Hide VMWare Virtual Network Interfaces from Windows Firewall and Network and Sharing Center
August 29, 2011 14 Comments
VMWare Workstation creates two virtual network adapters by default. One is the host-only network and the other is for NAT routing. You can add several more to suit your needs for more complex scenarios.
The problem is that these networks cause Windows 7 to think it is attached to a public “unidentified network” which has the side-effect of disabling network and printer sharing. You will experience the same problem with Windows 7 Virtual PC if you create virtual loopback device adapters and the same problem occurs with VirtualBox.
The solution is to mark the virtual network adapters as *NdisDeviceType=1 in the registry:
- *NdisDeviceType
The type of the device. The default value is zero, which indicates a standard networking device that connects to a network. Set *NdisDeviceType to NDIS_DEVICE_TYPE_ENDPOINT (1) if this device is an endpoint device and is not a true network interface that connects to a network. For example, you must specify NDIS_DEVICE_TYPE_ENDPOINT for devices such as smart phones that use a networking infrastructure to communicate to the local computer system but do not provide connectivity to an external network.
Note Windows Vista automatically identifies and monitors the networks a computer connects to. If the NDIS_DEVICE_TYPE_ENDPOINT flag is set, the device is an endpoint device and is not a connection to a true external network. Consequently, Windows ignores the endpoint device when it identifies networks. The Network Awareness APIs indicate that the device does not connect the computer to a network. For end users in this situation, the Network and Sharing Center and the network icon in the notification area do not show the NDIS endpoint device as connected. However, the connection is shown in the Network Connections Folder.
As far as I’m concerned this is just a bug in both VirtualBox and VMware Workstation. They should be marking their virtual network devices as *NdisDeviceType=1 for compatibility with NT 6.x –based operating systems.
Until they do that, I cobbled together a little powershell script to find any NICs created by VMWare and mark them as virtual. The setting takes affect after a reboot.
# tell windows that VMWare Network Adapters
# is not a true network interface that connects to a network
# see http://msdn.microsoft.com/en-us/library/ff557037(VS.85).aspx
pushd
echo "Marking VMWare Virtual Ethernet Adapters as virtual.`r`n"
cd 'HKLM:\system\CurrentControlSet\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}'
ls ???? | where { ($_ | get-itemproperty).DriverDesc `
-like 'VMware Virtual Ethernet Adapter *' } | `
% { $_ | new-itemproperty -name '*NdisDeviceType' -PropertyType dword -value 1 } | `
% { "`"" + ($_ | get-itemproperty).DriverDesc + "`" -> *NdisDeviceType=1" }
echo "`r`nReboot to apply changes."
popd
Thank you for writing a nice article about it. I usually have some suspicious software in my VMs and I wonder if changing *NdisDeviceType increases the risk of viruses from the VM to my host OS.
Pingback: Impero on PCs with VMWare Player
Reboot is not needed for this setting to effect. Disable/Enable for VMWare interfaces from control panel is enough.
You misunderstand. I’m not disabling the network interface. I’m marking it as an internal interface that is not filtered by the firewall nor tracked by Network and Sharing Center. If you want a host-only adapter that doesn’t force Windows to think you are on a “Public Network” then you need to set *NdisDeviceType=1 on the host-only adapter.
You’ve have echo “`r`nReboot to apply changes.” in script.
There is no need to reboot to apply changes. It’s enough to disable/enable virtual network adapters in control panel for this settings in effect and Windows will not think that it’s on public network without reboot.
This is good. Don’t know if it is related but after following your instructions when I click on Vmware from my Start Menu it snaps up onscreen instantly. Before there was a lag. Thanks for this tip.
Reboot is not required afterwards executing this script. It’s sufficient just to bring down then up affected virtual interfaces.
Pingback: Win7下VMware的NAT网络模式不能正常工作 | aneasystone's blog
Your solution didn’t work for me on Windows 8 so I rather changed the *ifType value to 131 and that worked.
The value 131 sets the interface to Tunnel which hides it from the Windows 8 Networks panel.
Here is the script:
pushd
echo “Marking VMWare Virtual Ethernet Adapters as virtual.`r`n”
cd ‘HKLM:\system\CurrentControlSet\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}’
ls ???? | where { ($_ | get-itemproperty).DriverDesc `
-like ‘VMware Virtual Ethernet Adapter *’ } | `
% { $_ | Set-ItemProperty -name ‘*ifType’ -value 131 } | `
% { “`”” + ($_ | get-itemproperty).DriverDesc + “`” -> *ifType=131″ }
echo “`r`nReboot to apply changes.”
pause
popd
i have tried both scripts .. but nothing works .. i’m using vmware 11 on win 10
Pingback: Hide VMWare Virtual Network Interfaces from Windows Firewall and Network and Sharing Center – Eduardo Mozart
Pingback: Escondendo Dispositivos de Rede Virtuais do VMWare e VirtualBox do Firewall do Windows e da Central de Rede e Compartilhamento – Eduardo Mozart
VMware seems to add this by default now with newer versions of VMware Workstation. Strangely, Microsoft didn’t bother to add it for the Hyper-V Ethernet adapter. The same “trick” works for me to hide the Hyper-V Ethernet adapter on Windows 10.
Sometimes, there is need to setup VMNet adapter as uplink with Internet access for Windows 10 (f.e. custom firewall VM connected to Internet via attached to it USB network adapter). If you have to do so, you should set *NdisDeviceType to “6” if you want Windows 10 be connected to Net.