I’ve been using VMware Workstation to run my virtual machines on my Vista laptop. After being installed, VMware Workstation creates several virtual network adapters which are simply dummy adapters for VMware’s host bridging, which in turn allows the virtual machine to access the host machine’s network.
While I like this product very much, one of the nasty annoyances is the fact that after each reboot, the Windows Firewall switches the VMware virtual network adapters from the “public” network profile to a “private” network profile each time I reboot the laptop. Because the VMware virtual network adapters appear to be in a “Public network”, Windows thinks that the whole machine is exposed to a public network, and it triggers the public profile for Windows Firewall. While in most cases this helps protect the entire computer from external access, sometimes you actually need to have external access, and therefore you need to manually change the setting.
# see http://msdn2.microsoft.com/en-us/library/bb201634.aspx
#
# *NdisDeviceType
#
# The type of the device. The default value is zero, which indicates a standard
# networking device that connects to a network.
#
# Set *NdisDeviceType to NDIS_DEVICE_TYPE_ENDPOINT (1) if this device is an
# endpoint device and is not a true network interface that connects to a network.
# For example, you must specify NDIS_DEVICE_TYPE_ENDPOINT for devices such as
# smart phones that use a networking infrastructure to communicate to the local
# computer system but do not provide connectivity to an external network.
#
# Usage: run in an elevated shell (vista/longhorn) or as adminstrator (xp/2003).
#
# PS> .fix-vmnet-adapters.ps1
# boilerplate elevation check
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = new-object Security.Principal.WindowsPrincipal $identity
$elevated = $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if (-not $elevated) {
$error = "Sorry, you need to run this script"
if ([System.Environment]::OSVersion.Version.Major -gt 5) {
$error += " in an elevated shell."
} else {
$error += " as Administrator."
}
throw $error
}
function confirm {
$host.ui.PromptForChoice("Continue", "Process adapter?",
[Management.Automation.Host.ChoiceDescription[]]@("&No", "&Yes"), 0) -eq $true
}
# adapters key
pushd 'hklm:SYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}'
# ignore and continue on error
dir -ea 0 | % {
$node = $_.pspath
$desc = gp $node -name driverdesc
if ($desc -like "*vmware*") {
write-host ("Found adapter: {0} " -f $desc.driverdesc)
if (confirm) {
new-itemproperty $node -name '*NdisDeviceType' -propertytype dword -value 1
}
}
}
popd
# disable/enable network adapters
gwmi win32_networkadapter | ? {$_.name -like "*vmware*" } | % {
# disable
write-host -nonew "Disabling $($_.name) ... "
$result = $_.Disable()
if ($result.ReturnValue -eq -0) { write-host " success." } else { write-host " failed." }
# enable
write-host -nonew "Enabling $($_.name) ... "
$result = $_.Enable()
if ($result.ReturnValue -eq -0) { write-host " success." } else { write-host " failed." }
}
Copy the above text, paste into a text file and save it with the PS1 extension. Next, open a PowerShell prompt. Note that you need to run it with elevated credentials (i.e. “Run as Administrator”). Navigate to the folder where you’ve placed the script, and execute it. You can type the first letter of the script’s name and press TAB to auto complete the script’s name. Note: If PowerShell gives you this error:
File D:ToolsAdminScriptsVMware - VMNET Adapters Triggering Public Profile for Windows Firewallscript.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
You will need to change the Signing and Execution Policies by typing the following command:
Set-ExecutionPolicy Unrestricted
After running the command, you will be prompted to press “Y” for each VMware adapter.
Got a question? Post it on our Windows Server 2008 forums!