Compartir a través de


How-to use Powershell to change the Network location type (to Private or Public)

 

Here is how to change the Network type of a specific network (or networks) to Private or Public, to help you better master Firewall policies.

This is especially useful if you have a bunch of Windows 2008 servers on a DMZ as it’s more and more the case, which are not controlled by GPOs then.

Credits goes to Vladimir Averkin’s great Powershell post, that I slightly modified to  be a little bit more precise regarding the settings. I added the $PrivateNetwork and $PublicNetwork variables to better understand the use of the SetCategory() .Net method.

 

 

#Static variables definition (never change them)

$PrivateNetwork=1

$PublicNetwork=3

 

#####################################

##### CHANGES TO CUSTOMIZE ": #####

##### - Network name(s) #####

##### - Set to Private or Public#####

#####################################

#Change the network name on the line below to the network name you want to change:

$NetworkNameFilter1 = "Partial name with wildcard or full network name"

#Change the type you want to assign to the above named network :

$NetworkTypeAssignment = $PrivateNetwork

#######################################

##### End of changes customization#####

#######################################

# Better for error control - Script is working from Vista to upper OS versions, including server OS

# => skip network location setting for pre-Vista operating systems

if([environment]::OSVersion.version.Major -lt 6) { return }

# Optionnal - skip network location setting if local machine is joined to a domain.

#if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }

# Get network connections

$networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))

$connections = $networkListManager.GetNetworkConnections()

# Set network location to Private for all networks :

#$connections | % {$_.GetNetwork().SetCategory(1)}

#Set network location for networks matching the $NetworkNameFilter1 filter :

$connections | % `

{

#Change the $NetworkNameFilter1 string variable earlier in the script to identify which network you want to set to public or private :

If ($_.GetNetwork().GetName() -like $NetworkNameFilter1)

{

Write-Host "Network category of "$_.GetNetwork().GetName()"was perviously set to "$_.GetNetwork().GetCategory()

$_.GetNetwork().SetCategory($NetworkTypeAssignment) #Category "1" is meant for Private Network, and Category "3" is for Public Network

Write-Host "Network category of "$_.GetNetwork().GetName()"network changed to "$_.GetNetwork().GetCategory()

}

}

Comments

  • Anonymous
    January 11, 2012
    When i tried this I received the following error message: Network category of  ClinicaCHC.local was previously set to  2 Exception calling "SetCategory" with "1" argument(s): "Access is denied. (Excep tion from HRESULT: 0x80070005 (E_ACCESSDENIED))" At C:scriptsSetNetwork.ps1:45 char:32
  •     $_.GetNetwork().SetCategory <<<< (1)    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException    + FullyQualifiedErrorId : ComMethodTargetInvocation Network category of  ClinicaCHC.local network changed to  2 I am not real familiar with Powershell and am not sure how to troubleshoot this. Any ideas? Thanks
  • Anonymous
    August 22, 2013
    I think running this on a windows 8 computer and it did not work.  I got a prompt with the following: "cmdlet ForEach-Object at command pipeline position 1 Supply values for the following parameters: Process[0]:"

  • Anonymous
    September 01, 2014
    Thanks for the effort but I would rather recommend using Valdimir Averkin's post:
    1. In Sammy's post, checking for domain is commented out, which means the script will produce errors when connected to domain. For production code one must have such checks.
    2. If improving, why would make it a function and hiding these 'improvements' inside the funciton? I do not really appreciate creating a lot of variables in the open scope.
    3. Piping through WHERE would be better and clearer way than using the IF inside the block.
    4. In practice, you do not output inside such code. Just return exit code and manage the user interface in the calling code.
    By the way, nowhere it is referenced that chaning network type may require administrative login. Well, it is implied, right? ;)