Powershell – Windows 8.1 Hyper-V network adapter is set to public and won’t save as private

powershellwindows-8.1

I have a collection of Windows 8.1 machines that run Hyper-V for unit testing. We often use PowerShell to script changes to these systems to ease our administration. However, we've been having trouble enabling powershell remoting on these machines.

We run the following command on these machines to attempt powershell remoting enabling

Enable-PSRemoting -force

But we always get the following error:

WinRM firewall exception will not work since one of the network connection types on this machine is set to Public. Change the network connection type to either Domain or Private and try again.

The network adapters Are as follows:

Name             : Network  2
InterfaceAlias   : vEthernet (Broadcom NetXtreme Gigabit Ethernet)
InterfaceIndex   : 13
NetworkCategory  : Private
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

Name             : Unidentified network
InterfaceAlias   : vEthernet (Windows Phone Emulator Internal Switch)
InterfaceIndex   : 10
NetworkCategory  : Public
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic

I tried running the following scripts to set the unidentified network to be private

Set-NetConnectionProfile -name "Network  2" -NetworkCategory private
Set-NetConnectionProfile -name "Unidentified Network" -NetworkCategory private

However these scripts work for the duration of the machine's uptime, but when the machine reboots, the Unidentified network reverts back to the public.

Why is this resetting, and how can I get the scripted change to persist?

Thanks!

Best Answer

You can exclude certain nics from NLA (Network Location Awareness). Very common to do this in VMware workstation scenarios since the VMware nics always end up as unidentified/public. Here's how:

Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
You will find enumerated keys like 0000, 0001, 0002 and so on.
Expend them one by one and look for DriverDesc REG_SZ value data.
In the same registry key where you found the name of the nic to exclude (DriverDesc value), create another new DWORD Value, name it *NdisDeviceType (it Case Sensitive!!). Double click on this value and in "Value Data" field put 1 as Decimal data

(snipped from) http://www.petri.co.il/forums/showthread.php?t=45181

Related Solutions

Powershell – Administering EC2 instance with Windows Powershell

On EC2, you need to open port 5985, the default WinRM remoting port on your security group so that you can connect to the instance from your IP address.

On the instance in the cloud, do a:

winrm quickconfig -quiet

On your workstation:

set-item wsman:\localhost\Client\TrustedHosts -value "*" -force
Invoke-Command {Get-Service} -ComputerName <hostname> -Credential administrator

And that should get you going.

Powershell remoting to a server using CNAME, not COMPUTER NAME

What I did to resolve this issue was to create a proxy function for Enter-PSSession that resolves the CNAME for me. This might not work in your case, depending on why you need to use the CNAME, but this works for me.

Details on proxy powershell functions: http://www.windowsitpro.com/blog/powershell-with-a-purpose-blog-36/windows-powershell/powershell-proxy-functions-141413

Full function:

function Enter-PSSession {
[CmdletBinding(DefaultParameterSetName='ComputerName')]
param(
    [Parameter(ParameterSetName='ComputerName', Mandatory=$true, Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
    [Alias('Cn')]
    [ValidateNotNullOrEmpty()]
    [string]
    ${ComputerName},

[Parameter(ParameterSetName='Session', Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.Runspaces.PSSession]
${Session},

[Parameter(ParameterSetName='Uri', Position=1, ValueFromPipelineByPropertyName=$true)]
[Alias('URI','CU')]
[ValidateNotNullOrEmpty()]
[uri]
${ConnectionUri},

[Parameter(ParameterSetName='InstanceId', ValueFromPipelineByPropertyName=$true)]
[ValidateNotNull()]
[guid]
${InstanceId},

[Parameter(ParameterSetName='Id', Position=0, ValueFromPipelineByPropertyName=$true)]
[ValidateNotNull()]
[int]
${Id},

[Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName=$true)]
[string]
${Name},

[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[switch]
${EnableNetworkAccess},

[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)]
[system.management.automation.pscredential]
${Credential},

[Parameter(ParameterSetName='ComputerName')]
[ValidateRange(1, 65535)]
[int]
${Port},

[Parameter(ParameterSetName='ComputerName')]
[switch]
${UseSSL},

[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)]
[string]
${ConfigurationName},

[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[string]
${ApplicationName},

[Parameter(ParameterSetName='Uri')]
[switch]
${AllowRedirection},

[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[ValidateNotNull()]
[System.Management.Automation.Remoting.PSSessionOption]
${SessionOption},

[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[System.Management.Automation.Runspaces.AuthenticationMechanism]
${Authentication},

[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[string]
${CertificateThumbprint})


begin
{
    try {
        $outBuffer = $null
        if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))
        {
            $PSBoundParameters['OutBuffer'] = 1
        }
        $PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName
        $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.Core\Enter-PSSession', [System.Management.Automation.CommandTypes]::Cmdlet)
        $scriptCmd = {& $wrappedCmd @PSBoundParameters }
        $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
        $steppablePipeline.Begin($PSCmdlet)
    } catch {
        throw
    }
}

process
{
    try {
        $steppablePipeline.Process($_)
    } catch {
        throw
    }
}

end
{
    try {
        $steppablePipeline.End()
    } catch {
        throw
    }
}
<#

.ForwardHelpTargetName Enter-PSSession
.ForwardHelpCategory Cmdlet

#>

}

The only line I added was:

$PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName

This simply resolves the CNAME to the FQDN in the proxy function before calling the native Enter-PSSession.

This allows me to set *.mydomain.local in my TrustedHosts via Group Policy, and I can still use "Enter-PSSession ShortName" or "Enter-PSSession CNAME" without having to mess with additional SPNs, etc.

Best Answer

Related Solutions

Powershell – Administering EC2 instance with Windows Powershell

Powershell remoting to a server using CNAME, not COMPUTER NAME

Related Topic