Windows Unidentified network

There are things that will bug me from time to time when setting up a new system in regards to how software is implemented. I'm sure this is common for other people in similar situations, most of the time it is just easier to ignore whatever the issue is - especially if it is just 'cosmetic'. This particular issue falls somewhere in the middle of cosmetic and possibly problematic, but I would prefer it to be gone, nonetheless...

The issue I'm speaking about is one regarding Windows Vista/7/2008 Server and the 'Unidentified network'. Before we dive into fixing the unidentified network categorization, a little explanation on how the process works: The Windows Operating System wants to classify each active network interface, in order to determine what category to place the adapter in. Inside the Control Panel, click on Network and Internet, then click View network status and tasks. In the default view, this should bring you to the 'Network and Sharing Center'. Inside the section 'View your active networks', each connected network interface will be displayed.

Each network interface is then categorized as either Public, Private, or Domain. Once the interface is automatically assigned to one of these categories, certain rules are applied. The rules are related to the Windows Firewall, Network Discovery, and Network Sharing.

Let's exclude the Domain category for a moment and talk about Public and Private networks. Usually when a new network interface is activated (this includes Wireless networks) a window will appear asking you if the network is part of a public or private network. The Public option is intended to be just that: public areas, which would typically be locations outside of your 'trust zone'. With Public networks, you get the most secure settings applied to that interface, which include Firewall, Network Discovery and Sharing settings. Private networks will get less secure options applied, but usually allow more plug and play functionality like: Windows Firewall being less restrictive, Sharing allowed by default, etc.

Quite honestly, in a company network - most of the time you don't necessarily want all this automatic stuff to happen. Us network people like to think we are smart enough to know what is best for our systems and don't want Windows (or anything else for that matter) to try and figure it out for us. Nonetheless, most all default software installations and factory hardware configurations are geared toward the automatic, I know what is best for you configuration.

In this specific example, I have a crossover connection between two Windows 2008 servers that will be used with Microsoft Clustering Services. With this connection, I have the least amount of properties assigned to the interface. All I need is and IP address and subnet mask. There won't be any default gateway, DNS servers, etc - just enough to communicate over a point to point connection with another host. Another common example of when you would have this same type configuration is when you have a secondary adapter in a machine that is communicating to device on the same subnet and no routing is involved, such as an interface being used for iSCSI storage connection. Even though this is a common enough configuration in the business world, Windows can't seem to figure out what to do with it. So, what happens is the interface becomes part of an 'Unidentified Network' and takes on the properties of the Public network settings (strict firewall, no sharing, etc.).

The fix to this is to tell Windows not to try and automatically determine what type of connection it is, but that it is an endpoint device and is not a connection to a true external network. Consequently, Windows will then ignore the endpoint device when Windows identifies networks. The Network Awareness APIs indicate that the device does not connect the computer to a network. For end users in this situation, the Network and Sharing Center and the network icon in the notification area do not show the NDIS endpoint device as connected. However, the connection is shown in the Network Connections Folder.

So, for every interface that you don't want showing up as an 'Unidentified network' like the example below:

all you have to do is the following:

At a command prompt, run: ipconfig /all

Find the interface that is showing up as Unidentifed, which in this case has been renamed to Crossover:

and make note of the Physical Address (The image above has the mac address erased).

Next, invoke powershell at the command line. Once that the PS command prompt, issue the command: get-wmiobject win32_networkadapter as shown below:

Once the powershell output is displayed, match up the Physical Address obtained from the previous ipconfig output with the MACAddress field of the Powershell output. The value that needs to be obtained is the DeviceID. In our example, the DeviceID is: 10 (shown below)

Now that the proper DeviceID has been obtained, open regedit and browse to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E972-E325-11CE-BFC1-08002BE10318}

Underneath the above key, there are numbers listed for each interface on the system. Click on the number that matches the previously obtained DeviceID.

Add the following new DWORD Key:

*NdisDeviceType (be sure to include the * at the begininng)

Then edit the newly created key NdisDeviceType and set the value to *1

Close regedit and reboot the machine.

After the machine comes back up, the adapter will no longer appear in the Network and Sharing Center. However, if you click the Adapter settings link which lists all the network connections, you will see the interface. Only this time, there will be no mention of an Identified network!