In this post, we will cover the concept of a network profile in Windows, consider what types of network profiles there are, what they are used for and how to change the assigned network profile from Public to Private or vice versa in Windows 10 and Windows Server 2019/2016. This is necessary if the network location is mistakenly detected as Public Network, when it should be Private.
Windows network profiles are a part of the Windows Defender Firewall with Advanced Security and allow you to apply different firewall rules depending on the type of network the computer is connected to. Depending on the profile used for your network connection, other computers may or may not see your computer on the network (network discovery settings), use shared network folders and printers.
What is a Network Location (Profile) in Windows?
Network profiles firstly appeared in Vista/Windows Server 2008. In Windows 10 (Windows Server 2016), you can assign one of the following network security profiles (locations) for your NIC (network interface card), whether Ethernet or Wi-Fi:
- Private or Home network – a profile for a trusted network (home or office networks). In such a network, the computer will be available for discovery by other devices; you can share your files and printers.
- Public network – a profile for an untrusted network (public Wi-Fi network in the subway, cafe, airport). You don’t trust other devices on such a network, your computer will be hidden to other network devices, no one will be able to access shared network folders and printers on your computer;
- Domain network – a profile for computers that are members of an Active Directory domain. Applies automatically after joining Windows to the AD domain. You can apply domain firewall policies for this profile.
The Network Location Awareness (NLA) service is used by Windows to determine if a network connection is on a Public, Private, or Domain network.
As mentioned earlier, different Windows Firewall rules apply to your network connection based on the network profile of your NIC.
In Windows 10, you can check the current network profile (location) assigned to the network connection in the Settings -> Network & Internet. In my screenshot, you can see that the Open (Public) profile is assigned to the Ethernet0 NIC.
In the classic Control Panel, the network type for active network connections is displayed here: Control Panel -> All Control Panel Items -> Network and Sharing Center. But you cannot change the assigned network location from the classic Control Panel. For example, in Windows Server 2012 R2 / Windows 8.1, you can only change the network profile through the PowerShell, registry, or local security policy (described below).
How to Set a Network Profile in Windows 10?
The network profile in Windows 10 is selected by the user when the device connected to the new network for the first time. A prompt appears:
Network 2 Do you want to allow your PC to be discoverable by other PCs and devices on this network? We recommend allowing this on your home and work networks, but not public ones.
If you select “Yes”, the Private profile will be assigned to the network, or the Public profile if you select “No”. The next time you connect to the same LAN or WiFi network, the previously selected profile is automatically assigned.
You can hide “Network Location Wizard” when connecting to a new network through the registry. Just create an empty registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\NewNetworkWindowOff. After that, all networks are considered Public.
You can reset all settings and profiles for saved networks in Windows 10 by selecting Settings -> Network & Internet -> Status -> Network Reset and reboot the computer.
Now when you connected to the network, a network discovery request appears again.
How to Change Windows 10 Network Location from Public to Private?
You can change the network profile from the Windows 10 GUI. If you are using the new Settings panel, go to “Network & Internet” -> “Status” -> “Change connection properties”.
Here you can switch the network location profile from Public to Private and vice versa.
You cannot change the network profile from the classic Control Panel in Windows 10.
Also, you cannot change the network profile on the domain-joined computer. The Domain profile will always be used for a domain network connection.
Change Network Types Using PowerShell in Windows 10
On Windows 10/Windows Server 2016/2019, you can manage network connection location from the PowerShell. Run the elevated PowerShell console.
Now use the Get-NetConnectionProfile cmdlet to get a list of network adapters on your computer and their associated network profiles.
In my example, there is only one physical network adapter on a computer with a Public network location type (in the NetworkCategory value, you can see the following types of network profiles: Public, Private or DomainAuthenticated).
Let’s try to change the assigned network profile for the NIC. We need to get the index assigned to this network card. In this example, InterfaceIndex is 8.
Name : Network 2 InterfaceAlias : Ethernet0 InterfaceIndex : 8 NetworkCategory : Public IPv4Connectivity : Internet IPv6Connectivity : NoTraffic
After you get the network adapter index, you can change the network type to Private:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private
Check that the network profile has changed:
Get-NetConnectionProfile -InterfaceIndex 8
The new firewall rules will be applied to the interface according to the assigned network profile without rebooting.
You can also change the network profile for all network adapters of the computer at once:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
Setting Network Type Using Windows Registry
The network type can also be changed from the Registry Editor. To do this, run regedit.exe and go to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles. This registry key contains profiles of all network connections.
You can find the necessary network profile by its name listed (from the Network and Sharing Center) in the ProfileName registry parameter.
The network type is specified in the Category parameter. The following values are available:
- 0 — Public Network
- 1 — Private Network
- 2 — Domain Network
Change the key value to the one you need and restart your computer.
Changing Network Location Type Using Security Policy
Another way to change the network location type is to use the Local Security Policy Editor. Run secpol.msc snap-in and go to the section Network List Manager Policies. On the right, find your network by its name as it is displayed in the Network and Sharing Center. Open the network properties and go to the Network Location tab, then change the network type from Not configured to Private and save the changes. To prevent users from changing the network profile, select the option “User cannot change location”.
Note. If a server or a computer is joined to the AD domain, you cannot change the network type. After the reboot, it will automatically change back to the Domain Network.