You probably know that Windows 7 distinguishes between Public, Home, and Work networks. Whenever you connect to a new network, Windows will ask what type of network it is. Each network has its own firewall profile, which allows you to configure different firewall rules depending on the security requirements of the user’s locations. You can use the Windows Firewall with Advanced Security’s snap-in filter to display only rules for specific locations. The corresponding firewall rule sets are Public (Public), Private (Home / Work), and Domain (when a domain-joined workstation detects a domain controller) (see comment below).
This works fine as long as you are only connected to one network at a time. As a matter of fact, more and more users now have their own networks at home. The problem is that once they connect to the corpnet, the Domain firewall rule set becomes active, which will break homegroup connections. The solution to this problem seems to be to work with multiple NICs. However, in Windows Vista, only one profile can be active on the computer at a time. Windows Sever 2008 machines that are connected to multiple networks suffer the same problem. In this case, the profile with the most restrictive settings is applied to all adapters on the computer.
Note that this feature can’t be configured via Group Policy. At least the Group Policy settings of Windows Server 2008 R2 Beta don’t offer a corresponding option. The problem is that you can’t know in advance, for all external computers, which NIC is connected to the home network and which to the domain network. I guess that’s why you will have to configure this manually for each computer.