On Windows 2003 Server, we have 2 network cards and it's easy to open different ports to the different network cards.
I'm trying to do the same on a Windows 2008 Server, I've discovered Windows Firewall with Advanced Security, but can't see where (or if) we can restrict the ports on the second network card. Is this possible?
The Windows Firewall with Advanced Security in W2K8 doesn't bind to the individual network cards, per se. It binds to the network profile. If you want to set different rules per NIC then make sure to set each NIC to a different network type, such as private and public. Windows should automatically do this based on the ip address in use but for RFC 1918 addresses on a non-domain joined server I believe you can modify this.
The safest way I've found to go about this is to scope the firewall. Just add rules allowing only the local subnet to ports that need to be closed.
The network profile assignment is quite finicky and I have oftentimes seen the profiles change after a reboot causing issues. By scoping you avoid this as the rule will always properly apply.