my eXPeriences

Network profiles on a multihomed Windows 2008 Domain Controller

If you turn a multihomed Windows 2008 Server into a domain controller, then *all* interfaces will be assigned to the Domain network profile due to the consideration that all network interfaces should be able to handle domain related traffic. It does not matter what settings you change, which firewall rules you change, the moment NLA identifies if the computer is a domain controller, it puts all interfaces into the Domain Profile.

Of course it would not be bad if administrators could change this behavior in such a situation where one interface should be Domain, and the other one Public (for internet access, or connection sharing), but the idea of Microsoft was that the Domain profile should not be possible to manually set - as well remove.

If you still want to restrict access on one interface (WAN) and expose the server to the other one (LAN), then your best bet is to remove the firewall (which is running in Domain mode) from the LAN interface, but leave it on the other one, and make sure to disable all incoming/outgoing rules which you don't want to pass from or to the WAN interface.

Don't know what will come here, let's wait and see... But in the first instance it will be a login box (for myself):

Login