What information does the Network and Sharing center need to identify a network? Some of my servers use a dedicated network for iSCSI using a static IP address with no gateway or DNS. This marks the network as an "Unidentified" "Public Network", and I cannot set it to Private.This is really messing with my firewall rules since "Domain" and "Private" rules are not properly applied. Any ideas on how to resolve with (without making the firewall rules apply to public networks) would be appreciated.Joe

Hi,Hi,windows use the IP address netwrok ID to determine which computers are within the domain network if your servers have two cards from differnt subnet it consider one of the as public , you can change the other to Private using Network and Sharing CenterTo over come this problem and enforce Windows 2008 to consider the LAN as private follow the following:From administrative tools --> Firewall with Advanced security .Right click inbound Rules --> new Rule --> selectCustom Next -->All programs , Next-->Any Protocol -->Click customize button select you LAN interface --> next Select allow connection --> select profile type as Private or Domain--> name the rule as LAN or what ever. This is an example of configuration you might need to customize the setting and also maybe create an outbound rule Hikmat Kanaan Hikmat Kanaan

Your procedure is not doing what you say. It is creating a rule that allows all traffic on the selected interface type. Much easier to just set the default to Allow for incoming conncetions as this is what youachieve withthe rule created.The real problem is that WIndows cannot accurately determine the connection type each time the server boots and doesn't remember what you set it to if you change it.For example, it will set a connection with subnet 192.168.0.0 to public, which is clearly impossible for an unrouted subnet to be public without a router doing NAT between the server and the internet. I've never heard of a NAT device that doesn't have a firewall in it. So it can't possibly be public without going to some additional trouble to make it so.This is a problem with Server 2008 Microsoft need to URGENTLY address.What you can do to address the original problem with an incorrectpublic network is, create a rule for the public profile that allows all connections from your subnet. (it's useless to try and set the network type it will keep reverting back to public, all mine do).Create a custom rule for all programs, all protocols, all ports (or whatever restrictions you want)and on the scope dialog, Choose remote IP addresses to match, Select predefined set of computers and choose the local subnet.Cheers,Mark.

Hi, Yes your right the Procedure I provide will only create an Allow all traffic. So for this missing.but I have tried to simulate the case and I have been able to change the second Net Card Profile (different for AD Lan) into a private profile. through security and sharing.The problem is that windows is applying the Profile to Connection Type and not each individual net Card. So the question for you: what Adapter typedoes windowsassign the ISCSI ?windows use the IP address network ID to determine which computers are within the domain network if your servers have two cards from different subnet it consider one of the as public , you can change the other to Private using Network and Sharing CenterNice article:http://trycatch.be/blogs/roggenk/archive/2008/01/28/network-locations-in-windows-vista-amp-windows-server-2008.aspx Hikmat Kanaan

Hi , AllFinally after about 4 hours of research , I think this is the solution:To be able to change you second adapter status to private network profile do the following:1. If this is need for a stand alone server , run local security policy editor2. select network list Manager Policies3. At the right Side you can select & double click: Unidentified Networks4. In the location typeselect Private , which means that all Unidentified networks will be consider as private profile network5. you can also allow the user to change the Location profileThis will allow the system to keep settings after rebootThe same hold true if you used teh Domain Policy Have funHikmat Kanaan

I don't want my servers to consider all unidentified networks private. All I want is to be able to mark this one particular network as private. In my experience the system does not forget my setting on reboot, but rather I cannot change it to private since it is unidentified.