• No dates present

Vista Networking

I use Vista at work (with UAC enabled; as a programmer I believe that for all the hassle UAC introduces it’s still a step in the right direction — a position that only gets reinforced when I hang around software installation forums and listen to all the sob stories from “developers” who bemoan that their software mysteriously doesn’t work on Vista any more), as I might have mentioned before.

One thing about it that does seriously aggravate me though is the dumbed-down (and fundamentally broken) Network and Sharing Center. Everything works wonderfully if you have exactly one network adaptor which acts as your gateway to the Internet — which admittedly probably covers at least 60% of the public (with most of the remainder being covered by people with one wired and one wireless connection [eg. laptops], each of which could be the gateway to the Internet, but only one at a time).

Stray from this model, though, and you’re in for a world of pain. As it happens, my work PC has an extra network card (used to connect to embedded devices on a dedicated subnet, both to avoid cluttering the main network and to more easily talk to devices with fixed IPs), and it also has VMware installed, which creates two or three extra adaptors of its own.

Vista has a fairly simple classification model for its firewall. Each individual adaptor (or “connection”) can be specified as either Public or Private. Public is intended for insecure locations (eg. Internet cafes or stray wireless access points), while Private is intended for secure locations (home or office LAN). Unsurprisingly, in order to be secure by default, any new connection is considered Public by default, and if any connection is Public, then your computer as a whole is considered to be in a Public location and certain services are disabled. To resolve this, you can just go into the network control panel and change the connection to Private, then you’re good to go.

Or are you? The problem I’ve been having (and I’m not alone) is that Vista seems to have a very bad memory for connections that don’t actually lead to real networks (I’m not entirely sure what its criteria is, but I suspect it involves whether it can find a DHCP server on the network or not). Because of this, it has a tendency to flip connections back to Unidentified and Public again whenever you reboot — which in turn will go disable those services that aren’t considered public-safe. (This includes file sharing, which is very handy to have available, especially at work.)

Now, it is possible to change around the public profile in the firewall settings, so that the services are still available even if it does flip to public mode. That’s not very clean, though, especially if sometimes you really do want to go Public (eg. with a wireless adaptor) and keep things secure.

From a bit of investigation (and Googling), I’ve discovered the following workaround to the problem. This essentially “hides” the connections from the networking control panel — you can still see them in the Network Connections folder, but they won’t appear in the Network and Sharing Center and they won’t be considered when Vista is deciding whether the computer as a whole is Public or Private.

This procedure requires a regedit hack, so it’s not for the faint of heart (and don’t forget to take backups, etc etc):

  1. Run regedit.
  2. Go to HKLM\SYSTEM\CurrentControlSet\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.
    Under here, you’ll find a list of 0000 to 00nn (it went up to 0017 in my case; it’s likely to be different on your PC depending on how many adaptors you have).
  3. Look through each of the keys in turn until you find the one that refers to the specific Adaptor that’s causing the problem.
  4. Add a DWORD value called “*NdisDeviceType” (don’t forget the leading *) and give it the value 1.
  5. From Network Connections, disable the adaptor, then re-enable it.
  6. The adaptor should no longer be visible in the Network and Sharing Center, and (if there aren’t any more) you should be back to the Private profile.

What this will do is to tell the network discovery component that this adaptor connects directly to a single host rather than to a network, so it won’t try and look for DHCP servers (or whatever it is that it actually does) on there and go mental when it can’t find any. It won’t affect the bit of Windows that actually lets you talk to devices on that network, though, so everything else should still work fine.

Note: you should only disable a connection like this if you’ve experienced this problem and if the connection is never used to connect to the Internet. It’s strictly for secondary mini-networks.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>