LLMNR: Partially wrong explanation #309
Description
The technical explanation for the missing LLMNR GPO (A_NoGPOLLMNR_TechnicalExplanation) states: "LLMNR is enabled by default on all OS except starting from Windows 10 v1903 and Windows Server v1903 where it is disabled." For what I know this is not true. It's enabled even on Windows 11 by default.
That claim might arise from the security baseline that was released for 1903 https://techcommunity.microsoft.com/blog/microsoft-security-baselines/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/701084. However, this document only states that it is recommended to be disabled, not that it actually is. The sentence should be removed imho. This claim is backed by the statement 'The default LLMNR behavior has not been changed in Windows yet. This will be part of the next steps toward the “mDNS is the only multicast name resolution protocol on by default” goal.' from this https://techcommunity.microsoft.com/blog/networkingblog/aligning-on-mdns-ramping-down-netbios-name-resolution-and-llmnr/3290816 article.