Windows Firewall / Wi-Fi Public vs Private profiles
This is just for my personal notes – I’m using this method to make sure that a machine is unable to browse the internet, unless VPN is connected.
Ofc you also need to define outbound rules for your vpn-host. And also make a rule, that allow connecting to your DCs from any profile (that way it can detect if it’s on a domain-network instead and change a profile to that).
If using Always-On-VPN, then also make a rule to let NlaSvc-service connect to anything it want’s. This is responsible to detect if Internet is available and required to make an AOVPN-connection try to establish automatically.
Avoid “Allow this pc to be bla bla bla on the network”-window when connecting to a new network
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Network\NewNetworkWindowOff" /reg:64 /f
(yes, it is only a Key)
Firewall – Block inbound and outbound on private or public
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
Change existing (disconnected) networkprofiles
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
- Go through the list, change Category to 0
(0=Public, 1=Private, 2=Domain)