In Windows Server 2008 and 2008 R2 network connections are indentified and automatically assigned to one of the following categories:
- Domain Network
- Private Network (also know as work of home network)
- Public Network
If the server is part of a domain then the network connection on which it can authenticate to a Domain Controler is identified as a Domain Network. It is not possible to do is manually.
All other networks are initially identified as Public Networks. These are network connections that are connected to the Internet or are used in public places. Also networks connections that cannot be identified are assigned to this network category.
If you have a server that has multiple network connections then you might want to change the category of a network connection. The network connection that is connected to the Internet is often automatically assigned to Public Network, that is what is best.
The problem starts when it is not possible to identify the network. These connections will also be assigned to Public Network. For a private management network this not always what you prefer. Because the Public Network firewall profile will also apply to the management network connection. The Public Network firewall profile is strict and you don’t want to open ports in that profile that only the management network uses.
So you would want to assign the management network to the Private Network category. And then you find out that this is not possible to do. Atleast not from the Network and Sharing Center. The best way to do this is with a group policy.
- Logon to the server with administrator credentials
- Go to Start -> Run -> enter ‘mmc’ -> press Enter
- In the MMC console go to the menu File
- Select Add/Remove Snap-in
- On the left select Group Policy Object Editor -> Press Add -> select Local Computer -> press Finish -> press OK
- On the left open Computer Configuration -> Windows Settings -> Security Settings -> select Network List Manager Policies
- On the right side double click on Unidentified Networks
- Change Location Type to Private and User Permissions to User Can Change Location -> press OK
After you have done this all Unidentified Networks will be assigned to the Private Network category. And you can now use different Firewall rules for each connection.
On the Internet you can there are also scripts to change the network category. But the changes these scripts make are only temporary. After a reboot the Unidentified Networks are again assigned to Public Network.