Start a discussion


What will you discuss today?

New Discussion
Manage notifications
Subscribe to this discussion
19 views
3 replies

Windows Firewall shows Public or Private profile on a Domain Controller (Article by Mariette Knap)

I have followed the instrctions in the above article....everything works fantastically well, and I now have the Domain Profile working consistently on my Server 2019. Thanks so much!!

Can someone (ideally Mariette) answer a question? Why is the first step in the article creating a bogus IPV6 address for the NIC? What is the thinking about this? What is happening and why?

Here is the command:

# Set a bogus IPv6 address on the network adapter (make sure you check what -InterfaceIndex is on your system with Get-NetAdapter

New-NetIPAddress -IPAddress 2001:DB8:13FF::AAAA -InterfaceIndex 6 -AddressFamily IPv6 -PrefixLength 64

Best regards

Robert Cook

Robert Cook Robert Cook
Published 05/18/2025 13:22
Add Comment
Mariette Knap

By assigning a bogus IPv6 address, you're essentially:

  • Short-circuiting the IPv6 auto-configuration process.
  • Allowing the NLA service to quickly determine the network doesn't have proper IPv6 routing.
  • Avoiding delays in network categorization caused by failed IPv6 checks.

That leads Windows to:

  • Fallback to IPv4-based NLA evaluation, which may allow proper domain or private network detection.
  • Successfully assign the correct firewall profile.
replied 05/18/2025 14:13
Robert Cook

Hey Mariette.

Thanks so much for your quick reply!

Now I understand what is going on. Thanks!

Regards

Robert

replied 05/18/2025 14:51
Mariette Knap

You are welcome, Robert. Let me know if there is anything else I can do for you.

replied 05/18/2025 14:54
Reply
Last Activity 05/18/2025 14:54