The best way to justify a local firewall in windows server 2008 and windows 7 is to put another layer of security in place and to make your computer happy to maintain communication with internet. In ordinary terms, windows firewall is in place to protect you from bad guys in internet and allow good stuff in your computer. Windows firewall is greatly improved for both home users and enterprise user even though home user will not be able customize windows firewall because this is a bit geeki stuff. However, default firewall will be in place and UAC will pop up asking consent whether you want to allow/disallow this or that to happen. Here, I am going to talk about enterprise users who will consider deploying windows firewall to protect themselves from malicious software, spyware and attacks from internet.
The new graphical interface is for managing the Windows Firewall locally and through Active Directory group policies. Another improvement, I would like to mention here is windows services control through Windows Firewall. I had nightmare with conficker virus that spread faster then rocket using port 135-139 and use windows services to run it continuously in windows SP SP2 and disable active directory account policy. In conficker virus situation, scvhost was compromised. Windows Service Hardening will help to reduce the impact in several ways: The firewall will block abnormal behaviour such as a service that does not need to access the network trying to send out HTTP traffic. Microsoft Windows Server 2008 and Windows 7 make intelligent use of outbound filtering by blocking system services from initiating network connections except for what they require to function properly. Inbound filtering is what will stop malicious network traffic such as Nimda, Slammer, Sasser, conficker, Blaster, or anything else that sends unwanted network traffic or suspicious traffic to windows server. New Windows firewall also integrates with Active Directory users, group and computers and support IPSec and tcp/ip version6. To manage the new Windows Firewall via Group Policy, simply open Group Policy management>select specific group policy object>right click>click edit then navigate to Computer Configuration>Windows Settings>Security Settings>Windows Firewall with Advanced Security in the Group Policy.