That time is now here. The new Windows Firewall with Advanced Security combines firewall and IPsec management into one convenient MMC snap-in, which is shown in Figure 2.

The firewall engine itself has been rearchitected to reduce conflict and coordination overhead between filtering and IPsec. More rules functionality has been enabled, and you can specify explicit security requirements such as authentication and encryption very easily. Settings can be configured on a per-AD computer or user group basis.

Outbound filtering has been enabled; there was nothing but internal filtering in the previous version of Windows Firewall. And finally, profile support has been improved as well -- on a per-computer basis, there is now a profile for when a machine is connected to a domain, a profile for a private network connection and a profile for a public network connection, such as a wireless hot spot. Policies can be imported and exported easily, making management of multiple computers' firewall configuration consistent and simple.

Network Access Protection

Viruses and malware are often stopped by software defenses that run within a user's session, but the ultimate protection would be if they never even got access to the network. In Longhorn Server, Microsoft has created a system whereby computers are examined against a baseline set by the administrator, and if a machine doesn't stack up in any way against that baseline, that system can be prevented from accessing the network -- quarantined, as it were, from the healthy systems until such time as the user is able to fix his broken machine. This functionality is called Network Access Protection (NAP).