Unable to manage Vista's firewall with VMware products installed
Published:
Browse All Articles > Unable to manage Vista's firewall with VMware products installed
Problem:
Computers running Windows Vista, that have VMware Workstation or VMware Player installed, have constant "Unidentified Network" adapters, that prevent the operating system from allowing private or domain firewall profiles to be used.
Description:
Windows Vista configures it's firewall based on the least secure network connection detected, as shown in the "Network and Sharing Center". When VMware products are installed, several virtual "vmnet" adapters are installed. Vista detects them as "Unidentified Networks". The result is that Vista always believes it's connected to an unidentified network, and will not allow the firewall to go into "domain mode", thus preventing any local or group policy configurations you've made for on-network firewall behavior from taking effect while the computer is on your internal network. The end result is that your Vista machine's firewall is always "puckered up". This can cause several problems with machine management, communication, and configuration.
Solution:
VMware has created a workaround that changes a simple registry value "*NdisDeviceType", thus causing Vista to treat the virtual adapter as an endpoint... which excludes it from the network identification / firewall configuration process.
For more information, see:
http://communities.vmware.com/thread/85154
I wrote a simple script that will search the registry for vmnet adapters, and change the appropriate values in the registry for them. I run this as a machine startup script. It allows the Vista firewall to ignore the vmnet adapters, be manageable, and function as it was designed to.
Note - This is a VB script, and must be ran as Administrator. Running it as a machine startup script will cause it to run under local machine, which will be sufficient in terms of permissions, but if you're going to run it manually, make sure you "Run as Administrator" via a command prompt.
The script is attached as ManageVMNets.txt. You'll need to change the extension, by renaming it to ManageVMNets.vbs
ManageVMnets.txt
Computers running Windows Vista, that have VMware Workstation or VMware Player installed, have constant "Unidentified Network" adapters, that prevent the operating system from allowing private or domain firewall profiles to be used.
Description:
Windows Vista configures it's firewall based on the least secure network connection detected, as shown in the "Network and Sharing Center". When VMware products are installed, several virtual "vmnet" adapters are installed. Vista detects them as "Unidentified Networks". The result is that Vista always believes it's connected to an unidentified network, and will not allow the firewall to go into "domain mode", thus preventing any local or group policy configurations you've made for on-network firewall behavior from taking effect while the computer is on your internal network. The end result is that your Vista machine's firewall is always "puckered up". This can cause several problems with machine management, communication, and configuration.
Solution:
VMware has created a workaround that changes a simple registry value "*NdisDeviceType", thus causing Vista to treat the virtual adapter as an endpoint... which excludes it from the network identification / firewall configuration process.
For more information, see:
http://communities.vmware.
I wrote a simple script that will search the registry for vmnet adapters, and change the appropriate values in the registry for them. I run this as a machine startup script. It allows the Vista firewall to ignore the vmnet adapters, be manageable, and function as it was designed to.
Note - This is a VB script, and must be ran as Administrator. Running it as a machine startup script will cause it to run under local machine, which will be sufficient in terms of permissions, but if you're going to run it manually, make sure you "Run as Administrator" via a command prompt.
The script is attached as ManageVMNets.txt. You'll need to change the extension, by renaming it to ManageVMNets.vbs
ManageVMnets.txt
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)