≡ Menu

What is domain, Public and Private profiles in Windows 2008 firewall

Today, let’s understand the purpose of profiles in new era windows operating systems.

Windows 2008, Vista, 2008 R2, and Windows 7 uses “Windows firewall with Advanced security” component for enhanced security. It is a two way firewall with stateful inspection capabilities. In addition to that, it has three profiles for firewall namely, Domain, public, and private. Each profile will have a different set of rules configured.

Interesting thing here is, when your computer is connected to network, NLA APIs determines what type of network it is and based on the decision, it enables the respective profile. For example, if NLA identifies that domain controllers to which the computer account is joined is reachable, then NLA marks the connection as domain profile and assigns domain profile. Generally domain profile won’t be having too many firewall restrictions as the connected network is a authenticated one. If the NLA marks the connection as public, then obviously more security is needed and a public profile will be applied which generally will have more restrictions.

Definition of profiles in Microsoft words:

Domain. Windows automatically identifies networks on which it can authenticate access to the domain controller for the domain to which the computer is joined in this category. No other networks can be placed in this category.

Public. Other than domain networks, all networks are initially categorized as public. Networks that represent direct connections to the Internet or are in public places, such as airports and coffee shops should be left public.

Private. A network will only be categorized as private if a user or application identifies the network as private. Only networks located behind a NAT device (preferably a hardware firewall) should be identified as private networks. Users will likely want to identify home or small business networks as private.

More information about this can be obtained from Technet.

{ 2 comments… add one }
  • Mark Filipak January 29, 2015, 2:26 am

    “Private. A network will only be categorized as private if a user or application identifies the network as private. Only networks located behind a NAT device (preferably a hardware firewall) should be identified as private networks. Users will likely want to identify home or small business networks as private.”
    What an awful definition. A network is private if it’s private. What does that mean? Does it mean LAN? If so, why isn’t it called “LAN” instead of “private”. Does it include VPN? If so, why isn’t it called “VPN”? Why does Microsoft make everything a mystery?

    • Ulaganathan Mahadevan May 11, 2015, 11:04 pm

      Not all customers can under LAN, VPN terminology though they have heard. I think windows says or tries to explain what is private, public and domain when ever it sees it connected to a network. It throws a popup asking the user to select what type of connection it is.

      But we need to see if the firewall rules or accesses are changing based on the user selection really.

Cancel reply

Leave a Comment