June 10, 2009


I have always wondered, but never looked in to, how Vista knows when it is online with the little globe over the network icon and today I found out how it does this. This might not be anything surprising to many of you but I thought I would share this little tidbit either way.

With my home network I have things locked down tight for many reasons, but one of the main reasons is that I run a business removing Malware and I often end up bringing those infected computers into my home network. I have a separate quarantine network designed just for these infected computers that goes straight through my firewall and I am always looking at the logs for hints as to what infections there might be. Anyways, today I had one of my first Vista laptops the user thought to be infected, so I put it in the quarantined network, started monitoring logs, and quickly noticed a weird site in the logs. http://www.msftncsi.com/ncsi.txt came up and it caught my eye quickly with a name like that, mostly because MSFT is a common abbreviation for Microsoft.

Doing some quick snooping around I found this Microsoft article that talking about the site and what it is meant to do.

Basically when a Vista computer gets on a network it tries to get DNS for dns.msftncsi.com, and then it tries to access the http://www.msftncsi.com/ncsi.txt file looking for “Microsoft NCSI” within that text file. When these two tasks complete successfully you get the little icon, it's just that easy.

