Windows default firewall setting on the Domain controller seems to be opening a number of ports to 'any' type of connection. All I want open to the internet is the RDP port.
Can and should I manually restrict each of the inbound rules to allow the scope to be only 'local subnet'? is there a simpler way to do this?
Best Answer
A domain controller needs to be quite opened in order to provide its services to your network; it just shouldn't be directly connected to the Internet.
Edit
Ok, let's see what you can do here.
Running things like you're doing now is definitely a source for troubles, you should avoid it at all costs.
You have two solutions:
Whatever you do, don't stay with two NICs and public/private IP Addresses at the same time on all your computers. This way, you get the troubles of both solutions plus multihoming, and the benefits of none.