Tag Archives: Windows

Preventing Windows guests from creating network profiles in Proxmox

Many of my servers run under the Proxmox virtual environment. For servers that doesn’t have a dedicated IP available for its guests I use iptables based NAT network to forward packets as described in my previous article: https://manatails.net/blog/2018/04/running-proxmox-with-nat/

But I came across a problem where Windows guests detect the network as ‘Unknown’ and try to create a new network profile every reboot.

2018-10-08 19_13_51-pve - Proxmox Virtual Environment

Not only it looked bad to have random names ‘Network 18’, but also the network type defaults to public network so any rules in private network get ignored until I manually set the network type to private.

I looked a bit in depth and found that the feature is called ‘Network Location Awareness’ per the original article https://msdn.microsoft.com/en-us/library/aa480195.aspx

From the page:

Digital Subscriber Line (DSL) and cable modems typically act as network address translators (NATs). As a result, their MAC addresses can be used to uniquely qualify the user’s network. NLA uses the MAC address of the user’s DSL or cable modem as the link ID.

Practically, Windows was using the MAC address of the default gateway to diffrentiate the network.

So I had to give the NAT interface a unique MAC address in order to be recognized.

2018-10-08 19_03_50-192.168.27.61 - PuTTY

Add ‘hwaddress ether’ to the interface config and give a random mac address, then windows will consistently identify the network.

2018-10-08 19_16_12-monica.mananet.net_444 - Remote Desktop Connection

Finally open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList then delete all entries in Profiles and Signatures to get rid of previously detected networks and reset the counter.

 

Deleting Unnecessary Network profiles in Windows

Windows creates a profile for every single network it connects to. The function itself is not a bad idea but over time or when there is a network problem those network profiles may build up excessively and present you with some unpleasant name like ‘Network 139’. I surfed the internet in search for a way to remove all those, tumbled on numerous but useless responses by Microsoft support agents  suggesting to Open network and sharing center and Blah Blah. But now finally I have a proper fix.

I’ll keep it short:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

Simply erase the above key with Regedit.

Using a custom security certificate for RDP connections

This post is somewhat late, but I decided to upload it for informative purposes.

In early this year I set up my own CA for securing connections between devices that I use.
One of the things I cared about is the Windows Remote Desktop where I did not like the program spitting out warnings about default, non-secure self-signed certificate.
So I thought about using my own certificates for them.
First I created an importable .pfx file with the private key and the certificate.
With the certificate saved on the target machine, do the following:

cert1

Open the mmc console and add a certificate snap-in for local computer account.

cert2

Go to Personal key storage and import the key file(It is NOT Remote Desktop storage despite its name).

cert3

Open Remote Desktop Session Host Configuration.

cert4

Right click your desired RDP connection (RDP-tcp for my case) and go to properties.

cert5

Press ‘Select’ button in the certificates section to locate your certificate.
Then click Apply and disconnect from the RDP session. Further sessions will be secured using the certificate you specified.