Thursday, April 2, 2009

Setting Network Location to Private


Setting Network Location to Private

The Network Location feature was introduced in Windows Vista. It provides an easy way to customize your firewall settings based on whether you trust or don’t trust the computers around you. There are three Network Location types - Private, Public and Domain. If your computer is a member of the domain then you won’t be able to change the Network Location type. If your computer is standalone or part of the workgroup, then you can choose what type of network location do you want - Public or Private. Private means that you are a member of the trusted network and you can lower your network security a little bit. Public means that you have no trust for the network outside, and you should not let your guard down.

The network location is per connection/network card. Every time a new connection is added - the dialog will appear, asking you to choose the network location type.

Setting the correct network location type is very important for Windows PowerShell Remoting. You cannot enable and use Windows PowerShell Remoting feature if you have Public connections on your machine. Vista provides a UI dialog for setting network location, but, unfortunately, there is no command-line utility for that. You can however do it with Windows PowerShell.

The API for setting network location type in vista is COM-based and we will show how to call this API from Windows PowerShell script:

# Skip network location setting for pre-Vista operating systems
if([environment]::OSVersion.version.Major -lt 6) { return }
# Skip network location setting if local machine is joined to a domain.
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
# Clean up ProgId registration for NetworkListManagerClass if it is already set
if (test-path HKLM:\SOFTWARE\Classes\NETWORKLIST.NetworkListManagerClass)
# Register ProgId for NetworkListManagerClass
REG ADD HKLM\SOFTWARE\Classes\NETWORKLIST.NetworkListManagerClass /t REG_SZ /d 'NetworkListManagerClass Class'
REG ADD HKLM\SOFTWARE\Classes\NETWORKLIST.NetworkListManagerClass\CLSID /t REG_SZ /d '{DCB00C01-570F-4A9B-8D69-199FDBA5723B}'
REG ADD HKLM\SOFTWARE\Classes\NETWORKLIST.NetworkListManagerClass\CurVer /t REG_SZ /d 'NETWORKLIST.NetworkListManagerClass.1'
# Get network connections
$networkListManager = new-object -ComObject NETWORKLIST.NetworkListManagerClass
$connections = $networkListManager.GetNetworkConnections()
# Set network location to Private for all network cards
$connections | % {$_.GetNetwork().SetCategory(1)}

Vladimir Averkin
Windows PowerShell Team

Published Friday, April 03, 2009 12:56 AM by PowerShellTeam

Windows PowerShell Blog : Setting Network Location to Private

Blog Archive