Good morning. A quick tip for today on an issue I run into from time to time. I have seen a lot of Windows machines in my time. One of the problems that I run into on a fairly regular basis is network communication issues. A possible cause for these issues can be due to the Windows firewall being too restrictive. That is what we are going to discuss today in this post.
Before we get into how to fix the network profile, let’s first discuss why the network profile even matters. To do that we need to talk about the Windows firewall a little. The Windows firewall provides a barrier between the Windows operating system and the network(s) to which it is attached. It has 2 or 3 distinct profiles that it will operate in. Whether it has 2 or 3 depends on if the system is joined to an Active Directory domain. Each These 3 profiles are as follows:
- Public – Windows assumes it is directly connected to the Internet or is on an unsafe or unfamiliar network. This profile is the most restrictive and blocks most incoming traffic.
- Private – Windows assumes this network is isolated from the Internet and is considered mostly safe. This profile allows more traffic than the public profile, but some services are still blocked by default.
- Domain – Windows assumes the network is trusted. This profile is the least restrictive and by default allows most known services through.
As you probably already guessed the profile used by the Windows firewall correlates directly with the network profile assigned to the network adapter. So if your network profile shows Public you can bet that almost all services will not work.
Now that we know about the profiles and what they do, how can we change the network profile. If this were a client operating system like Windows 8/8.1/10 then it would be easy, just go into Network and Sharing Center and change the profile. On a server operating system, for instance Windows Server 2012/2012R2/2016, the option to change the profile is not there. That is, unless you count the side pop-out asking if you want to discover computers on the network. Clicking yes on that pop-out will put the network profile into private. Clicking no will put it into public.
If you clicked no, there is still hope. There is a PowerShell command that can be used to set the network profile; Set-NetConnectionProfile. Here is the command I use to quickly change the mode of all network cards in a system.
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
This will set all network cards to Private profile.
If you need to set just one network card, you will need to know the interface index. To find this run the following command.
Get-NetConnectionProfile | FT Name,InterfaceAlias,InterfaceIndex -a
This will give a table of all the network adapters in the server with their names and indexes. You can then run the following command to set a single network adapter
Set-NetConnectionProfile -InterfaceIndex <index number> -NetworkCategory Private
I hope you found this article helpful. If you have anything to add or just want to leave a comment, please do so below.
Glennopedia 