Windows Firewall / Wi-Fi Public vs Private profiles

Windows Firewall / Wi-Fi Public vs Private profiles

Posted by on 14. J 2023 in Blog

This is just for my personal notes – I’m using this method to make sure that a machine is unable to browse the internet, unless VPN is connected.

Ofc you also need to define outbound rules for your vpn-host. And also make a rule, that allow connecting to your DCs from any profile (that way it can detect if it’s on a domain-network instead and change a profile to that).

If using Always-On-VPN, then also make a rule to let NlaSvc-service connect to anything  it want’s. This is responsible to detect if Internet is available and required to make an AOVPN-connection try to establish automatically.

 

Avoid “Allow this pc to be bla bla bla on the network”-window when connecting to a new network

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /reg:64 /f

(yes, it is only a Key)

Firewall – Block inbound and outbound on private or public

netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound

Change existing (disconnected) networkprofiles

  1. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
  2. Go through the list, change Category to 0
    (0=Public, 1=Private, 2=Domain)