Managing Network Connectivity Status Indicator (NCSI) is not a beginner’s task. If your packet captures or firewall logs show that your Windows computers are going to the site http://www.msftncsi.com, this is because of the Network Connectivity Status Indicator (NCSI) feature that was added to Windows Vista. It also works with latest operating systems like Windows 7 and 2008. This feature is used to find out how the Windows client is connected to the network. In some cases, you may just want to turn it off because your computers are on a local network and can’t connect to the internet.
How to manage Network Connectivity Status Indicator (NCSI) on Windows?
NCSI is making a request to http://www.msftncsi.com/ncsi.txt over HTTP, or is conducting a DNS lookup for dns.msftncsi.com, which returns the IP address 131.107.255.255. Either altering the local machine’s registry or making a group policy object is sufficient to deactivate this behavior (GPO).
- In either of the following scenarios, you connect a machine running Windows 8 (or a later version) to a network:
- You connect a public network that needs Hotspot sign in information on your PC.
- You connect your computer to a company network that connects to the internet through a proxy server.
- You observe the following actions:
- The default browser (such as Internet Explorer or Edge) launches and displays a web page, such as the MSN portal page or a network sign-in page.
- The Task Bar’s network icon displays an alert icon (for example,). A warning such as “No connectivity” or “Limited Internet access” appears when you hover over the icon.
As soon as you log in to the network, you can use it as usual.
The network alert on the Task Bar vanishes after a short period of network activity. If you are facing the symptoms mentioned above, follow the steps below, taking into account your operating system:
Registry (Windows Vista & Later)
- Open the registry editor.
- Go to HKLMSYSTEMCurrentControlSetServicesNlaSvcParametersInternet and click on it.
- Double-click EnableActiveProbing under the Internet key, and then type 0 in the Value data field.
- This value is set to 1 by default. By setting the value to 0, this feature can be turned off.
- Click the OK button.
- Turn the computer back on.
1a Group Policy (Vista):
- Change a Group Policy Object that applies to all the computers you want to have this setting on.
- Go to Computer Configuration > Preferences > Windows Settings > Registry
- Start a New Registry Item
- In the Key Path, type SYSTEMCurrentControlSetServicesNlaSvcParametersInternet. In the Value name, type EnableActiveProbing. In the value data, type 0 for REG DWORD.
- Click the OK button.
1b Group Policy (Windows 7/2008 R2)
- Click “Start,” type “gpmc.msc,” and then hit “Enter.” Choose the right Group Policy object (GPO).
- Expand Computer Configuration, then expand Administrative Templates, then expand System, then expand Internet Communication Management, and then click Internet Communication settings.
- Double-click Turn off Windows Network Connectivity Status Indicator active tests in the details pane, and then click Enabled.
2 Group Policy (Windows 7/2008 R2)
This setting lets you decide if the network icon that says “local access only” will be shown or not. When this option is turned on, the icon for Internet access will show up in the system tray even if the user is connected to a network that only allows local access.
If this setting is turned off or not set up, the “local access only” icon will be used when a user is connected to a network that only allows local access.
- Click “Start,” type “gpmc.msc,” and then hit “Enter.” Choose the right Group Policy object (GPO).
- Go to Computer Configuration > Policies > Administrative Templates > Network Connections.
- Turn on the policy setting that says “Do not show the “local access only” network icon.”
If your target OU has a mix of Vista, 7, 2008, and 2008 R2 systems, you can make a GPO with all of the settings shown above so that you have one policy that covers all of the different operating systems.
Conclusion
When credentials are required, Windows launches the default browser (such as Internet Explorer or Edge). If the network has a sign-in page, the browser displays it.
To enhance the Windows user experience, this behavior was implemented. Earlier versions of Windows do not immediately launch the browser window when you connect to a network that requires authentication. You could get a notice telling you that you need to do something else in order to completely connect to the network. You must click the message to open a browser window (or manually open a browser window) and provide a user name and password to complete the connection.
The network notice appears in the Task Bar because the network forbids unauthorized access to the internet.
Network Connectivity Status Indicator also keeps track of the network activity of other programs running on the computer in addition to the active probes mentioned in this article. Even if the active probe operation fails, this passive monitoring process keeps going. Based on whether or not other apps can establish successful TCP connections, NCSI modifies its network status judgment. If a failed active probe causes a network alert to display, it goes away when a successful passive probe occurs.
The Network Connectivity Status Indicator passive monitoring procedure does not send or receive any data from your computer and does not read any data that other programs send.
When network restrictions prohibit NCSI from completing its active probing process or when you connect to a network that employs a proxy server to access the internet, for example, Windows may open the MSN Portal page in the default browser. On the computer, you may examine a network trace, which reveals an HTTP connection to http://www.msftconnecttest.com/redirect, followed by a connection to the MSN Portal. For the benefit of the passive probing operation, Windows loads this page. Network Connectivity Status Indicator determines that the PC has internet access if the page loads. The network status signal displays and then vanishes as various probes succeed and fail.
