Disable Link-Local Multicast Name Resolution (LLMNR)
Grants admin ability to disable Link-Local Multicast Name Resolution (LLMNR).
Worklet Details
Introduction to the PowerShell Based Disable Link-Local Multicast Name Resolution (LLMNR) Worklet
The Disable Link-Local Multicast Name Resolution (LLMNR) Worklet is a PowerShell-based solution designed for Windows operating systems, including Windows 7, Windows 8, and Windows 10. This Worklet focuses on disabling the LLMNR protocol, which is known to have some security vulnerabilities that can be exploited in modern networks. By using this Worklet, administrators can enhance their network security and reduce potential risks associated with LLMNR.
Why would you use the Disable Link-Local Multicast Name Resolution (LLMNR) Worklet?
LLMNR is a legacy protocol used for hostname-to-IP-based name resolution when traditional domain name system (DNS) servers are unavailable or unresponsive. However, modern networks typically rely on DNS servers for name resolution, rendering LLMNR redundant in most cases.
LLMNR has been identified as a potential security risk due to its susceptibility to certain exploits that allow attackers to intercept users' credential hashes through multicast packets. Disabling LLMNR reduces these risks while maintaining efficient name resolution capabilities through other methods like DNS.
Components of the Disable Link-Local Multicast Name Resolution (LLMNR) Worklet
This Worklet includes two main components: an evaluation script and a remediation script. The evaluation script checks whether LLMNR is enabled by inspecting the `HKLM:\SOFTWARE\policies\Microsoft\Windows NT\DNSClient\EnableMulticast` registry entry. If it detects that LLMNR is enabled or not explicitly set, the script returns a non-compliant status.
The remediation script provides a function called `Toggle-LLMNR`, which modifies the `EnableMulticast` registry entry depending on whether the `-Enable` or `-Disable` switch parameter is provided. When executed with the `-Disable` switch, the script sets the registry entry's value to 0, effectively disabling LLMNR.
If successful, the script returns a compliant status.
How does the Disable Link-Local Multicast Name Resolution (LLMNR) Worklet work?
The Worklet is executed on targeted devices based on a schedule determined by an administrator. When run, the evaluation script checks whether LLMNR is enabled on each device and returns a compliance status accordingly.
If any devices are found to be non-compliant (i.e., LLMNR is enabled), the remediation script is then executed to disable LLMNR and ensure network security.
What is the expected outcome when you use the Disable Link-Local Multicast Name Resolution (LLMNR) Worklet?
When this Worklet is used successfully, it disables LLMNR on targeted Windows devices, reducing potential security vulnerabilities associated with this legacy protocol. As a result, network administrators can have greater confidence in their network's security and minimize risks related to name resolution processes.
By using this Worklet, administrators can ensure that their environment remains secure even as new devices are added or existing configurations change over time.
TRY WORKLETS TODAY FOR FREE
Start now and begin controlling your endpoints within 15 minutes.
No credit card required. By submitting this form you agree to our Master Services Agreement and Privacy Policy.
Already have an account? Log in
Consider Worklets your easy button
What's a Worklet?
A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.
AUTOMOX + WORKLETS™
Supercharge your endpoint management
Uncover new possibilities with simple, powerful automation.
By submitting this form you agree to our Master Services Agreement and Privacy Policy