNRPolicyState = 2 # Already disabled. } elseif ($objEnableMulticast.EnableMulticast -eq 1) { Log-Info "LLMNR is explicitly enabled. Setting it to disabled." try { # Overwrite the value. New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" ` -Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null # Restart the DNS Client service to enforce the change. Restart-Service -Name "dnscache" -Force } catch { Log-Error "Could not disable LLMNR on the local system." Log-Error $Error[0] Exit } $bLLMNRPolicyState = 3 # Disabled by this script. } else { Log-Info "The EnableMulticast value is not present. Creating it." try { # Create the policy property with value. New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" ` -Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force | Out-Null # Restart the DNS Client service to enforce the change. Restart-Service -Name "dnscache" -Force } catch { Log-Error "Could not disable LLMNR on the local system." Log-Error $Error[0] Exit } $bLLMNRPolicyState = 1 # Value not present. } Clear-Variable objEnableMulticast }
Log-Info "Restoring LLMNR settings." # Restore the LLMNR setting to the value it had before starting the script. switch ($bLLMNRPolicyState) { # LLMNR key was not present 1 { try { # Delete the key. Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" -Name "EnableMulticast" -Force -ErrorAction Stop # Restart the DNS Client service to enforce the change. Restart-Service -Name "dnscache" -Force -ErrorAction Stop } catch { Log-Error "Failed to delete the EnableMulticast value." Log-Error $Error[0] } } # LLMNR was already set to disabled. 2 { Log-Info "LLMNR was already set to disabled. Not changing." } # LLMNR was disabled by this script. 3 { try { # Overwrite the value. New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" ` -Name "EnableMulticast" -PropertyType "DWORD" -Value 0 -Force -ErrorAction Stop | Out-Null # Restart the DNS Client service to enforce the change. Restart-Service -Name "dnscache" -Force -ErrorAction Stop } catch { Log-Error "Failed to restore the LLMNR setting to enabled." Log-Error $Error[0] } } Default { Log-Warning "Unexpected value of $bLLMNRPolicyState for bLLMNRPolicyState. Not changing LLMNR registry setting." } }