Network icons for Active Directory domains with Group Policy

There are times and places for cosmetic IT, and Active Directory has one little nugget that can let you put an icon in place to identify certain networks. IT guru Rick Vanover shows you how.

I don’t usually get all riled up about fancy icons or graphics in regards to IT for the workplace. I did, however, stumble across one Group Policy setting (Windows Server 2008) that you can use to give visual indications to different networks. This is set in the Computer Configuration | Policies | Windows Settings | Network List Manager Policies section of Group Policy.

In this section of Group Policy, there are a few things that can be done in this area including permissions and icon configuration. The permissions may be a good value to set to prohibit configuration, but this is usually set by user name and their ability on the local system. The user permissions for a network may be useful when one particular network is more sensitive than another, yet some users may have the permission to change local system network values.

The other main option in the Network List Manager Policies section is the ability to set an icon for a specific Active Directory network connection. This could be very useful for company branding, or to give visual indications for different security zones when the default icons are less than intuitive. Figure A below shows Group Policy configured to use a graphic for the RWVDEV.INTRA Active Directory domain network:

Figure A

Figure A

Click image to enlarge
On the example above, I applied this to the default domain policy. This will apply the setting to all computers on the RWVDEV.INTRA domain. Figure B below shows this change in the local network connections:

Figure B

Figure A

Click image to enlarge

Having visual indicators is usually helpful, though at first glance it may seem like setting icons for networks is pointless. For multiple networks, this would be a good support tool for both end-users and PC Support staff. These settings also apply to servers, so system administrators may be able to check connectivity easily when multiple networks are involved that may not always involve Active Directory membership.

When using a user-defined icon (as was in my example), the image should be placed in a location that all computer accounts can access the file. I put it in a read-only path of the \Netlogon share of my private Active Directory domain, RWVDEV.INTRA. There are a few default icons to choose from, yet a self-uploaded icon is going to be more useful.

How would you use network location icons? Share your comments below.

By Rick Vanover

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.