As the world continues its transition from IPv4 to IPv6, the need for tools and scripts that allow IT professionals to manage IPv6 configurations has become increasingly important. One key requirement is the ability to enable or disable IPv6 components on Windows-based systems. Our spotlight today is on a PowerShell script that allows for precise configuration of IPv6 on Windows devices.
Background
IPv6, the successor to IPv4, addresses the issue of IP address exhaustion and brings about numerous other benefits. However, while transitioning or testing, IT professionals and Managed Service Providers (MSPs) might find the need to enable, disable, or tweak certain IPv6 components. Whether for troubleshooting, network configuration, or security purposes, having a streamlined method can be invaluable. The provided script does just that—it’s a tool for configuring IPv6 in Windows with flexibility and precision.
The Script
#Requires -Version 5.1
<#
.SYNOPSIS
Enable or disable components for IPv6 on all network connections.
.DESCRIPTION
Enable or disable components for IPv6 on all network connections.
Rebooting is required for Windows to apply these settings.
.EXAMPLE
-Components DisableAll
Disables all IPv6 components.
.EXAMPLE
PS C:> Disable-IPv6.ps1 -ComponentsValue 0xFF
Disables all IPv6 components from custom value.
See link for more options:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows
.EXAMPLE
-Components EnableAll
Enables all IPv6 components.
.EXAMPLE
-Components DisableAllTunnels
Disables all IPv6 Tunnels.
.EXAMPLE
-Components DisableAllTunnels, Disable6to4
Disables All IPv6 Tunnels and 6to4 components.
.EXAMPLE
PS C:> Disable-IPv6.ps1 -Components DisableAll
Disables all IPv6 components.
.OUTPUTS
None
.NOTES
Minimum OS Architecture Supported: Windows 10, Windows Server 2016
Release Notes:
Initial Release
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider.
Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
.COMPONENT
ProtocolSecurity
#>
[CmdletBinding(DefaultParameterSetName = "Components")]
param (
[Parameter(Mandatory = $true, ParameterSetName = "Components")]
[ValidateSet("EnableAll", "DisableAllTunnels", "Disable6to4", "DisableISATAP", "DisableTeredo", "PreferIPv4Over", "Disableall")]
[string[]]
$Components,
[Parameter(Mandatory = $true, ParameterSetName = "Value")]
[ValidateRange(0, 255)]
[int]
$ComponentsValue
)
begin {
$DisableValue = 0
if ($Components) {
# Define values for names in $Components
$EnableAll = 0
$DisableAllTunnels = 0x01
$Disable6to4 = 0x02
$DisableISATAP = 0x04
$DisableTeredo = 0x08
$PreferIPv4Over = 0x20
$Disableall = 0xFF
# Create bit "list" and start at 0
$DisableValue = 0
$Components | ForEach-Object {
# Add each item in $Components to $DisableList with bitwise-or operation
$DisableValue = $DisableValue -bor $(Get-Variable -Name $_ -ValueOnly)
}
}
elseif ($ComponentsValue) {
$DisableValue = $ComponentsValue
}
function Set-ItemProp {
param (
$Path,
$Name,
$Value,
[ValidateSet("DWord", "QWord", "String", "ExpandedString", "Binary", "MultiString", "Unknown")]
$PropertyType = "DWord"
)
if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {
Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false | Out-Null
}
else {
New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false | Out-Null
}
}
function Test-IsElevated {
$id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$p = New-Object System.Security.Principal.WindowsPrincipal($id)
if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))
{ Write-Output $true }
else
{ Write-Output $false }
}
}
process {
if (-not (Test-IsElevated)) {
Write-Error -Message "Access Denied. Please run with Administrator privileges."
exit 1
}
$Path = "HKLM:SYSTEMCurrentControlSetServicesTcpip6Parameters"
$Name = "DisabledComponents"
$Value = $DisableValue
try {
Set-ItemProp -Path $Path -Name $Name -Value $Value
}
catch {
Write-Error $_
exit 1
}
}
end {}
Access 300+ scripts in the NinjaOne Dojo
Detailed Breakdown
The script is a PowerShell script, denoted by its .ps1 extension. Here’s a step-by-step breakdown of its workings:
- Parameters: At its core, the script requires a user to input either specific IPv6 components they wish to manage or a direct value that represents a certain configuration.
- Initialization: The script then initializes the default DisabledComponents value to 0, which means no components are disabled. The script then maps each component name to its respective hex value.
- Processing: For each component provided as input, the script computes a cumulative hex value. This cumulative value determines which IPv6 components should be disabled.
- Setting the Registry: With the computed hex value, the script proceeds to either update or create a registry key. This is where the actual enabling or disabling of IPv6 components happens. The script targets the DisabledComponents key within the Windows registry.
- Execution Control: The script checks if it has administrative rights before executing the main process. If not, it prompts the user to run it with elevated privileges.
Potential Use Cases
Case Study: Imagine an IT admin, Jane, working for a large enterprise. They’re migrating a segment of their network to IPv6 but have legacy applications that don’t work well with certain IPv6 components, like Teredo. Using the script, Jane can easily disable Teredo on all affected machines, ensuring application compatibility without completely turning off IPv6.
Comparisons
While manual methods, such as navigating the GUI interface or using native Windows commands, exist to disable or enable IPv6 components, they can be tedious, especially for large networks. This script simplifies the process, allowing for batch processing, automation, and precision.
FAQs
- How do I execute the script?
Run it using PowerShell with elevated rights. - Do I need to restart the system after?
Yes, a reboot is required for changes to take effect. - Which Windows versions are supported?
Windows 10 and Windows Server 2016 onwards.
Implications
While IPv6 brings many advantages, misconfigurations can lead to security vulnerabilities or connectivity issues. Being able to control its components ensures a safer and more tailored network environment.
Recommendations
- Always backup the registry before making changes.
- Test the script on a single device before large-scale deployment.
- Ensure you have a clear understanding of each IPv6 component before disabling it.
Final Thoughts
Tools like NinjaOne can further enhance the experience by providing integrated network management and monitoring capabilities. When coupled with scripts like this, IT professionals can ensure a smooth and secure IPv6 transition.
