locked
Domain And Private Network Location? RRS feed

  • Question

  • Hi

    There is some clients on my domain always assigning private network location (and unauthenticated) to the connection instead of domain location.
    I had tried these steps but it doesn't work:

    1- disable wireless connection.
    2- disjoin the clients and rejoin them again.

    thes clients are windows vista and 7.

    how can I force the network location to be a domain location?

    • Moved by Kevin Remde Wednesday, November 4, 2009 11:41 AM (From:IT Management Planning and Technology)
    Wednesday, November 4, 2009 7:02 AM

Answers

  • Hi,

    By default, Windows Server 2008 and Windows Server 2008 R2(Windows 7) use Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, the NLA service will use a Default Gateway or SSID to identify a network. This identification is conducted by system automatically due to security consideration. We cannot change the network profile manually. Otherwise, the server will be unsafe if a local administrator right is leak even we have domain group policy to define firewall settings in public profile. A hacker can change a public profile to domain profile to allow unwanted traffic.
     
    In Windows 7 and Windows Server 2008 R2, more than one profile can be active at the same time according to which networks the computer is connected. As a result, if the server cannot contact the domain via the public NIC, it will not be identified to connect to domain network.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Proposed as answer by Kudrat Sapaev Friday, November 6, 2009 2:23 PM
    • Marked as answer by Mervyn Zhang Monday, November 9, 2009 8:52 AM
    Friday, November 6, 2009 10:19 AM

All replies

  • Amjad_211,

    This is a technical question, and doesn't fit the intended purpose of this forum.  This forum is for IT Managers to discuss systems people and project management topics.

    I've moved the thread to a more appropriate location for your question.

    Thanks!
    Kevin
    Kevin Remde US IT Evangelism - Microsoft Corporation http://blogs.technet.com/kevinremde
    Wednesday, November 4, 2009 11:40 AM
  • Hello,

    Make sure you have DNS installed on your domain controller and the clients and receiving DNS from it.
    Isaac Oben MCITP:EA, MCSE
    Wednesday, November 4, 2009 1:45 PM
  • DNS is installed and running in all clients 

    Thursday, November 5, 2009 6:23 AM
  • Hi,

    By default, Windows Server 2008 and Windows Server 2008 R2(Windows 7) use Network Location Awareness service (nlasvc) to identify networks and find the associated saved settings for the network, the NLA service will use a Default Gateway or SSID to identify a network. This identification is conducted by system automatically due to security consideration. We cannot change the network profile manually. Otherwise, the server will be unsafe if a local administrator right is leak even we have domain group policy to define firewall settings in public profile. A hacker can change a public profile to domain profile to allow unwanted traffic.
     
    In Windows 7 and Windows Server 2008 R2, more than one profile can be active at the same time according to which networks the computer is connected. As a result, if the server cannot contact the domain via the public NIC, it will not be identified to connect to domain network.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Proposed as answer by Kudrat Sapaev Friday, November 6, 2009 2:23 PM
    • Marked as answer by Mervyn Zhang Monday, November 9, 2009 8:52 AM
    Friday, November 6, 2009 10:19 AM