Welcome to MSDN Blogs Sign in | Join | Help

Setting Network Location to Private

The Network Location feature was introduced in Windows Vista. It provides an easy way to customize your firewall settings based on whether you trust or don’t trust the computers around you. There are three Network Location types - Private, Public and Domain. If your computer is a member of the domain then you won’t be able to change the Network Location type. If your computer is standalone or part of the workgroup, then you can choose what type of network location do you want - Public or Private. Private means that you are a member of the trusted network and you can lower your network security a little bit. Public means that you have no trust for the network outside, and you should not let your guard down.

The network location is per connection/network card. Every time a new connection is added - the dialog will appear, asking you to choose the network location type.

Setting the correct network location type is very important for Windows PowerShell Remoting. You cannot enable Windows PowerShell Remoting on your machine if your connections are set to Public. It means you won’t be able to connect to this machine using Windows PowerShell Remoting. Vista provides a UI dialog for setting network location, but, unfortunately, there is no command-line utility for that. You can however do it with Windows PowerShell.

The API for setting network location type in vista is COM-based and we will show how to call this API from Windows PowerShell script:

# Skip network location setting for pre-Vista operating systems
if([environment]::OSVersion.version.Major -lt 6) { return }

# Skip network location setting if local machine is joined to a domain.
if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }

# Get network connections
$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
$connections = $networkListManager.GetNetworkConnections()

# Set network location to Private for all networks
$connections | % {$_.GetNetwork().SetCategory(1)}

 

Enjoy!
Vladimir Averkin
Windows PowerShell Team

Published Friday, April 03, 2009 12:56 AM by PowerShellTeam

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Setting Network Location to Private

Why is the script using reg.exe tool and not the registry provider???

It hurts my eyes to see a script with /param syntax on the powershell blog :-(

Thanks,

Abhishek Agrawal

Friday, April 03, 2009 5:28 AM by Abhishek Agrawal

# re: Setting Network Location to Private

Cool, but two questions.

1) Why the need to reset those registry keys?

2) Why not use PowerShell commands to set those registry keys?

Friday, April 03, 2009 12:52 PM by Jason Archer

# NETWORKING-THE.INFO |

PingBack from http://www.networking-the.info/2009/04/02/windows-powershell-blog-setting-network-location-to-private/

Friday, April 03, 2009 7:13 PM by NETWORKING-THE.INFO |

# re: Setting Network Location to Private

Wow... when would it ever be appropriate for some random COM client code to decide to re-register some other COM server's progids??

Am I missing something here?

Saturday, April 04, 2009 6:54 AM by Blake Coverett

# re: Setting Network Location to Private

could you clarify a bit ... is that ACTIVE public connections or ANY at all (e.g. disconnected wifi from the hotel you stayed at) that will cause remoting to be disabled?

Sunday, April 05, 2009 2:43 AM by required name

# re: Setting Network Location to Private

>> You cannot enable and use Windows PowerShell Remoting feature if you have Public connections on your machine

Does this mean I can't use it as a remoting client? Or this restriction is only for remoting server.

Monday, April 06, 2009 2:04 AM by remoting question

# re: Setting Network Location to Private

@ Abhishek an Jason,

Thanks for your feedback. I have fixed the code which creates the registry settings.

Vladimir Averkin

Windows PowerShell Team

Thursday, April 09, 2009 11:54 AM by PowerShellTeam

# re: Setting Network Location to Private

@ Blake

NetworkListManager does not have ProgID and Windows PowerShell needs ProgID to be able to call on COM-objects. That's why we have to create it.

Currently, NetworkListManager COM API is the only way to programmatically change Network Location type. And I guess using Windows Powershell script is much better option than writing, compiling and distributing a C++ program.

Thanks,

Vladimir Averkin

Windows PowerShell Team

Thursday, April 09, 2009 12:04 PM by PowerShellTeam

# re: Setting Network Location to Private

@ Remoting question

You are right, this requires some clarification. Enabling remoting means configuring Windows PowerShell and Windows Remote Management (aka WinRM) so that the local machine could be used as a remoting server. Client does not require any specific configuration, it only requires Windows PowerShell 2.0 and Windows Remote Management 2.0 to be present on the machine.

Thanks,

Vladimir Averkin

Windows PowerShell Team

Thursday, April 09, 2009 12:11 PM by PowerShellTeam

# re: Setting Network Location to Private

new-object needs a progid, but that doesn't mean PowerShell can't create COM objects by CLSID.  In this case you can simply use:

[Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))

Well, perhaps it isn't simple, but it is certainly better than leaving random new progids in the registry.

Thursday, April 09, 2009 8:06 PM by Blake Coverett

# re: Setting Network Location to Private

@ Blake

Brilliant! You are absolutely right! Somehow I was focused on how to do it through new-object and totally missed that there is a .NET way to create instances of COM objects, which can also be used in Windows Powershell. I have updated the script with your code.

Thanks,

Vladimir Averkin

Windows PowerShell team

Friday, April 10, 2009 1:04 PM by PowerShellTeam

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker