Mar 112021
 

Starting with Windows Vista Microsoft has started to take security really serious. That’s a good thing. Unfortunately in typically Microsoft attitude they think they always know best and that the user is an idiot, so it’s best to keep anything dangerous from him.

Fast forward to Windows 10 and the issue at hand:

Windows 10 tries to identify networks and based on that classifies them as private or public. The Windows firewall then changes some settings based on this classification.

Now imagine a computer installed in a special setting that is connected via LAN to some other computers in the same place. Network wise this is an isolated island, there is no connection to any company LAN or the Internet. All computers have fixed IP addresses, so there is no DHCP server involved, and provide network shares to each other.

Unfortunately Windows sees this setup as an unidentified network and classifies it as a public network. This means that many things – in particular network shares – do not work.

And since Microsoft doesn’t trust users to know what they are doing, there is no easy (GUI) way to change this. It used to be possible in Windows 7 but no longer.

So, what can be done? Google turned up lots of different suggestions but the only one that worked for me was this answer on SuperUser.com.

It gives a PowerShell script which I have adjusted to my needs:

Write-Host "current settings:"
Get-NetConnectionProfile |
  Where{ $_.InterfaceAlias -eq 'NetworkCardName'} |
  ForEach {
    $_
    $_|Set-NetConnectionProfile -NetWorkCategory Private
  }

Write-Host "new settings:"
Get-NetConnectionProfile |
  Where{ $_.InterfaceAlias -eq 'NetworkCardName'}

Write-Host "Beliebige Taste um fortzufahren..."
$Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

It reads all connection profiles, filters for the one that apply to a network adapter with a given name (which I renamed to make it unique) and changes this profile to be private. It then displays the new settings and waits for the user to press a key.

In order to work, this script must be started with administrator privileges. Of course, that would have been too simple: Microsoft also by default prevents the execution of PowerShell scripts. Again, that might be a valid security measure but in this situation it’s merely a pain in the lower back. So in order to allow scripts, we need to change this setting as suggested in yet another answer on SuperUser.com:

Start PowerShell as administrator and run the following command:

set-executionpolicy remotesigned

This allows the execution of local scripts, which is what we want. It also allows remote scripts if those are signed, which isn’t particularly what I want but apparently you can’t get one without the other.

Diesmal funktioniert alles [music video]

 Posted by on 2021-03-11 at 14:03