In this, the third article in the series, we will take a look at how to use Group Policy to enforce domain isolation through the use of IPsec. The Windows Firewall with Advanced Security console is integrated with Windows Server 2008 Group Policy, thus allowing you to use the Group Policy Management console and the Group Policy Editor to create Firewall policy for machines in the entire domain, in an OU, or on a site.
Domain Isolation configuration (through the Windows Firewall with Advanced Security interface) allows you to protect all of your domain member machines from rogue machines that are not domain members. Domain members are configured so that they must authenticate with one another before connections are allowed between them. Machines that are not domain members cannot authenticate to domain members, and thus connections from non-domain members fail.