Help: Understanding Windows Firewall profiles
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Understanding Windows Firewall profiles
You can configure Windows Firewall settings in two different profiles: a domain profile and a standard profile. The domain profile settings are used when a computer is connected to a network in which the computer's domain account resides. The standard profile settings are used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network like the Internet. Both the domain profile and standard profile contain the same set of Windows Firewall settings. However, the standard profile settings are typically more restrictive than the domain profile because the standard profile settings do not need to include applications and services that are used in a managed domain environment only.
When you configure Windows Firewall in Control Panel, you are configuring settings in the profile that is currently in use. You cannot use Windows Firewall in Control Panel to configure settings in the profile that is not currently in use. You can tell which profile is currently in use by looking at the bottom of the General tab. You can also use the netsh firewall show currentprofile command to determine which profile is currently in use.
When you configure Windows Firewall Group Policy settings, you can configure individual policy settings in either the domain profile or the standard profile. Likewise, when you use the netsh firewall commands to configure Windows Firewall settings, you can choose to configure settings in either the domain profile or the standard profile.
If you do not configure standard profile settings, their default values are applied whenever Windows Firewall uses the standard profile. Therefore, it is highly recommended that you configure both domain and standard profile settings and that you enable the Windows Firewall for both profiles.