I have DC, that have 2 NICs. No teaming or failover, separate networks. One is connected to public LAN (separated GW and etc.) and one is internal. So i want that Public LAN NIC will be treated in firewall with public profile. I've tried to block NLA from public IP - still public adapter detected as domain profile member.

Why does your DC have two NICs? That is a recipe for disaster. You should never multhome a DC. Your DC should not be exposed directly to the public network. Bill

Hi, Please note that mutlihomed domain controllers are not recommended. Please check the following article. Multihomed DCs with DNS, RRAS, and/or PPPoE adapters http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here. Aiden Cao TechNet Community Support

Hi, How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Why does your DC have two NICs? That is a recipe for disaster. You should never multhome a DC. Your DC should not be exposed directly to the public network. Bill Ok, and if i want WSUS on it - how it supposed to recieve updates without internet? -) Hi, Please note that mutlihomed domain controllers are not recommended. Please check the following article. Multihomed DCs with DNS, RRAS, and/or PPPoE adapters http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here. Aiden Cao TechNet Community Support Do this will move public adapter to "public" firewall zone ? If not - all this stuff is helpless

Hi, How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Why does your DC have two NICs? That is a recipe for disaster. You should never multhome a DC. Your DC should not be exposed directly to the public network. Bill Ok, and if i want WSUS on it - how it supposed to recieve updates without internet? -) Hi, Please note that mutlihomed domain controllers are not recommended. Please check the following article. Multihomed DCs with DNS, RRAS, and/or PPPoE adapters http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here. Aiden Cao TechNet Community Support Do this will move public adapter to "public" firewall zone ? If not - all this stuff is helpless

That is the whole point. The DC should not have a public interface. How do your other machines connect to the Internet? If the DC is behind a router it should be configured so that it can access the Internet through the router, and so should the domain client machines. The domain clients should use the router for Internet gateway but the DC for DNS. A DC should never connect directly to the Internet, and should never have a public interface. Bill

That is the whole point. The DC should not have a public interface. How do your other machines connect to the Internet? If the DC is behind a router it should be configured so that it can access the Internet through the router, and so should the domain client machines. The domain clients should use the router for Internet gateway but the DC for DNS. A DC should never connect directly to the Internet, and should never have a public interface. Bill

I understand, but there is no Internet access from internal network. So no way to get updates or any other packages and etc.

I understand, but there is no Internet access from internal network. So no way to get updates or any other packages and etc.

Then somehow set up Internet access to your network. Do not use the DC for this. Bill

Then somehow set up Internet access to your network. Do not use the DC for this. Bill

I know that its not recommended and etc. But thats what i have and i currently can't change it.

I know that its not recommended and etc. But thats what i have and i currently can't change it.