If you see your Windows computers accessing the site, http://www.msftncsi.com in your packet captures and/or firewall logs, it is due to the Network Connectivity Status Indicator (NCSI) feature in the Windows Operating System introduced with Vista. Its also enabled for later operating systems such as in Windows 7 and 2008. This feature is used to determine the network status of the Windows client. In some cases, you may simply want to disable it because your systems are on a local network without internet connectivity.
What is occurring behind the scenes is that NCSI is performing an HTTP request for http://www.msftncsi.com/ncsi.txt or a DNS look up for dns.msftncsi.com that resoles to 131.107.255.255. You can disable this behavior either by modifying the registry of the local machine, or if you want to disable it across multiple domain joined systems, you can do so by creating a group policy object (GPO).
Registry (Windows Vista & Later)
- Start the registry editor
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
- Under the Internet key, double-click "EnableActiveProbing", and then in Value data, type: 0
- The default for this value is 1. Setting the value to 0 disables this feature.
- Click OK.
- Restart the computer.
I would recommend that you apply the following 2 GPO settings over a registry edit if you have a group of computers that you want to apply these settings to.
1a - Group Policy (Vista):
- Edit a Group Policy Object that is applied to all the workstations you want this configuration applied to.
- Navigate to Computer Configuration > Preferences > Windows Settings > Registry
- Create a “New Registry Item”
- Type “SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet” in the Key Path then type “EnableActiveProbing” in the Value name, then select REG_DWORD as the value type “0” in the value data and then
- Click “OK”.
1b - Group Policy (Windows 7/2008 R2)
To use a Group Policy setting to prevent NCSI from communicating across the Internet
- Click Start, type gpmc.msc, and then press ENTER. Select an appropriate Group Policy object (GPO).
- Expand Computer Configuration, expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.
- In the details pane, double-click Turn off Windows Network Connectivity Status Indicator active tests, and then click Enabled.
2 - Group Policy (Windows 7/2008 R2)
This setting specifies whether or not the "local access only" network icon will be shown.
When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local
access only.
- Click Start, type gpmc.msc, and then press ENTER. Select an appropriate Group Policy object (GPO).
- Navigate to Computer Configuration > Policies > Administrative Templates > Network Connections
- Enable the “Do not show the “local access only” network icon” policy setting.
If you have a mix of Vista, 7, 2008, and 2008 R2 systems in your target OU, you can create a GPO with all of the settings shown above so
that you have one comprehensive policy for various operating systems.
Please help us spread the word by socializing it today!
Did you find something wrong with the information on this page? Please take a moment to report it to us
so that we can continue to improve the quality of the information on this site. Click here to
report an issue with this page.
Recommended Books & Training Resources