This one has bugged me for a long time. If I have a domain controller (only one DC coz it’s a small network) or a server in a workgroup, that starts up before the DC does then it can’t “detect” what type of network it is attached to. As a result the Windows NLA service defines it as “undefined network” and set the security profile to “Public”. This usually results in a lot of the remote access functions not working because the local firewall blocks them on Public networks.
Once this is set, the way I used to fix it was to go into the computers adapter settings and change the “default gateway” to something random, apply, and then change back to what it should be. This retriggered the Network detection which now finds the other servers that can be used to identify the network as Private. This is a problem though if I am remote and can’t get access to the physical server console (remote stuff is blocked by public!)
If this is a server and will always be on a private network, there is a policy you can set that just tells the service to set Unidentified networks as “Private” all the time, thus allowing it to keep working the way it should.
- Open the Local Security Policy
- Select “Network List Manager Policies”
- Open properties for “Unidentified Networks”
- Set location type for Private
It doesn’t “fix” the actual problem, but at least it allows you to connect to the server and for the server to function normally, say after an unexpected crash/reboot.
There is also a powershell script that can do the job for you. Details here at the MSDN blog: http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx