Thanks Brian. I found part of the answer to my question. (form http://technet.microsoft.com/en-us/library/cc754893%28WS.10%29.aspx)
- Windows Vista and Windows Server 2008 support only *a single profile on the computer* at a time. If the computer is connected to more than one network, then the network location that requires the most protection is the one applied to all connections on the computer. If a public network is detected, then all connections to the computer are protected by the rules associated with the public profile. If a private network is detected and there are no public networks detected, then the private profile is applied to the computer. Only if a domain network is detected and there are no public or private networks detected is the domain profile applied. - Starting with Windows 7 and Windows Server 2008 R2, Windows supports a *separate profile for each network connection*. If a connection to a public network is detected, then that connection is protected by the rules associated with the public profile. A connection to a domain network on the same computer is protected by the domain profile. All of the profiles can be active at the same, each protecting the connections according to its network location type. I didn't realize the vanilla 2008 FW doesn't support multiple profiles like R2 does. On Fri, Aug 6, 2010 at 2:55 PM, Brian Desmond <br...@briandesmond.com>wrote: > *Look up Network Location Awareness/NLA as to the magic of the > locations/profiles.* > > * * > > *I’ve only really deployed the Windows Firewall on servers so I just set > the rules to apply across all profiles and force them all to behave > uniformly. * > > * * > > *Thanks,* > > *Brian Desmond* > > *br...@briandesmond.com* > > * * > > *c – 312.731.3132* > > * * > > *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] > *Sent:* Friday, August 06, 2010 1:47 PM > *To:* NT System Admin Issues > *Subject:* Windows 2008 Firewall > > > > Anyone have some good links to in-depth articles to recommend about the > builtin Win2008 firewall, particularly in regards to profiles? I have a > 2008 domain member which says the public profile is active rather than the > domain profile, which, from what I've read, should be applied > automatically. I verified the DC can be resolved via nslookup > (_ldap._tcp.dc._msdcs.domain). Also would like to be able to get backup > network (172.16.x) to appear as a private rather than public network. * > > thanks, > Jeff* > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~