.      How to articles       Windows Services       Group Policy             Donate        
Computer step by step

Update security level


Specifies the security level for dynamic DNS updates.

To use this policy setting, click Enabled and then select one of the following values:

Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.

Only unsecure - computers send only nonsecure dynamic updates.

Only secure - computers send only secure dynamic updates.

If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.

If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.

Supported on:

At least Windows Server 2003 operating systems or Windows XP Professional

GPO PowerShell Regedit CMD

We can use Command Prompt to add or delete the registry key(s):

For Enabled, Add the registry key:

REG add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /t REG_DWORD /d 0 /f

For Disabled, Delete the registry key

REG DELETE "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /f

For Not Configured, Delete the registry key:

REG DELETE "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /f