Block icmp on domain controllers

Andreas 1,301 Reputation points
2021-09-01T08:49:08.517+00:00

Hi,

We are looking into locking down our domain controllers, and was wondering if we could block ICMP. If we block ICMP will that cause any problems with for example communication between domain controllers or between clients and domain controllers ?

I have read something about problems with GPO, but that should not be a problem if we use newer OS version. In the environment there are Windows Server 2008, 2008 R2, 2012, 2012R2, 2016, 2019, Windows 10

Thanks for reply.

/Regards
Andreas

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,205 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,732 questions
0 comments
Accepted answer
  1. Limitless Technology 39,391 Reputation points
    2021-09-01T13:44:32.787+00:00

    Hello,

    Thank you for your question.

    Legacy OS 2000,2003, XP were required to open ICMP ports for "Slow network detection"

    Vsta, Windows 2008, Win 7, and Windows 2008 no longer rely on ICMP.
    Instead they use NLA (Network Location Awareness)

    Please have a look on below Microsoft article and Thread discussing the same.

    http://technet.microsoft.com/en-us/library/cc725828(WS.10).aspx#BKMK_nla

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/f4efdf01-fa0b-43c2-9533-9fe188c4658b/blocking-icmp-can-affect-the-group-policy-implementation?forum=winserverGP

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest