I'm not sure what exactly this feature is called. But in Windows Server 2008, it has the Vista Public/Private/Domain locations. This makes sense for laptops, and none at all for servers.

My problem is that sometimes some network adapters decide they are now on a public network. This completely activates the firewall, even for the "domain" networks. So net effect is that I reboot some machines, and then they never come back on the network until we KVM in and tell it that the network is private.

What's the name of this feature? Is there a GP setting I can use to turn it off and make all networks be "domain"?

Edit: Thanks, that's that NLA is. I tried disabling the service on a non-domain machine, and it just flips everything public. On a domain machine, the Network List Service refuses to stop -- I'll try group policy.


Just ran into this exact problem. Unidentified networks are by default set to type of "Public". This is awkward when you want Windows Firewall to be active on Public networks but not Private ones -- and your internal network is always "Unidentified".

What's an "Unidentified" network to Windows Server 2008?

The Network Lists service (netprofm) works with the Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, if any. The NLA service will use a Default Gateway or SSID to identify a network, so if the NIC has neither a Default Gateway or associated SSID, then NLA will determine that the network is Unidentified.

You can however change the default -- so that so-called "Unidentified" networks will be defaulted to something other than Public:

  1. Open Administrative Tools -> Local Security Policy.

  2. Highlight the "Network List Manager Policies" item, then double click the "Unidentified Networks" on the right panel.

  3. Set the "Location Type" to "Private" or "Public".

screenshot of change being made in Windows 2012 Server

Worked for me!


The service you meantion is called "Network Location Awareness" or NLA. It determines what kind of connectivity you have and makes connection specific information available to other applications or services. The Advanced Firewall in Windows Server 2008 uses the NLA information to apply specific firewall settings.

It's a Windows Service, so you could disable the service.


Had the same precise issue; a couple of Windows 2012 servers that would occasionally sulk and decide that their only NIC was a "Public" interface, rather than a "Domain" interface.

Through the power of the interwebs, I came across this helpful post, which, summarized, simply says to restart the "Network Location Awareness" service and see if that fixes the issue. If it does, then to prevent the problem from recurring, simply change the start-up type from "Automatic" to "Automatic (Delayed Start)".


I do not believe that there is group policy that will let you assign a network profile (it is determined by the Network Location Awareness, more information here: http://msdn.microsoft.com/en-us/library/ms739931(VS.85).aspx)

You can, however, apply group policy to the servers to define the behaviour of the Advanced firewall (disabling it, allowing traffic from your administrative workstations, etc). Instructions on doing so availale here: http://technet.microsoft.com/en-us/library/cc732400.aspx


If you want to just disable the service you can create a custom group policy that disable the NLA service

Since i am a new user i cant provide you with a link so just search in google these words "disable service from group policy" The first result is what you are looking for