How do I make a connection private on Windows Server 2012 R2

Question

After a restart of one of our servers (a Windows Server 2012 R2), all private connections become public and vice versa (this user had the same problem). Stuff like pinging and iSCSI stopped working, and after some investigation it turned out this was the cause.

The problem is that I don't know how to make them private again. Left-clicking the network icon in the tray shows the "modern" sidebar, but it only shows a list of connections, and right-clicking them doesn't show any options.

What could be the problem, and is there a way to change these settings? I have to make one of the connections public (Internet access), and two of them private (backbone).

For anyone just needing to set a network from public to private (or vice versa), this works all the way up through Windows Server 2019 http://www.riptidehosting.com/blog/windows-server-how-to-change-public-network-to-private-network/ - It won't address your deeper issues though. — TylerH, Feb 17 '19 at 17:53

score 87 · Accepted Answer · edited May 14 '22 at 12:40

87

Powershell. Here is an example of changing the network profile of a network interface called Ethernet1 from whatever it is now to "Private." I got this info from Get-Help Set-NetConnectionProfile -Full.

PS C:\>$Profile = Get-NetConnectionProfile -InterfaceAlias Ethernet1

PS C:\>$Profile.NetworkCategory = "Private"

PS C:\>Set-NetConnectionProfile -InputObject $Profile

Documentation: https://docs.microsoft.com/en-us/powershell/module/netconnection/set-netconnectionprofile?view=winserver2012r2-ps

edited May 14 '22 at 12:40

Paul

3,037
6
27
40

answered Oct 23 '14 at 12:14

Ryan Ries

55,481
10
142
199

2

Thanks a lot! This saved me. One tiny correction ([the TechNet article for `Set-NetConnectionProfile` also has this typo](http://technet.microsoft.com/en-us/library/jj899565.aspx)): `Private` should be a string in the second line, i.e. `$Profile.NetworkCategory = "Private"` is correct. The same goes for the connection name (`"Ethernet1"`). – vgru Oct 23 '14 at 12:56
I have created a script that does this for all connection profiles including ones that aren't currently active yet: https://gist.github.com/CMCDragonkai/dbd2d94840cdaf79d3f6964bbd58e92f – CMCDragonkai Feb 04 '17 at 10:06
Thanks for a proper solution that doesn't open up RDP on any unknown network. – Florian Heigl Apr 07 '17 at 19:11
techman's answer shows how to do the same thing with a more elegant one-liner: `Set-NetConnectionProfile -InterfaceAlias Ethernet1 -NetworkCategory Private` – mwfearnley Mar 28 '18 at 11:57
Works great at Windows Server 2016 Standard – Can YILDIZ Nov 25 '19 at 13:46
works great at Windows Server 2019 Standard. BTW, the user interface doesn't do the trick even with the user in the administrator profile. – Raul Luna Jan 12 '20 at 10:19

score 58 · Answer 2 · edited Apr 20 '16 at 21:31

58

A GUI way of making this change:

Hit Winkey + R to open Run prompt and type gpedit.msc
Navigate to: Computer Configuration/Windows Settings/Security Setting /Network List Manager Policies.
Choose your Network name in the right pane.
Note: To show networks not currently connected, right-click Network List Manager Policies in the left pane and choose Show All Networks.
Go to Network Location tab and change the Location type from Public to Private.
Close Local Policy Editor.

Source: https://social.technet.microsoft.com/Forums/lync/en-US/82ccc68c-947e-435a-a237-1090f38d0dbe/windows-server-2012-r2-datacenter-network-stuck-in-public-mode

edited Apr 20 '16 at 21:31

I say Reinstate Monica

3,132
7
28
52

answered Jul 08 '15 at 10:50

Mike

731
5
6

How do I set network as Domain Network? – Krunal Sep 27 '18 at 13:57
You can't manually change a network to a domain network. Once you join the machine to a domain it will set the network as Domain Network. – Gabriel Graves Nov 02 '18 at 06:42
Please note that if you set "user Permission: user CAN change location", the location type above is not applied. Set this to "cannot" – Sergei Jul 02 '20 at 09:26

score 38 · Answer 3 · edited Mar 11 '16 at 12:29

38

Using Powershell. Here is an example of changing the network profile of a network interface called Ethernet to "Private." This is a one line command.

Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Private

This will work on any local computer with Powershell installed.

edited Mar 11 '16 at 12:29

Drifter104

3,773
2
25
39

answered Aug 27 '15 at 16:31

techman

481
4
2

This is basically what the accepted answer states, right? – vgru Aug 27 '15 at 17:05
7

This command does not require a variable. One line and done. It is an improved command. – techman Aug 27 '15 at 17:13
Also, The reason I discovered this command is because the accepted answer does not work for me. This command sets the connection type directly without discovery. – techman Aug 27 '15 at 18:29
Why does it not work? I don't see much difference? – vgru Aug 28 '15 at 10:57
1

It does BTW not work on Windows 7, this comandlet is introduced in 2012/8. – eckes May 29 '17 at 11:47
I prefer the 'no-variables' way. – Overmind Oct 05 '17 at 07:40
2

Use: `get-NetConnectionProfile` to check current status and names of your interfaces. – Tilo Jan 19 '18 at 19:18
The `InterfaceAlias` may be quite long (e.g. `vEthernet (Broadcom NetXtreme Gigabit Ethernet - Virtual Switch)`). So you may find it easier to refer to it with `-InterfaceIndex` instead, which will be a small integer. – mwfearnley Aug 10 '18 at 08:14
This solution works, but is not permanent on my Server 2012 machines. After reboot, the connections go back to being Public. – dsmtoday Apr 10 '19 at 11:54

score 4 · Answer 4 · edited Oct 23 '17 at 08:12

I've had a similar issue for months on my home 2012R2 Domain Controller.

After patching and a reboot I could not connect via RDP.

I have MS firewall turned off in GPO for domain networks. After not being able to connect I found that the primary Ethernet connection was listed as public and therefore the firewall was ON.

Why is the NIC changing from domain to public ?
After researching a few articles on the web, I've concluded the following:

After a restart of the only DC in the domain, AD services are not immediately available when the IP stack is initialized.
This results in the OS sensing that this is a public network and it sets the NIC accordingly.

Permanent resolution of this problem on this machine was to set the Network Location Awareness service to delayed start.

This allows AD services to become available and then the OS senses a domain network and sets the NIC accordingly.

Our go-to permanent fix is to set NlaSvc as a dependency of all the other network services. This prevents the possibility of any other service being inexplicably delayed, or crashing, and causing NlaSvc to fire too early. `> sc config nlasvc depend=NSI/RpcSs/TcpIp/Dhcp/Eventlog/DNS/NTDS` — snomsnomsnom, Mar 30 '20 at 13:08

score 3 · Answer 5 · answered Sep 13 '17 at 14:44

3

Another simpler way with Powershell:

Set-NetConnectionProfile -NetworkCategory Private

answered Sep 13 '17 at 14:44

Xalo

31
1
1
4

1

This could set all NICs to private since no specific adapter is specified. – Overmind Oct 05 '17 at 07:41
2

Short and sweet... All network profiles are all set to Private in one short command. – jharrell Aug 08 '19 at 16:35

score 0 · Answer 6 · answered Nov 21 '17 at 23:10

0

Had this issue on a VM and just had to restart the Network Location Awareness service to get it to figure out that it was connected to a Domain and start using a domain profile.

answered Nov 21 '17 at 23:10

Shawn

1

score 0 · Answer 7 · answered Aug 13 '18 at 00:42

What made it work on my Windows Server 2012 R2 standard servers was to enable IPV6 again.

In a move to make future troubleshooting easier for myself I disabled IPV6 left right and center and after doing that the Windows Firewall no longer showed that 'Domain' was connected.

Why on earth Windows can't determine that it's on a domain if only IPV4 is connected is beyond me.

bah

How do I make a connection private on Windows Server 2012 R2

7 Answers7

Linked