Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). Note: To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesSystemNet LogonDC Locator DNS Records!Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftNetlogonParameters!IgnoreIncomingMailslotMessages