- Allow non-admins to access Remote Desktop - Thu, Sep 28 2023
- Which WSUS products to select for Windows 11? - Tue, Sep 26 2023
- Activate BitLocker with manage-bde, PowerShell, or WMI - Wed, Sep 20 2023
When Windows detects a new network, it asks whether you want to allow your PC to be discoverable by other PCs and devices on this network.
If you choose Yes, it will mark the network in question as private; if No, it signs it as public.
If the PC is a member of an AD domain, and this dialog box appears in the corporate LAN, this is most likely a sign that it cannot find the domain controller.
Differences between private and public
Network discovery is switched off by default in the public network profile so that the computer is not displayed by the browser service of other PCs and it cannot see other devices in the network itself.
In addition, a public profile disables file and printer sharing. In the private network, on the other hand, it is enabled, as is network discovery. Hence, a public network is more secure than a private one and is therefore set as the default for WLANs outside the AD domain.
The distinction between public and private also causes the firewall to assign different rules to a network based on profiles.
Change the network profile from private to public
If you want to change a network profile between private and public, you can do so via the Settings app. The relevant option can be found under Network and Internet. There, you can open Ethernet, for example, and then switch between profile types.
If a computer is a member of a domain, then the Network profile type section is missing because there is no option to change the domain type.
For a Wi-Fi, navigate to Network and Internet > Wi-Fi and follow the Manage known networks link there.
In the overview of wireless networks, select the desired one and click Properties.
You can then switch between private and public.
Change the network profile to private or public using PowerShell
With the following command, you can easily get an overview of all network profiles and their types:
You can change the profile type with the following command:
Set-NetConnectionProfile -InterfaceAlias Ethernet -NetworkCategory Public
To identify the network, the cmdlet accepts Name, InterfaceAlias, or InterfaceIndex. You can get all three values from the Get-NetConnectionProfile output.
If you want to change all networks in one command, you can do it as follows:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
If you try to assign the DomainAuthenticated type, the command fails with the following error message:
"Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network."
The same applies to the reverse process from private or public to domain.
Control permissions for profile types via group policies
Group policies allow admins to block users from changing profile types. The setting for this is called All Networks and is found under Computer Configuration > Policies > Administrative Templates > Windows Settings > Security Settings > Network List Manager Policies.
The User cannot change location option means that users are not allowed to switch a network between public and private.
Windows assigns a profile to each network. In the case of domains, its type is set automatically. In all other cases you can choose between public and private, and for wired networks Windows will ask the user. WLANs outside the domain network are public by default.
Depending on the selected profile type, a network has its own security settings. This applies to network discovery, file and printer sharing, and firewall rules.
Subscribe to 4sysops newsletter!
You can switch between public and private afterward, using either the GUI of the Settings app or PowerShell.