How to Disable Active Internet Probing (NCSI) in Windows

When you connect your Windows PC to any network whether through a LAN cable or through a WiFi adapter, it shows if the network has an active internet connection or not. If the computer is able to access the internet through an existing network to which it is connected, then Windows shows a normal networking icon in the system tray. If there is no active internet access available, then the network icon is shown with a yellow exclamation icon. The magic behind it is that Windows keeps probing some of the Microsoft servers to check if internet is reachable or not. In the process, it checks the IPv4 and IPv6 address of dns.msftncsi.com (the servers of Microsoft NCSI – network connectivity status indicator) and matches them with the hardcoded values. It also tries to read a small text file “ncsi.txt” from the msftncsi.com servers that contains the text “Microsoft NCSI”. Upon success of these operations, it declares an active internet connection else thinks that Windows has no internet access.

Disable Microsoft NCSI in Windows

If you do not want Windows to probe the Microsoft server every time you connect to a network, then you can easily disable it using the following steps:

  1. Press the Win+R hotkey to bring up the Windows’ Run dialog. In the Run dialog, type regedit and press Enter. This will open the Windows Registry Editor.
  2. In the Windows Registry Editor window, navigate to
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
  3. Find the value named EnableActiveProbing, double-click on it and change its value from 1 to 0.Disable Microsoft NCSI in Windows
  4. Close the Windows Registry Editor. Try reconnecting to the internet (by replugging the ethernet cable or restarting the router). Now Windows will no longer probe Microsoft NCSI servers.

Alternatively, if you do not want to go through all these manual steps, then you can download disable-msft-ncsi.zip, extract the files to a folder and double-click on disable-network-probing.reg and proceed with prompts. Similarly, the enable-network-probing.reg file is meant to restore the default values for NCSI.

11 thoughts on “How to Disable Active Internet Probing (NCSI) in Windows

  1. Thanks for the update theIlluminatedOnes. It’s sad that Microsoft refuses to make this simpler to address. We disabled active probing two years and the network bangs mostly went away. Now suddenly we’re seeing them very frequently again and have started to look into why. Sounds like you’re being impacted as well. Please do keep us posted on your progress with finding a solution with Microsoft, I’m sure it will help many people. This page appears to be the top hit for “disable active probing” so it could be useful to put it here as well.

  2. It is 2019. What’s even worse, we’ve had to take the resolving IP address of Microsoft’s currently designated server for NCSI’s Active Probing test URL, which changes on a regular interval, to our Cisco ISE appliances as an exception; we initially were faced with Office products activation issues, because NCSI AP was in a conflicting state from our GPO configuration for NCSI AP concerning 2 registry values; once we corrected the inconsistent values to ensure NSCI AP was Enabled, we fixed the yellow exclamation mark warning of “no internet access” and thus, office products activation/sign-in issues; were then immediately thereafter getting strange, random Wi-Fi auto-connect/reconnect issues on-premise. Doing some network traces with Premier Support showed our ISE appliances blocking NCSI’s Active Probe default URL, trying to redirect it to, from what I understand, its own URL redirect for proprietary ISE compliance testing, then NCSI caught this redirect from Cisco ISE and flagged this redirect operation as a “hijack”, which then proceeded to disconnect the Wi-Fi adapter altogether from the network after each re-connect attempt (from sleep, etc). The action code or whatever we found in the trace logs that showed exactly what occurred after initial connection, then the ISE redirect, then NCSI detecting this and calling API function(s) to disconnect the Wi-Fi adapter, was specifically: “WIFI_DISCONNECTED_REASON_HIJACKED”.

    I’m currently steering a major incident now to determine with Microsoft if they can provide a static IP address, a list of IP addresses within a range or pool that will be used in intervals, or even proactive notifications/alerts of what the IP address for the URL test will be resolving to, prior to each interval change; we will have to continually manually insert this IP address to our ISE appliances as an exception, unless NCSI can allow a custom-defined URL redirect for internet connectivity testing. I remember seeing within Group Policy Management a particular area of GPO settings that allow corporate URL and DNS settings for NCSI AP testing.. I’ll experiment in-tandem with continued talks with Premier Support and report back. Or perhaps Cisco will have to update ISE to better mesh with Microsoft’s current implementation design of functionality for NCSI/AP, and how it correlates to connectivity of some of their core products, like all Office 365 applications. This has caused serious headache and confusion from both vendors and ourselves (blaming this primarily on Microsoft at this point, due to how many things break if we disable Active Probing!)

    Please watch the Microsoft Community posts as I’ll be placing info on this as well.

  3. Well. I had to disable this because, for some reason, Windows kept opening that URL in my _browser_ when connecting. No idea why, but, pretty dumb…

  4. Actually, there are some major programs that become disrupted by disabling this. If you are in a business environment, MS Office internet functionality will cease to function. This is all programs within the Office suite. The ability to pull down images for word, excel, powerpoint, or publisher will no longer function. The error will come up with a “No internet connection”.

  5. Are there any potential adverse effects by disabling this? Will programs that rely on an internet connection stop working properly because they aren’t able to detect a connection? Any other such symptoms?

    1. No, other programs can still access the internet. It is just to let the user know which of the connections visible in the Control Panel can be used to access the Internet.

Leave a Reply

Your email address will not be published. Required fields are marked *