Be Aware: Windows Server 2008 SP2 Re-enables Disabled NICs

Wednesday, June 10, 2009

Be aware installing Windows Server 2008 Service Pack 2 (SP2) will re-enable any network adapters that were disabled prior to the update. This will also affect computers updated with Windows Vista Service Pack 2.

[Before installing SP2]

[After installing SP2]

This is important for several reasons. It is best practice on Hyper-V servers to disable the virtual NIC assigned to VM guests, so that a host with a dedicated management NIC does not use the NICs assigned to VM guests. SP2 re-enables all these virtual NICs, as well.

Sometimes disabled NICs should only be enabled for disaster recovery purposes. Enabling these NICs at startup could have dire consequences in these rare situations.

It's important to understand that if you're using the Windows Firewall, the server uses the most secure firewall network profile for all NICs. If your domain joined computer has more than one NIC, but only the NIC that is used to connect to the domain is enabled, the Windows Firewall uses the Domain Network profile. However, after installing SP2 the computer will start up with all NICs enabled. If the previously disabled NICs are not connected, the Windows Firewall will use the Public Network profile, which uses much different firewall policies -- potentially causing service interruptions.

My advice is to document your network connections prior to installing Windows Server 2008 SP2, so you can reconfigure them when your done with the update.