Setting NIC profile from Domain to Public


  • Hi,

    Our freshly installed server 2016 has 2 NIC's: one connected to a private network, one directly connected to the internet. I've noticed the firewall is applying the domain profile to both NICs, exposing AD, SMB, CIFS, ... all to the public WAN. We all know what kind of security risk this is.

    I've tried this in PowerShell already: 

    Set-NetConnectionProfile -InterfaceIndex 13 -NetworkCategory Public

    Which returns with an error, saying it can't be manually changed from from DomainAuthenticated.

    I've tried demoting and removing the entire freshly installed AD on our freshly installed Windows Server 2016 aswell, yet at step 1 (removing AD Certificate Services) it returns with an error 0x80073701. As far as i could figure, this means corrupted system files (yes, on a complete freshly installed Windows Server. A round of applause for Windows Update).

    I've tried running sfc /scannow, which tells me that it found corrupted files and repaired them (over and over again). I've tried running dism /online /cleanup-image /restorehealth Which returns every time Error 14: Not enough storage available. Yet the system has 150 GB free and 16 GB RAM (of which only 25% is in use). None of these commands worked.

    I'm running out of options now. I've already configured a firewall rule that blocks all ports below 1024 with exceptions for other crucial applications, but this is obviously a terrible solution. Telling my customer once again that their entire server must be reinstalled completely (I'm not even gonna bring up what Dell has done) is not option anymore (budget, time, ...). I've tried contacting Microsoft Server Support aswell, where i get a foreigner with a strange accent, demanding money (the great MS recession of 2014 ofcourse). Does anyone have any ideas?

    Thanks in advance

    viernes, 6 de julio de 2018 13:43

Todas las respuestas