We have hundreds of VPN clients in the field. We have discovered that some ISPs redirect a failed DNS name resolution to their services portal instead of properly returning that the host cannot be resolved to an IP. With VPN this causes a problem if the binding order has the physical NIC first and the user is attempting to access an internal domain name that is not resolvable by broadcast. If their ISP properly returns that the host is not found the client machine will then do a DNS lookup across the VPN virtual adapter. It will then hit the internal DNS server that has a record for that site and get the correct IP. However if the ISP resolves an unknown host to their services portal then the second DNS lookup never occurs. This causes an inability of the user to hit such internal sites if they have such an ISP. This is the binding order accessible by running ncpa.cpl to open "Network Connections", then clicking on "Advanced" and then "Advanced Settings" and moving the virtual adapter for the VPN client to the top under "Adapters and Bindings". We have machines that were built with the same image so adapter names are the same on all machines. Does anyone know how to script changing the binding order?