By default, all AD users in our domain have Windows Firewall disabled. However, for those that have laptops, it would be nice to be able to enable it when they are not logged into the domain (i.e., traveling, home, etc.). Is there any way to test for the domain or use of a cached login to conditionally activate the firewall?
You could potentially use Group Policy and shutdown scripts to enable the Windows firewall when a computer is shutdown, but I think that you may find this to be an imperfect solution. What I would recommend is to configure a firewall policy that is appropriate for all systems on your network. A good method of doing this might be to create an OU for desktops and an OU for laptops with an appropriate firewall policy for each. This will ensure that your systems are protected regardless of whether they are connected to your network or not.
Active Directory, Group Policy and Windows Firewall extras:
Fast guide: Active Directory security
This guide offers plenty of must-know tips on maintaining a secure AD environment, starting with the basics and moving on to more advanced practices.
Protecting against anonymous connections using GPOs
How to use Group Policy Objects to protect your Windows computers from insecure anonymous connections.
Yes or no on Microsoft Firewall and other Windows hardening advice
Find out how to disable Microsoft Firewall, set permissions for shared Excel files and how to avoid re-installing Windows XP when moving to a new hard disk.