Disable Windows Server Network Locations
Solution 1
Just ran into this exact problem. Unidentified networks are by default set to type of "Public". This is awkward when you want Windows Firewall to be active on Public networks but not Private ones -- and your internal network is always "Unidentified".
What's an "Unidentified" network to Windows Server 2008?
The Network Lists service (netprofm) works with the Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, if any. The NLA service will use a Default Gateway or SSID to identify a network, so if the NIC has neither a Default Gateway or associated SSID, then NLA will determine that the network is Unidentified.
You can however change the default -- so that so-called "Unidentified" networks will be defaulted to something other than Public:
Open Administrative Tools -> Local Security Policy.
Highlight the "Network List Manager Policies" item, then double click the "Unidentified Networks" on the right panel.
Set the "Location Type" to "Private" or "Public".
Worked for me!
Solution 2
The service you meantion is called "Network Location Awareness" or NLA. It determines what kind of connectivity you have and makes connection specific information available to other applications or services. The Advanced Firewall in Windows Server 2008 uses the NLA information to apply specific firewall settings.
It's a Windows Service, so you could disable the service.
Solution 3
Had the same precise issue; a couple of Windows 2012 servers that would occasionally sulk and decide that their only NIC was a "Public" interface, rather than a "Domain" interface.
Through the power of the interwebs, I came across this helpful post, which, summarized, simply says to restart the "Network Location Awareness" service and see if that fixes the issue. If it does, then to prevent the problem from recurring, simply change the start-up type from "Automatic" to "Automatic (Delayed Start)".
Solution 4
I do not believe that there is group policy that will let you assign a network profile (it is determined by the Network Location Awareness, more information here: http://msdn.microsoft.com/en-us/library/ms739931(VS.85).aspx)
You can, however, apply group policy to the servers to define the behaviour of the Advanced firewall (disabling it, allowing traffic from your administrative workstations, etc). Instructions on doing so availale here: http://technet.microsoft.com/en-us/library/cc732400.aspx
Solution 5
If you want to just disable the service you can create a custom group policy that disable the NLA service
Since i am a new user i cant provide you with a link so just search in google these words "disable service from group policy" The first result is what you are looking for
Related videos on Youtube
Gareth Williams
Updated on September 17, 2022Comments
-
Gareth Williams almost 2 years
I'm not sure what exactly this feature is called. But in Windows Server 2008, it has the Vista Public/Private/Domain locations. This makes sense for laptops, and none at all for servers.
My problem is that sometimes some network adapters decide they are now on a public network. This completely activates the firewall, even for the "domain" networks. So net effect is that I reboot some machines, and then they never come back on the network until we KVM in and tell it that the network is private.
What's the name of this feature? Is there a GP setting I can use to turn it off and make all networks be "domain"?
Edit: Thanks, that's that NLA is. I tried disabling the service on a non-domain machine, and it just flips everything public. On a domain machine, the Network List Service refuses to stop -- I'll try group policy.
-
scape over 11 yearshave you got anywhere with this? manually specifying each nic to a location would be nice
-
-
Gareth Williams about 15 yearsI disabled the service, then it set everything public. Arrg.
-
quentin-starin almost 11 yearsWorks unless you have multiple connections that are unidentified and need them to have different location settings.
-
quickthyme over 9 yearsThis should be the accepted answer. In my experience, it's not enough to simply disable the NLA service. This action (setting unidentified network to default to Private) is more reliable, as sometimes software updates and/or other changes can cause that service to become reactivated. So I do both for all of my Windows servers and desktops as this auto detect behavior can be quite the undesirable nuisance. Any subtle change on the network (VLAN assignments, new access points added, etc) can trigger a false positive, and then suddenly Windows decides to quarantine itself.
-
quickthyme over 9 years@qes - True, except typically this would not be the case with a server. In the event that the server incorrectly decides (all of a sudden) that the network has changed, it normally brands the "new" network as unidentified until the user tells it what type of network it is. By default, unidentified is treated as public, and so the server becomes inaccessible, often requiring physical access to repair. This particular approach doesn't prevent the system from misidentifying the network, but rather forces Windows to trust it regardless.
-
quickthyme over 9 yearsThis is not the best way to resolve this issue, actually, because the Network List Service depends on Network Location Awareness. Rather, I think Jeff Atwood's answer is better, because it allows you to correct the type of network instead of suppressing functionality.
-
Wumms over 9 yearsI had to reinstall the adapter to make it work.
-
Admin about 2 yearsIf you've already connected to the network, it will be in the "Network List Manager Policies" list. Select your network, go to "Network Location", and set the "Location type" to private.