user based network security policy & sandboxing firewall v5

Is there a command line switch so I can sandbox a specific users activity upon login?

Are the “network security policy” settings global and applied for all users of a machine? Meaning if I make a policy while logged in as “jack” that cannot access facebook but if I log in as “jill” will “jill” be able to access facebook?

Can I password protect changes to firewall settings?

When I “export” via managed configurations, are network security policy included?