Based on my understanding, you want to enable Block Downloads option via registry or PowerShell. Please feel free to let me know if I have any misunderstanding. I am currently performing research on this and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

2) If DC is also DHCP, you don't need to put it in DnsUpdateProxy Group. If the DHCP server is on a different machine than the Domain Controller, then you need to put it in DnsUpdateProxy Group.

3) Should be work. I will do a test, please give me some time.

Hi ,

1): If DHCP is also on your DC, you can set OpenAclOnProxyUpdates to 0. This can also prevent "foreign" updates to records created by DHCP.

2):DC don't need to be put in DnsUpdateProxy Group, so it should not be the cause.

3):For service account, in AD, create and configure a dedicated Domain User account to use as credentials. The user account does not need any elevated rights, a normal user account is fine.

For your reference:

Security Concerning the DNSUpdate Proxy Group

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Thanks for your efforts you have put into this case and I believe partners who may visit this thread in the future will benefit from your sharing.

The following article talking about how to submit feedback to Microsoft, you can have a look:

https://support.microsoft.com/en-us/topic/uservoice-pages-430e1a78-e016-472a-a10f-dc2a3df3450a

You question is more related with driver development which our network forum doesn't focus on, I will add the corresponding Windows Driver API related tag and remove network tag. Thank you!

You could accept the useful reply as answer if you want to end this thread up.
If there is anything else we can do for you, please feel free to post in the forum.

Please understand, we are not familiar with Apple mac OS. We are mainly focus on windows OS, if windows 10 only cannot see Apple mac machines, it seems the issue is more related with mac OS part. You would better contact mac support for better answers.

Hi, Due to limited resource in our lab, we have no condition to do test in our lab. I cannot confirm whether this scenario can be feasible.

It is appreciated that the other members in our forum can share their experience with us about this scenario.

I will wait for your updates. : )

You are welcome. Wish you have a wonderful day too!

It seems you post the duplicate thread in our forum, I have redirected them to the same thread. Dpdk rss support on Azure is more related with Azure part. I will remove windows network tag and add related azure tag, thank you!

As Reza-Ameri said, please understand, we are not familiar with third-party VPN products, you would better contact Fortinet support for better answers.

Just checking in to see if the information provided was helpful. Please try to mark the replies which help you. It will encourage the person who help you.
Appreciate your understanding. :)

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.