I was asked by management to disable IPv6 on our Windows machines. While I'm aware that this isn't typically advised, I went ahead and made the changes using a registry key, which I deployed through Group Policy. However, I noticed that the IPv6 checkbox in the network adapter settings is still checked, and I'm having trouble finding a way to confirm that IPv6 is truly disabled. Is there any tool or method I can use to prove to management that IPv6 is turned off?
5 Answers
You might be able to convince them to reconsider by sharing the Microsoft article that explains why disabling IPv6 is a bad move. It states that not all components will work properly if IPv6 is disabled. Sometimes management needs some solid external validation before they'll consider changing their mind!
Rather than disabling IPv6 outright, you might want to set it to prefer IPv4 instead. Microsoft recommends this approach. But if management insists, a simple way to check is doing a packet capture; look for any IPv6 traffic. If `ethertype=0x86DD` shows up, then IPv6 is still active.
Totally agree! Also, running a tool like Wireshark can really help in monitoring traffic effectively.
Honestly, disabling IPv6 might cause some unexpected issues, so it's worth highlighting that to management. If they really want proof, you could ping '::1' and show that it (sometimes) responds even when IPv6 is meant to be disabled. It’s a tricky situation!
Exactly, I've seen it cause problems with applications that expect IPv6 to be available, so better to advise against disabling it.
To really make it clear to management, you could write a script to check the registry key across all machines. If it exists and is set to disable IPv6, you can show that as proof. Just ensuring it’s documented would help you later if any issues arise!
That's a smart idea! A clear report can help back you up against any blame later.
You might want to start by showing them the output of `ipconfig /all`. If IPv6 is truly disabled, the adapter should show no IPv6 addresses at all. Also, if the settings are applied correctly, you should see absence of any link-local addresses like those starting with `fe80::`. That tends to be pretty solid evidence!
Yeah, also remember that if the link-local address is still there, it doesn't mean IPv6 is fully enabled, but it's active for local communication.
True! That article is a good reference. Make sure to stress the potential impact on operations.