Can’t Change Network Location Windows Server 2012 & 2012 R2

Out of the box the last few versions of Windows Server have had a substantial focus on security which is in general a great thing. However if you’ve experienced the “fun” wonders of not being able to RDP or ping your newly setup Windows server or have encountered issues with it after changing networks you may want to check your network location to see if it shows as Private or Public. Not only do these have a vastly different set of default firewall rules in general any network you connect your server to should be a private network.

Great, so how do we change the network location? Well for starters you can’t simply click the location and change it to public like you can on a Windows desktop machine. To change this we’ll need to enter the run dialog box (right click start and choose run). Then type secpol.msc and hit enter.

Screen Shot 2016-07-30 at 7.31.13 PM

Once you’ve done this you will want to choose “Network List Manager Policies” on the left hand side of the msc window.

Screen Shot 2016-07-30 at 7.31.30 PM

Next we’ll right click “unidentified networks” and choose properties. The following window will appear, select the radio button for “private” and click ok. You should now see your network change from public to private.

Screen Shot 2016-07-30 at 7.31.47 PM

New House = New Network

Hey there everyone, sorry for not posting recently, I have been in the process of buying a house so things have been hectic! Given the new house I am moving into has some generous square footage, I thought I would take the opportunity to build an enterprise class home network to support all my needs. The idea is to create a separate VLAN for home traffic, lab network, and guest network. I happened upon a fantastic deal on a Ubiquity AirRouter and 2 Unifi APs. So here’s the breakdown of gear for the new network:

 

  • 1 x Netgear cable modem
  • 1 x Ubiquity Air Router
  • 1 x Ubiquity Unifi AP
  • 1 x Ubiquity Unifi AP -LR (long range)
  • 1 x Dell Powerconnect 5324

 

I started by creating VLANs 100, 200, and 300 respectively home, lab, guest on the AirRouter creating a virtual IP for the gateway on each. From there I connected LAN0 to G1 on the Dell Powerconnect. On the Powerconnect I trunked G1 to carry all 3 VLANs on the network. From here I connected ports g23 and g24 to the APs trunking VLAN 100 and VLAN 300 with an VLAN tagged for each SSID on the APs in the Unifi software wireless controller. For each of my 3 VM hosts I trunked the relevant VLANS (100 & 200) and setup vSwitches to tag each so that they can be assigned as needed to VMs, allowing my fileserver/print server, DC/DNS, and DHCP to remain on the home VLAN while isolating VMs for lab testing on their own VLAN 200. For each DRAC port I have tagged an access VLAN, as well as the tagged an access VLAN on my NAS’s switchport. All in all this setup is working great, the ability to roam between APs seamlessly and the isolation offered is fantastic. The setup took a while to configure, but it was definitely worth it.

 

So you may be asking yourself why so much network segmentation. The answer is quite simple, I wanted to provide my guests the ability to access the internet but to safeguard the rest of our network from any viruses or malware our guests might bring with them. The decision to isolate the lab from home was also a calculated decision to be able to experiment with DHCP and other things that may disrupt the normal flow of our home network thus invoking the “wife rage” when her internet stops working. I’d be interested to see what other folks are running in their home network, feel free to comment and discuss your home network topology or home labs.

]

Hey there everyone, sorry for not posting recently, I have been in the process of buying a house so things have been hectic! Given the new house I am moving into has some generous square footage, I thought I would take the opportunity to build an enterprise class home network to support all my needs. The idea is to create a separate VLAN for home traffic, lab network, and guest network. I happened upon a fantastic deal on a Ubiquity AirRouter and 2 Unifi APs. So here’s the breakdown of gear for the new network:

  • 1 x Netgear cable modem
  • 1 x Ubiquity Unifi AP
  • 1 x Ubiquity Unifi AP -LR (long range)
  • 1 x Dell Powerconnect 5324

I started by creating VLANs 100, 200, and 300 respectively home, lab, guest on the AirRouter creating a virtual IP for the gateway on each. From there I connected LAN0 to G1 on the Dell Powerconnect. On the Powerconnect I trunked G1 to carry all 3 VLANs on the network. From here I connected ports g23 and g24 to the APs trunking VLAN 100 and VLAN 300 with an VLAN tagged for each SSID on the APs in the Unifi software wireless controller. For each of my 3 VM hosts I trunked the relevant VLANS (100 & 200) and setup vSwitches to tag each so that they can be assigned as needed to VMs, allowing my fileserver/print server, DC/DNS, and DHCP to remain on the home VLAN while isolating VMs for lab testing on their own VLAN 200. For each DRAC port I have tagged an access VLAN, as well as the tagged an access VLAN on my NAS’s switchport. All in all this setup is working great, the ability to roam between APs seamlessly and the isolation offered is fantastic. The setup took a while to configure, but it was definitely worth it.

So you may be asking yourself why so much network segmentation. The answer is quite simple, I wanted to provide my guests the ability to access the internet but to safeguard the rest of our network from any viruses or malware our guests might bring with them. The decision to isolate the lab from home was also a calculated decision to be able to experiment with DHCP and other things that may disrupt the normal flow of our home network thus invoking the “wife rage” when her internet stops working. I’d be interested to see what other folks are running in their home network, feel free to comment and discuss your home network topology or home labs.

[/wr_column]