Disable Windows Server Network Locations

windows windows-server-2008 networking firewall group-policy
43,951

Solution 1

Just ran into this exact problem. Unidentified networks are by default set to type of "Public". This is awkward when you want Windows Firewall to be active on Public networks but not Private ones -- and your internal network is always "Unidentified".

What's an "Unidentified" network to Windows Server 2008?

The Network Lists service (netprofm) works with the Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, if any. The NLA service will use a Default Gateway or SSID to identify a network, so if the NIC has neither a Default Gateway or associated SSID, then NLA will determine that the network is Unidentified.

You can however change the default -- so that so-called "Unidentified" networks will be defaulted to something other than Public:

  1. Open Administrative Tools -> Local Security Policy.

  2. Highlight the "Network List Manager Policies" item, then double click the "Unidentified Networks" on the right panel.

  3. Set the "Location Type" to "Private" or "Public".

screenshot of change being made in Windows 2012 Server

Worked for me!

Solution 2

The service you meantion is called "Network Location Awareness" or NLA. It determines what kind of connectivity you have and makes connection specific information available to other applications or services. The Advanced Firewall in Windows Server 2008 uses the NLA information to apply specific firewall settings.

It's a Windows Service, so you could disable the service.

Solution 3

Had the same precise issue; a couple of Windows 2012 servers that would occasionally sulk and decide that their only NIC was a "Public" interface, rather than a "Domain" interface.

Through the power of the interwebs, I came across this helpful post, which, summarized, simply says to restart the "Network Location Awareness" service and see if that fixes the issue. If it does, then to prevent the problem from recurring, simply change the start-up type from "Automatic" to "Automatic (Delayed Start)".

Solution 4

I do not believe that there is group policy that will let you assign a network profile (it is determined by the Network Location Awareness, more information here: http://msdn.microsoft.com/en-us/library/ms739931(VS.85).aspx)

You can, however, apply group policy to the servers to define the behaviour of the Advanced firewall (disabling it, allowing traffic from your administrative workstations, etc). Instructions on doing so availale here: http://technet.microsoft.com/en-us/library/cc732400.aspx

Solution 5

If you want to just disable the service you can create a custom group policy that disable the NLA service

Since i am a new user i cant provide you with a link so just search in google these words "disable service from group policy" The first result is what you are looking for

Share:
43,951

Related videos on Youtube

Gareth Williams
Author by

Gareth Williams

Updated on September 17, 2022

Comments

  • Gareth Williams
    Gareth Williams almost 2 years

    I'm not sure what exactly this feature is called. But in Windows Server 2008, it has the Vista Public/Private/Domain locations. This makes sense for laptops, and none at all for servers.

    My problem is that sometimes some network adapters decide they are now on a public network. This completely activates the firewall, even for the "domain" networks. So net effect is that I reboot some machines, and then they never come back on the network until we KVM in and tell it that the network is private.

    What's the name of this feature? Is there a GP setting I can use to turn it off and make all networks be "domain"?

    Edit: Thanks, that's that NLA is. I tried disabling the service on a non-domain machine, and it just flips everything public. On a domain machine, the Network List Service refuses to stop -- I'll try group policy.

    • scape
      scape over 11 years
      have you got anywhere with this? manually specifying each nic to a location would be nice
  • Gareth Williams
    Gareth Williams about 15 years
    I disabled the service, then it set everything public. Arrg.
  • quentin-starin
    quentin-starin almost 11 years
    Works unless you have multiple connections that are unidentified and need them to have different location settings.
  • quickthyme
    quickthyme over 9 years
    This should be the accepted answer. In my experience, it's not enough to simply disable the NLA service. This action (setting unidentified network to default to Private) is more reliable, as sometimes software updates and/or other changes can cause that service to become reactivated. So I do both for all of my Windows servers and desktops as this auto detect behavior can be quite the undesirable nuisance. Any subtle change on the network (VLAN assignments, new access points added, etc) can trigger a false positive, and then suddenly Windows decides to quarantine itself.
  • quickthyme
    quickthyme over 9 years
    @qes - True, except typically this would not be the case with a server. In the event that the server incorrectly decides (all of a sudden) that the network has changed, it normally brands the "new" network as unidentified until the user tells it what type of network it is. By default, unidentified is treated as public, and so the server becomes inaccessible, often requiring physical access to repair. This particular approach doesn't prevent the system from misidentifying the network, but rather forces Windows to trust it regardless.
  • quickthyme
    quickthyme over 9 years
    This is not the best way to resolve this issue, actually, because the Network List Service depends on Network Location Awareness. Rather, I think Jeff Atwood's answer is better, because it allows you to correct the type of network instead of suppressing functionality.
  • Wumms
    Wumms over 9 years
    I had to reinstall the adapter to make it work.
  • Admin
    Admin about 2 years
    If you've already connected to the network, it will be in the "Network List Manager Policies" list. Select your network, go to "Network Location", and set the "Location type" to private.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Does disabling the 'Windows Firewall' service actually work?
Configuring group policy to bypass proxy server for local addresses and adding a domain to trusted root certificate authorities
Why Windows Firewall does not block outgoing traffic?
Connect to VPN before Windows 7 starts
How can I find the source of Windows 7 Domain Users sending bad password attempts to 2008r2 server?
Disable "Remember my credentials" on Windows 7 Home Premium
Possible to find out what's using javaw.exe to connect outside the network?
How to quickly Enable/Disable Internet Traffic so that it ONLY goes to ONE program?
Windows firewall blocking SSH to secondary subnet
How to enable response to broadcast ping on Windows?