We have updated the code internally so that back host connections are added rather than the loopback check so that our servers remain secure.
```
#Region Configure Back Host Connections
# ===================================================================================
# Func: ConfigBackHostConnections
# Desc: Disable Loopback Check for Specified Host Names
# ===================================================================================
Function ConfigBackHostConnections([xml]$xmlinput)
{
# Disable the Loopback Check on stand alone demo servers.
# This setting usually kicks out a 401 error when you try to navigate to sites that resolve to a loopback address e.g. 127.0.0.1
If ($xmlinput.Configuration.Install.Disable.BackHostConnectionsCheck -eq $true)
{
WriteLine
Write-Host -ForegroundColor White " - Adding Registry Key to Disable Strict Name Checking"
$lsaPath = "HKLM:\System\CurrentControlSet\services\LanmanServer\Parameters"
$lsaPathValue = Get-ItemProperty -path $lsaPath
If (-not ($lsaPathValue.DisableStrictNameChecking -eq "1"))
{
New-ItemProperty HKLM:\System\CurrentControlSet\services\LanmanServer\Parameters -Name "DisableStrictNameChecking" -value "1" -PropertyType dword -Force | Out-Null
}
Write-Host -ForegroundColor White " - Adding Back Host Names..."
ForEach ($webApp in $xmlinput.Configuration.WebApplications.WebApplication)
{
ConfigBackHostRegValues $webApp
}
WriteLine
}
}
# Configure the Registry Entries per Web Application for above
Function ConfigBackHostRegValues([System.Xml.XmlElement]$webApp)
{
$webAppName = $webApp.name
$url = $webApp.url
$port = $webApp.port
$fullurl = $url + ":" + $port
Write-Host -ForegroundColor White " - Adding " $fullurl
$dynamiccurentvalue = (Get-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -Name "BackConnectionHostNames" -ErrorAction SilentlyContinue).BackConnectionHostNames
$currentvalue = $fullurl + [System.Convert]::ToChar(13) + [System.Convert]::ToChar(10) + $dynamiccurentvalue
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -Name "BackConnectionHostNames" -value $currentvalue -PropertyType multistring -Force | Out-Null
# }
}
#EndRegion
```
Comments: ** Comment from web user: brianlala **
Thanks, and this has come up before, but I have no plans to implement this and here's why:
Most of my customers (and in most of my use cases), folks would expect to be able to add new web applications to the farm (perhaps using the Central Admin UI, long after I'm gone). If I hadn't completely disabled the Loopback Check during the initial install, they would inevitably wonder why they can't browse their new web app from the server, thus creating a potential support nightmare (assuming they didn't cause further damage to the farm trying to 'fix' this issue). Sure I could put details around this in the leave-behind documentation, but who reads that :)
Long story short, in the face of what I consider to be a *very* minimal security risk (shouldn't be browsing the Internet from your servers, anyhow!) I choose to make things easier for my customers by disabling Loopback Check completely. And that's the great thing about an open-source project like this, even if a change doesn't make it into the master project, you can always substitute in your own code.
Cheers
Brian