2009-02-12

New group policies for DNS in Windows Server 2003

New group policies for DNS in Windows Server 2003

http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

Windows Server 2003 resolves the problem of centralized DNS management by introducing group policies to configure DNS clients. For example, the following parameters are available in Windows Server 2003:
Enable or disable dynamic registration of the DNS records by a clientConfigure DNS suffix search list of the clientsDevolution of the primary DNS suffix in a name resolution processDNS suffix search list
These group policies are at the following location:
Computer Configuration/Administrative Templates/Network/DNS Client Group policy always supersedes the local configuration as well as the DHCP configuration. The only exception to this rule is if the REG_DWORD value DoNotUseGroupPolicyForDisableDynamicUpdate is enabled under the following registry key to disable dynamic DNS registration: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ParametersIf this value exists and it is set to 0x1, then services do not use a group policy value; instead they use locally configured values. If DoNotUseGroupPolicyForDisableDynamicUpdate does not exist or is set to 0x0, services must use the value that is specified by the group policy.
Policy DescriptionsThis section describes the settings' functions, the registry key which is modified on the client, and the valid values for the policy and the registry key. These values are stored on the client is the following registry key: HKEY_LOCAL_MACHINE\Software\Polices\Microsoft\Windows NT\DNSClientPrimary DNS SuffixThis setting specifies the primary DNS suffix for all affected computers. The primary DNS suffix is used in DNS name registration and DNS name resolution. This setting specifies a primary DNS suffix for a group of computers, and prevents users, including administrators, from changing it.
If this setting is disabled or not configured, each computer uses its local primary DNS suffix that is usually the DNS name of the Active Directory domain that it is joined to. However, administrators can use the System tool in Control Panel to change the primary DNS suffix of a computer.
To use this setting, type the entire primary DNS suffix that you want to assign in the text box that is provided (for example, microsoft.com). This setting does not disable the DNS Suffix and NetBIOS Computer Name dialog box that administrators use to change the primary DNS suffix of a computer. However, if an administrator enters a suffix, that suffix is ignored while this setting is enabled.
IMPORTANT: For the changes to this setting to be applied, you must restart Windows Server on all computers that are affected by the setting.
TIP: To change the primary DNS suffix of a computer without setting a policy, click System in Control Panel, click the Network Identification tab, click Properties, click More, and then type a suffix in the Primary DNS suffix of this computer box.

No comments: