I'm going a little crazy here. I have a newly built Windows 2012 R2 Datacenter edition VM running on VMWare ESX 5.1 with 2 NIC's and I'm unable to control any of the NLA (Network Location Awareness) settings. This machine is NOT joined to the domain (yet). This is important as the network location determines what firewall rules are applied.
In Windows 2008 R2 I used to be able to set the domain name suffix and the system would make the network type (Private/Public) clickable, and allow me to choose a different network type. It would also take the domain name suffix and name the network location as such. This is not happening in Windows 2012.
I've looked over a bunch of articles that either show how to use PowerShell to adjust this or how to use GPO or Local Security Policy. I've tried adjusting this via LSP and GPO, by allowing user to change all attributes, however after a reboot, none of the items (name, icon, etc) are adjustable, nor does NLA properly name the network based on the DNS suffix.
1. Do the Local Security Policies (or GPO) actually change anything? If so, now that I’ve allowed changes by a user to all the network locations, how does a user change them?
2. Does Windows 2012 no longer respect the DNS suffix for a NIC? I would like to have the network name to be the same as the DNS suffix.
I did some more testing and I created 2 domain controllers. I added a 2nd private NIC to the server with a completely different subnet. The network identifies this network connection as a Domain connection and names the connection as such (same name as the domain)!
3. Is there a way to change this network location type and name?! This 2nd NIC should NOT be part of the domain!!! (It needs different firewall rules and different DNS suffix!).
Is it me or did MS really drop the ball on this one in Windows 2012?
-Thanks
Paul
Best Answer
You can change this on a granular level directly to each interface via PowerShell. Each interface in the machine receives it's own Index number which you specify the Network Type. The only caveat that you need to understand is that you can only change to either public or private. Domain only gets selected after joining the domain so since you are testing I would suggest you test everything first not on the domain and then join the domain and I suspect everything will be configured like you need it to be. You could also export your finished firewall rules to a settings file and human readable file and compare the human readable file using winmerge or something similar to verify or determine any changes after joining the domain. Let me know if you need help doing that and I can explain exporting the firewall as well if needed.
Check out this tutorial on how to do this via powershell: http://www.1337admin.org/windows-server/windows-server-2012-r2/change-network-location-using-powershell-in-windows/