What exactly is the network categorization dialog in Vista trying to achieve?
Windows Firewall with Advanced Security is a host-based firewall that filters both incoming and outgoing traffic. Windows Firewall with Advanced Security uses the Network Location-Aware feature is to let Windows Vista administrators define a level of protection based on the network to which the user connects. As mobile users roam from their corporate network to a Private network, or to a Public network such as an Internet cafe, Windows Firewall with Advanced Security can enable and disable connectivity or features such as:
• File and Print Sharing
• eHome Media Center Extender
• Windows Connect Now Devices
• PnP-X (plug and play for networked devices)
• Network Explorer
• Peer To Peer Discovery
To achieve this, Windows Firewall with Advanced Security uses three separate profiles for filtering traffic. The computer automatically detects the network connection and uses the appropriate profile. Windows Firewall with Advanced Security supports the following profiles:
• Domain. The domain profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to an Active Directory domain in which the computer is a member. For example, you might configure rules for the domain profile for the programs needed by a managed computer in an enterprise network. The NLA Service controls when settings for a profile apply.
• Private. The private profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected to a private network. For example, a mobile user might take their computer home and connect it behind a private gateway device (such as a router) on their home network. When Windows detects the network, a dialog box will appear
• Public. The public profile is the set of Windows Firewall with Advanced Security settings needed when the computer is connected directly to the Internet. For example, a laptop computer might be taken on the road and connect to the Internet using a public broadband or wireless Internet Service Provider (ISP) or hotspot. Because the laptop connects directly to the Internet, this profile should contain more restrictive settings than the domain or private profile. Again, an end-user with administrator privileges selects whether a connection is Private or Public. If a user does not have administrator privileges and connects to any new network, Windows Vista uses the Public profile, which contains the most restrictive settings.
Windows Vista applies firewall rules based on the most restrictive active connection. For example, if a computer is a member of a domain, but it also connected to a network that the user has specified as Private, the rules for the Private profile apply.