{"id":25,"date":"2007-04-19T13:36:00","date_gmt":"2007-04-19T12:36:00","guid":{"rendered":"https:\/\/iddlesblog.wordpress.com\/2007\/04\/19\/windows-firewall-network-awareness-how-it-works-it-out\/"},"modified":"2007-04-19T13:36:00","modified_gmt":"2007-04-19T12:36:00","slug":"windows-firewall-network-awareness-how-it-works-it-out","status":"publish","type":"post","link":"https:\/\/iddles.co.uk\/index.php\/2007\/04\/19\/windows-firewall-network-awareness-how-it-works-it-out\/","title":{"rendered":"Windows Firewall Network Awareness&#8230;.. how it works it out"},"content":{"rendered":"<p>Stolen from Mark Minasi&#8217;s supurb site&#8230;. at <a href=\"http:\/\/www.minasi.com\/newsletters\/nws0409.htm\">http:\/\/www.minasi.com\/newsletters\/nws0409.htm<\/a>\u00a0handy referance how Windows XP SP2+ detects between Standard and Domain settings.\u00a0\u00a0 In Vista this changes but its the same principle.<br \/>\n===<br \/>\nThere&#8217;s a personal firewall built into XP that&#8217;s always been there.\u00a0 But now it&#8217;s kind of &#8220;in your face,&#8221; as it&#8217;s turned on by default and it&#8217;s much easier to configure and control from the GUI, group policies, and command-line tools.<br \/>\nEven better, it&#8217;s got two &#8220;profiles;&#8221; it behaves one way when you&#8217;re inside your domain and another when you&#8217;re outside, such as when you&#8217;re connected to the Internet with your laptop from home or a hotel.<br \/>\nYou might have heard about Firewall&#8217;s two profiles, the &#8220;standard&#8221; and the &#8220;domain&#8221; profile.\u00a0 (&#8220;Domain&#8221; means you&#8217;re in the domain, on site; &#8220;standard&#8221; means you&#8217;re somewhere else, out of the firewall.)\u00a0 But did you ever wonder, <em>how does it know when you&#8217;re &#8220;in the domain?&#8221;<\/em>\u00a0 I wondered.\u00a0 Is it something as easy as IP address ranges?\u00a0 Pinging the domain controller to measure the latency periods?\u00a0 Arcanely measuring the Earth&#8217;s magnetic field to estimate how far you are from Headquarters?\u00a0 Nope.\u00a0 It&#8217;s like this:<\/p>\n<ul>\n<li>Windows Firewall (call it WF) remembers the last time that you got group policies.<\/li>\n<li>It remembers the DNS suffix of the system that you got them from.\u00a0 (So, for example, if your AD domain was called bigfirm.com, then the domain controller (DC) that your system got the group policies from almost certainly had a DNS suffix of bigfirm.com.)<\/li>\n<li>WF then looks at all of your network adapters &#8212; here&#8217;s where it gets geeky &#8212; and examines their adapter-specific DNS suffixes.\u00a0 If <em>any<\/em> of them match the DNS suffix of your last GP update, then it assumes you&#8217;re in the domain.<\/li>\n<\/ul>\n<p>In English, then&#8230; suppose you&#8217;re out on the road and for some reason want the firewall to think that you&#8217;re in &#8220;domain&#8221; mode rather than &#8220;standard&#8221; mode.\u00a0 Just go to the Advanced properties of your NIC, click the DNS tab and punch in your domain&#8217;s name in the &#8220;DNS suffix&#8221; field, and your firewall will behave as if you&#8217;re on the corporate grounds.\u00a0\u00a0<br \/>\nThat, by the way was the simplified version; if you&#8217;d like to know more about how the network location awareness in Windows works, get this article:<br \/>\n<a href=\"http:\/\/www.microsoft.com\/technet\/community\/columns\/cableguy\/cg0504.mspx\"><span style=\"color:#00008b;\">http:\/\/www.microsoft.com\/technet\/community\/columns\/cableguy\/cg0504.mspx<\/span><\/a><br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/iddles.co.uk\/aggbug.aspx?PostID=4529\" alt=\"\" width=\"1\" height=\"1\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stolen from Mark Minasi&#8217;s supurb site&#8230;. at http:\/\/www.minasi.com\/newsletters\/nws0409.htm\u00a0handy referance how Windows XP SP2+ detects between Standard and Domain settings.\u00a0\u00a0 In Vista this changes but its the same principle. === There&#8217;s a personal firewall built into XP that&#8217;s always been there.\u00a0 But now it&#8217;s kind of &#8220;in your face,&#8221; as it&#8217;s turned on by default and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[17],"tags":[44,61],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-windows","tag-nla","tag-windows-firewall","post-preview"],"_links":{"self":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":0,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"wp:attachment":[{"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/iddles.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}