Set Windows network type public private using powershell

List all network interfaces/profiles: Get-NetConnectionProfile

Find the InterfaceIndex number of the adapter you wish to change, then use the command:

Set-NetConnectionProfile -InterfaceIndex <index number> -NetworkCategory Private

Remove old name server from Windows DNS

You can’t delete name servers from the DNS console. Run this powershell on the dns server.

Remove-DnsServerResourceRecord -ZoneName “” -RRType “Ns” -Name “@” -RecordData “”


Remove-DnsServerResourceRecord -ZoneName “” -RRType “Ns” -Name “@” -RecordData “”

Windows AD DNS – reverse DNS, automatically add DNS records for non AD machine

Reverse DNS –

open DNS, create a reverse lookup zone, Primary zone, all DNS servers in the domain, IPv4, network ID – enter whatever it is for the network (e.g. 192.168.1), allow only secure dynamic updates, finish.

Does not work with AD-bound computers unless other DHCP configuration is done.

To fix this: open DHCP, right click IPV4, properties, Advanced tab, Credentials. You have to create a new user for this purpose, and add it to the DnsUpdateProxy group.

To have DNS records automatically created for devices not part of AD:

Go to DHCP. Right click scope, open properties, DNS Tab, check Dynamically update DNS records for DHCP clients that do not request updates.

Powershell for loop syntax

$servers = @(“dc1″,”dc2″,”backup”,”server”,”wds”,”wsus”)

foreach ($server in $servers) {
Write-Output “Updating” $server
Invoke-GPUpdate -Computer $server

UNC hardening

Create a new GPO that applies to ALL computers and servers. (Configure Group Policy to apply to all domain-joined computers link)

Computer Configuration > Policies > Administrative Templates > Network > Network Provider: Hardened UNC paths


Enable it and add these two entries:

\*NETLOGON  RequireMutualAuthentication=1, RequireIntegrity=1
\*SYSVOL    RequireMutualAuthentication=1, RequireIntegrity=1

Create a free website or blog at

Up ↑