Skip to main content

How to Disable WPAD and Stop wpad.localdomain DNS Requests

Angus
Updated

WPAD Alert
While reviewing my NextDNS analytics—a DNS filtering security service—I discovered that wpad.localdomain was among the top three resolved domains. This unexpected result prompted me to dig deeper into what was causing these WPAD DNS requests. WPAD (Web Proxy Auto-Discovery Protocol) can pose a serious security risk by potentially allowing attackers to intercept your network traffic and access sensitive data. Whether you’re a home user or a system administrator managing multiple devices, this guide will show you how to disable WPAD quickly and effectively.

Credit: Eddie Zhang at Project Black for the research on this topic.

For Individuals: Disabling WPAD on Your Windows Machine

If you’re a Windows user looking to secure your system by stopping unwanted WPAD DNS requests, follow these straightforward registry tweaks.

Step 1: Disable WPAD in WinHTTP
Disable WPAD in WinHTTP

Open the Registry Editor by pressing Win + R, typing regedit, and hitting Enter. Then navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Create a new DWORD (32-bit) value named DisableWpad and set its value to 1.

Step 2: Turn Off Auto-Detect for Internet Settings
Disable AutoDetect

Next, navigate to:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Create or update the REG_DWORD value named AutoDetect to 0. This change stops Windows from automatically detecting proxy settings.

Final step: Restart your computer to apply the changes.

For System Admins: Disabling WPAD via Group Policy or Intune

Managing a large number of devices? You can easily deploy these settings enterprise-wide using Group Policy (GPO) or Microsoft Intune.

Option 1: Using Group Policy (GPO)

Computer-Level Settings:

  • Open the Group Policy Management Console and create a new GPO (e.g., DisableWPAD-Computer).
  • Navigate to: Computer Configuration → Preferences → Windows Settings → Registry
  • Create a new registry item with the following details:
    • Key Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
    • Value Name: DisableWpad
    • Value Type: REG_DWORD
    • Value: 1

User-Level Settings:

  • Create a second GPO (e.g., DisableWPAD-User) and navigate to: User Configuration → Preferences → Windows Settings → Registry
  • Create a new registry item with these settings:
    • Key Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • Value Name: AutoDetect
    • Value Type: REG_DWORD
    • Value: 0

Note: Apply the Computer GPO to the OU with your computer objects and the User GPO to the OU with your user objects. A double reboot may be required to ensure all settings are fully applied.

Option 2: Using Intune

For devices managed with Intune, deploy these registry settings via a custom configuration profile:

  • Create a new Custom Configuration Profile.
  • For the computer-level setting, add a registry configuration:
    • Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
    • Value Name: DisableWpad
    • Type: REG_DWORD
    • Value: 1
  • For the user-level setting, add another registry configuration:
    • Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • Value Name: AutoDetect
    • Type: REG_DWORD
    • Value: 0
  • Deploy the profile to your targeted devices.

Testing Your Changes

To confirm that WPAD is disabled and that wpad.localdomain DNS requests have stopped, follow these steps:

  • Download and install Wireshark.
  • Start a network capture and use the filter: dns.qry.name contains "wpad".
  • Toggle your network connection (disconnect/reconnect or plug/unplug your Ethernet cable).
  • If WPAD-related queries still appear, review your registry, GPO, or Intune settings.

Troubleshooting Tips

  • Double-check that all registry keys and values are entered correctly for both HKLM and HKCU.
  • Ensure that WPAD-related services, such as the WinHTTP Web Proxy Auto-Discovery Service, are disabled.
  • If issues persist, verify that no application-specific settings are inadvertently re-enabling WPAD.
WPAD Troubleshooting

We Want Your Feedback!

Did this guide help you stop those unwanted wpad.localdomain DNS requests? We welcome your comments and suggestions. Share your feedback or any alternative solutions in the comments below or contact our support team.

 

Need More Help?

If you’re still experiencing issues with WPAD or have additional questions about enhancing your network security, feel free to reach out. Visit our IT Solver Support Plans page for more resources and expert assistance.

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.