Unidentified networks in Windows how to make them private

If you have a network connection in your Network and Sharing Centre that Windows is classifying as an “Unidentified Network” chances are you want to make it private for your firewall rules.

The problem is that because Windows cannot classify the type of network, often due to there being no default gateway specified on remote access LAN connections, the default is to make it public as this offers the most restrictive level of network access.  

Irritatingly Windows Server 2008 and Windows 7 do not allow you to alter the type of network if it is classified as unidentified when using the Network and Sharing Centre.

Unidentified network public

A temporary measure is to set the unidentified network to private using PowerShell.  See the MSDN blogs for the script. Be warned though, if you reboot the unidentified network will return to public.

http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx

A more permanent solution, but a possible security risk, is to set any unidentified network to be classified as private rather than public by default.  To do this we need to modify the defaults using the local security policy.  See the steps below.

Local security policy

  1. In Administrative tools, open “Local Security Policy”.
  2. Select “Network List Manager Polices” in the left hand pane.
  3. In the right hand pane open “Unidentified Networks” and choose “Private” in the location type.
  4. Check your firewall settings will not lock you out of the system once the rules apply.
  5. Close the dialogue and reboot to apply the changes.

Unidentified network private

This entry was posted in Microsoft, Networking, Security, Windows. Bookmark the permalink.

7 Responses to Unidentified networks in Windows how to make them private

  1. Dave Dennis says:

    Niall, You don’t mention that the solutions are only applicable to certain
    versions of Windows 7.

    As usual with a Microsoft product, the reasoning behind crippling a tool which is a requirement to make something work is beyond me.

  2. Niall says:

    Hi Dave,

    It never occurred to me that it might not be possible to do this on versions other than Windows 7 Professional (I would assume that it is possible on all versions of Windows Server 2008 & R2 although I have not tested it)

    Which version of Windows 7 are you using and having trouble with? I’ll happily update the article to list versions that are not supported.

    Thanks

    Niall

  3. Andy says:

    It certainly doesn’t work with Win 7 Home Premium. You don’t get the option of Local Security Policies under Administrative Tools!

    If you know of a way to overcome this on Win7/HP – then do let me know as I am struggling with this right now!

  4. Niall says:

    Hi Andy,

    Although Windows 7 Home Premium doesn’t include the Local Security Policy you can still affect changes via the Registry.

    Try this link to the official Microsoft forums to change your LAN adapter policies.

    http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/change-the-default-profile-for-unidentified/22ebe860-2d44-48c2-94dd-213f48e49ac9

    Also SevenForums have this possible solution
    http://www.sevenforums.com/tutorials/71408-unidentified-networks-set-private-public.html

    Please let us all know if this was successful.

    Thanks

    Niall

  5. Andy says:

    I had to leave and so didn’t see your reply. What I have done is replaced the old router for now and everything works! I had changed it for a newer, higher spec one and will do this again in time as I don’t want the older one – but I had to get on with some work!

    I will report back on how it goes. But you’d rather think that MS would have sorted this with one of their interminable downloads by now!

  6. Timmy says:

    Is it also possible to script the security policy settings? It would be great to set the default to private without manually go to Local Security settings etc.

  7. Niall says:

    Hi Timmy, It may be possible to script out the policy change in PowerShell, you would need to run it from a elevated prompt but I don’t see why it wouldn’t be possible?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>