How to change Network Location in Windows Server 2008 R2 or Windows 7 for Unidentified Network?
I (administrator) can change the Location type of Unidentified Network in the Network List Manager Policies. However, I cannot change the Location type of Unidentifier Network in Network and Sharing Center regardless of whether I set the User permissions of Unidentified Network in the Network List Manager Policies to Not Configured or User can change location. This is a very simple set up: a Windows Server 2008 R2 with Hyper-V installed and Windows 7 in one of the VMs.
September 8th, 2010 3:29am
Hi PCSQL66, Thanks for post here. How you assign the IP address for this problematic computer ? if that is possible ,could you post “ ipconfig /all “ result here? Especially, how you set the Default Gateway entry ? Could you describe how you set the virtual network for connect two computers? Is this issue happened on windows server 2008 or windows 7? Is that computer a member of domain ? and what policies had been applied to that computer ? Meanwhile, please check if Network Location Awareness service (nlasvc) had stated on that computer . By default ,windows 2008 based computer use Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, the NLA service will use a Default Gateway or SSID to identify a network. This identification is conducted by system automatically due to security consideration. Longhorn Network Location Awareness Service http://msdn.microsoft.com/en-us/library/aa480195.aspx Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 9th, 2010 5:39am
Hi Tiger, It is just a single machine with Windows Server 2008 R2/Hyper-V as the host and Windows 7 as one of the VMs and it is just a simple workgroup (internal virtual network). The default gateway is blank in all virtual nics. I understand that NLA will detect such network as unidentified network. My question is why I cannot change the location type of the of Unidentifier Network in Network and Sharing Center regardless of whether I set the User permissions of Unidentified Network in the Network List Manager Policies to Not Configured or User can change location. I can change the Location type of Unidentified Network in the Network List Manager Policies. Thanks, Peter
September 11th, 2010 4:15am
Hi Peter, Thanks for update. I think no default gateway entry for NIC is the root cause of this issue. Generally ,NLA is depend on the default gateway to determine what kind of profile would be used , if no default gateway configured, or the gateway is not available, the network will be categorized as “Unknown” and the Public profile and Public firewall policy will be applied to the computer. Please check if you can change the profile type by assign an available IP address for default gateway entry of virtual NICs. You may reference to the “Unknown” paragraph of the article below to get a better understanding: Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 13th, 2010 12:39am
Hi PCSQL66, I share your frustration. No matter what settings I use in Local Security Policy | Network List Manager Policies, I cannot change the settings in Network and Sharing Center, even with Admin privilege. The only one that works for me is the one to set unidentified networks to private. Nothing beyond that (rename or change location or icon) will work. Bill
September 14th, 2010 2:04am
We have this issue happen on all of our 2008 R2 servers with iSCSI SAN connections. Since we have seperate NICs for our LAN and SAN connections, if I don't configure a gateway on the SAN NIC, it shows as UNKNOWN. If I do configure a gateway, Windows reminds me that having two gateways is not a good idea. Is there a resolution for this scenario where we don't need a gateway, but would like to have a Private network location (for firewall rules) rather than Public? Ryan
April 18th, 2011 1:45pm
You need to change your security settings to enable that. By default, the security settings will make any unknown network public to prevent file access. If you really want the network to be private so that you can use file sharing you need to modify the security settings. I use this from a previous post in the forums. To do this on your local server , follow these steps: 1. Start --> run --> MMC --> press enter 2. In MMC console , from menu file select Add/Remove Snap-in 3. Select Group Policy Object editor --> Press Add --> select Local computer --> press OK -->press OK 4. Open Computer configration -->Windows Settings -->Security Settings -->select Network list manager policies on the right Side you will see options for : double click -->Unidentified networks Then you can select the option to consider the Unidentified networks as private and if user can change the location. I hope that is will help you and is clear . -------------------------------------------------------------------------------- Hikmat Kanaan Amman-Jordan MCSEBill
April 18th, 2011 6:57pm
Thanks, this work-a-round *works* but really Microsoft need to address this as a major design bug. Somehow there must be a way to elegantly identify "stub" networks which have no gateway. Common example is on a small business server where the Internet connected interface IP settings are changed somehow (ISP change etc...) so the Internet facing interface suddenly becomes un-protected. Having a default setting of "trusted" is a big no-no in modern computing. Steve Buckley
April 25th, 2011 2:49pm
It is not really a workaround. The situation is simply that the default setting is to make unidentified networks public (to prevent file sharing). If you wish to allow file sharing you have the option to change the default. This is in line with other default security settings. I find it difficult to understand how an Internet-facing interface would lose its gateway, or why it would a security risk if it did. Bill
April 25th, 2011 5:35pm
Simply by the ISP allocating a different IP address/subnet or the end user changing ISP, it doesn't happen every day but it does happen. The average office user isn't going to know about it and the "IT Pro" from the new ISP installing the device will just see it's working and leave. Also in my current situation I have a another stub network that is being used to bridge the PPPoE connection to the ADSL router which likewise is seen as an unidentified network. In best practice this should be set as "public" because in theory the router could be comprimised and used to connect back to the server but it is now set as "private" even though there is no legitimate reason for anything to connect to the server from this stub. Basically there needs to be a way to identify stub networks, they exist everywhere and are often there by design. Having said that it's not a gaping security hole, just not perfect.Steve Buckley
April 26th, 2011 2:31am