If you see your Windows computers accessing the site, http://www.msftncsi.com in your packet captures and/or firewall logs, it is due to the Network Connectivity Status Indicator (NCSI) feature in the Windows Operating System introduced with Vista. It’s also enabled for later operating systems such as Windows 7 and 2008. This feature is used to determine the network status of the Windows client. In some cases, you may simply want to disable it because your systems are on a local network without internet connectivity.
What is occurring behind the scenes is that NCSI is performing an HTTP request for http://www.msftncsi.com/ncsi.txt or a DNS look-up for dns.msftncsi.com that resolves to 131.107.255.255
. You can disable this behavior either by modifying the registry of the local machine or if you want to disable it across multiple domain joined systems, you can do so by creating a group policy object (GPO).
Registry (Windows Vista & Later)
- Start the registry editor
- Navigate to
HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
- Under the Internet key, double-click EnableActiveProbing, and then in Value data, type:
0
- The default for this value is
1
. Setting the value to0
disables this feature - Click OK
- Restart the computer
1a – Group Policy (Vista):
- Edit a Group Policy Object that is applied to all the workstations you want this configuration applied to
- Navigate to Computer Configuration > Preferences > Windows Settings > Registry
- Create a New Registry Item
- Type
SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
in the Key Path then typeEnableActiveProbing
in the Value name, then selectREG_DWORD
as the value type0
in the value data - Click OK
1b – Group Policy (Windows 7/2008 R2)
- Click Start, type
gpmc.msc
, and then press ENTER. Select an appropriate Group Policy object (GPO). - Expand Computer Configuration, expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.
- In the details pane, double-click Turn off Windows Network Connectivity Status Indicator active tests, and then click Enabled.
2 – Group Policy (Windows 7/2008 R2)
This setting specifies whether or not the “local access only” network icon will be shown. When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
If you disable this setting or do not configure it, the “local access only” icon will be used when a user is connected to a network with local access only.
- Click Start, type
gpmc.msc
, and then press ENTER. Select an appropriate Group Policy object (GPO). - Navigate to Computer Configuration > Policies > Administrative Templates > Network Connections
- Enable the Do not show the “local access only” network icon policy setting.
If you have a mix of Vista, 7, 2008, and 2008 R2 systems in your target OU, you can create a GPO with all of the settings shown above so that you have one comprehensive policy for various operating systems.