How to retrieve the current Windows NLA network location from command-line

command-line-interfacenetworkingscriptingwindows-server-2008-r2

We have a Windows Server 2008 R2 domain controller which always sets its NLA location to 'Network 3' after a reboot. Without fail, this defaults to Public, which screws with my Domain profile firewall settings. I have to manually disable and re-enable the network adapter before it will set itself back to the domain profile.

I've tried KB2524478 and a whole host of other things. Now I'm tired of trying to fix this problem (and fast running out of time) so just want to get around it. I was thinking about scripting the disable/enable with netsh and being done with it, but I'd like to go one step further and make sure that the NLA location is actually "Network 3" and not "the-domain.example.org" (more specifically, just checking it is not the domain) before I do. That way, I can schedule it more frequently than just on startup.

I'm just missing a piece of this puzzle — how to retrieve the location using something I can pipe to FIND /i "the-domain.example.org", so I can run it as:

<something> | ...
FIND /i "the-domain.example.org" || ...
NETSH interface set interface name="Local Area Connection" admin=DISABLED & ...
NETSH interface set interface name="Local Area Connection" admin=ENABLED

So what is <something>?

Best Answer

You can query the appropriate registry keys to see what the network profile is set to. You need to look in \HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures to find the subkey for the appropriate interface. This will require a little detective work but the easiest way is look for the MAC address of your current default gateway. Once you've located the interface's SubKey take note of the ProfileGUID. You can then use the ProfileGUID to locate that interface's Profile settings ..\NetworkList\Profiles. From there setting the REG_DWORD:Category back to 2 should set the interface's profile to Domain.

You need to turn off the NLA service before you make the change to the Category attribute. A simple net stop nlasvc will stop NLA and netprofm. Once you make the registry change restart it: net start netprofm.

Related Topic