Setting Network Location to Private

Setting Network Location to Private

  • Comments 20

The Network Location feature was introduced in Windows Vista. It provides an easy way to customize your firewall settings based on whether you trust or don’t trust the computers around you. There are three Network Location types - Private, Public and Domain. If your computer is a member of the domain then you won’t be able to change the Network Location type. If your computer is standalone or part of the workgroup, then you can choose what type of network location do you want - Public or Private. Private means that you are a member of the trusted network and you can lower your network security a little bit. Public means that you have no trust for the network outside, and you should not let your guard down.

The network location is per connection/network card. Every time a new connection is added - the dialog will appear, asking you to choose the network location type.

Setting the correct network location type is very important for Windows PowerShell Remoting. You cannot enable Windows PowerShell Remoting on your machine if your connections are set to Public. It means you won’t be able to connect to this machine using Windows PowerShell Remoting. Vista provides a UI dialog for setting network location, but, unfortunately, there is no command-line utility for that. You can however do it with Windows PowerShell.

The API for setting network location type in vista is COM-based and we will show how to call this API from Windows PowerShell script:

# Skip network location setting for pre-Vista operating systems
if([environment]::OSVersion.version.Major -lt 6) { return }

# Skip network location setting if local machine is joined to a domain.
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }

# Get network connections
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$connections = $networkListManager.GetNetworkConnections()

# Set network location to Private for all networks
$connections | % {$_.GetNetwork().SetCategory(1)}


Vladimir Averkin
Windows PowerShell Team

Leave a Comment
  • Please add 1 and 8 and type the answer here:
  • Post
  • Why is the script using reg.exe tool and not the registry provider???

    It hurts my eyes to see a script with /param syntax on the powershell blog :-(


    Abhishek Agrawal

  • Cool, but two questions.

    1) Why the need to reset those registry keys?

    2) Why not use PowerShell commands to set those registry keys?

  • PingBack from

  • Wow... when would it ever be appropriate for some random COM client code to decide to re-register some other COM server's progids??

    Am I missing something here?

  • could you clarify a bit ... is that ACTIVE public connections or ANY at all (e.g. disconnected wifi from the hotel you stayed at) that will cause remoting to be disabled?

  • >> You cannot enable and use Windows PowerShell Remoting feature if you have Public connections on your machine

    Does this mean I can't use it as a remoting client? Or this restriction is only for remoting server.

  • @ Abhishek an Jason,

    Thanks for your feedback. I have fixed the code which creates the registry settings.

    Vladimir Averkin

    Windows PowerShell Team

  • @ Blake

    NetworkListManager does not have ProgID and Windows PowerShell needs ProgID to be able to call on COM-objects. That's why we have to create it.

    Currently, NetworkListManager COM API is the only way to programmatically change Network Location type. And I guess using Windows Powershell script is much better option than writing, compiling and distributing a C++ program.


    Vladimir Averkin

    Windows PowerShell Team

  • @ Remoting question

    You are right, this requires some clarification. Enabling remoting means configuring Windows PowerShell and Windows Remote Management (aka WinRM) so that the local machine could be used as a remoting server. Client does not require any specific configuration, it only requires Windows PowerShell 2.0 and Windows Remote Management 2.0 to be present on the machine.


    Vladimir Averkin

    Windows PowerShell Team

  • new-object needs a progid, but that doesn't mean PowerShell can't create COM objects by CLSID.  In this case you can simply use:


    Well, perhaps it isn't simple, but it is certainly better than leaving random new progids in the registry.

  • @ Blake

    Brilliant! You are absolutely right! Somehow I was focused on how to do it through new-object and totally missed that there is a .NET way to create instances of COM objects, which can also be used in Windows Powershell. I have updated the script with your code.


    Vladimir Averkin

    Windows PowerShell team

  • This is a  bad approach!

    For Example:

    If a Computer is joined to a Domain and VMWare is Installed, the VMWare Networkadapters are set to Unknowen-Network and Networklocation is Public!

    With your Script i never Reach the VMWare Settings!

    A better solution is to craw all Networks, look into it, and change it if it is Public.

  • If you have Vmware installed and you get an error:

    "Set-WSManQuickConfig : WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again."

    you can use Tome's script below from

    $nlm = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))

    $connections = $nlm.getnetworkconnections()

    $connections |foreach {

       if ($_.getnetwork().getcategory() -eq 0)





  • does anyone know how to use the getAdapterID() method for this API ?

    I tried the following script :


    $NLMType = [Type]::GetTypeFromCLSID(‘DCB00C01-570F-4A9B-8D69-199FDBA5723B’)

    $INetworkListManager = [Activator]::CreateInstance($NLMType)


    foreach($network in $INetworkConnections){




    But I always get an exception with this method :

    Exception while calling "getAdapterID" with 0 argument(s):"Value does not fall within the expected range"

    Please could anyone help ?

    I already posted here :

    A big thank to you


  • How can I do this for a single adapter called "My Network" while leaving my other adapters alone?

Page 1 of 2 (20 items) 12