Mar 19

Domain joined server gets public firewall profile ?!

I made a strange discovery the other day , some of the fresh installed Windows 2012R2 servers at a customer site gets the Public profile on Windows firewall even if the server is domain joined.

This happens when the server is restarted and also happens on domain controllers !!!

Very annoying because the public profile disables Remote management and Remote desktop…grr…

The solution … or workaround,  is to restart  the “Network Location Awareness” service after the server is online and the firewall profile changes back to “domain”.

This is of course not a good workaround and easy to forget. But if you set the “Network Location Awareness” service to delayed startup mode the problem is solved permanently 🙂

The easiest way to do this is to use preferences in a Group Policy.
I have created a policy called NLA delayed start and linked it to OU’s where we have servers with this issue (se Picture below).


I have not seen this problem in Windows server 2012 and wonder if Microsoft did som changes to the R2 versjon that causes this ? …