Windows 7 / Networking

Network Location Awareness

Network Location Awareness (NLA) is a feature through which Windows 7 assigns a network profile based on the properties of a network connection. Windows 7 uses three network profiles, Domain Networks, Home Or Work (Private) Networks, and Public Networks. When you connect to a new network, Windows 7 queries you with a dialog box asking you whether the network is a Home network, a Work network, or a Public network. Windows 7 remembers the designation that you assign to the network and associates it with the properties of the network so that that designation will be applied the next time you connect the computer to that network. You can change the designation of a network using the Network and Sharing center. You learned about changing Network designations in tutorial 6. NLA assigns the Domain network profile when you log on to an Active Directory Domain Services (AD DS) domain.

Network profiles are important because you can use them to apply different collections of firewall rules based on which network profile is active. Windows Virtual PC rule is active in the Domain and Home/Work (Private) profiles but not in the Public profile. A significant difference between Windows Vista and Windows 7 is that in Windows 7, profiles apply on a per-network interface basis. This means that if you have one network adapter connected to the Internet and another connected to your office LAN, different sets of rules apply for each connection. The firewall in Windows Vista chooses the most restrictive network profile when a computer has connections to different network types and applies the most restrictive set of rules to all interfaces.

You can selectively enable Windows Firewall for each network profile. You can also specify whether you want notifications to appear to the logged-on user when Windows Firewall blocks a new program and whether you want all incoming connections blocked, including those for which there are existing firewall rules. Users are only able to create rules to deal with the traffic that they have been notified about if they have local administrator privileges.

The primary reason why you might want to disable Windows Firewall for all profiles is if you have a firewall product from another vendor and you want that vendor's firewall to protect your computer rather than having Windows Firewall perform that function. It is important to note that you should not disable Windows Firewall just because there is another firewall, such as a small office/home office (SOHO) router or hardware firewall, between your client running Windows 7 and the Internet. It is possible that malware has infected another computer on your local network. Good security practice is to treat all networks as potentially hostile.

[Previous] [Contents] [Next]