Akzium
  • Home
  • Solutions
    • Distributed File Systems
    • Security
    • Cloud Computing >
      • Enterprise File Sync and Sharing
    • SD-WAN
    • Secure Internet
    • Virtualization
    • Backup and Replication >
      • AS400 Backup and Replication
      • DICOM Image Backup and Archival
    • Disaster Recovery
  • Services
    • Cloud Migration Services
  • About
  • Blog

Windows Local Hosts File DNS Lookup

12/31/2024

0 Comments

 
Picture
Microsoft Windows will always check the local Windows\System32\drivers\etc\HOSTS file by default before consulting the DNS cache. The DNS cache simply stores previously resolved domain names and their corresponding IP addresses for faster access, but if a matching entry is found in the hosts file, the cache is ignored.

It is possible via GPO to change the DNS lookup order, or DISABLE the local Windows hosts file DNS resolver function: Group Policy, Computer Configuration > Administrative Templates > Network > DNS Client and enable the policy "Turn off Multicast Name Resolution" which effectively prevents the computer from using the local hosts file for name resolution. This also disables LLMNR (Link-Local Multicast Name Resolution), which is a Microsoft endpoint security recommendation.

For those not familiar with editing the hosts file, PhoenixNAP has a nice write-up here: 
https://phoenixnap.com/kb/windows-hosts-file

0 Comments

Disable Windows Quick Assist and Windows Share Experiences

12/7/2024

0 Comments

 
Picture
Here's a "how to" on disabling Windows Quick Assist and Windows Shared Experiences. Windows Quick Assist has become a go-to tool for malware actors to gain remote access to a social-engineering-scammed user's PC without having to do any sort of software installation. Quick Assist is enabled by default on both Windows 10 and Windows 11 PCs and allows a remote user to access your PC in local administrator mode. Windows Shared Experiences can be used by hackers for lateral movement once a PC has been infected with malware.

To Disable Quick Assist:
1) Create Firewall Rule to block C:\Windows\System32\quickassist.exe from internet access.
2) To disable Windows Quick Assist in Group Policy, navigate to "Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security" and then set the policy "Restrict Remote Assistance to authorized users" to "Enabled"
3) In Group Policy editor go to: Computer Configuration > Administrative Templates > System > Remote Assistance > Configure Solicited Remote Assistance (set to disabled)
4) Change the registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services] "fAllowToGetHelp"=dword:00000000

For Windows Shared Experiences:
1) In Group Policy: Computer Configuration>Administrative Templates>System>Group Policy>Continue Experience On This Device (set to disabled)

2) In the registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
dword: "EnableCdp"=0

Here's a link to the Microsoft Learn article about Quick Assist: https://lnkd.in/eQ5STV86

Here's a Microsoft Support post about Shared Experiences: https://lnkd.in/ehRW-guV
0 Comments

    Author

    Akzium team blog

    Archives

    May 2025
    April 2025
    March 2025
    January 2025
    December 2024
    November 2024
    October 2024
    July 2024
    November 2022
    September 2022
    August 2022
    July 2022

    Categories

    All
    Alias Gmail
    Apache Log4J
    AWS EC2 IIS File Share
    BypassNRO
    Chrome Browser GPU
    Default Gateway
    DHCP
    DHCP Backup
    DHCP Restore
    DiskPart
    Endpoint Security
    File Server Migrations
    File Server Registry Key
    File Server Resource Manager
    File Shares Registry Key
    Ghost Network Adapters
    Gmail Alias
    Gmail Email Alias
    IBM 5250 Terminal
    IBM BOMC
    IBM Firmware Updater
    IBM FlashSystem Firmware Update
    IIS
    Internet Information Services
    Lenovo BOMC
    Lenovo Firmware Updater
    NTP
    RaspberryPi 4b
    RaspberryPi 4b 5250
    Recovery Partition Relocate
    Security Registry Edits
    Self Signed SSL
    Set Chrome To Use GPU
    Time Server Change
    Uptime Kuma
    Uptime Kuma Ubuntu Install
    Virus Scanner
    VMware
    Windows 11
    Windows 11 Developer Console
    Windows File Server
    Windows IIS File Sharing
    Windows Quick Assist
    Windows Route Command
    Windows Sandbox
    Windows Script Host
    Windows Server 2022 Recovery Partition
    Windows Shared Experiences
    Windows Time

    RSS Feed

Akzium, LLC | 601-841-2499     .     [email protected]
Copyright 2011-2025, Akzium, LLC.  All rights reserved.