Settings Breakdown for Windows Server 2008 and Windows Vista : Policies (part 4) - Security Settings - Wired Network, Windows Firewall with Advanced Security

2.3.6 File System (Computer Configuration Only)

Like the Registry policy, this policy allows you to configure NTFS permissions for files and folders on a target computer. You can configure advanced permissions, auditing, and ownership, as well as propagation of the permissions to subfolders.

Warning

Application of permissions to files and folders can be resource intensive and cause delayed computer start-up. You should use this policy only when absolutely necessary and only after testing to ensure that the performance of the start-up is satisfactory for your production environment.

2.3.7 Wired Network (IEEE 802.3) Policies (Computer Configuration Only)

This policy is designed to control wired network security for computers running Windows Vista. The settings in this policy allow you to control many areas of network security. Some of the settings that you can control include the following, which can also be seen in Figures 7 and 8:

• Authentication protocols

• Authentication modes

• Single sign on controls

Figure 7. The Wired Network policy allows control over the authentication protocol and modes.

Figure 8. Advanced settings in the Wired Network policy allow control over single sign on and advanced IEEE 802.1x settings.

2.3.8 Windows Firewall with Advanced Security (Computer Configuration Only)

The updated firewall that comes with Windows Vista and Windows Server 2008 provides additional configurations that enable granular security control over inbound and outbound communications and connection-specific security. You can configure these policies through a set of wizards.

• Inbound Rule This policy allows you to configure the security of all inbound communications to the target computer. It allows you to configure the type of rule that will be configured (program, ports, services, or customized configuration), action for the rule (allow or block communications), and scope of the rule (domain, private, or public). The interface for the inbound rule is shown in Figure 9.

  Figure 9. This figure shows the Inbound Rule Wizard for the Windows Firewall and Advanced Security policy.

  

• Outbound Rule This policy allows you to configure the security of all outbound communications to the target computer. It allows you to configure the type of rule that will be configured (program, ports, services, or customized configuration), action for the rule (allow or block communications), and scope of the rule (domain, private, or public). The interface for the outbound rule is shown in Figure 10.

  Figure 10. This figure shows the Outbound Rule Wizard for the Windows Firewall and Advanced Security policy.

  

• Connection Security Rule This policy allows you to configure connection-specific security for the target computer. It allows you to configure the type of rule that will be configured (isolation, authentication controls, server-to-server, tunnel, or custom communication), authentication for the rule, and scope of the rule (domain, private, or public). The interface for the connection security rule is shown in Figure 11.

  Figure 11. This figure shows the Connection Security Rule Wizard for the Windows Firewall and Advanced Security policy.