From Windows 7 I'm using "Cisco AnyConnect Secure Mobility Client 3.0" to connect to our corporate network.
Every time I establish the VPN connection Windows will set the type as "work network". I don't want this. So I go to "network and sharing center" and manually / interactively change it to "public network".
But I have to repeat it for every new VPN connection.
- Is there any way to make Windows remember / persist this configuration?
- Can it be configured in the VPN client?
- Do our IT admins need to change something at server end?
Motivation:
A "work network" per default uses different firewall settings that allows for stuff like "network discovery" and "file shares". But I absolutely don't want this for the VPN connection!
I just need "remote desktop" (mstsc). That's all.
Additional info:
Our IT admins claimed this would be Windows default behaviour and there was nothing we could do about it: Windows would always initiate a VPN connection as "work network". Based on this statement I assume this is a "general" issue and went ahead posting here (at superuser.com).
From what I've read so far it could be related to Microsoft / Windows NLA and related configuration parameters?
Update1:
The situation has become even worse. Previously i would establish the VPN connection and then manually change to "public network". But now – after some time running with VPN connection – the network type automatically switches back to "work network". This means: I need to frequently check the network type and adjust when required.
Help! How can i stop this?
Update2:
still the same problem with Cisco AnyConnect Secure Mobility Client 3.1.04072
Update3:
still the same problem with Cisco AnyConnect Secure Mobility Client 3.1.05182
observations so far:
it seems the following registry locations are playing a role:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures]
in particular:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{<Network GUID>]
"Category"=dword:00000000
"CategoryType"=dword:00000000
where:
0 = Public
1 = Private (includes "Home" and "Work")
2 = Domain
and in my case the "Category" keeps flipping back from "0" to "1".
the question is: why?
and how can i prevent this?
Best Answer
Here's what has worked for me:
secpol.msc
Network List Manager Policies
Public
From now on windows will retain the network type as "public".
Technically speaking this will populate entries below the following:
Those policies take precedence over the following entries - which (due to whatever logic) may change dynamically:
--
Confirmed with:
Cisco AnyConnect Secure Mobility Client 3.1.06079 @ Win7 x64
Update:
still working fine with Cisco AnyConnect Secure Mobility Client 3.1.10010 @ Win7 x64