Computer step by step
 Make your Pc better
Description:  

Specifies whether the computers to which this setting is applied use secure dynamic update or standard
dynamic update for registration of DNS records.

To enable this setting, click Enable, and then choose one of the following values.

Unsecure followed by secure - if this option is chosen, computers send secure dynamic updates only when
nonsecure dynamic updates are refused.

Only Unsecure - if this option is chosen, computers send only nonsecure dynamic updates.

Only Secure - if this option is chosen, computers send only secure dynamic updates.

If this setting is not configured, it is not applied to any computers, and computers use their local configuration.

Supported on: At least Windows XP Professional or Windows Server 2003 family.
Update Security Level
Description Gpedit Regedit CMD Back VBScript PowerShell Script
Gpedit:   

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
Type gpedit.msc and press Enter
In the Group Policy window please navigate to Computer Configuration -> Administrative Templates ->
Network -> DNS Client and open Update Security Level.
Not Configured -> is the Default state
Enabled -> apply this GPO
Disabled -> this GPO will not be applied

To finish press ok button and close Group Policy window.
Description Gpedit Regedit CMD Up Back VBScript
Type regedit and press ok
Please confirm User Account Control pop-up
Microsoft official disclaimer

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Note: This registry key is created by Group Policy when this GPO is Enable. The GPO Default state is Not
Configured -> this registry entry is not present. For Disable this registry entry is not present.

Please navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient and
locate
UpdateSecurityLevel registry key
Regedit:          

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
Description Gpedit Regedit CMD Up Back VBScript
Double click on UpdateSecurityLevel and edit the value:

To Enable:
Change the data value with:
Only Secure = 256
Only Unsecure = 16
Unsecure followed by Secure = 0
To finish press ok button and close Registry Editor window

Note: Manual editing of this registry key will not be reflected in Group Policy. If you modify this GPO from
Group Policy this registry key will be rewritten.
PowerShell Script PowerShell Script
   
   
Description Gpedit Regedit Back CMD VBScript Up
Type cmd, right click on cmd icon under the Programs and click on Run as administrator
Please confirm User Account Control pop-up
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

Enabled:
Only Secure:
REG add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /t REG_DWORD /d 100 /f
Only Unsecure
REG add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /t REG_DWORD /d 10 /f
Unsecure followed by Secure
REG add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /t REG_DWORD /d 0 /f

Not Configured\Disabled:
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /v UpdateSecurityLevel /f

Note: Manual editing of this registry key will not be reflected in Group Policy. If you modify this GPO from
Group Policy this registry key will be rewritten.
CMD:          

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
PowerShell Script
   
Description Gpedit Regedit Back CMD VBScript Up
VBScript:          

Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strValueName = "UpdateSecurityLevel"
'Enabled
'Only Secure
dwValue1 = 100
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue1
'Only Unsecure
'dwValue2 = 10
'oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue2
'Unsecure followed by Secure
'dwValue3 = 0
'oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue3
'Not Configured
'oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName
PowerShell Script
   
Description Gpedit Regedit Back CMD VBScript Up
PowerShell Script :          

Enabled

$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft"
If(Test-Path ($RegKey + "\Windows NT"))
{
 $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT"
 If(Test-Path ($RegKey + "\DNSClient"))
 {
   $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
   ##Enabled
   ##Only Secure
   New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 100 -PropertyType DWord -Force
   ##Only Unsecure
   ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 10 -PropertyType DWord -Force
   ##Unsecure followed by Secure
   ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 0 -PropertyType DWord -Force
 }
  else
 {
   New-Item -path $RegKey -name DNSClient
   $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
   ##Enabled
   ##Only Secure
   New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 100 -PropertyType DWord
   ##Only Unsecure
   ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 10 -PropertyType DWord
   ##Unsecure followed by Secure
   ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 0 -PropertyType DWord
 }
}
else
{
 New-Item -path $RegKey -name Windows NT
 $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT"
 New-Item -path $RegKey -name DNSClient
 $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient"
 ##Enabled
 ##Only Secure
 New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 100 -PropertyType DWord
 ##Only Unsecure
 ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 10 -PropertyType DWord
 ##Unsecure followed by Secure
 ##New-ItemProperty -path $RegKey -name UpdateSecurityLevel -value 0 -PropertyType DWord
}

Not Configured\Disabled

$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft"
Remove-ItemProperty -Path($RegKey + "\Windows NT\DNSClient") -name UpdateSecurityLevel
If( (Get-Item -Path($RegKey + "\Windows NT\DNSClient")).ValueCount -eq 0 -and (Get-Item -Path($RegKey + "\Windows NT\DNSClient")).SubKeyCount -eq 0)
{
 Remove-Item -Path($RegKey + "\Windows NT\DNSClient")
 If( (Get-Item -Path($RegKey + "\Windows NT")).ValueCount -eq 0 -and (Get-Item -Path($RegKey + "\Windows NT")).SubKeyCount -eq 0)
 {
   Remove-Item -Path($RegKey + "\Windows NT")
 }
}
Up Back PowerShell Script