none
How to have "network location awareness" default to home profile? RRS feed

  • Question

  • How can I configure my image so that it always defaults to home profile for "network location awareness"?

    I found some threads stating that this can be done thru group policy. I have added the group policy editor but don't see the appropriate local policies listed so I don't know how I can change them. Can this be set using a reg setting? I'm really stuck on this one. There has to be a way that an embedded system have total control over the policy that gets implemented when it's plugged into a network. Our system will be headless so there is no way for the user to pick the profile manually. I don't want it to default to public as that has a way too restrictive firewall and sharing policy. Hopefully, someone has some suggestions.

    Tuesday, October 26, 2010 8:13 PM

All replies

  • Select "7 OOBE System" in ICE and then go to "Product->Operating System->Foundation Core" and go to the setting name "OOBE->NetworkLocationn". And you can pick values like Home, Work, Public, etc.

     

    Wednesday, October 27, 2010 12:58 AM
  • Select "7 OOBE System" in ICE and then go to "Product->Operating System->Foundation Core" and go to the setting name "OOBE->NetworkLocationn". And you can pick values like Home, Work, Public, etc.

     


    That sure seems like it should work, and the documentation says it should, but I've never seen it stick. Even if it did, I'd be worried about moving it to a new network. The way I handled the problem on our device was to configure the firewall to allow access to the things we wanted on public networks. The advanced view for the firewall is very useful, and it will let you export your settings so you don't need to go through it all again if you need to rebuild the image.
    Wednesday, October 27, 2010 11:53 AM
  • I'm going to try what techgeek suggested but I have a feeling that if I move the system to a new network, it will prompt for the network profile to use which would be unacceptable. I was going to go down the road that Jonathan suggested and just stick with the public profile and add the exceptions that I need in the firewall. The issue I'm running into there is that I can't get remote desktop connection to work on the system when the public profile is enabled. I made sure I added the firewall exceptions for RDP and made sure they applied to the public profile but it's still a no go. I have been searching for a work around but I can't find one. RDP is a must for this particular system. I'm also worried about other things that might be clamped down on a public profile that I'm not aware of. So I still would like to be able to have control over what profile gets applied whenever the system is plugged into a new network.

    So still looking for a good answer here. Hopefully, someone from Microsoft can chime in with a solution.

    Wednesday, October 27, 2010 12:03 PM
  • Select "7 OOBE System" in ICE and then go to "Product->Operating System->Foundation Core" and go to the setting name "OOBE->NetworkLocationn". And you can pick values like Home, Work, Public, etc.

     

    Unfortunately, this will only set the profile for the first boot. If the system is moved to a new network, the NLA window comes up asking for what profile to use. So this is not a fix for my situation unfortunately. So still looking for a solution.

     

    Please MS, can you chime in and provide a solution. This is a must feature for an embedded system.

    Wednesday, October 27, 2010 1:49 PM
  • I believe that there is a group policy to prevent the NLA window from appearing. I don't have my device handy at the moment so I can't look it up for you. I think the setting prevents users from changing their network location, so it doesn't pop it up at all. You may want to check if there is an option for the default location to use as well.

    To make sure that everything available on a Home network is also available on a Public network, you can go through the advanced firewall configuration and edit every rule. Make the checkbox for Public in each rule match the checkbox for Home. I would expect this to allow RDP to function properly. If not, then something strange is going on that you'll have to wait for MS to help out with.

    Wednesday, October 27, 2010 3:04 PM
  • I believe that there is a group policy to prevent the NLA window from appearing. I don't have my device handy at the moment so I can't look it up for you. I think the setting prevents users from changing their network location, so it doesn't pop it up at all. You may want to check if there is an option for the default location to use as well.

    To make sure that everything available on a Home network is also available on a Public network, you can go through the advanced firewall configuration and edit every rule. Make the checkbox for Public in each rule match the checkbox for Home. I would expect this to allow RDP to function properly. If not, then something strange is going on that you'll have to wait for MS to help out with.


    There is a security policy setting. I have added the "Group Policy Management" component to my image but I can't figure out how to use it to modify the local security policy on the system. The "Security Settings" option is completely missing from the group policy editor window. Fustrating to say the least.
    Wednesday, October 27, 2010 3:21 PM
  • There is a security policy setting. I have added the "Group Policy Management" component to my image but I can't figure out how to use it to modify the local security policy on the system. The "Security Settings" option is completely missing from the group policy editor window. Fustrating to say the least.

    Strange, I have it. I'm not sure what package is adding it - none of the optional dependencies of Group Policy Management seem to be related to that option. For what it's worth, I have everything in System Management and Networking (except Telnet server). In Security I have Application Security, Security Base and Windows Security Center.

    And yes, this can get very frustrating. It me quite a while to figure out that all incoming connections are blocked unless you install the firewall and configure it to allow them. These networking related sections seem to have especially poor documentation.

    Wednesday, October 27, 2010 3:47 PM
  • There is a security policy setting. I have added the "Group Policy Management" component to my image but I can't figure out how to use it to modify the local security policy on the system. The "Security Settings" option is completely missing from the group policy editor window. Fustrating to say the least.

    Strange, I have it. I'm not sure what package is adding it - none of the optional dependencies of Group Policy Management seem to be related to that option. For what it's worth, I have everything in System Management and Networking (except Telnet server). In Security I have Application Security, Security Base and Windows Security Center.

    And yes, this can get very frustrating. It me quite a while to figure out that all incoming connections are blocked unless you install the firewall and configure it to allow them. These networking related sections seem to have especially poor documentation.

    That you very much for your help. I was missing the "Windows Security Center" component. Adding that gave me access "Security Settings" in gpedit.msc. Unfortunately, I'm still stuck. I went and changed [Network List Manager Policies][Network] network location type to private in gpedit.msc. Plugged into a new network and it defaults the new location to Public. Nice! Just what I wanted.... NOT! Argh....

    It doesn't look like Microsoft frequents these forums too much. I'm going to have to get support through my distributor. That will be fun I'm sure and I don't have too much confidence that they'll find a solution.

    In the meantime, I'm going to have to look more closely at configuring the public profile so that it will do all the thingss I need as you have suggested Jonathan. Man, this is such a major oversight on MS's part for an embedded OS. How can one create and embedded system when we have no control over what happens when a customer plugs their system in their network. Oh well, such is life!

    Wednesday, October 27, 2010 6:01 PM
  • xAragornx,

    did you come further ?
    Any news on this Topic ?

    Thx,

    DanB
    #

    Wednesday, November 3, 2010 12:11 PM
  • xAragornx,

    did you come further ?
    Any news on this Topic ?

    Thx,

    DanB
    #

    I was never able to make the profile default to home. The only "fix" was to use Jonathan's suggestion and just hide the NLA window from showing and editing the public firewall setting to make the private ones and let the profile default to public. Not exactly what I wanted but at least I have some control over what happens.
    Wednesday, November 3, 2010 12:20 PM
  • What does ICE stand for
    Monday, January 9, 2012 4:43 PM
  • Image Configuration Editor
    Monday, January 9, 2012 4:54 PM
  • In the meantime, I'm going to have to look more closely at configuring the public profile so that it will do all the thingss I need as you have suggested Jonathan. Man, this is such a major oversight on MS's part for an embedded OS. How can one create and embedded system when we have no control over what happens when a customer plugs their system in their network. Oh well, such is life!

    Did you end up going to the Advanced Firewall and sorting by profile and enabling public on the rules that were only just private?  Can you elaborate more on what you did exactly (Clear steps that someone can follow) in the Group Policy and in the Firewall for people that come here in the future?

    Thanks!

    Wednesday, March 7, 2012 1:04 AM
  • That's exactly what I did. I enabled public access to all the firewall rules that I was interested in for my device. This way, it doesn't matter what the profile is currently selected. There is a registry key that one can set to hide the location awareness dialog window from showing. Then plugging into a new network will set future network profiles to public.

    To disable the window:

    Create a new Registry key (without any value) NewNetworkWindowOff in KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network


    • Edited by xAragornx Wednesday, March 7, 2012 2:54 PM
    Wednesday, March 7, 2012 2:52 PM