Share via

Enforcing DNS Server Policy in Local Group Policy Editor on Windows 11

André Ferreira 0 Reputation points
2024-05-06T17:07:21.16+00:00

In the "Local Group Policy Editor," navigate to:

Computer Configuration > Administrative Templates > Network > DNS Client

Here, you'll find a policy named "DNS Servers" with a requirement listed as "Windows XP Professional only."

Now, it's odd to stumble upon an XP-exclusive policy within Windows 11 settings. The reason behind its inclusion remains a mystery. Could it be oversight or perhaps a legacy policy carried over from previous Windows versions? Speculating about laziness isn't productive; instead, let's focus on the functionality it offers.

Surprisingly, this policy is precisely what I've been seeking—a means to enforce DNS servers and thwart any attempts, whether DHCP-driven or manual, from succeeding.

Given that the laptop in question frequently traverses various unsecured networks, manually verifying DNS settings becomes an arduous task. In such scenarios, having a policy in place would be a game-changer, providing an ideal solution for ensuring network security and stability.

Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.> To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.

If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.

How to achieve the same?

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-05-08T03:37:50.5533333+00:00

    Hi André Ferreira,

    Thanks for your post. As you can see in the group policy. The GPO Computer Configuration –> Administrative Templates –> Network –> DNS Client –> DNS Servers doesn’t work. The “Supported On” version doesn’t include Windows Server 2016\Windows 10 in the compatibility. Even if you apply this GPO, it will apply to the server within the registry, but there will be no visible change under the TCP-IP properties. At such situation, you can use powershell or Microsoft Intune to do the same action.

    See the Steps for these two methods.

    GPO – PowerShell – Intune – Add additional DNS Client Servers across the enterprise | AskAresh

    Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

    Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.