Disable IPv6
Purpose
This solution provides centralized management of IPv6 protocol settings across Windows devices within the organization. It enables automated disabling of IPv6 on targeted devices while maintaining the flexibility to exclude specific clients, locations, or devices through custom field configuration. The solution includes remediation scripts and manual override capabilities for complete control over IPv6 protocol management.
Associated Content
Custom Field
| Name | Example | Type | Level | Required | Purpose |
|---|---|---|---|---|---|
| cPVAL Disable IPv6 | Windows Workstation and Server | Dropdown | Organization, Location, Device | Yes | Controls IPv6 disablement based on selected operating system |
Automation Scripts
| Name | Purpose |
|---|---|
| Get IPv6 Enabled Adapters | Detection script that checks if IPv6 is enabled on any network adapter |
| Disable IPv6 | Remediation script that disables IPv6 protocol binding on all network adapters |
| Enable IPv6 | Manual script to re-enable IPv6 protocol binding (for reversal) |
Compound Conditions
| Name | Purpose |
|---|---|
| Disable IPv6 Windows Workstation | Applies IPv6 disablement to Windows workstations based on custom field settings |
| Disable IPv6 Windows Server | Applies IPv6 disablement to Windows servers based on custom field settings |
Implementation
Step 1: Create the Custom Field
Create the cPVAL Disable IPv6 custom field under SETTINGS → Custom Fields with the following configuration:
- Definition Scope: Organization, Location, Device
- Type: Dropdown
- Options: None, Windows Workstation and Windows Server, Windows Workstation, Windows Server
- Default Value: (Empty)
- Tab Name: Device Standards
Step 2: Import Automation Scripts
Import the required automation scripts:
- Get IPv6 Enabled Adapters - Detection script
- Disable IPv6 - Remediation script
- Enable IPv6 - Manual reversal script
Step 3: Configure Compound Conditions
Create two compound conditions targeting the appropriate device policies:
For Windows Workstations:
- Name: Disable IPv6 Windows Workstation
- Policy:
Windows Workstation [Default] - Logic: Runs when IPv6 is detected AND custom field specifies Workstation inclusion
For Windows Servers:
- Name: Disable IPv6 Windows Server
- Policy:
Windows Server [Default] - Logic: Runs when IPv6 is detected AND custom field specifies Server inclusion
Step 4: Set Organizational Default
Configure the organizational-level custom field to establish default behavior:
- Set to appropriate value based on organizational policies
- Use location and device-level settings for exceptions and overrides
FAQ
Q: What happens if I need to exclude specific devices from IPv6 disablement?
A: Set the device-level custom field to "None" for any devices that should retain IPv6 functionality.
Q: How does the solution handle different organizational units?
A: The custom field supports three levels of configuration - Organization, Location, and Device - allowing for granular control.
Q: What if disabling IPv6 causes network connectivity issues?
A: Use the Enable IPv6 script to manually re-enable IPv6 on affected devices.
Q: How often does the solution check for IPv6 status?
A: The compound conditions run continuously, checking for IPv6-enabled adapters and applying remediation when needed.
Q: Can I disable IPv6 for workstations but not servers?
A: Yes, set the custom field to "Windows Workstation" only at the desired configuration level.
Q: What permissions are required for this solution?
A: The custom field requires Read/Write permissions for both technicians and automation systems.
Note: Disabling IPv6 may affect network connectivity in environments that rely on IPv6 functionality. Test thoroughly before widespread deployment.