1

I'm managing a closed, air-gapped Windows network without Internet access since Internet is not required nor recommended for the network to perform correctly and also due company policies.

The network works perfectly but, as there's no Internet access, the network connection icons always show the dreaded "yellow triangle", which my users interprets as a lack of connectivity (which is not)

Edit: Due practical reasons, I cannot simply hide the connection icon (which already tried)

As stated here https://serverfault.com/a/796203/587071 the NLAS does a couple of checks prior to showing the triangle.

So, is there any way to get rid of the yellow warning?

Sadly, my google-fu is overwhelmed with results that point to fix internet connectivity issues, which is not mi case.

Thanks in advance. (First question, so please, be gentle!)

XE Development
  • 13
  • 5
  • Is simply hiding the notifications an option for you : https://serverfault.com/q/883986/546643 – Bob Aug 07 '20 at 08:47
  • Sadly, I'm not allowed to hide the icons as there's people connecting and disconnecting from the net at all times and I need some kind of fast, user friendly indicator of connection. Thanks! – XE Development Aug 07 '20 at 08:50

1 Answers1

4

Option 1: Change NCSI (Network Connectivity Status Indicator) verification parameters

You can change the parameters used by NCSI via GPO under

Computer Configuration > Administrative Templates > Network > Network Connectivity Status Indicator

Set values for the following options which point to internal (and reachable) servers

  • Corporate DNS Probe Host Address defines the expected address of the host name used for the DNS probe.
  • Corporate DNS Probe Host Name defines the host name of a PC known to be on the corporate network.
  • Corporate Site Prefix List defines the list of IPv6 corporate site prefixes that you want monitored for connectivity.
  • Corporate Website Probe URL defines the address of the website that you want to perform an active probe against.
  • Domain Location Determination URL defines the HTTPS url of the corporate website used to determine the domain's location

Option 2: Disabling NCSI verification

This can be done via GPO under:

Computer Configuration\Computer Configuration\Administrative Templates\System\Internet Communication Management

Or via registry under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet

Set EnableActiveProbing to 0.

eKKiM
  • 1,540
  • 9
  • 23