Primary DNS SuffixID: oval:org.secpod.oval:def:19301 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The Primary DNS Suffix machine setting should be configured correctly.
Specifies the primary Domain Name System (DNS) suffix for all affected computers. The primary DNS suffix is used in DNS name registration and DNS name resolution. This setting lets you specify a primary DNS suffix for a group of computers and prevents users, including administrators, from changing it. If you disable this setting or do not configure it, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. However, administrators can use System in Control Panel to change the primary DNS suffix of a computer. To use this setting, in the text box provided, type the entire primary DNS suffix you want to assign. For example, microsoft.com. This setting does not disable the DNS Suffix and NetBIOS Computer Name dialog box that administrators use to change the primary DNS suffix of a computer. However, if administrators enter a suffix, that suffix is ignored while this setting is enabled.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix
(2) KEY: HKLM\Software\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix
Platform: |
Microsoft Windows Server 2008 R2 |