>> There's quite some debate which approach to use due to operational >> practices and MS telling people "not to 'fully' disable IPv6 as you >> might lose support for $SYSTEM". > > I'm still looking for a source too. Rumors have it that the Windows 7 > roll out here (large enterprise customer) will be with IPv6 disabled. I > guess that why they hired me to do the IPv6 planing (on the network > side).
Most of the talks that I've seen from Sean Siler (IPv6 guy at Microsoft) have a slide on "best practices", where his point #1 is "Leave Windows in the default configuration (IPv6 enabled)", and he describes how disabling IPv6 comes with risk because you will be operating the OS in an "untested configuration". We translate that into a security issue, and therefore make is a security violation to disable IPv6 in Windows7 and later. I know that is somewhat inconsistent with the DoD STIG, but IMHO the STIG is wrong.
smime.p7s
Description: S/MIME cryptographic signature
