Today, let’s understand the purpose of profiles in new era windows operating systems.
Windows 2008, Vista, 2008 R2, and Windows 7 uses “Windows firewall with Advanced security” component for enhanced security. It is a two way firewall with stateful inspection capabilities. In addition to that, it has three profiles for firewall namely, Domain, public, and private. Each profile will have a different set of rules configured.
Interesting thing here is, when your computer is connected to network, NLA APIs determines what type of network it is and based on the decision, it enables the respective profile. For example, if NLA identifies that domain controllers to which the computer account is joined is reachable, then NLA marks the connection as domain profile and assigns domain profile. Generally domain profile won’t be having too many firewall restrictions as the connected network is a authenticated one. If the NLA marks the connection as public, then obviously more security is needed and a public profile will be applied which generally will have more restrictions.
Definition of profiles in Microsoft words:
Domain. Windows automatically identifies networks on which it can authenticate access to the domain controller for the domain to which the computer is joined in this category. No other networks can be placed in this category.
Public. Other than domain networks, all networks are initially categorized as public. Networks that represent direct connections to the Internet or are in public places, such as airports and coffee shops should be left public.
Private. A network will only be categorized as private if a user or application identifies the network as private. Only networks located behind a NAT device (preferably a hardware firewall) should be identified as private networks. Users will likely want to identify home or small business networks as private.
More information about this can be obtained from Technet.