As previously described, the standard profile settings are typically more restrictive that the domain profile because the standard profile settings do not need to include applications and services that are only used in a managed domain environment.Both the domain profile and standard profile contain the same set of Windows Firewall settings, as shown in the following figure.The best way to manage Windows Firewall settings in an organization network is to use Active Directory and the new Windows Firewall settings in Computer Configuration Group Policy.This method requires the use of Active Directory with either Windows 2000 or Windows Server 2003 domain controllers.Some tabs and options in the Windows Firewall dialog box will be grayed out and unavailable.The basic steps for deploying Windows Firewall settings for Windows XP SP2 with Active Directory are the following: The following sections describe these steps in detail.Group Policy updates are requested by the domain member computer, and are therefore solicited traffic that is not dropped when Windows Firewall is enabled.When you use Group Policy to configure Windows Firewall, by default local administrators will be unable to change some elements of its configuration locally, using the Windows Firewall component in Control Panel.
Use the Group Policy snap-in to modify the Windows Firewall settings in the appropriate Group Policy objects.
There are two sets of Windows Firewall settings to configure: If you do not configure standard profile settings, their default values are still applied.
Therefore, it is highly recommended that you configure both domain and standard profile settings and that you enable the Windows Firewall for both profiles, except if you are already using a third-party host firewall product.
Note that you only need to modify Windows Firewall settings for Group Policy objects that are applied to Active Directory system containers (domains, organizational units, and sites) that contain computer accounts corresponding to computers that are or will be running Windows XP with SP2.
Once you configure the Windows Firewall settings, the next refresh of Computer Configuration Group Policy downloads the new Windows Firewall settings and applies them for computers running Windows XP with SP2.