Network Protection
Windows 10 Firewall Control allows setting program network access permission individually per-user (Network/Cloud Edition). The zones can be set for Administrator, Guest and any other user for a particular program separately. The feature is useful with Terminal Server (Windows Server 2008/2012) extremely, the Network/Cloud Edition can be launched on any Windows 10/8/7/Vista/2008/2012 running computer however.
Internet Explorer (for instance) can be permitted to connect to any site for administrators, to the local network web server only for regular users and can be disabled for browsing a random web server for guests.
Per-user access
The "User" column of the Programs list shows usernames and the security zones set to the programs. The "User" parameter can be changed with the Edit Application dialog. Any program will follow specified zone if the program is launched by the specific/selected user.
The following per-user management logic must be supposed. If a specific user is set to a program with a zone, the program will follow the chosen zone when the program is launched in name of the user only. If the program with a zone is set to "Any User", the program will follow the zone when the program is launched in name of any other user.
For example, you set Internet Explorer with Web+FTPZone for "Any User", Internet Explorer with DisableAll for Guest and Internet Explorer set with LocalOnly for a particular account. Internet Explorer will follow the zones for the users above as specified and Web+FTPZone for the other users including Administrators, Regular Users and so on.
Windows 10 Firewall Control is able to detect unlisted programs only, so if you set a program permissions for a specific user and do not set the program for "Any User", the program launched in name of any other user will not be detected for the second time and will be blocked entirely as any other ("Any User") initial access attempt is blocked. The hint may be used to create special security schemes however.
Remote security management (Plus Edition)
Windows 10 Firewall Control Plus or Network/Cloud Edition allows to control multiple computers at once. The Plus Edition finds other computers with Windows 10 Firewall Control installations automatically, allows to connect to the remote installations and to perform all network permissions related operations remotely. So, you can detect new programs that require network access on the remote computers, set programs with proper permissions, receive event notifications from the remote computers to manage the permissions accordingly.
If the Computer field is checked, Windows 10 Firewall Control starts discovering other computers in the network. All the found computers are added to the list. Choosing a computer from the list "connects" the firewall user interface to the selected computer. If Windows 10 Firewall Control installation is available on the computer, you can observe new programs detection on the remote computer, change the programs permissions remotely and check the network events raised on the remote computer. So the Programs, Zones and Events panes are redirected to reflect the remote computer state. The Default and AllApplications zones of the Settings pane reflect the remote computer state as well. All the other configurations are available for the local computer only. The remote management operations are performed with DCOM (distributed COM). Windows 10 Firewall Control creates a special dedicated user account automatically if the "Enable Remote Access and Control" is chosen during the setup. All remote operations are performed using this account exclusively. Since Windows is solely responsible for account processing, all the operations are as safe as any other remote access. The account permissions can be managed by native Windows tools.
The Network/Cloud Edition offers additional functionality. The Edition can monitor the programs permissions on multiple computers simultaneously and can fix the inconsistency problems automatically. The latter is very useful if you have several computers with nearly the same programs set and need to have nearly equal permissions for the programs. If a program on a remote computer changes its network permissions, the Network/Cloud installation detects the changes and adjusts the inconsistency automatically (if configured).
How It Works
Windows 10 Firewall Control (Network/Cloud Edition) can install security agents on all computers of the local network/cloud automatically. The agents installation can be configured from the Agents List. Windows 10 Firewall Control detects other local network computers automatically if it is possible (not blocked or disabled by the computer intentionally). A computer can be added/removed to/from the list manually as well.
After the agents are installed Windows 10 Firewall Control allows you the remote controlling and creating virtual sub networks (computer groups). The related per-computer rules determine mutual permissions for the computers in local network/cloud environment.
Agent List
The Agents List detects all the computers reachable in the network/cloud automatically and displays the agents installation states. All the agent installation/deinstallation operations are performed in background. The "Agents Processing" checkbox switches the background procedure on or off. All the agents can be marked for Installation/DeInstallation/Ignoring individually or at once.
Windows 10 Firewall Control installs the security agents accordingly to the remote OS version and bitness.
The Agent names are equal to computers names set during the computers installation/configuration. The computers/agents can be added, deleted and edited (by keyboard hotkeys, the right mouse click menu, by double clicking the item or by the toolbar) manually anytime. User/Password is credentials of administration account on the remote computera. The remote computer credentials are required to perform the remote agent installation.
The Edit Agent dialog allows specifying (editing) the agent name, agent IP (v4 or v6) address and configure the agent specific state, i.e. the need to install/uninstall/monitor or ignore the agent installation status. The Host field and the IPv4/v6 buttons helps to determine IP address by computer name. IP address takes precedence in the agent information usage starting from IPv4 address. If no IP address is specified, the remote computer will be found by the Agent name specified. User/Password information is used to override the common user/password specification from the entire Agents List. After an agent state is changed the background procedure will start reflecting the desired state to the listed computers.
Cloud and LAN Protection (Network/Cloud Edition)
Windows 10 Firewall Control allows you to implement a special security policy and to set permissions for mutual access of the computers inside the same Local Network or Cloud. Widnows 10 Firewall Control is able to divide the entire network into virtual subnetworks, group the computers virtually and set mutual access rules. The rules can determine mutual connectivity in the group. A computer may participate in multiple groups at once, so the groups can be created uniting the computer usage purposes. For instance you have 3 computers inside your Local Network: PC1 (for business),PC2 (for entertainment) and File/Multimedia Server. Most probably you would like to enable PC1 to connect to the Server only and to disable PC2 from connecting to PC1. You can create 2 groups: "Business" and "Entertainment". The both groups would list all the computers, but
The "Business" group has PC1 enabled, Server enabled, but PC2 disabled.
The "Entertainment" group has PC2 enabled, Server enabled, but PC1 disabled.
As the result, PC1 and PC2 will be disabled connecting to each other directly, but can be successfully connected to Server, in spite of how the programs on all the computers are configured.
Networks List
The Networks List allows creating virtual sub networks, i.e. sets the computers to be included/excluded to allow/block mutual network operations. The number of sub networks in not limited. The sub networks can be added to (or removed from) the list or edited anytime by keyboard hotkeys, right mouse click context menu or by the toolbar.
The Edit sub network dialog allows managing the sub network, i.e. specifying computers separately or computer groups (by IP address range). The items (computers or groups) can be temporarily excluded from the specification by un-checking the Enable checkbox. The items can be named arbitrarily. IP address field sets IP/IP-range for the item, thus the final permissions for the item. The item (computer or group) can be allowed for the mutual operations or disallowed. The Host field and IPv4/v6 buttons helps to find IP address by computer name. The Result combo box sets permissions for the current sub network item. The entire sub network can be switched off temporarily by un-checking "Enable Network". Every item (computer or group) can be set either to Enable (allowing in-sub-network) communications or Disable (rejecting the sub network) participation.