When connecting to a new network, Windows prompts you to choose its type: Public or Private. Network profiles in Windows are part of Microsoft Defender Firewall and determine the firewall rules applied based on the profile. This guide details how to switch a network profile between Public and Private.
Network Profile Types in Windows
Each network connection in Windows (whether Ethernet or Wi-Fi) is assigned one of the following profiles:
– Private Network — For home or work networks. Devices can see your computer, and file/printer sharing is available.
– Public Network — For untrusted locations (e.g., cafes, airports). Your computer is hidden from other devices, and network shares are inaccessible.
– Domain Network — For computers joined to an Active Directory domain.
The profile is assigned automatically upon first connection. To reassign a network profile, follow the steps below.
Changing the Network Profile in Windows
Using Windows Settings
1. Open Settings → Network & Internet → Status.
2. Go to the Properties of the network connection.
3. Select the desired profile: Private Network or Public Network.
Note: In Windows Server 2022/2019, the Properties option is found under Ethernet (or Wi-Fi if wireless networks are enabled).
To reset all network settings and profiles for all saved networks, go to Settings → Network & Internet → Advanced network settings → Network reset. Restart the computer afterward.
Changing Network Profile Using PowerShell
You can manage network profiles using PowerShell. Open PowerShell as an administrator and follow these steps:
1. View the list of network connections. In this example, the computer has four network connections with different profiles:
Get-NetConnectionProfile
2. Identify the InterfaceIndex of the desired network interface (e.g., 19 in this case).
3. Change the profile to Private Network:
Set-NetConnectionProfile -InterfaceIndex 19 -NetworkCategory Private
4. To revert to Public Network, run:
Set-NetConnectionProfile -InterfaceIndex 19 -NetworkCategory Public
5. Verify the profile change:
Get-NetConnectionProfile -InterfaceIndex 19
The Windows Defender Firewall will automatically apply rules based on the assigned profile without requiring a system restart.
Similarly, you can set the profile to Public:
Set-NetConnectionProfile -InterfaceIndex 19 -NetworkCategory Public
Or to Domain:
Set-NetConnectionProfile -InterfaceIndex 19 -NetworkCategory DomainAuthenticated
To change the network profile for all network adapters on the computer at once:
Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
On domain-joined devices, you cannot change the profile from Domain to Private or Public. To check if a computer is part of an Active Directory domain, use:
(Get-CimInstance -ClassName Win32_ComputerSystem).PartOfDomain
Attempting to change the profile on a domain-joined computer will result in an error:
Set-NetConnectionProfile -InterfaceIndex 19 -NetworkCategory Public -Verbose
Changing Network Profile via Windows Registry
1. Open regedit.exe and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles.
2. Locate the network’s GUID (in the format {xxxxxxxx-xxxx-……..}) under the ProfileName field.
3. Modify the Category parameter to:
– 0 — Public Network
– 1 — Private Network
– 2 — Domain Network
Restart the computer to apply the changes.
Changing Network Profile via Security Policy
The Local Security Policy editor allows you to specify the network profile:
1. Open secpol.msc and select Network List Manager Policies.
2. Find the desired network, open its properties, go to the Network Location tab, and select Private Network (Private).
Note: For domain-joined computers, the profile cannot be changed, as it will revert to Domain Network upon restart.
Issues with Domain Profile in Windows Server
On Windows Server 2022/2019, the network profile may unexpectedly switch from Domain to Private. To resolve this, restart the Network Location Awareness (NlaSvc) service:
Get-Service NlaSvc | Restart-Service -Force
To configure a delayed start for the NlaSvc service, set it to Automatic (Delayed Start).
For domain controllers, add a dependency for the NlaSvc service on DNS:
sc config nlasvc depend=DNS
In some cases, manually specifying the DNS suffix of your domain in the network adapter settings can help. Go to Network Adapter → TCP/IPv4 → Advanced → DNS, enter your domain name in the DNS suffix for this connection field, and ensure the Register this connection’s addresses in DNS option is enabled.
These steps will help you manage network profiles and resolve issues with profile changes in Windows Server.
