We had a user start a P2P program at home (not our problem), then bring the laptop to work.When the machine reactivated, so did the P2P client, attracting a takedown notice.We need a really simple way to handle this. Some programs and settings are network-dependant, but AFAIK there is no simple way to handle this apart from having multiple accounts for the same person sharing some files but not others - a recipe for madness.For example:In France (I believe) one should not use encryption. Other places, one should.At work, SMTP uses port 25. At home, it uses 587P2P is allowed at home but not at work.At a hotspot, one might use a secure HTTP proxy. At work, probably not.Either the user should have a choice of login profiles ("Joe at home", "Joe at work") etc.or the should be a way to tie policy to networking (maybe by wireless login credentials, or by netblock.It is possible that allowing user-created profiles in Windows Firewall would work. Acme Corp has a profile that can be imported or installed. When the laptop connects to Acme's network, it matches a network mask and activates the Acme profile. When it goes home, it activates the home profile, or if there isn't one, the default Private one.

This isn't exactly a Windows 7 question.First thing you do is have a firm policy. Set the boundaries of what you will allow into the office. Secondly consider buying them a cheap laptop for work access only.If you want to throw technology at it, look into Network Access Protection that will ensure that the device meets certain criteria before entering the network. Merely having a firewall profile is enough to provent this issue. Peer to peer programs bring risk and have no place in a firm network.But truly start with the firm policy first, then layer on the technology to enforce it.

I agree with Susan. A policy with consequences is the only real solution. You may also want to consider a gateway device that can block outgoing traffic you don't want. This will also give you logs to prove policy violations.Kerry Brown MS-MVP - Windows Desktop Experience

I was looking at Windows Firewall settings. That can probably do some of what I want - certain programs are allowed to run on certain networks. But it's too complicated for ordinary users to understand.(Yes, I realize it's not really Windows 7. It's a feature I'd like to see, so it's a "future enhancements" request, really, too late for 7)I don't want an external firewall solution that stops certain types of traffic and leaves the user wondering why their program won't work.I want a simple desktop solution that doesn't let their program auto-start, or generates a popup alert that says "Sorry, program X is not permitted on the Acme network". And says, under the covers, "I'm on 174.16.0.0/13, so my SMTP server is at qwest on port 25" or "I'm on an expensive cellphone connection, I should disable auto-updates and file-sharing"

Actually Windows 7 includes that now with Software restriction features, there's also the PC lockdown feature as well.