How to make a WiFi hotspot connection always in the Work or Home firewall profile


I am using my Android phone as WiFi hotspot. Each day when I start my WiFi hotspot in my mobile, it creates a new connection and then it connects with my laptop's WiFi connection.

Each day I need to change Network location by right clicking on my laptop's WiFi icon and selecting "Open Network and Sharing Centre". I click "Public Network" link below the Network name (Nexus 52 as shown in the image).

enter image description here

To access my laptop's WAMP connection I need to change this "Public Network" to "Home Network" or "Work Network". I do this by clicking on "Public Network" link whichshows me the following dialog:

enter image description here

After doing these steps I can access my WAMP's web services from connected tablet or other phones.

Each day after connecting to my phone's WiFi, it gives its name as Nexus 1, Nexus 2 and so on (today it is Nexus 52). Every day a new connection is created and I need to follow all above steps to every day.

But when I come to my office and I connect office's WiFi I do not need to follow above steps of "Home Network" or "Work Network" everyday. I did it once and after that each time when my laptop connects to my office WiFi, it is automatically set as a "Work Network".

How can I do same with my phone's hotspot? I need to fix its name and type as "Home Network".

I am running Windows 7 Home Premium.

enter image description here

Best Answer

  • The Windows Network Location Awareness (NLA) service uses quite a few characteristics of the network an interface is connected to in order to determine if it's been connected to that network before. The fact Windows is not remembering your choice of firewall profile indicates that there are key differences between each "iteration" of your phone's Wi-Fi hotspot. (Your work's Wi-Fi on the other hand isn't changing between connections in regard to these characteristics which is why you only needed to put it into the "Work" firewall profile the first time.)

    There are options through Group Policy to control how NLA categorizes unidentified networks, however you're running the Home edition of Windows which doesn't have Group Policy (and to my knowledge the necessary settings can't be configured directly through the Registry).

    Therefore I can offer you two alternative solutions:

    Option 1: Don't fight it. Create the firewall rules you need in the Public firewall profile. Because your phone's hotspot will be assigned the public firewall profile by default, the connection to your WAMP services will work without any additional config changes each time you connect to it.

    Option 2: Identify which characteristic(s) of your phone's Wi-Fi is making each connection "unique" and prevent it from changing...if you can. Based on the fact your phone uses a new SSID each time you connect I'm doubtful this option will work since I assume you can't control that. But if you want to try, here are the characteristics NLA uses to identify a network according to this Microsoft TechNet blog post:

    • Presence of a Domain Controller
    • Bandwidth
    • Internet Connectivity
    • Primary DNS Suffix
    • DC Authenticated (i.e. machine is authenticated to a DC via the network interface)
    • Host IP address
    • Subnet Mask
    • Subnet IP address
    • Default Gateway IP address
    • WINS server
    • SSID
    • Default Gateway MAC address
    • 802.1x Authentication status

    Documentation is a bit scant on exactly how and in what combination NLA uses these characteristics to decide a network is unique (e.g. the fact your host gets a different IP address isn't sufficient to make NLA consider the network "new"), so you may have to do some experimenting.