When connecting to a new network, Windows prompts you to select its network profile type (network location): Public or Private. Windows are part of the network profile Windows Defender Firewall with Advanced Security and allows you to apply different firewall rules depending on the type of network your computer is connected to. Depending on the profile used for your network connection, other computers on the network may or may not be able to access shared network folders and printers (Network Discovery Settings).
In this article, we will see how to change the network profile type from “Public” to “Private” and vice versa in Windows (and Windows Server) using windows Settings, PowerShell, Registry and Security Policies.
What is a network location (profile) in Windows?
A network connection (whether Ethernet or Wi-Fi) in Windows can be assigned one of three network profiles.
- Personal or home network – a profile for a trusted network (home or office network). In such a network, the computer will be available for discovery by other devices and you can share your files and printers;
- public (Guest) Network – A profile for an untrusted network (public Wi-Fi network in a subway, cafe, or airport). You do not trust other devices on such a network, your computer will be hidden from other network devices, and no one will be able to access the shared folders and printers on your computer;
- workspace Network – A profile for computers connected to an Active Directory domain. Applies automatically after connecting to a Windows device in the AD domain. You can apply domain firewall policies to this profile.
The Network Location Awareness (NLA) service is used in Windows to determine whether a network connection is on a public, private, or domain network.
Depending on the type of network, different Windows Firewall rules are applied to the network interface.
On Windows 10 and 11, you can view the current profile (location) assigned to network connections in Settings -> Network and Internet (Quick Access command). ms-settings:network ) In my example the public profile is assigned to the Ethernet0 network interface.
You can check the network type for the active network connection in Windows 10 using the classic Control Panel (All Control Panel Items Network and Sharing Center).
The network profile in Windows 10 is selected by the user when the device is connected to the new network for the first time. A prompt appears:
Network 2 Do you want to allow your PC to be discoverable by other PCs and devices on this network? We recommend allowing this on your home and work networks, but not public ones.
If you select “Yes”, then Personal the profile will be assigned to the network, or public Profile if you select “No”. The next time you connect to the same LAN or WiFi network, the previously selected profile is automatically assigned.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /f
You go to Settings -> Network & Internet -> Status -> . You can reset all settings and profiles for all saved network connections in Windows by selecting network reset, Then reboot the computer.
Now when you connect to the network, a network discovery request appears again.
How to Change Network Profile (Location) from Public to Private on Windows?
You can change the network profile type on Windows 10/11 using the modern Settings app. Go to “Network & Internet” -> “Status” and open your network connection settings.
From here you can switch network location profiles public To Personal and vice versa.
In Windows Server 2022/2019, the Properties option is missing from the Status tab. Therefore, choose the Ethernet section in the Network and Internet section (or the Wi-Fi section if Windows Server has wireless networking enabled). Select your network connection.
You cannot change the network connection profile type through the Classic Control Panel in Windows.
If a server or computer is connected to an AD domain, you cannot change the network type for a domain network connection. After a reboot, it will automatically switch back to the domain network profile.
Change Network Location to Public or Private with PowerShell
On Windows 10/11 and Windows Server 2022/2019/2016, you can manage network connection locations from PowerShell. Open the Advanced PowerShell Console. List Windows network interfaces and network profiles applied to them:
Get-NetConnectionProfile
In my example, there is only one physical network adapter (Ethernet 0) on the computer. public Network location (in the NetworkCategory value, you can see the following types of network profiles: Public, Private, or DomainAuthenticated).
Let’s try to change the assigned network profile for the NIC. You need to assign index to this network adapter. In this example, interfaceIndex = 8,
Name : Network 2 InterfaceAlias : Ethernet0 InterfaceIndex : 8 NetworkCategory : Public IPv4Connectivity : Internet IPv6Connectivity : NoTraffic
To change the network type to private for a network adapter with index 8, run the command:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private
Check that the network profile has changed:
Get-NetConnectionProfile -InterfaceIndex 8
Windows Defender Firewall will automatically apply firewall rules to network connections according to the assigned network profile without rebooting.
Similarly, you can change the network location to Public:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Public
or domain:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory DomainAuthenticated
You can change the network profile for all network adapters on a computer at once:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
You will not be able to change the network connection profile from domain to private or public on domain-joined computers. Make sure your computer is connected to an AD domain:
Get-CimInstance -ClassName Win32_ComputerSystem).PartOfDomain
Try changing the network location:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Public –Verbose
An error will appear:
Set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'.
How to set network location via Windows Registry?
You can change the network location using Registry Editor. Open Regedit.exe and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles. This registry section contains a list of all network connections on your computer. For each network connection there is a separate registry key with a name in GUID format ({xxxxxx-xxxxx-……..},
To find the network you need, look through all the registry keys and find the key that has the parameter profile name With Network you need the Network and Sharing Center (or the name value from the Get-NetConnectionProfile command). In our case, connected to the computer network 4,
Check your network name in profile name Registry string value. The network type is specified in grade parameter. The following values are available:
- 0 – public network
- 1 – private network
- 2 – domain network
To change the network type, set the parameter value as per your requirement and restart your computer.
Change network type using local security policy
Another way to change the network connection type is to use the Local Security Policy Editor.
run secpol.msc Snap-in and go to section network list manager policies, On the right, search for your network by its name, as it appears in the Network and Sharing Center. Open Network Properties and go to network location tab, then replace the network type with not configured To Personal and save the changes. To prevent users from changing network location profiles, check the option “User can’t change location,
Private network instead of domain on Windows Server
In newer versions of Windows Server 2022/2019, I have seen several times a bug where the domain server (or even a domain controller or RODC) itself changes the network type from domain to private.
To resolve the issue, simply restart the Network Location Awareness service services.msc console) or with a powershell command:
Get-Service NlaSvc| Restart-Service -Force (run as system account)
To fix this problem, you need to configure the delayed start type for the Network Location Awareness service. To do this, select automatic (delayed start) option in the service properties and save the changes.
Make sure that after reboot, the network type in Windows Server is now always defined as domain (not private).
If the problem occurs on an Active Directory domain controller, you need to change the dependency of the NlaSvc service so that it starts after the DNS Server service:
sc config nlasvc depend=DNS
Also, in some cases, it may help to set the DNS suffix of your domain in the network adapter settings (Network Adapters -> TCP/IPv4 -> Advanced -> DNS), “DNS Suffix” for this connection Specify your domain name in . ”, and check the option “Use this connection suffix in DNS registration”.
Leave a Comment