Setting Network Locations
A desktop PC connected to a wired home or small office network remains in a single location, by definition. In contrast, mobile devices running Windows 10 can connect to different types of networks-a corporate domain, a wireless hotspot at a coffee shop, or a private home network. Each type of network has its own security requirements. Windows uses network locations to categorize each network and then applies appropriate security settings. When you connect to a new network, Windows applies one of three security settings:
- Public:
This is the default setting for any new, untrusted network connection. Network discovery is turned off for public networks, making it impossible for other people on the same access point to connect to your computer. This option is appropriate for networks in public places, such as wireless hotspots in coffee shops, hotels, airports, and libraries. It's also the correct choice if your desktop or laptop PC is directly connected to a cable modem or other broadband connection without the protection of a router and hardware firewall. - Private:
This option is appropriate when you're connecting to a trusted network, such as your own network at home-if and only if that network is protected by a router or residential gateway (a consumer device that combines a cable modem, router, and wireless access point in a single box) or comparable Internet defense. When you make this choice, Windows enables network discovery and allows you to enable the HomeGroup feature for sharing with other users on the network. - Domain:
This option is applied automatically when you sign in to Windows using a computer that is joined to a Windows domain, such as your company network. In this scenario, network discovery is enabled, allowing you to see other computers and servers on the network by using accounts and permissions controlled by a network administrator.
- If you have a mobile computer that connects to multiple networks, keep in mind that the Windows Firewall keeps separate network security profiles for private (home or work), public, and domain-based networks.
The location of the current network is shown in the Network And Sharing Center, below the name of the network.
To change a public network to a private one, or vice-versa, open Settings, click or tap Network & Internet, and then select the Wi-Fi or Ethernet heading in the list on the left. Click or tap the icon for a wired connection or, for a wireless connection, click or tap Advanced Options. That opens the properties dialog box for the active connection, with the Find Devices And Content option, at the top. When this setting is Off, the network is public. Slide the switch to On to make the network private.
Workgroups versus domains
Computers on a network can be part of a workgroup or a domain.
In a workgroup, the security database (including, most significantly, the list of user accounts and the privileges granted to each one) for each computer resides on that computer. When you sign in to a computer in a workgroup, Windows checks its local security database to see whether you've provided a user name and password that matches one in the database. Similarly, when network users attempt to connect to your computer, Windows again consults the local security database. All computers in a workgroup must be on the same subnet. A workgroup is sometimes called a peer-to-peer network.
By contrast, a domain consists of computers that share a security infrastructure, Active Directory, which in turn is managed on one or more domain controllers running Windows Server. Microsoft's cloud-based alternative, Azure Active Directory, provides the same infrastructure without requiring IT departments to manage local servers. Active Directory and Azure Active Directory can be combined to create effective hybrid environments. When you sign in using a domain account, Windows authenticates your credentials against the security database defined by your network administrator.
