Managing Windows Firewall Profiles
Updated: March 28, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When you are configuring Windows Firewall settings, you must know which profile (standard or domain) Windows Firewall is using and how to specify a Windows Firewall profile. Both profiles contain the same set of Windows Firewall settings. However, you typically configure standard profile settings to be more restrictive than domain profile settings because the standard profile settings do not need to include applications and services that are used in a managed domain environment.
When you configure Windows Firewall in Control Panel, you are configuring settings in the profile that is currently in use. You cannot use Windows Firewall in Control Panel to configure settings in the profile that is not currently in use. When you configure Windows Firewall Group Policy settings, you can configure individual policy settings in either the domain profile or the standard profile. The Group Policy Object Editor shows you which profile you are configuring. Likewise, when you use the netsh firewall commands to configure Windows Firewall settings, you can choose to configure settings in either the domain profile or the standard profile; however, if you do not specify a profile, the settings are applied to the profile that is currently in use.
|If you do not configure standard profile settings, the default values for standard profile settings are applied whenever Windows Firewall uses the standard profile. These settings might not be appropriate when a computer is connected to a public network like the Internet. It is highly recommended that you configure both domain and standard profile settings and enable Windows Firewall for both profiles.|
For more information about the way Windows Firewall determines which profile to use, see the section titled "How Windows Firewall Works" in the Windows Firewall Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=42729).
When to perform this task
You should determine which profile Windows Firewall is using whenever you configure Windows Firewall settings through the graphical user interface or command prompt.
You should specify which profile you are configuring whenever you use the command prompt or the Group Policy Object Editor.
No special tools are required to complete this task.
To complete this task, perform the following procedure: