Vista Firewall Profile and VMware

The Vista firewall can only apply one profile (either Domain, Public, or Private) at a time.  So if you have one network interface that Vista has identified as connected to the domain and another network interface (a VMWare interface, for example) that Vista cannot identify, it applies the most restrictive firewall profile (Public) to both interfaces.   Obviously, this can break applications if your Public profile is locked down.

In order to fix this issue, you can either: [more]

  1. Disable the VMWare network interfaces if you don’t use them.  They are not needed in bridged mode.
  2. Tell Vista to ignore the VMWare network interfaces when deciding which firewall profile to apply.
    • Disable the VMWARE NICs (VMNET1 and VMNET8 in my case)
    • Run regedit and go to HKLM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
    • Here you will find a list of numbers (0000 to 0024 in my case)
    • Click through these keys until you find the one with value VMnet=the name of your VMWare NICs (\DosDevices\VMNET1 and \DosDevices\VMNET8 in my case)
    • Add the key *NdisDeviceType with a DWORD value of 1 for each NIC
    • Enable the VMWare NICS
    • While connected the Compu-Share domain and with the VMWare interfaces enabled, verify the fix worked by going to Control Panel->Windows Firewall.  The Network Location should be listed as “Domain network”.
    • Note: Some people on the Internet said that these registry keys are removed when you upgrade VMWare to a new version.  If so, you will have to add them back manually.

Networking Windows Vista VMware