gearlogo

Manging the Network Connectivity Status Indicator

Friday, October 28, 2011

tags Windows Server 2008

If you see your Windows computers accessing the site, http://www.msftncsi.com in your packet captures and/or firewall logs, it is due to the Network Connectivity Status Indicator (NCSI) feature in the Windows Operating System introduced with Vista. Its also enabled for later operating systems such as in Windows 7 and 2008. This feature is used to determine the network status of the Windows client. In some cases, you may simply want to disable it because your systems are on a local network without internet connectivity.

What is occurring behind the scenes is that NCSI is performing an HTTP request for http://www.msftncsi.com/ncsi.txt or a DNS look up for dns.msftncsi.com that resoles to 131.107.255.255. You can disable this behavior either by modifying the registry of the local machine, or if you want to disable it across multiple domain joined systems, you can do so by creating a group policy object (GPO).


Registry (Windows Vista & Later)
  1. Start the registry editor
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
  3. Under the Internet key, double-click "EnableActiveProbing", and then in Value data, type: 0
  4. The default for this value is 1. Setting the value to 0 disables this feature.
  5. Click OK.
  6. Restart the computer.

I would recommend that you apply the following 2 GPO settings over a registry edit if you have a group of computers that you want to apply these settings to.

1a - Group Policy (Vista):
  1. Edit a Group Policy Object that is applied to all the workstations you want this configuration applied to.
  2. Navigate to Computer Configuration > Preferences > Windows Settings > Registry
  3. Create a “New Registry Item”
  4. Type “SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet” in the Key Path then type “EnableActiveProbing” in the Value name, then select REG_DWORD as the value type “0” in the value data and then
  5. Click “OK”.

1b - Group Policy (Windows 7/2008 R2)

To use a Group Policy setting to prevent NCSI from communicating across the Internet

  1. Click Start, type gpmc.msc, and then press ENTER. Select an appropriate Group Policy object (GPO).
  2. Expand Computer Configuration, expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.
  3. In the details pane, double-click Turn off Windows Network Connectivity Status Indicator active tests, and then click Enabled.

2 - Group Policy (Windows 7/2008 R2)

This setting specifies whether or not the "local access only" network icon will be shown.
When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only. If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.

  1. Click Start, type gpmc.msc, and then press ENTER. Select an appropriate Group Policy object (GPO).
  2. Navigate to Computer Configuration > Policies > Administrative Templates > Network Connections
  3. Enable the “Do not show the “local access only” network icon” policy setting.

ncsi

If you have a mix of Vista, 7, 2008, and 2008 R2 systems in your target OU, you can create a GPO with all of the settings shown above so that you have one comprehensive policy for various operating systems.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

Windows Server 2008 R2 Unleashed MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647