Tactical Advice

Should You Disable IPv6 on a Windows 7 PC?

Several features depend on IPv6 to function properly, so proceed with caution.
Should You Disable IPv6 on a Windows 7 PC?

Both the Internet Assigned Numbers Authority and the Asia-Pacific Network Information Centre have run out of IPv4 addresses to allocate, and RIPE, the European numbering authority, is soon to follow. Large ISPs are now beginning to turn on IPv6 for their customers, and most vendors of firewalls, load balancers and other network appliances are starting to claim that their devices fully support IPv6. Is it time then for businesses to stop worrying about IPv6 and simply leave it enabled on Windows PCs?

The Myth of Disabling IPv6

Actually, you can’t fully disable IPv6 on a computer running Windows 7. For example, if you clear the checkbox for IPv6 for your Local Area Connection network interface (see Figure 1), it won’t disable IPv6 on the system. It simply removes the binding for it from that particular network interface.

And if you edit the registry as indicated by this article in the Microsoft Knowledge Base, the binding for IPv6 will be removed from all network interfaces on your system, including LAN, WAN and VPN interfaces. But the underlying components of IPv6 won’t be removed from your system, which is easy to see by opening a command prompt and pinging the IPv6 loopback address ::1 from a command prompt window on the system.

figure 1: clearing the selected checkbox removes the binding for IPv6

Figure 1: Clearing the selected checkbox only removes the binding for IPv6.

Disabling IPv6 Breaks Functionality

Are there negative consequences to disabling IPv6 on a Windows 7 PC? Several features of Windows 7 depend on IPv6 to function as intended, including:

  • DirectAccess, which allows users to remotely access corporate resources whenever they have Internet connectivity, as if they were directly connected to the corporate LAN.
  • Remote Assistance, which enables users to invite remote users to connect to their computer to help them when they have problems.
  • HomeGroup, which makes it easy for users to share their libraries and printers on their home network.

Because Microsoft performed most of its internal validation testing of Windows 7 with IPv6 enabled, disabling IPv6 may have unintended consequences that even Microsoft isn’t yet aware of. Users could end up with mysterious issues requiring the help of Microsoft Support for troubleshooting, and one of the questions they may ask is, “Have you disabled IPv6?” If you have done so, you might be asked to turn it back on to resolve the issue.

Leaving IPv6 enabled might seem to go against a system administrator’s prime directive: “If you’re not using it, don’t enable it.” But there’s another directive that says: “If it ain’t broke, don’t fix it,” and in this case it’s the latter that should take precedence.

Will leaving IPv6 enabled result in a lot of additional network traffic that could lead to poor application performance? No. Windows systems that need to communicate with other Windows systems on the same subnet simply prefer using IPv6 Link Local addresses over IPv4 addresses, and this has only a negligible impact on the overall network traffic.

But My Vendor Doesn’t Support It Yet

If you contact your vendor for firewall appliances or other network security devices, you’ll probably find that they do have updated hardware that now fully supports IPv6. If they don’t, they probably won’t stay in business for very long.

And if your legacy routers and gateway appliances don’t currently support IPv6 or don’t have it enabled, then IPv6 traffic isn’t going to flow in and out of the network anyway. So monitoring or controlling the flow of IPv6 traffic across your boundary isn’t really an issue. But if your ISP has already enabled IPv6, then maybe it’s time to upgrade your routers, gateways and security appliances. The reality is that almost all routers sold during the past 10 years support IPv6 as well as IPv4.

For Users Who Travel

What if someone has a notebook running Windows 7 with IPv6 enabled, and they travel to another city and use the LAN connection in a hotel to connect to the Internet? Are there possible security consequences of having IPv6 enabled on systems that travel beyond a company’s perimeter firewall?

The reality is that IPv6 is a much more secure protocol than IPv4, which actually has no security at all. In fact, IPv4 application developers have found it necessary to implement additional security at the application layer because there’s no inherent security built into IPv4. By contrast, IPv6 is built from the ground up with security in mind.

Disabling IPv6 on Windows 7 PCs provides no additional security or any other real value to a network. And leaving IPv6 enabled on these PCs enables certain valuable Windows features to work properly. So the bottom line is, don’t disable IPv6 on Windows 7 PCs unless you can justify your decision with a more compelling reason than “But I haven’t had time to learn about it yet.”

Start thinking long term, and get that IPv6 migration plan in order for your business. If you want to learn more about IPv6 and how to prepare for its inevitable arrival, visit the IPv6 Blog on TechNet.

Sign up for our e-newsletter

About the Author

Mitch Tulloch

Mitch Tulloch

Mitch Tulloch is a Microsoft Most Valuable Professional and lead author of the Windows 7 Resource Kit from Microsoft Press. You can follow him on Twitter at @MitchTulloch or friend him on Facebook at http://www.facebook.com/mitchtulloch.

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.