Back with some new discoveryes.
On your site, the only unusual thing is the Default gateway address
Usualy, this is the entire sublan address, as the x.x.x.255 is the
sublan broadcast address (first and last address in a subnet mask
scope - and yours is 255...0). Machines should have addresses between
1 and 254
If you have a gateway in he intranet, enter this address there. If not
leave it blank.
In your case I guess this computer is the bridge between LAN and WAN
(Internet) so no gateway should be set on intranet NICs, and on the
Internet NIC, set the gateway address of your provider. Other
computers in the intranet could use the Vista computer as default
gateway to access the Internet (if you enable Internet Connection
Sharing on the external interface). Don't worry about Tunnels, it's
It might be this offending setup that prevents Vista to "identify" a
network location. I have tryed different places and the "name" option
is always available.
You might also try to setup a DHCP server on the intranet and see what
happens. Fixed addresses can be resolved using "Reservations" in the
DHCP for the NIC's MAC.
Also consider to setup a workgroup name for the computer. Clearly
Vista does not have enough information to build the network location
unique identifyer and we do not know what it needs to do it. But as
long as you cannot set a name for a connection, it will always go
public and unknown.
Meanwhile I have resolved the Private/Public network discovery issue.
So even if you cannot name your network, try this next step in Public
profile. Also please promote this idea to others that might dig into
the same issue.
The key is in the firewall. If multiple network locations are
discovered (multihomed computers) Vista is always selecting the worst-
case scenario for ALL of them. So if a single location is Public,
Public firewall settings will be set on ALL interfaces. Crazy as it
seems, this is the way they choosed to do it.
Go to Administrative Tools -> Windows Firewall with Advanced Options.
The two groups of rules involved in computer browsing are File and
Printer Sharing and Network Discovery. There are some predefined rules
in those groups that you can edit.
In Outbound Rules you can Allow ALL connections as this will only make
others visible to you. If you do not want to browse outside intralan,
restrict the Outbound rules exacly as the Inbound ones.
Now for the Inbound rules.
In the general firewall settings you will set the default behaviour
for Inbound connections for the three profiles
omain, Public and
Private. The default is to set all three to "Block connections that do
not match a rule"
For Outbound the default is to "Allow connections that do not match a
rule". So to restrict outside browsing you will have to define and
Enable rules that "Block connection" if Remote IP is not in the
intralan (only if you realy need to). If not, disable rules and the
default will let connections pass through.
Now go to Inbound rules and filter on File and Printer Sharing group.
Set a single instance for all rules in each connection type involved
in File and Printer Sharing (eg. NB_datagram In) for the Domain,
Public and Private locations.
Select one rule for each connection type, Enable it, set "Allow
connection", in "Advanced" check all three profiles and set the Remote
IP to the intralan subnet address (eg. 192.168.0.0/24 - meaning all
192.168.0.x addresses). Delete other rules (if they exist) for the
same connection type.
This will make your computer visible if browsing connections come from
computers in the allowed range.
Do the same with rules in the Network Discovery group.
Quit firewall settings and go to Network and Sharing Center. Try to
Enable File and Printer Sharing. Vista will complain about the Public
profile. Click on the option to turn F&PS ON for Public networks. It's
safe to do it because the firewall will only accept connections from
the IP range defined above.
That's it. Now regardless of the active profile, computer browsing
will pass through firewall and you will see your local computers and
they will be able to see you.
"View full map" will not work because the Public profile is still
active, but you can see computers near you in Explorer.