All Modules PDF

4
Customizing the Windows 7 User

Interface
Section Topics
The New Windows Display Driver Model
Start Menu and Taskbar Settings
Desktop Personalization
The Windows 7 Aero Experience
Administering and Maintaining W Windows

indows 7
4-1

Global Knowledge Training

LLC
L

Customizing the Windows 7 User Interface
Section Objectives
After completing this section, you will be able to:
Explain the differences between Windows Vista and Windows 7 display driver
technologies
Explain how to configure the Start menu and taskbar settings
Explain how to personalize the Windows 7 desktop to your requirements
Describe the Windows Aero graphics package
List the hardware and software requirements of the Windows Aero graphics package
Section Overview
This section deals with the array of tools available for the users and administrators to personalize
their desktops. Desktop personalization allows users to make changes to their desktop
environment such as screen colors, screen savers, and taskbar settings. This section describes the
Personalization center and other tools available to accomplish these goals.
Note
The features shown throughout this course are based on the
Windows 7 Ultimate edition.
4-2
Administering
Adminnistering
and Maintaining Windows 7

Global
Gloobal Knowledge Training LLC L
LL

The New Windows Display Driver Model
Figure 93: The New Windows Display Driver Model
Windows 7 provides the next generation of display capability for its users. With Windows Vista,
Microsoft included the WDDM 1.0. The Desktop Window Manager required this to fully and
neatly render both requested graphics and the Aero package. With Windows 7, Microsoft
completely reworked the WDDM (Windows Display Driver Model). The new version, WDDM
1.1, works directly with DirectX 10, as opposed to the Windows Vista DirectX 9.0, and offers
many important performance enhancements. The most prominent development with the WDDM
1.1 and DirectX 10 partnership is that Windows 7 now uses a consistent amount of memory, no
matter how many applications it needs to run. In contrast, Windows Vista required an incremental
increase in memory usage for each new opened application. The WDDM 1.0 used in Windows
Vista is much less efficient than the new WDDM 1.1 used in Windows 7. As you open more GDI-
based applications with Windows Vista, you experience memory usage issues. The more GDI-
based applications you open, the more memory is allocated to the process. This is a major
limitation of WDDM 1.0. With WDDM 1.1, Windows 7 uses memory more consistently
throughout the application-rendering process.
Windows 7 also uses the new Direct2D, which is a replacement or advancement for GDI.
Direct2D aids in the rendering of 2D images such as lines and simple shapes. Direct2D runs in
conjunction with Direct3D 10 and requires the presence of the WDDM 1.1 drivers. This
partnership and development provides a much quicker responding desktop and Windows
experience.
Figure 93 lists the subjects that are described in this topic.

indows 7
4-3

Global Knowledge Training L

LLC

WDDM 1.1 Advantages
Figure 94: WDDM 1.1 Advantages
The new WDDM 1.1 driver set performs well on memory-starved computers. Windows Vista and
WDDM 1.0 can bring a computer with a small amount of RAM to a standstill. WDDM 1.1 is
definitely much more memory friendly; however, there is a tradeoff. WDDM 1.1 stresses the CPU
more than its predecessor, WDDM 1.0, does. After strenuous testing, though, it is easily seen that
even with the increased CPU load that Windows 7 computers may experience, the benefits
provided by the better memory usage far outweigh the negatives in performance at the processor
level.
Helpful Hint
Now with the availability of multi-core processors, the CPU impact is
virtually unnoticeable, even with powerful benchmarking software.
The new WDDM 1.1 driver set also allows graphic processing at the
core level; meaning that with multi-core processors, each core can
simultaneously render instructions from the GPU. With the Windows
Vista WDDM, this was not possible. Core 0 was the only core that
would render instructions from a GPU. If that core was currently busy
processing other threads, the GDI application would simply wait. When
opening applications, the user experiences lag times in seconds. This
is called GDI global lock (also described as a bottleneck.)
4-4
Administering
Adminnistering

Global
LL

WDDM 1.0 Video Memory Allocation
Figure 95: WDDM 1.0 Video Memory Allocation
In Windows Vista, if a GDI application is currently rendering a 3 MB file, that information exists
in two locations: within the graphics memory location on the GPU and within system memory. In
theory, if the GPU was busy, the CPU could take over and render the image. The net effect of this
process was a duplication and depletion of memory resources. Microsoft drastically changed this
memory allocation principle for Windows 7.
WDDM 1.1 Video Memory Allocation
Figure 96: WDDM 1.1 Video Memory Allocation
Figure 96 shows how Windows 7 allocates memory for graphics rendering. As you can see, the
WDDM 1.1 driver set no longer calls for system memory to create a duplicate data store. Instead,
the GPU renders a simple application window on the graphics controller card. This drastically
reduces memory usage across all applications as they render new windows. Advanced Windows
Vista users immediately notice the results of this when they attempt to execute some of their
routine functions on their newer Windows 7 counterparts. The operations that render Windows
happen with ease resulting in smoother opening and closing of windows.

indows 7
4-5


LLC

Windows Vista GDI Global Lock
Figure 97: Windows Vista GDI Global Lock
GDI global lock is a serious situation that is experienced within Windows Vista as GDI
applications compete for the attention of the GPU. As multiple GDI-based applications attempt to
render windows, the GDI applications stack prevents or locks out other GDI applications from
writing their windows to the GPU. When one GDI process is complete, the GDI driver stack
allows the next GDI application to begin its rendering process. GDI global lock is a bottleneck and
as such slows down the overall performance of the Windows Vista video performance. This
presents a major issue for the 4.3 aspect ratio scaling with projectors used in presentation mode on
Windows Vista computers. This GDI global lock phenomenon, along with the duplication of
memory described earlier, is a major issue with Windows Vista.
Helpful Hint
Power users who routinely use projectors with 4.3 aspect ratios
immediately notice that the scaling issues of the past have vanished.
Pressing the WIN+P keys opens the new presentation settings.
4-6
Administering
Adminnistering

Global
LL

Windows 7 GDI Global Lock
Figure 98: Windows 7 GDI Global Lock
The improvements to the GDI Scheduler are responsible for the performance improvements in the
WDDM 1.1 driver set. This new scheduler allows all CPU cores to render graphics instructions; it
also allows each GDI application to request CPU attention and to write its windows to support the
application. The bottleneck disappears, the single core processing restriction disappears, and the
windows rendering process performs much better. The performance gain is especially noticeable
to graphics professionals, gamers, and hardcore data processors. Even home users that use the
World Wide Web notice the process is much more efficient. They perceive this as an increase in
their Internet speed at the ISP, although it is really a Windows 7 performance increase.
As shown in Figure 98, the GDI global lock has disappeared from the picture. This simply means
that the GPU Scheduler can now schedule graphics instructions to all cores simultaneously. This
dramatically improves the overall performance of the Windows 7 desktop experience.
Helpful Hint
DirectX 11 supports tessellation, which is a huge advancement in
graphics rendering. With tessellation, large graphic webs are broken
down into smaller, more manageable chunks. This allows for much
better rendering times and shading across all pixels. Full tessellation
requires specific hardware that is not currently on the market. ATI
Technologies has several cards that support a simple tessellation
process; however, they are not capable of full tessellation. Windows 7
already supports full tessellation, so it will be ready when the hardware
is available.

indows 7
4-7


LLC

Start Menu and Taskbar Settings
Figure 99: Start Menu and Taskbar Settings
For the average user, there is not a significant difference between the Windows Vista and the
Windows 7 desktop experience. However, some noticeable additions, omissions, enhancements,
and outright changes do exist. Once a user becomes familiar with these changes, Windows will
become even easier to work with.
4-8
Administering
Adminnistering

Global
LL

Taskbar Tab
Figure 100: Taskbar Tab
Using the Taskbar tab of the Taskbar and Start Menu Properties dialog box, you can change the
position of the taskbar to the bottom, top, left, or right of the desktop. You can customize the look
and interaction of the taskbar buttons and customize the notification area. One new Aero Graphics
feature that you can manipulate here is the Aero Peek feature. Using Aero Peek, you can quickly
look at the desktop when it is hidden by open windows.

indows 7
4-9


LLC

Start Menu Tab
Figure 101: Start Menu Tab
As you begin to customize your user interface to meet your needs, one of the first things you
might notice is that on the Start Menu tab of the Taskbar and the Start Menu Properties dialog
box, the Classic Start Menu option is no longer available. You now have only the configuration
options for the Windows 7 Start menu. The Start Menu tab also provides basic customization for
the Power button and privacy settings for the display of previously used applications.
4-10
Administering
Adminnistering

Global
LL

Customize the Start Menu
Figure 102: Customize the Start Menu
Users can further customize the Start menu in many different ways, such as: turning on or off
links to certain tools and utilities, enabling a large or small icon view, and enabling links as sub-
menus or to open new windows.

indows 7
4-11


LLC

Desktop Personalization
Figure 103: Desktop Personalization
Windows 7 provides many enhanced ways to personalize your desktop environment. A right-click
on the desktop displays the Personalization option, which opens the Personalization section of the
Appearance and Personalization category of Control Panel.
Figure 103 lists the Personalization features that are described in this topic.
4-12
Administering
Adminnistering

Global
LL

Desktop Themes
Figure 104: Desktop Themes
As in older versions of Windows, you have the ability to change the desktop themes. If Windows
Aero is available, you also have the opportunity to use one of several new (depending on the
Windows 7 edition) Aero desktops: Windows 7, Architecture, Characters, Landscapes,
Nature, Scenes, and United States (depending on the MUI chosen). Depending on the edition,
you may also have the choice of several basic and high-contrast themes.
Keep in mind that Windows Aero does not function within a virtual environment.
Helpful Hint
You can have your desktop theme change routinely by adjusting the
Slide Show Settings from the Personalization menu.
Note the links in the left pane and along the bottom of the Personalization window in Figure 104.
These links provide access to several dialog boxes that enable you to further personalize your
Windows 7 desktop.

indows 7
4-13


LLC

Desktop Icons
Figure 105: Desktop Icons
Clicking the Change desktop icons link in the left pane of the Personalization window opens the
Desktop Icon Settings dialog box. Here you can choose which icons are visible on the desktop.
You can also change the look and feel of the icons by clicking the Change Icon button. The
Allow themes to change desktop icons check box allows the theme settings you configured on
the Personalization window to manipulate the icons as needed.
Helpful Hint
If you accidentally delete the Recycle Bin, you can quickly come here
and select the Recycle Bin check box to restore it.
4-14
Administering
Adminnistering

Global
LL

Desktop Background
Figure 106: Desktop Background
The Desktop Background link at the bottom of the Personalization window opens to the Desktop
Background window you see in Figure 106. Using this window, you can choose an individual
background without choosing an entire theme. You can also choose several backgrounds and
configure them to display as a slide show based on a time interval that meets your needs or
desires. For example, you can configure a new background to display every 30 minutes (default)
or as frequently as every 10 seconds. The Shuffle check box at the bottom of the screen tells
Windows 7 to shuffle the backgrounds so that the desktop background choices display in a random
order. You can pull backgrounds from your Windows libraries and the Pictures library. You can
also use solid colors as your desktop background.

indows 7
4-15


LLC

Window Color and Appearance
Figure 107: Window Color and Appearance
The Windows Color link at the bottom of the Personalization window opens the Window Color
and Appearance window. Here, you can change the color of your window borders. You can also
adjust the transparency settings here, which is an Aero feature. Using the Color intensity slide bar
under the Enable transparency check box, you can adjust the transparency of the window border.
With the color mixer, you can select custom colors by adjusting the hue, saturation, and brightness
of the window border color that is currently selected.
Clicking the Advanced appearance settings link opens the Window Color and Appearance
dialog box, which should be familiar from earlier versions of Windows. If Windows 7 Aero is
disabled, you can enable it by choosing the appropriate theme here. You can also do this from the
root of the Personalization category in Control Panel.
Note
The transparency settings are not available if Windows Aero is not
available or enabled, or if the Windows 7 installation is running in the
virtual environment.
4-16
Administering
Adminnistering

Global
LL

Sounds
Figure 108: Sounds
The Sounds link in the Personalization window opens the Sound dialog box as shown in Figure
108. Here you can customize individual sounds, or you can choose an overall sound scheme.
Sound schemes are the sounds that are played when certain events happen during the use of a
Windows 7 computer. Each version of Windows 7 comes with a number of sound schemes.
Windows 7 Ultimate contains approximately 20 individual options with names such as Garden,
Festival, and Calligraphy.

indows 7
4-17


LLC

Screen Saver
Figure 109: Screen Saver
The final link at the bottom of the Personalization window is the Screen Saver link. This link
opens the Screen Saver Settings dialog box shown in Figure 109. One noticeable change from
previous versions of Windows is the ability to enable a password on resume even if the screen
saver is not configured. To configure this setting, select the On Resume, display logon screen
check box. This automatically locks the desktop and makes it accessible only with a user name
and a password. Using the Wait field, you can configure how much time must elapse without
activity for the screen saver to become active. The default is one (1) minute. From the Screen
saver drop-down list, you can select which screen saver you want to use.
4-18
Administering
Adminnistering

Global
LL

Screen Resolution
Figure 110: Screen Resolution
The Screen Resolution tool provides the settings for screen size, color depth, and multiple monitor
configurations. To access the Screen Resolution dialog box, right-click the desktop background
and select the Screen Resolution option.

indows 7
4-19


LLC

The Windows 7 Aero Experience
Figure 111: The Windows 7 Aero Experience
Windows 7 has two views that the users can choose to interact with: the Basic view and the
Windows Aero graphics view. These views are dependent on the hardware limitations within the
system. Following is a description of the Windows 7 Basic view and the Aero graphics views
along with the Windows 7 Aero interface requirements and features.
Windows 7 Basic View
Figure 112: Windows 7 Basic View
The Basic view is the default view when the Aero interface is not present, or when the Windows 7
computer does not support Aero due to hardware limitations. The Basic view, as the name implies,
is the Windows view without the transparent boundaries around the windows. The taskbar carries
the same options and features as the Aero view, but it is also not transparent.
The Classic view is even more rudimentary and continues the look and feel of the Windows XP
operating system. In Classic view, the Start button is the most noticeable change. It is similar to
the Start button in Windows XP, with the simple name Start driving the users attention. The
Classic view is carried throughout the entire operating system; Control Panel looks different, as do
the Control Panel style windows and MMC style windows.
4-20
Administering
Adminnistering

Global
LL

Windows 7 Aero
Figure 113: Windows 7 Aero
If your computer meets the Windows Aero requirements, you can change the look and feel of the
basic interface with the Windows Aero features. Choosing a Windows Aero theme from the
Personalization category of Control Panel immediately activates Windows Aero. The overall
appearance and use of the Windows 7 operating system changes with Windows Aero enabled:
Window borders become transparent

Control Panel and all its associated windows transform
Graphics, in general, render much more easily
Helpful Hint
Did you know that the Windows transparency feature actually serves a
purpose other than looks? Power users who multitask with multiple
windows open sometimes experience headaches because of the way
the eye focuses on the windows borders while the user is attempting
to focus on the data within the window. The transparency feature
prevents this phenomenon from happening.

indows 7
4-21


LLC

Windows 7 Aero Requirements
Figure 114: Windows 7 Aero Requirements
A computer system must meet specific hardware and software requirements before the Windows
Aero experience is made available. Following is a description of those hardware and software
requirements.
Hardware Requirements
Figure 115: Hardware Requirements
The Aero package is quite strict about the hardware it takes to operate the Aero features. Figure
115 lists the minimum hardware requirements for the Aero graphics package. Most computers
purchased these days exceed these requirements.
Helpful Hint
Ensure that the hardware you choose is on the approved Aero
graphics card list. Just because the card you choose has 128 MB
of onboard memory does not mean that it supports the WDDM 1.1
driver set.
4-22
Administering
Adminnistering

Global
LL

Additional Hardware Requirements
Figure 116: Additional Hardware Requirements
Microsoft further recommends that you match the optimum monitor resolutions and refresh rates
with the appropriate amount of RAM. This helps you achieve optimal resolutions and, in essence,
optimal Windows Aero functionality.
Software Requirements
Figure 117: Software Requirements
Figure 117 lists the software requirements for Windows Aero. WDDM version 1.1, Pixel Shader
2.0, DirectX 10, Direct2D, and Direct3D are necessary for Aero to perform correctly. These
software packages and the new driver set ensure that Windows 7 Aero uses less memory and
resources than its Windows Vista predecessor, while at the same time providing a smoother
interface when using a computer running Windows 7.

indows 7
4-23


LLC

Aero-Supported Versions of Windows 7
Figure 118: Aero-Supported Versions of Windows 7
Windows 7 Aero is not supported in Windows 7 Starter or Home Basic editions. These editions
use the Basic view.
Windows 7 Aero Features
Figure 119: Windows 7 Aero Features
Windows Aero is full of features to make the user experience more enjoyable and productive.
Once viewed as superficially attractive, these features are now seen as valuable assets to the user.
Anyone who has used the Aero package for any length of time fully recognizes that the tools are
useful for everyday work.
4-24
Administering
Adminnistering

Global
LL

Windows Flip 3D
Figure 120: Windows Flip 3D
Windows Flip 3D presents open windows to the user in a virtual rotary mechanism. Pressing the
WIN and TAB keys simultaneously activates Flip 3D. Pressing the TAB key cycles you through
the open windows in the order they are displayed.
Windows Aero Filmstrip
Figure 121: Windows Aero Filmstrip
The Windows Aero Filmstrip presents minimized windows in a different and less dramatic way.
Pressing the ALT and TAB keys together displays a filmstrip with miniaturized views of the
contents of your currently open applications. Pressing the TAB key switches to the next
minimized window. Windows 7 also incorporates the functionality of Windows Peek into Aero
Filmstrip. As you mouse over a minimized window, other windows become transparent so that
you can see the window the mouse is hovering over. This new feature is a welcome enhancement
to the Aero Filmstrip.

indows 7
4-25


LLC

Windows Aero Peek
Figure 122: Windows Aero Peek
Windows Aero Peek is new to the Windows 7 Aero graphics package. The Show Desktop button
is actually a rectangle at the extreme right end of the Windows taskbar. Clicking this button
minimizes all the windows on the desktop. Hovering the mouse over the Show Desktop button
makes all of the open windows completely transparent, allowing you to view the desktop without
minimizing the windows. When you move your mouse pointer off the Show Desktop button, the
windows return to their previous states. The Windows Aero Peek feature is also a part of the
ALT+TAB keyboard functionality.
4-26
Administering
Adminnistering

Global
LL

Enabling Aero Peek
Figure 123: Enabling Aero Peek
Aero Peek is enabled within the Taskbar and Start Menu Properties dialog box. Right-click the
Start button, select Properties, and then click the Taskbar tab. The Aero Peek configuration is at
the bottom of the dialog box as shown in Figure 123. Select the Use Aero Peek to preview the
desktop check box to enable Aero Peek.
Aero Peek: Before
Figure 124: Aero Peek: Before
Before Windows Aero Peek, simultaneously utilizing many open windows presented you with a
cluttered, messy desktop.

indows 7
4-27


LLC

Aero Peek: After
Figure 125: Windows Aero Peek: After
Using Aero Peek, you can see behind all the windows and minimize the clutter. With Aero
Peek applied, only the outlines of the windows are visible, but the Windows desktop is now
visible as well.
4-28
Administering
Adminnistering

Global
LL

Aero Peek from the Taskbar
Figure 126: Aero Peek from the Taskbar
Aero Peek also works by hovering the mouse over the icons of running applications on the
taskbar. This displays a thumbnail preview of the running applications. Hovering the mouse over
one of the thumbnails makes the other open windows transparent and the minimized window
shows on the desktop for a quick look at the fully maximized window.

indows 7
4-29


LLC

Aero Shake
Figure 127: Aero Shake
Another new Aero feature for Windows 7 is Aero Shake. When you left-click and hold on a
window border, and then shake the window back and forth, all other open windows minimize,
leaving only the shaken window in view. This drastically reduces the time it takes to minimize
multiple windows as compared to clicking the Minimize (-) button individually for each open
window.
Aero Shake: After
Figure 128: Aero Shake: After
As shown in Figure 128, the Calculator utility is the only utility left open. The others are
minimized and anchored to the taskbar.
4-30
Administering
Adminnistering

Global
LL

Aero Snap
Figure 129: Aero Snap
Aero Snap is another new feature of the Windows 7 Aero package. If you have ever tried to use
two open windows together (for example, to compare two documents or to drag an item from one
window into another), you understand how tedious it is to size and position the windows to work
the way you need them to. Aero Snap allows you to easily align a window to either side of the
desktop so that you can see both of them simultaneously. To activate Aero Snap, simply drag one
window over to the left side of the desktop; the window snaps into perfect alignment with the left
half of the desktop. Then drag the second window to the right; it snaps to the right half of the
desktop.

indows 7
4-31


LLC

Aero Snap: After
Figure 130: Aero Snap: After
Figure 130 shows the results of Aero Snap: two windows perfectly aligned to the left and right in a
fraction of the time.
4-32
Administering
Adminnistering

Global
LL

Acronyms
The following acronyms are used in this section:
2D two-dimensional
3D three dimensional
CPU central processing unit
GB gigabyte
GDI Graphics Device Interface
GHz gigahertz
GPU graphics processing unit
ISP Internet service provider
MB megabyte
MMC Microsoft Management Console
MUI Multilingual User Interface
RAM random access memory
WDDM Windows Display Driver Model

indows 7
4-33


LLC
L

Section Review
Summary
The WDDM 1.1 is a drastic improvement over the WDDM 1.0 used with Windows
Vista. The following table lists some of the differences between the two:
WDDM 1.0 WDDM 1.1

(Windows Vista) (Windows 7)
Direct X 9.0 required incremental DirectX 10 uses memory more consistently
memory increases for each new throughout the application-rendering process
application opened
GDI Direct2D in conjunction with Direct 3D provides a
quicker responding desktop
Stores rendering information in the Stores rendering information only in video memory,
video memory and system memory which reduces memory usage across all applications
resulting in the smoother opening and closing of
windows
With GDI global lock, single-core Multi-core processors allow simultaneous graphic
processing caused bottlenecks and rendering on each core, which removes single-core
noticeable user lag times processing restrictions, bottleneck issues, and user
lag time
Figure 131: Differences between WDDM1.0 and WDDM 1.1
On the Taskbar tab of the Taskbar and Start Menu Properties dialog box, you can
change the appearance of the taskbar, position of the taskbar on the desktop, customize
which buttons appear in the notification area, and enable the Aero Peek feature.
On the Start Menu tab of the Taskbar and Start Menu Properties dialog box, you can
customize the behavior of items in the Start menu and the Power button.
The Personalization window provides access to many options you can use to
personalize the desktop:
Themes: Choose from various desktop themes that include settings for
backgrounds, windows colors, and sounds, including, if it is available, the
Windows Aero desktop themes.
Desktop Icons: Click the Change desktop icons link to choose which of the main
icons are visible on the desktop, how the icons look, and whether themes make
changes to these icons.
Desktop Background: Click the Desktop Background link to choose a graphic
or color to display as the background on the computer screen. You can also group
graphics or colors together to display as a slide show on the desktop.
Window Color and Appearance: Click the Window Color link to change the
color and transparency (only available with Windows Aero) of window borders.
Sounds: Click the Sounds link to customize or disable the individual sounds or
sound schemes played when events happen during the use of the computer.
4-34
Administering
Adminnistering

Global
LL

Screen Savers: Click the Screen Saver link to customize the screen savers and
enable a password on resume even if the screen saver is not configured.
Screen Resolution: Configure the screen size as well as the color depth and
settings for multiple monitors.
Windows Aero is an enhanced viewing experience that builds on the Windows Flip
and Aero Filmstrip features present in Windows Vista. Windows Aero is only available
on systems that meet the hardware and software requirements.
Hardware requirements for Windows Aero are listed in the following table:
Hardware Requirement
Processor 1 GHz, for both 32-bit (x86) 64-bit (x64)
RAM 1 GB
Graphics card 128-MB dedicated graphics card from the Aero approved list
Figure 132: Windows Aero Hardware Requirements
Windows Aero also requires the Pixel Shader 2.0, DirectX 10, Direct2D, and
Direct3D software packages and the WDDM 1.1, driver set to run.
The Windows Aero carryovers from Windows Vista are:
o Windows Flip: Rotate through a virtual stack of the open windows on your
desktop using the WIN+TAB keys.
o Aero Filmstrip: Display miniaturized views of the open windows in a
filmstrip using the ALT+TAB keys.
The new Windows Aero features for Windows 7 are:
o Aero Peek: Make all open windows transparent so you can see the desktop by
hovering over the Show Desktop button.
o Aero Shake: Quickly minimize all open windows on the desktop but the one
you want to focus on by shaking the selected window pane.
o Aero Snap: Arrange windows side-by-side by dragging one window to the
left side of the screen and the other window to the right side of the screen.
Knowledge Check
1. Which of the following graphics features are required for Windows Aero to function? (Choose all
that apply.)
a. DirectX 10 or higher
b. WDDM 1.1
c. Direct 3D
d. Pixel Shader 2.0
2. How do you activate Windows Flip 3D?
a. ALT+F7
b. CTRL+A
c. ALT+TAB
d. WIN+TAB

indows 7
4-35


LLC
L

3. What advantage does WDDM 1.1 partnered with DirectX 10 provide for Windows 7 over
WDDM 1.0 used in Windows Vista?
4. The WDDM Driver 1.1 conserves memory by eliminating duplicate RAM usage.
a. True
b. False
5. Which Windows Aero feature would you use to compare two open documents side-by-side on
your desktop?
a. Windows Flip
b. Aero Peek
c. Aero Snap
d. Aero Shake
e. Aero Filmstrip
6. Which link in the Personalization window would you click to restore the Recycle Bin to the
desktop if it was accidentally deleted?
a. Change desktop icons
b. Desktop background
c. Screen Saver
d. Sounds
7. What types of changes can you make to the taskbar?
4-36
Administering
Adminnistering

Global
LL

Knowledge Check Answer Key

The correct answers to the Knowledge Check questions are bolded.
1. Which of the following graphics features are required for Windows Aero to function? (Choose all
that apply.)
a. DirectX 10 or higher
b. WDDM 1.1
c. Direct 3D
d. Pixel Shader 2.0
2. How do you activate Windows Flip 3D?
a. ALT+F7
b. CTRL+A
c. ALT+TAB
d. WINDOWS+TAB
3. What advantage does WDDM 1.1 partnered with DirectX 10 provide for Windows 7 over WDDM
1.0 used in Windows Vista?
Because Windows 7 does not require the incremental increase in memory for each newly
opened application, memory is used more consistently during the application-opening
process and negates many of the memory usage issues experienced in Windows Vista.
4. The WDDM Driver 1.1 conserves memory by eliminating duplicate RAM usage.
a. True
b. False
5. Which Windows Aero feature would you use to compare two open documents side-by-side on
your desktop?
a. Windows Flip
b. Aero Peek
c. Aero Snap
d. Aero Shake
6. Which link in the Personalization window would you click to restore the Recycle bin to the
desktop if it was accidentally deleted?
a. Change desktop icons
b. Desktop background
c. Screen Save
d. Sounds
7. What types of changes can you make to the taskbar?
Change the look and interaction of the taskbar buttons.
Change the position of the taskbar to the top, bottom, left, or right of the desktop.
Customize which buttons appear in the notification area.
Turn on Aero Peek.

indows 7
4-37


LLC
L

4-38
Administering
Adminnistering

Global
LL

7
Windows 7 Networking
Section Topics
TCP/IP Fundamentals
Next Generation TCP/IP Stack
Dynamic Host Configuration Protocols
Network and Sharing Center
BranchCache

indows 7
7-1


LLC
L

Section Objectives
Explain the fundamentals of TCP/IP with Windows 7

Identify the methods used to configure IP addressing on Windows 7
Describe the Windows 7 enhancements to IPv6
Describe the fundamentals of DHCP
Describe the features of the Networking and Sharing Center
Explain the role of Windows 7 within a BranchCache network
Section Overview
Computer networking involves the ability to share, manipulate, and collaborate on data. The
network is the single tool that can make a business extremely productive and, hopefully,
profitable. One of the most important duties of the Windows 7 administrator is to constantly make
sure that his or her network is up and functioning properly. Successful system administrators
understand general networking concepts. This section introduces the Windows 7 networking
technologies as well as networking in general. By applying this information, you can successfully
manage and monitor your networks so that your networks can operate smoothly and efficiently.
7-2
Administering
Adminnistering

Global
LL

TCP/IP Fundamentals
Figure 197: TCP/IP Fundamentals
TCP/IP is a suite of protocols. In the early 1970s, TCP/IP started as a very simple protocol suite. It
has since grown into something much more capable and complex. TCP/IP is implemented as a set
of layers. The four layers in the TCP/IP model are derived from a seven-layer model known as the
OSI model. Because the OSI model is just that, a model, the TCP/IP protocol suite does not have
to fit the OSI mold completely. The OSI model is simply a reference on which most technologies
today are based.

indows 7
7-3


LLC

TCP/IP and the Internet
Figure 198: TCP/IP and the Internet
TCP/IP is the most widely used protocol suite today. The future of the Internet is tied to TCP/IP.
In fact, the Internet as it is known today began as the ARPANET, a network commissioned by the
Defense Department as a resilient form of communication in the event of some natural or man-
made calamity (such as a nuclear attack).
In the beginning, the ARPANET was owned by the military and its contractors. That grew to
include universities working on military projects and certain government institutions. Over time,
the military relied less and less on the ARPANET as a secure means of communication. In the
early 1990s, they released it to the public as the Internet.
For years, the core technology of the ARPANET was the TCP/IP protocol. TCP/IP addressing and
routing gave the network its fault tolerance. TCP/IP, ever evolving, gained more and more
capabilities. New protocols, network types, and services are always being integrated into it and
added on top of it. Without TCP/IP and its potential for growth, the robust and resilient network of
the Internet would not exist.
7-4
Administering
Adminnistering

Global
LL

Network Architecture
Figure 199: Network Architecture
The network architecture in Windows Server 2008 R2 changed to reflect a new emphasis on
speed, security, and the tight integration of IPv6. Even with these enhancements, the core of the
networking architecture still conforms to the seven-layer OSI model. The following topic
describes the layers of the new Windows TCP/IP stack.
Layers of the New Windows TCP/IP Stack

The Windows TCP/IP stack presents four of the seven layers represented in the OSI model
reference. The three missing layers are incorporated into other layers of this stack.
Application layer: This is the layer where the Winsock, NetBIOS, and the WSK APIs
are implemented. Programmers write their applications to the appropriate API, and the
requests are translated and sent down the protocol stack. WSK is the new Winsock
Kernel NPI. It replaces the aging TDI that is still implemented for backward
compatibility.
Transport layer: This layer contains the TCP and UDP protocols along with raw
mode for transmitting packets that do not need either TCP or UDP.
Network layer: Sometimes known as the Internet layer, this is where the IPv4 and
IPv6 live side-by-side and run simultaneously. These protocols most importantly deal
with routing information from one network to another.
Framing layer: Also known as the data-link or physical layer, this is the layer where
data coming from IPv4 and IPv6 is placed into the appropriate framing structure for the
medium being used.

indows 7
7-5


LLC

IPv4 Addressing
Figure 200: IPv4 Addressing
Providing addressing and routing capabilities is one of the primary functions of TCP/IP. Every
computer that communicates directly with another computer over the Internet must have a unique
IP address.
The identifier given to each host is called an IP address. This address follows a 32-bit binary form
that is converted into a decimal value for human readability:
10000010.00000001.00000011.00000110 = 130.1.3.6
You can compare the IP address to a home address. Your country, zip code, and street number tell
the post office how to get mail to you. With TCP/IP, each router on the network breaks down and
analyzes the IP address components and then forwards the information to the appropriate
destination until the message reaches the intended recipient.
7-6
Administering
Adminnistering

Global
LL

Network and Host Bits
Figure 201: Network and Host Bits
Of the 32 bits that make up the IP address, some are set aside for the network ID and others are
reserved for host IDs on that network.
Either an ISP or the IANA provides the network ID. The host IDs can be freely chosen by the
network administrator from the range available on their network ID.
The address class determines which bits are set aside for the network. Each address class has a
default network mask that defines the network ID portion of the IP address.

indows 7
7-7


LLC

Network Mask
Figure 202: Network Mask
Along with the IP address, another important detail must be provided: the network mask,
sometimes referred to as a subnet mask. Like the IP address, the mask is also a series of 1s and 0s.
The difference is that the mask must have contiguous ones from left to right. Anything else results
in a zero.
11111111.11111111.11111111.00000000 = 255.255.255.0
The mask is used as a filter to pass the IP address through. The filtering process is based on a
binary ANDing routine. With the ANDing routine, any time a 1 and 1 are in the same position, the
resulting binary value is a binary 1. Any other combination always generates a zero.
Binary Combination Resulting Value

1 AND 1 1
1 AND 0 0
0 AND 1 0
0 AND 0 0
Figure 203: Binary ANDing
Consider the following IP address and subnet mask:

10000010.00000001.00000011.00000110 = 130.1.3.6
AND
11111111.11111111.11111111.00000000 = 255.255.255.0
_______________________________________________
10000010.00000001.00000011.00000000 = 130.1.3.0
The resulting IP address is considered as the network number. Both the source and destination IP
addresses pass through the subnet mask in this way. If the results are the same, the hosts are
considered local to each other. If the results are different, the hosts are considered remote from
each other and the traffic goes to a default gateway (router).
This comparison occurs at each router along the way, until finally the message reaches the
destination host.
7-8
Administering
Adminnistering

Global
LL

Address Classes
Figure 204: Address Classes
Initially, address classing was intended to allocate the IP addresses available on the Internet in the
most efficient way possible. What it really does is reserve predefined ranges of IP addresses for
large numbers of hosts on a network and reserves others for medium-sized and small-sized
networks.
Class A and B network IDs are completely used up (aside from the occasional ID that is returned
to the pool). A sizable number of Class C networks are still available.
Each of the A, B, and C classes has a default network mask associated with it:
Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0
It is up to the network administrator to subdivide the network further, if necessary, by creating a
subnet mask beyond the default network mask.

indows 7
7-9


LLC

Private IP Addressing
Figure 205: Private IP Addressing
IANA reserved a subset of the public address space for the purpose of private IP addressing.
Initially designed to promote flexibility in addressing and routing schemes on private networks,
these ranges have the side effect of delaying the transition from our current IPv4 to IPv6.
Many organizations are now using one of the private address ranges to protect their local networks
from intrusion, as well. The private addresses cannot be used on the public Internet as either a
source or destination host. The first router hearing such a message drops it.
A private address that communicates with the outside world must communicate through an
intermediary, such as a NAT or a proxy. These gateways translate the private address into a usable
public IP address before it hits the Internet.
7-10
Administering
Adminnistering

Global
LL

Default Gateway
Figure 206: Default Gateway
Default gateway configuration is important if a host needs to transmit data beyond its local
network segment. Configuring the default gateway involves finding the IP address of the router
that lets the host send data to other networks.
The default gateway or router setting becomes involved as a direct result of the IP addresses and
network masks being used on the hosts of a network. Any time a TCP/IP host sends a packet on
the network, the local TCP/IP protocol of the host runs the IP address through the network mask.
The result tells IP whether the destination host is local or remote to the sender.

indows 7
7-11


LLC

Configuring Windows 7 Addressing
Figure 207: Configuring Windows 7 Addressing
Configuring the TCP/IP settings for network adapters on Windows 7 is very much the same as it
has been since Windows 2000. The most visible difference is that IPv6 is now installed by default.
The following topics describe how to configure TCP/IP settings using the graphical and
command-line methods.
7-12
Administering
Adminnistering

Global
LL

Graphical Configuration
Figure 208: Graphical Configuration
In the Windows GUI, the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box is still the
mainstay of TCP/IP address configuration. To reach this dialog box, click Start, Control Panel,
Network and Internet, Network and Sharing Center, and Manage Network Connections.
Once the general properties dialog box is open, you can dynamically configure the various settings
by choosing the Obtain an IP address automatically option, or manually by changing the
following options:
IP address: The unique identifier for this device

Subnet mask: The network portion of the IP address
Default gateway: The router that sends information beyond the local network segment
Preferred DNS server: The first DNS server queried for name resolution
Alternate DNS server: The alternate DNS server queried if the first DNS server fails
to respond
Advanced:
IP settings: Assign multiple IP addresses and default gateways to the adapter
DNS: Specify more than two DNS servers, create a DNS suffix search list, and
turn dynamic update on or off for the adapter
WINS: Add WINS for NetBIOS name resolution

indows 7
7-13


LLC

Command-Line Configuration
Figure 209: Command-Line Configuration
You can also configure TCP/IP details from the command line. This is very important to learn
because there is no way to graphically configure TCP/IP settings on the server core operating
system.
Use the netsh command from the command-line on either the full or core versions of Windows
Server 2008. Use the netsh command to configure IP settings on demand, or with a script for
repetitive operations.
When used on-demand, the Netsh tool has its own console and command structure. The Netsh tool
uses the following top-level commands:
Usage: netsh [-a AliasFile] [-c Context] [-r RemoteDevice] [-u
[DomainName\]UserName] [-p Password | *]
[Command | -f ScriptFile]
Commands in this context:

? - Displays a list of commands.
add - Adds a configuration entry to a list of
entries.
advfirewall - Changes to the `netsh advfirewall' context.
bridge - Changes to the `netsh bridge' context.
delete - Deletes a configuration entry from a list of
entries.
dhcpclient - Changes to the `netsh dhcpclient' context.
dump - Displays a configuration script.
exec - Runs a script file.
firewall - Changes to the `netsh firewall' context.
help - Displays a list of commands.
http - Changes to the `netsh http' context.
interface - Changes to the `netsh interface' context.
ipsec - Changes to the `netsh ipsec' context.
7-14
Administering
Adminnistering

Global
LL

lan - Changes to the `netsh lan' context.
nap - Changes to the `netsh nap' context.
netio - Changes to the `netsh netio' context.
p2p - Changes to the `netsh p2p' context.
ras - Changes to the `netsh ras' context.
rpc - Changes to the `netsh rpc' context.
set - Updates configuration settings.
show - Displays information.
winhttp - Changes to the `netsh winhttp' context.
winsock - Changes to the `netsh winsock' context.
wlan - Changes to the `netsh wlan' context.
The following sub-contexts are available:
advfirewall bridge dhcpclient firewall http interface ipsec lan
nap netio p2p ras rpc winhttp winsock wlan

indows 7
7-15


LLC
L

Next Generation TCP/IP Stack
Figure 210: Next Generation TCP/IP Stack
While creating Windows 7, Microsoft overhauled many different aspects of Windows operating
system and the networking subsystem is no exception. Microsoft integrated many of the latest
Internet RFC standards into the new operating system. Some of these changes are speed and
security enhancements made to existing components; whereas other changes are brand new
features. Some of the new functionality was introduced with Windows Vista.
7-16
Administering
Adminnistering

Global
LL

New Features
Figure 211: New Features
The new networking stack in Windows 7 offers many new features, including the following.
Dual IPv4 and IPv6 Stacks

In previous Windows versions, IPv6 was an afterthought. Even today, very few networks
implement IPv6. However, many networks will soon switch to IPv6 to take advantage of new
advances in network and computing technology. In Windows 7 and Windows Server 2008, IPv6 is
enabled by default and runs side-by-side with IPv4.
Winsock Kernel NPI

WSK (Winsock Kernel) is a kernel-mode software NPI (network programming interface) that
performs network communication using a sockets-like programming technique similar to that
supported in user-mode Winsock 2. The WSK model is simpler for programmers to use, exposes
features of the next generation TCP/IP stack, improves performance, and allows TDI-based
services to easily port to WSK.
Strong Host Model Support

On a multi-homed system, the strong host model stipulates that a system should accept locally
destined packets only if the destination address matches an address assigned to the interface on
which the packet was received. The weak host model allows the receipt of packets to either
interface of the system.
Windows Filtering Platform

WFP (Windows Filtering Platform) replaces the firewall and filter hooks and allows filtering at all
levels of the protocol stack. Using WFP, software developers can more easily integrate data
inspection services into the operating system.

indows 7
7-17


LLC

TCP Offload Support

New TCP (Transmission Control Protocol) offload mechanisms allow processors on the NIC with
a properly written NDIS driver for the card to perform most of the TCP processing. This relieves a
huge burden on a systems CPU and boosts the performance of network communications.
qWAVE Components
qWAVE (Quality Windows Audio-Video Experience) is a collection of components based on QoS
that allow multimedia traffic to be prioritized on wired and wireless networks. The qWAVE
components examine bandwidth and QoS capability to provide consistent usage of the networks
resources.
Networking Enhancements
Figure 212: Networking Enhancements
The improvements in existing network components are almost as profound as the addition of new
features, if not more so. These changes improve the performance, security, and scalability of the
Windows 7 network subsystems. The following topics describe these improvements.
Multiprocessor Scaling
Prior versions of the NDIS architecture limited the processing of traffic from a network card to a
single processor. Now, the NDIS architecture can distribute that traffic across multiple processors
for increased throughput.
Fewer Reboots Due to Network Reconfiguration

The development of new methods for storing configuration data prevent reboots from being
necessary.
Better Roaming Support

Computers that move between networks can more easily discover the network they are on and the
proper settings to use.
7-18
Administering
Adminnistering

Global
LL

DoS Attack Resistance

With the enhancements, the hardened protocol stack now protects against the onslaught of DoS
attacks that proliferate across the Internet.
Autotuned TCP Receive Window

The TCP receive window is now automatically tuned based on the network environment that is
detected at the time.
Compound TCP
Over connections with a higher amount of latency, CTCP (Compound TCP) increases the
performance of large file copies by appropriately tuning the TCP window size based on the speed
of the network, the round-trip time, and the size of the data that needs transmitting.
ECN Support
ECN (Explicit Congestion Notification) allows routers to explicitly inform hosts of congestion by
marking packets as they are forwarded. Without ECN, hosts drop their transmission rate whenever
packets are lost, even if the problem is not due to congestion.
Enhanced Wireless Performance

Windows 7 now conforms to RFCs 2582, 2883, 2018, 3517, and 4138 to improve performance in
wireless environments.
TCP Fast Reconnect

TCP Fast Reconnect provides continued connectivity as systems travel from one wireless network
to another.
Routing Improvements
Detection of an unreachable neighbor goes further than dead gateway detection in discovering that
a router is no longer available and looking for a new gateway. Previously only a feature of IPv6,
this is now extended to IPv4.
Failback support allows systems that have switched to a different gateway to switch back when the
original router comes back online.

indows 7
7-19


LLC
L

IPv6 Protocol
Figure 213: IPv6 Protocol
IPv6 is an update to the TCP/IP protocol that drastically changes the way addresses are assigned
on networks. It is based on a 128-bit addressing scheme instead of 32 bits like the current IPv4
addressing scheme. The following topics describe the attributes of IPv6.
128-Bit Address Space

The address in IPv6 is four times larger than an address in IPv4. A 32-bit address space allows for
2^32 or 4,294,967,296 possible addresses. A 128-bit address space allows for 2^128 or
340,282,366,920,938,463,463,374,607,431,768,211,456 (3.4 10^38) possible addresses.
In the late 1970s when the IPv4 address space was designed, no one thought that it might become
exhausted. By 1992, it was clear that a replacement was necessary. To address this concern, IPv6
was given a value large enough to, conceivably, last forever. Put another way, a 128-bit address
space provides 655,570,793,348,866,943,898,599 (6.5 10^23) addresses for every square meter
of the earths surface.
Better Routing
The large size of the IPv6 address pool can be subdivided into hierarchical routing domains that
reflect the topology of the modern-day Internet. The use of 128 bits provides multiple levels of
hierarchy and flexibility in designing hierarchical addressing and routing that is lacking on the
IPv4-based Internet.
Enhanced Security
Instead of just being an add-on technology as it is with IPv4, IPSec is now a protocol requirement
in IPv6.
7-20
Administering
Adminnistering

Global
LL

Mobile IPv6
Using mobile IPv6, clients can move around from location to location without the worry of being
disconnected. A permanent address is assigned to the node to so it can be found regardless of the
network it is on.
Inherent QoS Functionality

Predefined files in the IPv6 header provide for QoS information that should be embedded within
each packet. This allows routers to easily determine the handling characteristics of the packet from
the source to the destination.
IPv6 Enhancements
Figure 214: IPv6 Enhancements
Although IPv6 is tightly integrated into the Windows 7 operating system, support for the protocol
is not new. Windows XP and Windows Server 2003 both used IPv6 for some time now, but users
had to install and enable it. Since this more rudimentary implementation, numerous improvements
have been made:
Enabled out of the box: No installation is necessary for IPv6. It is automatically

turned on and runs right beside IPv4.
Graphical configuration: In Windows XP and Windows Server 2003, IPv6 was
configured exclusively from the command line. Now, the standard GUI for configuring
IPv4 has been implemented for IPv6 as well. Command-line configuration is still
available.
Enhanced Teredo support: Teredo, an automatic tunneling technology, tunnels IPv6
messages through the IPv4 Internet. With the implementation in Windows 7, Teredo
hinders network scanning of translated addresses.
Integrated IPSec for IPv6 traffic: Users can now configure IPSec policies for IPv6
traffic the same way that they configured IPSec policies for IPv4 in the past.
MLDv2: MLDv2 (Multicast Listener Discovery version 2) is the IPv6 replacement for
the IGMPv3 protocol on IPv4 and is now supported by Windows 7.

indows 7
7-21


LLC

LLMNR: LLMNR (Link-Local Multicast Name Resolution) allows both IPv4 and
IPv6 clients to discover each others names without a DNS server present.
Support for ipv6-literal.net names: This special zone format allows applications that
do not support IPv6 addresses to use the addresses through a standard DNS name. As
an example:
For the IPv6 address:
2002:ec8:28:3:f98a:5b31:6700:67aa
The corresponding ipv6-literal.net name is:
2002-ec8-28-3-f98a-5b31-6700-67aa.ipv6-literal.net
RRAS support for IPv6 over PPP: The Windows 7 and Windows Server 2008 RRAS
services now allow PPP connections to use IPv6 through the server.
Reduced address scanning vulnerabilities: Windows 7 and Windows Server 2008
now generate random interface IDs for non-temporary auto-configured IPv6 addresses,
including public and link-local addresses. This reduces the vulnerabilities present when
the known manufacturer ID of an interface is used.
Support for DHCPv6: The IPv6 client in Windows Server 2008 and Windows 7 are
now DHCPv6 capable.
LLTDM and LLTDR Protocols
Figure 215: LLTDM and LLTDR Protocols
The Windows Vista and Windows 7 operating systems bring a new network mapping feature that
uses two base protocols: LLTDM (Link-Layer Topology Discovery Mapper) and LLTDR (Link-
Layer Topology Discovery Responder). These protocols are advancements from the old master
browser NetBIOS services. They are responsible for discovering networks and also other network
devices capable of speaking the two protocols. Currently, these protocols work only with the
Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 product lines.
The Windows Firewall with Advanced Features enables and disables these protocols based on the
rules configured for each network profile or type chosen. For example, network discovery is not
allowed on public network categories.
7-22
Administering
Adminnistering

Global
LL

Discontinued Networking Technologies
Figure 216: Discontinued Networking Technologies
Microsoft has long put enormous effort into making sure that as much backward compatibility
exists in the latest operating system to keep the older applications and services working. This
compatibility comes at the cost of performance, security, and the inclusion of new technologies.
For Windows Vista, Windows 7, and Windows Server 2008, Microsoft discontinued many older
technologies that are very infrequently used today. People who may be upset by this of course
have the option to stay with the older versions of Windows to keep these features.
Figure 216 briefly lists some of the discontinued networking features. Other features and options
that do not relate to networking have also been pulled from the operating system.

indows 7
7-23


LLC

Dynamic Host Configuration Protocol
Figure 217: Dynamic Host Configuration Protocol
DHCP (Dynamic Host Configuration Protocol) is a service that runs on a Windows server and
automatically provides IP addresses to hosts on the network. Automatic address assignment helps
to lighten the load that administrators face when dealing with the addressing of computers on the
network.
The following topics describe DHCP at a high level and the role of the DHCP in IPv6.
7-24
Administering
Adminnistering

Global
LL

DHCP Fundamentals
Figure 218: DHCP Fundamentals
DHCP uses a client-server model for communication. When a client needs an address, it sends out
a DHCP Discover broadcast. Any DHCP servers that hear this broadcast reply with a DHCP Offer
message. The DHCP client replies with a DHCP Request message. Finally, the server confirms
address assignment with a DHCP Acknowledgement message.
The DHCP consists of several components on the server and the clients within the network. These
components include:
DHCP server: This server is responsible for issuing and revoking IP configurations
from clients and working with DNS servers to create A (IPv4 host) or AAAA (IPv6
host) records.
DHCP client: This client is the Windows 7 installed client that receives the client
configuration from the DHCP server. The client DHCP process works with the DHCP
server to configure the DNS record described above.
DHCP scope: This scope is the range of IP addresses assigned to the DHCP clients.
The DHCP scope also contains IP addresses excluded from distribution and IP
addresses reserved for various devices and printers via MAC addresses.
DHCP scope options: These options are enhancements to the DHCP scope.
Information contained as options are as simple as IP addressing information for DNS
servers, WINS servers, default gateway routers, NetBIOS broadcast types, and the new
Windows 7 only option: DHCP Network Hints.

indows 7
7-25


LLC

Role of DHCP in IPv6
Figure 219: Role of DHCP in IPv6
When you require more addressing control, enable the DHCPv6 component. IPv6 allows inherent
automatic address assignment and may not need a full DHCPv6 implementation. The following
topics describe the role of DHCP in IPv6.
DHCP Is Optional
IPv6 automatically assigns itself an address based upon information that it gathers from Router
Solicitation and Router Advertisement messages. Router messages have two flags that are known
as the M flag (Managed Address Configuration) and the O flag (Other Stateful Configuration).
When the M flag is set to 1, it tells the IPv6 client to look to a DHCPv6 service for addressing. If
the O flag is set to 1, the client uses DHCPv6 for other options such as DNS server addresses.
IPv6 Router Determines the Network Address

Without any of the flags set, the IPv6 router uses its Solicitation and Advertisement messages to
inform the hosts of the network address that they should use.
IPv6 Clients Autoconfigure the Host Address

The IPv6 clients pick up on the router messages and use the network numbering that is advertised.
Then they assign the host address on their own.
DHCPv6 Can Be Used for More Control

If more control of addressing is necessary, you can set IPv6-capable routers relay the DHCPv6
requests to a centralized DHCPv6 server for address assignment.
7-26
Administering
Adminnistering

Global
LL

Network and Sharing Center
Figure 220: Network and Sharing Center
One of the most welcome changes to the Windows 7 operating system is the streamlining and
reconfiguring of the network settings. This change makes the entire configuration much more
intuitive for the user and the administrator. Windows XP forced you to navigate to many different
locations to accomplish some basic tasks. With the Windows 7 product line, the Network and
Sharing Center provides access to all these tasks in one central location. This applet is your one-
stop location for all the Windows 7 networking and Internet configuration options.
As shown in Figure 220, this topic describes the functionality of the Network and Sharing Center
in Windows 7.

indows 7
7-27


LLC

Accessing the Network and Sharing Center
Figure 221: Accessing the Network and Sharing Center
You can access the Network and Sharing Center from a few different locations. You can access it
one of the following ways:
Start menu, Search box

Start menu, Control Panel
System tray (Right-click the Network icon and click the Open Network and Sharing
Center link)
The Network and Sharing Center offers many configuration applets and locations for you to
manage networking configurations and connections. It provides visual diagrams and maps of your
home or office networks. The visual tools are very useful tools for determining how to configure
your network connection. A quick glance shows the status of your Internet connection. A red X
indicates a broken connection between your Windows 7 device and the Internet.
7-28
Administering
Adminnistering

Global
LL

Displaying a Network Map
Figure 222: Displaying a Network Map
The network map is a feature that is enabled depending on the chosen network profile type. The
Windows Firewall with Advanced Features assigns the various rules that apply to the chosen
networking profile. For instance, if you choose the public profile, network discovery, and file
sharing are turned off. So when you choose the public profile, the Network Map feature does
not work.
Helpful Hint
The LLTDM is responsible for the mapping features that are available
in the Network and Sharing Center. If you choose the public profile,
this driver is blocked from outgoing and incoming communication.
You can override the default settings of the public network by toggling
the Network Discovery and File Sharing options or by customizing
your network.
Caution
When you make changes to the default network settings, you may be
opening up security risks, especially on the public network.
On the Network Map window, you can view a detailed map of your network. This map shows you
all of the devices currently connected to your network. Of course, these devices must support the
mapping protocols and drivers known as LLTDM and LLTDR. This means that Windows Vista
and Windows 7 devices will show up on the map as well as networking devices that support the
protocols mentioned. These network devices typically are routers, switches, and wireless access
points.
indows 7
7-29


LLC

The mapping feature does take some time to render a map, especially if the network contains
many approved devices. You must consider the traffic that this process causes and determine
whether to allow the discovery process on your networks.
Helpful Hint
You can download a compatibility pack for Windows XP that allows the
discovery of Windows XP devices on the network. However, this does
not allow the Windows XP devices to create maps.
Helpful Hint
If you correctly configure the networking feature and choose the
correct network profile but the mapping feature does not work, look to
the firewall for the possibility of a blocked UDP or TCP port 2177.
Helpful Hint
Use Group Policy to allow or disallow the mapping process on all
Windows Vista and Windows 7 computers. Just because you block the
2177 port on your firewalls, does not mean that the memory-starved
devices will not attempt to send discovery and mapper packets to the
network.
7-30
Administering
Adminnistering

Global
LL

Network and Sharing Center Wizards
Figure 223: Network and Sharing Center Wizards
Windows 7 provides the following wizards for making connections to various networks:
Set up a new connection or network

Connect to a network
Choose homegroup and sharing options
Troubleshoot problems
These wizards make it very easy for you to create connections to the networks that you need to
access. However, the connections that you create must conform to the Windows 7 classification
scheme. So the first time that a Windows 7 computer connects to a network, you must classify its
location or type as one of the following: Home, Work, or Public. This is a requirement for all
network communication and is very valuable to the overall security of the Windows 7 and
Windows Vista networks. If for instance, you are sitting in the airport and are connecting to the
Wi-Fi hotspot in the terminal, the Windows 7 Network Classification Scheme utility would
require you to choose a network type. The appropriate choice for volatile networks such as an
airport is the Public classification. By choosing the Public classification, you protect yourself
because the Windows Firewall with Advanced Features prevents you from discovery and
mapping; your computer and all of its data and resources are protected.

indows 7
7-31


LLC

Set Up a New Connection or Network Wizard
Figure 224: Set Up a New Connection or Network Wizard
The Set Up a Connection or Network option allows you to connect to a wireless, broadband or
dial-up connection to the internet. It also provides the option to manually connect to a wireless
network. It can be used to connect to the workplace through a VPN or using dial-up. It can also
be used to set up an ad-hoc wireless connection when a wireless access point is unavailable.
7-32
Administering
Adminnistering

Global
LL

Connect to a Network Wizard
Figure 225: Connect to a Network Wizard
Windows 7 makes it easier to configure wireless networks that do not broadcast their SSID, also
known as the Wireless Network Name. With the Windows XP wireless networking model, these
networks did not show up; they were invisible to the user. While this is considered a security
feature of wireless networking, plenty of freeware packages on the Internet can discover the
presence of non-broadcasting wireless networks. With Windows 7, the non-broadcasting wireless
networks display in the new Wireless Network dialog box as unnamed networks.
You do not need to manually add a non-broadcasting wireless network as a preferred network in
the list of preferred networks. To connect to a network, simply click the unnamed network in the
list, make the choice to connect, supply the appropriate SSID value, and if required, supply the
encryption key. This process is much easier than in Windows Vista.
Helpful Hint
The Connect to a network wizard contains a feature that allows you to
manually connect to a wireless network. This is provided in case
multiple unnamed networks exist in the wireless networking dialog box.
Instead of trying every connection, simply create a manual connection
to a wireless network and set it as the preferred network.

indows 7
7-33


LLC

Choose Homegroup and Sharing Options Wizard
Figure 226: Choose Homegroup and Sharing Options Wizard
You can enable the homegroup configuration from the Network and Sharing Center. A benefit of
the homegroup is the Windows 7 library. This is again the Windows 7 aggregate view of shared
resources and system folders, both local and remote.
With the Windows 7 homegroups and libraries, you can point to data that lives on many
computers, and possibly different networks, in a clear and concise manner within a library. The
new Windows Media Center also integrates with the homegroup and the library functions so that
folders watch and autoupdate as content changes. You no longer have to navigate a file structure
to see your data.
7-34
Administering
Adminnistering

Global
LL

Troubleshoot Problems Wizard
Figure 227: Troubleshoot Problems Wizard
The Troubleshoot problems Network and Internet feature built into Windows 7 networks
provides seven main tools for troubleshooting most issues that may occur. The wizard presents the
user with several questions designed to configure a troubleshooting method that, hopefully,
corrects the problem. You can troubleshoot the following issues:
Internet connections
Shared folders
Homegroups
Network adapters
Incoming connections
Connection to a workplace using DirectAccess
Printing

indows 7
7-35


LLC

Setting the Network Location
Figure 228: Setting the Network Location
The Windows 7 product line carried over the Windows Vista classification schemes. The benefits
are many, but the main purpose is to make you to choose a network location type when you
successfully connect to a network. This network location type drives the network settings
configuration. Behind the scenes, the Windows Firewall passes down the incoming and outgoing
rules based on the network profile configuration, which is based on the network type that you
chose.
7-36
Administering
Adminnistering

Global
LL

Changing Adapter Settings
Figure 229: Changing Adapter Settings
You can also directly access your network interface from the Network and Sharing Center. Simply
click the link for the connection name and then click the Properties button. You can make many
adjustments and configurations from the Properties dialog box.
Helpful Hint
When you search for the word adapters, Windows 7 takes you to the
Network Connections section of Control Panel and you can see a list
of your adapters.

indows 7
7-37


LLC

BranchCache
Figure 230: BranchCache
BranchCache keeps a cached copy of the data on the Windows Server 2008 R2 BranchCache
server. This reduces data access times by as much as 50 percent as compared to pulling the data
from the remote file server every time the user requires access to the data.
This topic defines BranchCache and describes the hosted and distributed cache modes of the
BranchCache feature built in to Windows Server 2008 R2 and Windows 7.
7-38
Administering
Adminnistering

Global
LL

What Is BranchCache?
Figure 231: What Is BranchCache?
BranchCache helps to reduce the file transfer traffic between a headquarters location and its
remote offices. BranchCache operates in one of two modes: the Hosted Cache mode, where a
Windows Server 2008 R2 device hosts a cached copy of the data, or a Distributed Cache mode
where a BranchCache server is not required. In a Distributed Cache mode, computers in the
branch store cached copies of the data and as the data is requested, this data is sent to new
Windows 7 devices. This is all managed by the BranchCache process and drivers.
Helpful Hint
BranchCache supports all of the popular protocols for Web content
such as HTTP and HTTPS as well as SMB for file server
communication. Because of this standards-based support,
BranchCache supports all modern file types by extension. The
BranchCache process caches only read requests to files, so it never
interferes with any user that is writing to a remote file. BranchCache
also only caches data that has been requested, so it is very efficient at
dealing with bandwidth or the lack of it.

indows 7
7-39


LLC

Hosted Cache Mode
Figure 232: Hosted Cache Mode
In the Hosted Cache mode data is downloaded to BranchCache-enabled servers in the branch
office by BranchCache-enabled clients. The Hosted Cache mode does not require a dedicated
server and is enabled on any physical or virtual server that is running Windows Server 2008 R2 in
the branch office.
The following process is used to cache and retrieve data:
1. The Windows 7 client connects to the server containing data files and requests them
as normal.
2. The data-containing server authenticates the client as normal and returns content
metadata over the standard data channel.
3. The client uses hashes in the metadata to search for the file in the local Hosted Cache
server. If this is the first time any client has retrieved the file, the client retrieves the
file directly from the original server that has the data.
4. The client exchanges content identifiers with the Hosted Cache server over an SSL
connection.
5. The Hosted Cache server retrieves the set of data blocks that are not cached from
the client.
6. If another Windows 7 client requests the same file from the data-containing server,
authentication occurs and content identifiers are once again returned.
7. The client exchanges the content identifiers with the Hosted Cache server over an SSL
channel. The Hosted Cache server encrypts the cached data and returns it to the client.
8. The client decrypts the data, and verifies that the content has not been modified.
7-40
Administering
Adminnistering

Global
LL

Distributed Cache Mode
Figure 233: Distributed Cache Mode
In a Distributed Cache mode, Windows 7 clients cache the content and exchange the data with
other authorized Windows 7 clients in the same location. Distributed Cache mode is best for
branch offices with less than 50 users.
With the Distributed Cache mode, a local Hosted Cache server is not required. Windows 7 clients
cooperate with each other to cache and retrieve files. The WS-Discovery multicast protocol is
utilized to find other Windows 7 devices with locally cached data.
Distributed Cache mode operates on a per subnet basis.

indows 7
7-41


LLC

Acronyms
AAAA address (IPv6 host record)

API application programming interface
ARPANET Advanced Research Projects Agency Network
ATM Asynchronous Transfer Mode
BAP Bandwidth Allocation Protocol
CTCP Compound TCP
DHCP Dynamic Host Configuration Protocol
DHCPv6 Dynamic Host Configuration Protocol version 6
DNS Domain Name System
DoS denial of service
EAP Extensible Authentication Protocol
ECN Explicit Congestion Notification
GUI graphical user interface
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
IANA Internet Assigned Numbers Authority
ID identifier
IGMPv3 Internet Group Management Protocol version 3
IP Internet Protocol
IPSec IP Security
IPv4 Internet Protocol version 4
IPX Internetwork Packet Exchange
ISP Internet service provider
LAN local area network
LLMNR Link-Local Multicast Name Resolution
LLTDM Link-Layer Topology Discovery Mapper
LLTDR Link-Layer Topology Discovery Responder
MAC media access control
MLDv2 Multicast Listener Discovery version 2
MS-CHAP Microsoft Challenge Handshake Authentication Protocol
NAP Network Access Policy
NAT Network Address Translation
NDIS Network Driver Interface Specification
NetBIOS Network Basic Input/Output System
7-42
Administering
Adminnistering

Global
LL

NIC network interface card

NPI network programming interface
OSI Open Systems Interconnection
OSPF Open Shortest Path First
P2P peer-to-peer
PPP Point-to-Point Protocol
QoS Quality of Service
qWAVE Quality Windows Audio-Video Experience
RAS Remote Access Service
RPC remote procedure call
RFC Request for Comments
RRAS Routing and Remote Access Service
SFM Services for Macintosh
SLIP Serial Line Internet Protocol
SMB Server Message Block
SPAP Shiva Password Authentication Protocol
SPX Software package exchange
SSID service set identifier
SSL Secure Sockets Layer
TCP Transmission Control Protocol
TDI transport driver interface
UDP User Datagram Protocol
VPN virtual private network
WFP Windows Filtering Platform
WINS Windows Internet Naming Service
Winsock Windows Sockets
WLAN wireless local area network
WS-Discovery Web Services Discovery
WSK Winsock Kernel

indows 7
7-43


LLC
L

Section Review
Summary
TCP/IP is a suite of addressing and routing protocols that consists of four layers:
Application layer: Implements the Winsock, NetBIOS, and the WSK APIs.
Transport layer: Contains the TCP and UDP protocols along with raw mode for
transmitting packets that do not need either TCP or UDP.
Network layer: Routes information from one network to another via the IPv4 and
IPv6 which live side-by-side and run simultaneously.
Framing layer: Places data coming from IPv4 and IPv6 into the appropriate
framing structure for the medium being used.
You can configure the TCP/IP settings for network adapters on Windows 7 using the
following methods:
Graphical configuration: Use the Internet Protocol Version 4 (TCP/IPv4)
Properties dialog box to automatically obtain IP addresses or manually change the
IP address, subnet mask, default gateway and others options.
Command-line configuration: Use the NetSH command-line tool to configure IP
settings on demand, or with a script for repetitive operations.
Enhancements made to IP version 6 for the Windows 7 client operating system include
the following:
128-bit address space: There are for 3.4 x 10^38 possible addresses
(340,282,366,920,938,463,463,374,607,431,768,211,456)
Better routing: Routing is built around the Internet architecture
Enhanced security: IPSec is a protocol requirement
Improved mobile IPv6: Maintains connectivity with address changes
Inherent QoS functionality: Traffic flow fields are part of the IPv6 header
The DHCP service runs on a Windows server and automatically provides IP addresses
to hosts on the network using the following client-server communication model
process:
1. Client sends out a Discover message.
2. Servers answer with an Offer message.
3. Client replies with Request message.
4. Server confirms with an Acknowledgement message.
The DHCP consists of these components::
DHCP server: Responsible for issuing and revoking IP configurations from
clients and also creating A or AAAA records.
DHCP client: Receives the client configuration from the DHCP server.
DHCP scope: Contains the range of IP addresses assigned to the DHCP clients, as
well as, IP addresses excluded from distribution or reserved for other various
devices.
DHCP scope options: Contains enhancements to the DHCP scope ranging from
IP addressing information for DNS servers to the new Windows 7 only option:
DHCP Network Hints.
7-44
Administering
Adminnistering

Global
LL

Features of the Networking and Sharing Center include the following:

Display a network map: View diagrams and maps of your home or office
networks
Network and Sharing Center wizards: Create connections to networks of all
types using the following wizards in the Network and Sharing Center:
o Setup a new connection or network
o Connect to a network
o Choose homegroup or sharing options
o Troubleshooting problems
Setting the Network Location: Select the location type when the Windows client
connects to a network.
Changing Adapter Settings: Manage details and properties for the network
adapter.
In Distributed BranchCache mode, Windows 7 clients cache the data and exchange the
data with other authorized Windows 7 clients in the same location.
Knowledge Check
1. Can Windows XP computers appear in a Windows 7 Network Map?
2. The ________________ layer, sometimes known as the Internet layer, is responsible for routing
information from one network to another.
3. Josh wishes to use the IPv6 local loopback address to verify if the IPv6 network stack is
responding as designed. What address should he use with ping inside the command prompt?
a. 127.0.0.1
b. 127.EEOD:0000:0000:00000:0001
c. 0:0:0:0:0:0:0:1
d. fe80::1c8c:3026:9d2c:bc66%13
4. Which of the following features in the Network and Sharing Center are useful when trying to
diagnose network-related problems? (Choose all that apply).
a. Network maps
b. Change adapter settings
c. Troubleshoot problems wizard
d. Set network locations

indows 7
7-45


LLC
L

5. Place the steps for the DHCP service process in the correct order. Write the numbers in the
Answer column.
Answer Description
Client replies with Request message
Server confirms with an Acknowledgement message
Client sends out a Discover message
Servers answer with an Offer message
6. Clients running Windows Vista and Windows 7 can retrieve cached files from each other when
running in the Distributed BranchCache mode.
a. True
b. False
7. Which of the following methods could you use to configure TCP/IP settings? (Choose all
that apply):
a. Automatically obtain IP addresses in the Internet Protocol Version 6 (TCP/IPv6) Properties
dialog box.
b. Use the Network Display Map feature to view and edit the IPv6 settings.
c. Use the NetSH command-line tool to configure IP settings on demand.
d. Manually change the IP address, subnet mask, default gateway and others options from the
Internet Protocol Version 6 (TCP/IPv6) Properties dialog box.
8. For each Windows 7 enhancement t of IPv6, write a brief description in the space provided:
Better routing
Enhanced security
Improved mobile IPv6
7-46
Administering
Adminnistering

Global
LL


1. Can Windows XP computers appear in a Windows 7 Network Map?
Yes they can, provided that you download and install the LLTD protocol.
2. The Network layer, sometimes known as the Internet layer, is responsible for routing information
from one network to another.
3. Josh wishes to use the IPv6 local loopback address to verify if the IPv6 network stack is
responding as designed. What address should he use with ping inside the command prompt?
a. 127.0.0.1
b. 127.EEOD:0000:0000:00000:0001
c. 0:0:0:0:0:0:0:1
d. fe80::1c8c:3026:9d2c:bc66%13
4. Which of the following features in the Network and Sharing Center are useful when trying to
diagnose network-related problems? (Choose all that apply).
a. Network maps
b. Change adapter settings
c. Troubleshoot problems wizard
d. Set network locations
5. Place the steps for the DHCP service process in the correct order. Write the numbers in the
Answer column.
Answer Description
3 Client replies with Request message
4 Server confirms with an Acknowledgement message
1 Client sends out a Discover message
2 Servers answer with an Offer message
6. Clients running Windows Vista and Windows 7 can retrieve cached files from each other when
running in the Distributed BranchCache mode.
a. True
b. False
Client computers must be running Windows 7.
7. Which of the following methods could you use to configure TCP/IP settings? (Choose all
that apply):
a. Automatically obtain IP addresses in the Internet Protocol Version 6 (TCP/IPv6)
Properties dialog box.
b. Use the Network Display Map feature to view and edit the IPv6 settings.
c. Use the NetSH command-line tool to configure IP settings on demand.
d. Manually change the IP address, subnet mask, default gateway and others options from
the Internet Protocol Version 6 (TCP/IPv6) Properties dialog box.

indows 7
7-47


LLC
L

8. For each Windows 7 enhancement of IPv6, write a brief description in the space provided:
Better routing:
Routing is built around the Internet architecture
Enhanced security:
IPSec is a protocol requirement
Improved mobile IPv6:
Maintains connectivity with address changes
7-48
Administering
Adminnistering

Global
LL

6
Integrating Windows 7 with Active
Directory
Section Topics
DNS Overview
Windows Server 2008 R2 Active Directory
Joining an Active Directory Domain
Using Active Directory Tools Remotely
Implementing Group Policy

indows 7
6-1


LLC
L

Integrating Windows 7 with Active Directory
Section Objectives
Describe at a high level the DNS service for Windows Server

Define Windows Server 2008 R2 Active Directory
Explain how to join an Active Directory domain
Identify the tool used to configure the Windows 7 local security policy
List the Windows 7 Active Directory tools used to remotely administer Active
Directory
Explain the purpose of Windows 7 ADMX templates
List the Windows 7 Group Policy settings
Explain how to configure the Windows 7 Group Policy settings
Section Overview
The business environment is constantly changing. The operating systems that run smoothly are the
ones that can efficiently and securely operate under some of the most hostile and volatile
conditions. The client operating systems installed within large enterprise networks must be
manageable, both remotely and centrally. Windows Server products and Windows 7 client
operating systems can do this for you. This section introduces the server-side technologies
available with Windows Server 2008 R2 and the enterprise abilities of Windows 7. This
information helps you understand what you can do in your own network to make your job easier
and your data more available and secure.
6-2
Administering
Adminnistering

Global
LL

DNS Overview
Figure 158: DNS Overview
DNS is one of the most important services in Active Directory environments. The DNS (Domain
Name System) is a service that translates user-friendly names into their associated numerical IP
addresses. DNS eliminates the need to remember all of the IP addresses for the systems
throughout an environment. Of course, this is crucial in communicating with systems on the
Internet since there are millions of IP addresses.
DNS is also required for communication with the outside world due to the Internets total reliance
on DNS as a name resolution platform.
The tight integration of DNS within Active Directory as a naming standard has enormous
advantages. The fact that you need to use only one name resolution service for either internal or
external name resolution greatly simplifies the administration process.

indows 7
6-3


LLC

DNS and Active Directory
Figure 159: DNS and Active Directory
DNS is a critical service for Active Directory. In fact, without DNS the Active Directory service
cannot function. DNS is used to find the addresses for Active Directory hosts and resources.
Special SRVs dynamically register these services in the DNS database.
DNS is also used to register sites for Active Directory. Widely dispersed environments use sites to
provide boundaries between physical locations.
6-4
Administering
Adminnistering

Global
LL

Types of Name Resolution
Figure 160: Types of Name Resolution
DNS is not the only method available to resolve names to IP addresses. Over the years, various
systems utilized several other types of name resolution. Windows Server 2008 R2 still supports
these alternative name resolution mechanisms for backward compatibility.
Hosts file
Since the early days of UNIX operating systems, Hosts files have been used to resolve names into
IP addresses. The Hosts file is a standard text file with host names and addresses created manually
for name resolution. The text file resides locally on every host and does not automatically update
when names or IP addresses on the network change.
Hosts files have a format like the following:
10.0.0.101 skunk
10.0.0.102 panda
10.0.0.125 tiger
NetBIOS
Originally, IBM introduced the NetBIOS naming standard for its mainframe environments. Later
Microsoft adopted this standard for its LAN Manager series of operating systems (of which
Windows Server 2008 is a descendant). NetBIOS was never meant for use in the large
environments where it is currently deployed. With a 15-character maximum to identify computers,
and no hierarchy, NetBIOS quickly runs into capacity problems.
Initially, NetBIOS name resolution was entirely broadcast-based. This meant that every computer
that wanted to communicate using those names had to exist on the same network segment.
Microsoft introduced LMHosts files as a way to initially integrate NetBIOS into the world of
TCP/IP, and allow NetBIOS resolution to reach computers on distant networks. Like the Hosts
file, LMHosts is a static file that must be updated by hand.

indows 7
6-5


LLC

Microsoft later introduced WINS as a centralized name resolution resource that dynamically
updates with the latest names and IP addresses of the computers throughout the environment.
However, WINS still relies on the 15 character or less, non-hierarchical structure.
DNS
DNS was introduced as an RFC standard in the mid-1980s to address the problems facing the
burgeoning Internet (still known as the ARPANET at that time). The network grew so rapidly that
the simple Hosts files just could not keep up. DNS was developed as a hierarchical, distributed
database of names. Although centralized, initially DNS was maintained manually. The latest
versions of DNS, however, can dynamically update with new or modified host names and IP
addresses. DNS focuses on the capacity and overhead issues that have plagued other name
resolution services.
Anatomy of a DNS Name
Figure 161: Anatomy of a DNS Name
A DNS name is made up of several components (shown in Figure 161) that represent the
hierarchical namespace of DNS. Analyzing these components is helpful in understanding the
structure of DNS and helps when troubleshooting DNS problems.
FQDN
The FQDN (fully qualified domain name) refers to the combination of all of the naming
components together. A domain name is fully qualified when the host, second-level, top-level, and
root portions of the name are combined.
Host
The host portion of the DNS name is the identity of the computer or computers that the name
relates to. This may not be the only identity for that computer. Other aliases or host names could
also point to the IP address of the computer.
6-6
Administering
Adminnistering

Global
LL

Second Level
The second level (sometimes called a sub-domain) is a subdivision of the DNS namespace. This
further compartmentalizes the DNS architecture into identifiers that represent the organizations
and entities that make up the namespace.
Top Level
The top-level names categorize different portions of the DNS namespace into collections of
different types of organizations. They also represent different parts of the world. Thousands of
top-level domain names, such as .us, .fr, .jp, .tw, and others, represent all of the different
countries around the world. The most recognized top-level domain names are those used for
businesses and organizations throughout the United States, such as .com, .net, .org, and so on.
Several widely known governmental top-level domain names, such as .gov, .mil, .edu, and many
others also exist.
Root
The root of the DNS namespace is simply the dot (.) at the end of every FQDN. Sometimes it is
not written or typed, but it is always there in the DNS hierarchy and is always used in name
resolution. Fifteen DNS servers process root queries. From there, all other queries are processed.

indows 7
6-7


LLC
L

Internet Name Resolution
Figure 162: Internet Name Resolution
DNS is also the name resolution mechanism of the Internet. If DNS had not been developed, the
Internet would not exist as it does today. Imagine remembering 72.21.210.250 as the Internet IP
address instead of http://www.amazon.com. Imagine remembering the IP addresses for the
hundreds of Web sites you currently visit. Internet DNS is identical to the DNS you may use in
your network environment; however, it is designed to support hundreds of millions of users with
billions of queries for name resolution.
The Internet name resolution mechanism provides external access to your resources. So if you are
a large company, you can make your products available to the world, not just your local area. DNS
is the one service or mechanism that is single-handedly responsible for the explosion of the
Internet, besides the arrival of the personal computer.
DNS also helps to find other types of resources, not just Web sites or server names. DNS can also
provide access to many other types of resources and services within the network. These resources
are made available through the use of DNS resource records such as:
A: IPv4 host record

AAAA: IPv6 host record
CNAME: Alias record
DNAME: Delegation record
LOC: Location record
MX: Mail exchange record
NS: Name server record
PTR: Pointer record
SOA: Start of authority record
SRV: Service location record
TA: DNS server trust authority for secure DNS implementations
6-8
Administering
Adminnistering

Global
LL

Private Name Resolution
Figure 163: Private Name Resolution
DNS can both help and hurt a network. If you are not careful with its implementation and design,
you can inadvertently expose all of your internal resources to the outside world. Businesses can
operate in a safe manner because of the development of private name resolution techniques. You
can create private and public DNS namespace so that your internal resources are safe from the
outside world and your internal users can still access the Internet namespace.
Private name resolution starts with a private top-level domain name. Therefore, instead of using
the typical .com, .edu, .org, and so forth, you can configure a private TLD that is not accepted as a
valid top-level domain name. For example, you can assign local, internal, or private as the
domain name of all of your internal resources. Currently, 20 approved TLDs exist with countless
country designations that can also be used as TLDs. Of course, you have to complete the advanced
configurations to the Windows Server 2008 R2 DNS server so the internal clients can access the
Internet address space.

indows 7
6-9


LLC

Service Location Records
Figure 164: Service Location Records
In the Active Directory environment, SRVs (service location records) locate the critical services
that are necessary for directory service functionality. Domain controllers automatically update the
DNS database with the following record types:
Kerberos
LDAP
Global catalog
Clients and servers also use DNS to determine which site they are in and the servers running the
critical services that they should communicate with.
6-10
Administering
Adminnistering

Global
LL

Troubleshooting Tools
Figure 165: Troubleshooting Tools
Many tools are available for troubleshooting the Windows 7 operating system in general. A few of
these tools are more focused on resolving issues with DNS. The following topics describe these
tools.
Adapter Status
The Adapter Status and corresponding Network Connection Details are useful for displaying basic
information related to the network card and its IP address settings. This tool is sometimes easier to
perform when troubleshooting with another individual over the phone.
The ipconfig /all Command

The ipconfig /all utility is the command-line counterpart of the graphical Network Connection
Details tool. For experienced administrators, the ipconfig commands are more useful, especially
when using other tools at the command-line.
The ipconfig /displaydns Command

The /displaydns switch in the ipconfig command shows all cached DNS queries performed by the
DNS client. Sometimes these cached entries can cause problems with name resolution when IP
addresses change on the DNS server before the cache expires. By default, entries on Windows
Server 2008 DNS have a cache lifetime of 60 minutes.
The ipconfig /flushdns Command

The /flushdns switch in the ipconfig command clears the cached DNS entries on the client
resolver. Keep in mind that this command does not take into account entries cached on upstream
DNS servers. The cache on these DNS servers must be cleared in the DNS console.

indows 7
6-11


LLC

The ipconfig /registerdns

The /registerdns switch in the ipconfig command forces the DNS client to register its name and
IP address with a dynamic update-capable DNS server. When the name and address of a computer
do not appear immediately, this command can accelerate the normal waiting period and register
early.
The nbtstat -c Command

While not a DNS-related command, there are times when names are resolved through NetBIOS
and are cached. These entries can cause troubleshooting headaches when dealing with DNS
resolution issues. The nbtstat -c (lowercase c) command displays any NetBIOS names that are
cached.
The nbtstat -R Command

The -R switch (uppercase R) purges the NetBIOS cache on the local computer.
The NSLookup Tool

The NSLookup tool is the definitive DNS troubleshooting utility. This tool communicates directly
with the DNS server, bypassing the client caching resolver. This eliminates much of the headache
caused by cache, and allows for much more powerful troubleshooting.
The best way to use NSLookup is to simply type nslookup, and then press the ENTER key. The
NSLookup console lists all of your subsequent commands. To obtain more help inside the
NSLookup tool, type ?, and then press ENTER.
Ping
The Ping tool is the ubiquitous connectivity testing utility found on almost any TCP/IP-based
operating system. This tool is not strictly for name resolution troubleshooting. However, if you use
the Ping tool against a name, expect to see the corresponding IP address echoed back. If not, name
resolution may be failing.
6-12
Administering
Adminnistering

Global
LL

Windows Server 2008 R2 Active Directory
Figure 166: Windows Server 2008 R2 Active Directory
Active Directory is a distributed database that stores information about objects such as user
accounts. It also provides information about network resources and application data for directory-
enabled applications and services. You can organize Active Directory into a hierarchical structure
that reflects the layout of your organization and possibly matches the DNS architecture as well.
Active Directory promotes the use of a single-sign-on to the environment for ease of use and a
more top-down administrative model. Within an Active Directory forest, you can permit a user
access to resources that exist on any computer in any domain.
Following topics describe the goals, objects, and architecture of Active Directory as well as the
naming standards used by Active Directory.

indows 7
6-13


LLC

Active Directory Goals
Figure 167: Active Directory Goals
Active Directory is very flexible and extensible. The Active Directory platform has many potential
uses. Following is a description of the most important goals for Active Directory.
Store Object Information

Active Directory stores information for dozens of different object types. The most important are
Users, Groups, and Computer objects.
Authenticate Users
Before gaining access to any part of the Active Directory infrastructure, users must prove their
identity. It is the responsibility of the DC (domain controller) to provide this authentication.
Before anyone is allowed access, the DC must check the users credentials against the Active
Directory database. If the information provided is correct, the user receives a TGT as the pass to
get STs before accessing any resources.
Implement Group Policies and Security Policies

Active Directory can be used to deploy both group policies and security policies to enforce the
standards of the organization. Group policies can be used to incorporate standardization for the
desktop look and feel, operating system settings, and many other user and computer specific items.
For security policies, settings such as password strength, account lockout settings, restricted
software, auditing guidelines, event log settings, and much more can be configured. These policies
are passed down to any users and computers within the scope of the policies.
6-14
Administering
Adminnistering

Global
LL

Active Directory Objects
Figure 168: Active Directory Objects
The heart of Active Directory is a database that stores meaningful object information. The Active
Directory contains many different object types. Administrators create and interact with only a
handful of the following objects:
Users: User accounts are the most prominent object within Active Directory. They
establish the list of known individuals allowed to log on to the system.
Groups: Groups are very important in the reduction of administrative overhead.
Collecting users together into groups allows the administrator to assign privileges to
the group instead of each individual.
Computers: Administrators either create computer objects ahead of time or when a
computer joins the domain. Computers use computer objects to participate in the
domains security context.
Contacts: Contacts do not have a user name and cannot log on to the domain
environment. Administrators use contacts to establish e-mail aliases for individuals
outside the organization.
Printers: Printer objects exist within the directory as a convenient method to locate a
shared printer within the network.
Shared folders: Shared folders are for convenience. A shared folder in Active
Directory points to physical shared folder on a server or workstation. Creating a shared
folder in Active Directory does not create the shared folder on the target computer. The
destination shared folder must already exist.

indows 7
6-15


LLC

Active Directory Architecture
Figure 169: Active Directory Architecture
Active Directory is made of a collection of components that work at different hierarchical levels.
You should understand the designations of these levels even when you are implementing an
Active Directory structure of a smaller size:
Forest: A forest could be a single domain. However, the word forest generally depicts
something larger. A forest could be made up of two or more trees with different
namespaces, for example hq.local and widget.com. Trees and domains in the forest are
bound together by links known as trusts.
Tree: A tree is a collection of one or more domains in the same namespace, for
example hq.local. Domains in the tree are linked together by trust relationships.
Domain: The domain is the basic building block and security boundary for the Active
Directory environment. The domain also establishes a storage area for Active Directory
objects within the DCs in that domain.
Global catalog: The GC for an Active Directory forest summarizes all the objects
stored on each domain in the forest. Since each domain contains its own database
separate from other domains, the GC binds multiple domain directories into one larger
searchable directory.
Organizational unit: OUs are containers in which other objects, such as users and
groups, are stored. OUs are a very important organizational technique for dealing with
very large numbers of objects. It is difficult to manage thousands of user accounts all in
one flat list. Instead, gather objects into meaningful subdivisions called OUs that you
can manage more efficiently.
Domain controller: A DC is a computer that runs the Active Directory service and is
able to answer logon requests and queries about objects. The DC replicates any
changes to the Active Directory database to and from other DCs for redundancy.
Site: Sites provide an indication of the physical architecture of the environment.
Usually administrators establish sites for each physical location, and then place a GC
on a DC within each of the sites. Sites provide a foundation for replication and for
local logons.
6-16
Administering
Adminnistering

Global
LL

Naming Standards
Figure 170: Naming Standards
Active Directory uses a combination of different naming technologies to provide access to the
directory database:
DNS: DNS is one of the most important pieces of the Active Directory puzzle. Not
only does DNS provide the host name to TCP/IP address resolution necessary to
communicate with all of the Active Directory Services, it also provides the naming
structure for Active Directory itself.
DNS is critical in locating the LDAP, Kerberos, and global catalog resources necessary
for domain functionality through the use of SRV records.
LDAP: LDAP is used to query and access the directory database. LDAP is an open
standard used by other vendors for their own directory services and follows a common
access scheme. Using LDAP, other network computers and services can leverage
Active Directory for their own purposes.
X.500: The X.500 standard is a naming specification that defines the hierarchical
structure of a directory database. Active Directory loosely conforms to the X.500
specifications making it easier to convert objects from other directory services to
Active Directory and vice versa.
The X.500 specification lays out the use of containment qualifiers for the different
levels of the hierarchy. The following is an example of an X.500 DN.
cn=Jane Doe, ou=Sales, o=hq, l=atl, st=ga, c=us
cn: common name
ou: organizational unit
o: organization
l: locality
st: state
c: country
Active Directory naming architecture: When Microsoft first designed Active
Directory, it did not adopt the entire X.500 naming scheme for the Active Directory
database. Instead, the developers took part of the X.500 architecture (the cn= and ou=)
and appended the naming scheme used on the Internet today: DNS. The DNS domain
name information, for example gk.com, is turned into a series of dc= qualifiers.
The following is an example of an Active Directory DN:
cn=JaneD, ou=Sales, dc=atl, dc=hq, dc=local
indows 7
6-17


LLC

Joining an Active Directory Domain
Figure 171: Joining an Active Directory Domain
To take advantage of single sign-on, Group Policy, security, resource access, and the many other
features of Active Directory, the user's computer must join the Active Directory domain.
Following is a description of how to join a Windows 7 client computer to the Active Directory
Domain environment, how to change the computer identify, the placement of the computer object,
and how to log on to the domain.
Requirements to Join
Figure 172: Requirements to Join
To join an Active Directory domain, the computer must be configured with a proper DNS server
address that allows the client to contact a domain controller. The user must log on to the local
computer as a local administrator equivalent.
It is not necessary, however, to log on as an administrator from the domain. A normal user can
join computers to the domain up to 10 times. Domain administrators and enterprise administrators
can join an unlimited number of times.
6-18
Administering
Adminnistering

Global
LL

Changing the Computer Identity
Figure 173: Changing the Computer Identity
To change the computers identity, follow these steps:

1. Click the Start button, right-click Computer, and then select Properties.
2. Click the Change Settings link, and then click the Change button.
3. Choose the Domain option and type the name of the domain you want to join.
4. Type the credentials of an Active Directory user account to join the domain with.
Unlike Windows XP, you can now change the computer name and the domain membership at the
same time. Previously, this took two separate steps with two reboots.

indows 7
6-19


LLC

Computer Object Placement
Figure 174: Computer Object Placement
When you join the domain, by default, the computer object is placed in the Computers container.
The domain administrator can move this later. It is also possible to create the computer object
ahead of time in an OU that is appropriate. When the computer joins the domain later, it
immediately adopts any group policies on the OU that the computer is in.
6-20
Administering
Adminnistering

Global
LL

Logging On to the Domain
Figure 175: Logging On to the Domain
In Windows 7, the account name of the last logged on user displays by default on the logon
screen. To log on as a different user, or to force a domain versus local logon, click the Switch
User button, and then select Other User. You can then type any valid user name for the local
computer or for the domain.
If you type a user account name that does not exist on the local computer, the context
automatically changes to the domain that the computer belongs to. You can also specify the
context in the following ways:
HQ\Joe
Joe@hq.local

indows 7
6-21


LLC

Using Active Directory Tools Remotely
Figure 176: Using Active Directory Tools Remotely
It is not always convenient or desirable to use domain management tools on the server console.
Instead, it is possible to install the tools on a Windows 7 console that you can use for
administration.
However, when these tools are unavailable, or the computer you are using is not a domain
member, other methods of remote administration are available.
Active Directory Remote Management
Figure 177: Active Directory Remote Management
An Active Directory environment has several possible options for remote management:
Remote command-line tools: Many command-line tools are available to use against
either the local computer or remote computers. To find out if a tool has remote
management capabilities, run the command with a /? switch, and look for a server or
computer name switch that allows you to change the focus of the command.
Remote Desktop: Any computer with a Remote Desktop client can connect to the
server and run tools and utilities as if sitting at the server console. This is a great option
for non-domain member computers, and for non-Windows computers.
Windows 7 MMC tools: Most of the built-in MMC tools have the ability to focus on
remote computers. The Computer Management Console is one example.
RSAT: Dozens of additional MMC tools are available in the Remote Server
Administration Tools package. This is a free download from Microsoft.
6-22
Administering
Adminnistering

Global
LL

Installing the RSAT Package
Figure 178: Installing the RSAT Package
To install the RSAT, go to the Microsoft Web site and search for RSAT. Choose the version that
matches your version of Windows (32 bit or 64 bit), and download it. To install the package, run
the MSU file and follow the prompts.

indows 7
6-23


LLC

Enabling the RSAT Tools
Figure 179: Enabling the RSAT Tools
After installing the RSAT MSU file, the tools do not appear on the administrative tools listing by
default. You must add the individual RSAT tools that you need, or add them all.
To add the RSAT tools, follow these steps:
1. Click Start, Control Panel, and Programs and Features.
2. Click the Turn Windows Features on or off link.
3. Scroll down to the Remote Server Administration Tools section.
4. Expand and select each individual check box for the items you need.
Note
The list of RSAT tools do not automatically select the lower check
boxes when you select an item higher on the list. You must select
each individual item to install it.
6-24
Administering
Adminnistering

Global
LL

Implementing Group Policy
Figure 180: Implementing Group Policy
Microsoft introduced Group Policy with Windows 2000 as a replacement for the system policies
of older Windows environments. The system policies used in the past were very inflexible and
difficult to reverse once put in place.
The new Group Policy in Windows Server 2008 builds upon the foundation established with
Windows 2000. Group Policy enhancements made in Windows Server 2003 were minor compared
to the new features and hundreds of new settings in Group Policy for Windows Server 2008.
Group Policy may be enhanced with new features but the basic architecture remains the same. To
properly deploy and troubleshoot Group Policy, you must understand its capabilities and
components.
This topic describes the Group Policy features of Windows 7 in the Active Directory environment.

indows 7
6-25


LLC

What Is Group Policy?
Figure 181: What Is Group Policy?
Policies are very important to the network administrator. Policies allow you to pass down many
security or configuration settings to your Windows 7 workstations in a centralized manner, which
makes it easy for you to administer the network. Without policies, you would literally have to visit
thousands of computers either through remote access technologies or by traveling to the location
of the computer, which is not efficient and very costly.
Windows 7 provides you access to several types of policies and utilities for creating and managing
them. Windows 7 provides the local security policy and the Group Policy settings that are passed
down from your Windows Server 2008 R2 computers.
Helpful Hint
You can find many important configuration items in the Windows 7
local security policy, such as the UAC and the Windows Firewall with
Advanced Features.
6-26
Administering
Adminnistering

Global
LL

Computer and User Configuration Items
Figure 182: Computer and User Configuration Items
Each Group Policy object is broken down into two primary sections:
Computer Configuration: These configuration types apply only to computer objects

that are within the scope of the policy.
User Configuration: These configuration types apply only to user objects that are
within the scope of the policy.

indows 7
6-27


LLC

Desktop Settings and Restrictions
Figure 183: Desktop Settings and Restrictions
In the previous Group Policy Management Editor, the Administrative Templates section for both
the user or computer configurations contained most of the desktop settings and restrictions. Now,
there are two new layers:
Policies: This layer contains Software Settings, Windows Settings, and

Administrative Templates.
Preferences: This layer contains Windows Settings and Control Panel Settings.
The Policies, Administrative Templates, Preferences, Windows Settings, and Preferences,
Control Panel Settings containers include most of the desktop-related settings and restrictions as
shown in Figure 183.
The settings can range from the benign background logo to a complete lockdown of the system.
6-28
Administering
Adminnistering

Global
LL

Local Policies
Figure 184: Local Policies
Local policies are those settings configured only on the local computer. These are usually
implemented on a stand-alone or workgroup computer.
Use the Group Policy Management Editor or gpedit.msc tool to edit local policies.

indows 7
6-29


LLC

Security Policies
Figure 185: Security Policies
One section within Group Policy deals specifically with security settings. The security policies
section contains settings that can be used to secure or lock down computers in the environment
through Group Policy instead of having to implement those settings on each individual system.
The main headings of the security policy are:
Security Settings Password Policy and Account Lockout Policy: Contains the
password history, password age, password length, complexity requirements, and
encryption options
Local Policies Audit Policy, User Rights Assignments and Security Options:
Contains the auditing settings, user rights to the system, and UAC settings
Windows Firewall with Advanced Security: Contains the inbound and outbound rule
creation, IPSec security rules, and NAP rules
Network List Manager Policies: Contains the policy settings that control the listing of
identified, unidentified, all networks, and identifying networks
Public Key Policies: Contains EFS policies, BitLocker Drive Encryption policies, and
certificate settings
Software Restriction Policies: Allows and blocks software from the network
Application Control Policies: Contains AppLocker policies
IP Security Policies on Local Computer: Contains the wizard for creating IP security
policies
Advanced Audit Policy Configuration: Contains 40 or more advanced audit policies
for many categories and subcategories such as auditing file shares, registry, and the file
system
6-30
Administering
Adminnistering

Global
LL

Folder Redirection
Figure 186: Folder Redirection
The process of folder redirection makes it possible to store a user's personal My Documents files
on a server instead of locally. The user is unaware of this change, and the documents are also
cached on the user's local hard drive using offline synchronization.
You can also set up many other folders for folder redirection:
AppData (Roaming): Contains files used to store some application configuration data.
Desktop: Contains all files and shortcuts stored on the Windows desktop.
Start Menu: Refers to the Personal section of the Start Menu with all of the program
groups and shortcuts. (You cannot redirect the All Users section.)
Documents: Contains the bulk of any user-created files. (Formerly known as My
Documents)
Pictures: Stores photos by default. You can reduce replication traffic by disabling
some of these less work-related folders.
Music: Stores music by default. You can reduce replication traffic by disabling some
of these less work-related folders.
Videos: Stores videos by default. You can reduce replication traffic by disabling some
of these less work-related folders.
Favorites: Stores Internet favorites to Web sites.
Contacts: Refers to the built-in contacts database for Windows Vista.
Downloads: Stores files downloaded through Windows Messenger and other programs
by default.
Links: Stores quick shortcuts to other folders in the personal and public folders of
the user.
Searches: Stores predefined search criteria for new files, recently viewed files,
recently changed documents, and so forth.
Saved Games: Stores the users games. Some games are now designed to save the
users games here by default.

indows 7
6-31


LLC

Software Deployment
Figure 187: Software Deployment
A powerful feature of Group Policy is the ability to distribute software packages and to restrict
access to unauthorized software. Other more powerful tools also provide these features, such as
Microsoft Systems Management Server, but for the small to mid-sized environment, the built-in
software management tools in Group Policy may be all that are needed.
Distributing Software Packages

The Software Installation section within a Group Policy Object allows the distribution of
software packages. This capability relies on the Windows Installer service that is present on all
Windows operating systems from Windows 2000 to the present.
In order to distribute software using Group Policy, the package must be in MSI format. This
means that an application that is not currently packaged as an MSI file cannot be distributed unless
it is repackaged or a new package is built for it. Many commercially available tools can do this
packaging.
It is possible (but not desirable) to distribute legacy installer packages using a special file called a
ZAP. A ZAP file is a simple text file that contains the name of the executable command that runs
at installation. Unfortunately, it does not have any of the powerful features of the MSI format,
such as self-healing, reporting, and clean uninstall.
Software can be distributed to either the User Configuration section of a Group Policy, or to the
Computer Configuration section. If software is distributed to the user, the package follows the
user from one computer to another. If the package is configured in the Computer Configuration
section, it is available to anyone that logs on to the computer.
When you distribute software to the User Configuration section of Group Policy, you can
distribute it as either an assigned package or a published package. Software packages created in
the Computer Configuration section can only be assigned.
Assigned packages are mandatory and are installed at computer boot time in the case of software
assigned to the Computer Configuration. When packages are assigned to the User
Configuration, they are either installed at first logon or the first time the user attempts to use the
application in the package.
6-32
Administering
Adminnistering

Global
LL

Published packages are optional. The end user must install published packages using
Add/Remove Programs on Windows XP and Windows Server 2003, or using Programs and
Features on Windows Vista, Windows 7, and Windows Server 2008.
Software Restrictions
Figure 188: Software Restrictions
Because of the growing threat of viruses and rogue software, tight control over the software that
users run is greatly needed. Antivirus software is certainly a necessity, but it only catches known
software threats. Any new viruses or Trojan horses that slip under the radar can still be a huge
problem. You can use the Software Restriction feature of Group Policy to prevent users from
running prohibited or malicious programs, or prevent certain programs from starting.
The following topics describe the software restriction and AppLocker policies.
Software Restriction Policies

The software restriction policies available in Group Policy can prevent suspect software from
running before it ever becomes an issue. Software restrictions can also enforce corporate standards
regarding the type of software that end users can install and run. This could lead to greater
productivity or, at the very least, reduce downtime due to software that causes stability problems.
The four different types of software restriction policies are: path rule, network zone rule, hash rule,
and certificate rule.
Path Rule
The path rule is the easiest type to set up. You can use this type in a broad fashion. All you need to
define is the name of the restricted file or a wildcard that matches certain characters in the file
name, or all extensions that match a certain type. The downside to the path rule is that users can
circumvent the policy by renaming the file.
Network Zone Rule
Using the network zone rule, you can define the Internet zones (Internet, Intranet, or Trusted) from
which to allow or prevent software, ActiveX controls, or Java applets from being downloaded.
You can not prevent users from running the application if they obtain it from a different source,
such as a CD/DVD ROM, USB drive, or floppy disk.

indows 7
6-33


LLC

Hash Rule
A hash rule is a more secure mechanism used to permit or deny access to specific files. An MD5
hash is a unique value generated from the bits and bytes of the file. This value is unique among
files. You can use this value to identify whether or not the file is allowed to run. Unfortunately, a
very knowledgeable individual can circumvent the hash rule by hex-editing the file in question and
changing it by a tiny amount.
Certificate Rule
The certificate rule is by far the most secure, but also the most cumbersome to implement. To
properly implement certificate rules, a PKI must be in place to generate and verify certificates.
To use a certificate rule, a special code-signing certificate must be issued by a Certification
Authority. The private key portion of the certificate is then used to sign the files that are allowed
to run. The public key portion of the certificate is then made available to all who need to use the
signed files.
The certificate rules are normally used in a situation where no software is allowed to run except
those files signed by a trusted code-signing certificate. This exclusive model requires constant
oversight as new software or revisions to existing software come along. It is, however, the most
secure computing model available.
AppLocker Policies
Microsoft provided software restriction policies in Windows XP to control the software allowed to
run on computers in the environment. A new, more advanced version of software restriction
policies, AppLocker, is now available for Windows Server 2008 R2 and Windows 7.
The following are AppLocker features:
More powerful publisher rules: AppLocker has the ability to create a rule for a
product name. This eliminates the need to regenerate the hash rule for every update of
an application. Based on publisher, product name, file name, or version, this
information is taken from the digital signature of the application.
Simplified rule processing structure: AppLocker removes the complex precedence
rules for different rule types. Now, all deny rules take precedence over allow rules.
User rules for non-interactive logons: With AppLocker, a help desk administrator
who is remotely administering a user's desktop has the rules enforced whether they are
interactively logged on or not.
Separate policies for .exe files, .msi files, scripts, and DLLs: In AppLocker,
executable rules apply to executable code; path rules created for executable programs
do not apply to DLLs. To control DLL behavior, simply create a DLL rule.
Auditing mode: In AppLocker, enable an audit-only mode to watch or track the
AppLocker process without actually blocking access to files.
Wizard for rule creation: In AppLocker, use a rule creation wizard to generate rules
that allow all applications in a specified folder to run.
6-34
Administering
Adminnistering

Global
LL

Logon Scripts
Figure 189: Logon Scripts
In the past, actions that could not be configured as Group Policy settings were performed by logon
scripts. More and more of these settings are now incorporated into Group Policy as individual
configurable items.
For instance, historically, logon scripts were used to create a mapped network drive for users at
logon. With Windows 7 and Windows Server 2008 R2, Group Policy now contains a User
Configuration, Preferences, Windows Settings, Drive Maps option that allows you to configure
the mapped drives.
In addition to logon scripts, Group Policy can also provide computer startup and shutdown scripts
that execute when the computer starts, or is shut down. These can be cleanup or maintenance
related activities.
Using familiar batch file programming or VBScript, you can still write scripts. However, it is now
possible to design the scripts using Windows PowerShell. Since Windows PowerShell is now
automatically installed on Windows 7 and Windows Server 2008 R2, Windows PowerShell scripts
will be more common in the future.

indows 7
6-35


LLC

ADMX Templates
Figure 190: ADMX Templates
ADMX files contain the settings that are represented in the Administrative Templates section of
a Group Policy. These templates, as their name implies, are based on standard XML and have an
.admx file extension. This file type replaced the .adm standard for administrative templates.
Windows 7 stores these .admx files in the %Windir%\Policy Definitions folder. If you need to,
you can also download additional policy definitions directly from Microsoft.
These policies are passed down to the Windows 7 workstations from a Windows Server 2008 R2
central store. A central store is a location that lives within the SYSVOL folder. You need to create
the central store only once. The store is then replicated to all of the other domain controllers via
the replication process.
The central store contains a root-level folder that houses all of the non-language-specific policy
definitions and lower level folders that contain any language-specific policy definitions. You can
copy the .admx files into the appropriate location using any copy method, such as Xcopy or copy
and paste.
6-36
Administering
Adminnistering

Global
LL

Figure 191: ADMX Templates (cont.)
You can open .admx or .adm files with any text editor, including Notepad. However, you must
ensure that your text editor does in fact understand the .xml syntax. You can also use Visual
Studio or the easy-to-use and navigate XML Notepad 2007. This is a simple and free download
from the Microsoft software download site.

indows 7
6-37


LLC

Group Policy Processing (LSDOU)
Figure 192: Group Policy Processing (LSDOU)
Group Policy, as you learned, affects many different computer and user settings. It is important to
realize that Group Policy also affects many different locations. Administrators can apply policies
to many locations, such as the Active Directory site, domain, and the OU. Remember,
administrators can also configure local policy on the workstations as well.
Administrators need to figure out how all of these policies may or may not affect each other.
Microsoft has provided a simple Group Policy application procedure.
The acronym is: LSDOU (Local, Site, Domain, Organizational Unit). This simply states that
policies are applied to the Windows 7 workstations in that order.
1. Local: Local policies are applied first. Local policies apply only to the local computer
or workstation.
2. Site: ADDS site policies are applied second. Site policies apply to the subnet IDs that
match the site that the computer or user is located within.
3. Domain: ADDS domain policies are applied third. Domain policies apply to all users
and computers in the same domain.
4, OU: ADDS OU policies are applied last. OU policies apply to all users and computers
in the OU that the policy is linked to. Sometimes OUs are nested within other OUs
because they are easy to manage this way. Any policies within the nested OUs are
applied one at a time after the initial OU policy.
The Group Policy application model is a simple one to master, until policies start to conflict. For
example, a domain administrator applies a policy to the domain that prevents access to Windows 7
Control Panel. However, a branch office administrator has a policy that allows access to Windows 7
Control Panel of the OU that he or she is responsible for. What happens? Again, Microsoft has an
easy-to-understand rule of Group Policy precedence. The rule simply states that the policy that is
applied last wins. So in the previous example where the OU lives within the domain, the users
within the OU would not be affected by the policy and they would have access to Control Panel.
6-38
Administering
Adminnistering

Global
LL

Group Policy and OUs
Figure 193: Group Policy and OUs
To manage group policies most effectively, there should be a good foundation to apply them to.
This foundation normally exists as a hierarchy of OUs within the domain environment. Group
policies certainly can be applied to the site and the domain levels, but the real power of Group
Policy is in being able to apply it in a granular fashion.
When applying a GPO to an OU structure, it is important to remember that a policy applied at a
parent OU is automatically inherited by all child and grandchild OUs. This default behavior
should be leveraged so that settings that really should apply to a broad range of users and
computers are applied at a higher parent level, while settings that should affect only a subset of
accounts are applied at a child OU. Structuring the OUs appropriately can make this process
much easier.
Sometimes this normal inheritance process can be limiting. For that reason, there are three ways to
disrupt the inheritance of higher-level policies:
Contradictory Settings
If a child OU has the need to opt out of a particular Group Policy setting, a new GPO can be
created at that level that has the opposite setting. The last policy applied in the processing
sequence wins.
Block Inheritance
When a very large number of settings are configured at a higher level and many of them should
not apply to a child OU, enable the Block Inheritance attribute on the OU so that no policies from
above apply.
Enforce
The Enforce option is applied at higher levels of the policy architecture to ensure that certain
policies cannot be overridden or be blocked. The Enforce option is applied to an individual GPO.
Depending on the options you enable, some GPOs can be overridden or blocked while others can
be made mandatory. The Enforce option always wins.

indows 7
6-39


LLC

Group Policy Tools
Figure 194: Group Policy Tools
There are several tools, some graphical and some command-line based, that are used in managing
and troubleshooting the Group Policy process. The following topics describe these tools.
GPMC.msc
The Group Policy Management Console is the primary tool for viewing and managing all of the
policies that exist in a given Active Directory forest. All of the sites, domains and OUs can be
viewed from one console interface. The tool also displays a listing of all GPOs defined in each
domain, even if they are not currently applied to anything.
In addition to displaying the structure of the group policies, the GPMC tool allows the
administrator to quickly see which policy settings are being applied at each level of the OU
structure without opening each policy in the Group Policy Management Editor.
There are also built-in tools for viewing Group Policy modeling and Group Policy results. These
tools are invaluable in testing and troubleshooting policy application.
Gpedit.msc
The Group Policy Management Editor is a tool that can be launched from within the Group Policy
Management console, or stand-alone. When launched by itself, the local policies of a computer
can be viewed.
Using the editor, you can view and modify all of the policy settings within a GPO. Many settings
within the editor are simply On, Off or Not Configured. Other settings may require selections
from drop-down lists, while others may require text entry.
Gpupdate.exe
The Group Policy Update tool is a command-line tool used to force policy application. When
troubleshooting policies, it may sometimes be necessary to apply policies ahead of the normal
refresh interval of 30 to 90 minutes.
6-40
Administering
Adminnistering

Global
LL

Gpresult.exe
The Group Policy Results tool is a command-line tool that can display all of the policy settings
that are active for a computer or user. The output from the tool can be redirected to a file for later
viewing.
RSoP Snap-in
Another tool that can be used to troubleshoot policy application is the Resultant Set of Policy
Snap-in. This tool displays policies in a graphical fashion much like that of the Group Policy
Management Editor. The RSoP snap-in has largely been replaced by similar functionality built
into the Group Policy Management Console.
Figure 195: Group Policy Tools (cont.)
In the past, the GPMC was a feature pack download for Windows Server 2003. Now, the GPMC
is the standard tool for managing group policies.

indows 7
6-41


LLC

Acronyms
A address (IPv4 host record)

AAAA address (IPv6 host record)
ADDS Active Directory Directory Services
ADMX Administrative Templates
ARPANET Advanced Research Projects Agency Network
CD compact disc
CNAME Canonical name record, alias record
DC domain controller
DLL dynamic-link library
DNAME Delegation name record
DVD-ROM digital versatile disc read-only memory
EFS Encrypting File System
FQDN fully qualified domain name
GC global catalog
GPMC Group Policy Management Console
GPO Group Policy object
IPSec IP Security
LDAP Lightweight Directory Access Protocol
LOC Location record
LSDOU Local, Site, Domain, Organizational Unit
MD5 Message Digest 5
MMC Microsoft Management Console
MSI Microsoft Software Installer
MSU Microsoft Update Standalone Package
MX Mail exchange record
NS name server record
OU organizational unit
PKI public key infrastructure
6-42
Administering
Adminnistering

Global
LL

PTR Pointer record

RFC Request for Comments
RSAT Remote Server Administration Tools
RSoP Resultant Set of Policy
SOA Start of authority record
SRV Service location record
ST service ticket
TA Trust authority record
TGT ticket-granting ticket
TLD top-level domain
UAC User Account Control
USB Universal Serial Bus
XML Extensible Markup Language
ZAP ZAW Down-level applications package

indows 7
6-43


LLC
L

Section Review
Summary
The DNS Service is used to resolve DNS domain names into their corresponding IP
addresses. This is the naming standard used for the Internet at large and also for the
internal Active Directory environment.
Windows Server 2008 R2 Active Directory stores object information, authenticates
user identification, and implements group and security policies. The heart of Active
Directory is a distributed database that stores meaningful object information for the
Users, Groups, Computers, Contacts, Printers, and Shared folders objects. Active
Directory is made up of the following hierarchical collection of components: Forest,
Tree, Domain, Global catalog, Organizational Unit, Domain controller, and Site.
Before joining an Active Directory domain, the following requirements must be met:
The computer must be configured with a proper DNS server address.
The server address must allow the client to contact a domain controller.
The user must log on as a local administrative or equivalent.
To join an Active Directory, follow these steps:
1. Click Start, right-click Computer, and then select Properties.
2. Click the Change Settings link, and then click the Change button.
3. Select the Domain option, type the name of the domain you want to join, and then
click OK.
4. Type user name and password and then click OK.
5. Restart the computer.
To configure and edit Windows 7 local security policies, open the gpedit.msc console
and expand Computer Configuration, Windows Settings, and Security Settings.
To remotely administer Active Directory, use the following Windows 7 Active
Directory tools :
Tool Description
Remote command-line Remotely manages either the local computer or the remote
tools computers; many command-line tools are available
Remote Desktop Connects to the server and runs tools and utilities as if sitting at
server console
Windows 7 MMC tools Focuses on remote computer management; the Computer
Management Console is one example of the many tools available
RSAT Downloads and installs dozens of remote server MMC tools for
free; each tool must be enabled in the administrative tools listing.
Figure 196: Windows 7 Active Directory Tools
ADMX templates house policy definitions for the Administrative Templates section
of a Group Policy. Using ADMX templates, you can configure thousands of possible
desktop and user settings.
6-44
Administering
Adminnistering

Global
LL

To configure the Windows 7 Group Policy objects, open the gpmc.msc and either edit
an existing Group Policy object, or create a new one.
The four levels at which Group Policy objects can be applied are:
Local: These policies apply to the local computer or workstation.
Site: These policies apply to the subnet IDs that match the site that the computer
or user is located within.
Domain: These policies apply to all users and computers in the same domain.
Organizational Unit: These policies apply to all users and computers in the OU
that the policy is linked to.
Knowledge Check
1. Which of the following examples are fully qualified DNS names? (Choose all that apply.)
a. www.mycompany.westernstates.local
b. http://joe.com
c. Http://joe.com
d. Server1.managementdept.newyorkcity.manhattan.us
e. Server21
2. How are ADMX templates used to configure Administrative Templates settings?
3. Susan Winters has been tasked to configure the network settings on 34 Windows 7 computers. She
logs on to her Windows 7 management workstation named wks1.ziffcom.local. She clicks the
Start button and then types LOC in the Search box. She opens the local security policy as an
administrator. Has she begun to handle this task correctly?
4. Which criteria must be met before you can join an Active Directory domain?

indows 7
6-45


LLC
L

5. What is the correct Group Policy processing order?

a. Domain, Site, OU, Group, OU, and OU.
b. Site, OU, OU, Domain, and Local.
c. They are processed in the order that they are written.
d. Local, Site, Domain, OU, and OU.
6. Which tool is used to configure and edit Windows 7 local security policies?
a. Remote Desktop
b. RSoP snap-in
c. gpedit.msc
d. Windows 7 MMC tools
7. Match each Windows 7 Active Directory tool with its correct description. Write the letter of the
description in the Answer column.
Answer Active Directory Description

Tool
Remote command- A. Connects to the server and runs tools and
1._________ line tools utilities as if sitting at server console.
Remote Desktop B. Remotely manages either the local computer

2._________ or the remote computers; many command-line
tools are available.
Windows 7 MMC C. Downloads and installs dozens of remote
3._________ tools server MMC tools for free; each tool must be
enabled in the administrative tools listing.
RSAT D. Focuses on remote computer management;
4._________ the Computer Management Console is one
example of the many tools available.
8. What are the main goals of Windows Server 2008 R2 Active Directory? (Choose all that apply).
a. Stores object information
b. Authenticates user identification
c. Distributes software packages
d. Implements group and security policies
9. Briefly describe the process used to configure the Windows 7 local policy.
6-46
Administering
Adminnistering

Global
LL


1. Which of the following examples are fully qualified DNS names? (Choose all that apply.)
a. www.mycompany.westernstates.local
b. http://joe.com
c. Http://joe.com
d. Server1.managementdept.newyorkcity.manhattan.us
e. Server21
2. How are ADMX templates used to configure Administrative Templates Settings?
The security or configuration settings stored in ADMX templates are housed in the Windows
Server 2008 R2 central store and passed down to your Windows 7 workstations.
3. Susan Winters has been tasked to configure the network settings on 34 Windows 7 computers. She
logs on to her Windows 7 management workstation named wks1.ziffcom.local. She clicks the
Start button and then types LOC in the Search box. She opens the local security policy as an
administrator. Has she begun to handle this task correctly?
No, she would need to open up the Group Policy Management Console and configure a
Group Policy. The local security policy affects only the local machine that she is working on.
4. Which criteria must be met before you can join an Active Directory domain?
The computer must be configured with a proper DNS server address.
The server address must allow the client to contact a domain controller.
The user must log on as a local administrator or equivalent.
5. What is the correct Group Policy processing order?
a. Domain, Site, OU, Group, OU, and OU.
b. Site, OU, OU, Domain, and Local.
c. They are processed in the order that they are written.
d. Local, Site, Domain, OU, and OU.
6. Which tool is used to configure and edit Windows 7 local security policies?
a. Remote Desktop
b. RSoP snap-in
c. gpedit.msc
d. Windows 7 MMC tools

indows 7
6-47


LLC
L

7. Match each Windows 7 Active Directory tool with its correct description. Write the letter of the
description in the Answer column.
Answer Active Directory Description

Tool
1. B Remote command- A. Connects to the server and runs tools and
line tools utilities as if sitting at server console.
2. A Remote Desktop B. Remotely manages either the local computer
or the remote computers; many command-line
tools are available.
3. D Windows 7 MMC C. Downloads and installs dozens of remote
tools server MMC tools for free; each tool must be
enabled in the administrative tools listing.
4. C RSAT D. Focuses on remote computer management;
the Computer Management Console is one
example of the many tools available.
8. What are the main goals of Windows Server 2008 R2 Active Directory? (Choose all that apply).
a. Stores object information
b. Authenticates user identification
c. Distributes software packages
d. Implements group and security policies
9. Briefly describe the process used to configure the Windows 7 local policy.
Open the gpedit.msc console and expand Computer Configuration, Windows Settings, and
Security Settings to configure and edit Windows 7 local security policies.
6-48
Administering
Adminnistering

Global
LL

8
Windows 7 Remote Access and
Mobile Computing
Section Topics
Windows 7 Virtual Private Networking
Windows 7 DirectAccess
Remote Desktop
Power Management Options
Offline Files and Folders

indows 7
8-1


LLC
L

Windows 7 Remote Access and Mobile Computing
Section Objectives
Describe the Windows 7 VPN technologies

Describe the benefits of Windows 7 DirectAccess
Describe the features of the RDP version 7 client
Explain how to configure the Windows 7 Firewall to support the RDP
client connections
Describe the Windows 7 power management plans
Explain the purpose of offline files and folders
Section Overview
Windows 7 remote access technologies are valuable tools for the distributed workplace. These
tools help you connect remote workers to your branch office as well as connect to other
Windows 7 devices for helpdesk type duties. Microsoft also provided the RSAT for
Windows 7 RC. Using this suite of tools, administrators can use their Windows 7 workstations to
manage their remote servers with all of the necessary tools like the Active Directory Domain
Services utilities. This section explores the available remote access technologies that are present
and available with Windows 7 as well as some features that are brand new and only function
within a Windows Server 2008 R2 environment.
8-2
Administering
Adminnistering

Global
LL

Windows 7 Virtual Private Networking
Figure 234: Windows 7 Virtual Private Networking
This topic defines the VPN features of the Windows 7 operating system and describes how to
configure a new VPN connection and how to set up an incoming VPN session.
Administering and Maintaining Windows Windows

7
8-3


LLC

What Is a VPN?
Figure 235: What Is a VPN?
VPN is a method for securely gaining access to a private network. Once connected, the client
appears as if it has a local connection. Windows 7 supports the following VPN protocols:
PPTP: Point-to-Point Tunneling Protocol is a Microsoft VPN technology that provides

ease of setup, but is slower and less secure than other VPN options.
L2TP: Layer Two Tunneling Protocol is an industry standard VPN protocol that
requires more effort to configure, but provides better speed and security than PPTP.
SSTP: Secure Sockets Tunneling Protocol is a new VPN technology being embraced
by Microsoft. It provides for a very secure VPN connection, yet with less setup
involved than L2TP.
VPN connections have long been the standard for remote workers to safely connect to their
corporate networks over the volatile Internet. Windows 7 still uses this technology.
Windows 7 can easily perform a simple VPN connection or an IPSec VPN connection with its
new responsive VPN client. The Windows 7 workstations that use the IPSec technology need only
an X.509 certificate from a trusted certificate authority. If the VPN is configured correctly with
X.509 certificates, you can eliminate the possibility of man-in-the-middle type attacks. This is
because the Windows Server 2008 R2 gateway always authenticates itself to the Windows 7
device and vice versa using the X.509 certificates, which use a strong RSA signature. Once a
secure communications channel has been set up by the IKEv2 protocol, the Windows 7
workstations authenticate themselves to the network using the EAP-MSCHAPv2 protocol with
user name and password.
8-4
Administering
Adminnistering

Global
LL

Configuring a VPN Connection
Figure 236: Configuring a VPN Connection
The Windows 7 VPN wizards are available from the Network and Sharing Center, which you can
access from the Network and Internet category in Control Panel. This topic describes the steps to
establish a new VPN connection.
Set Up a New Connection or Network
Figure 237: Set Up a New Connection or Network
In the Network and Sharing Center, click the Set up a new connection or network link and select
the Connect to a workplace option. The wizard is very intuitive, provided that you know which
configurations you want to make. You will most likely use Group Policy to distribute this
connection information to those who need it, or you can create connections with the CMAK v1.3
utility, which works well with Windows 7. The bottom line is that you want to avoid manually
configuring hundreds of Windows 7 VPN clients, if at all possible. Giving detailed directions to
your users is also not the answer.

7
8-5


LLC

Choose the Connection Type
Figure 238: Choose the Connection Type
Select the Connect to a workplace option to establish a VPN connection to your corporate
network. If VPN connections are already available, the system prompts you to either use one of
the existing connections or create a new one.
Specify the Server Name
Figure 239: Specify the Server Name
The system prompts you to either connect to the VPN over the Internet or dial the private network
via a phone line. Next, you need to type the server name or IP address of the VPN server to which
you need to connect.
8-6
Administering
Adminnistering

Global
LL

Provide Credentials
Figure 240: Provide Credentials
The User name and Password text boxes follow standard Active Directory conventions for user
name entry. You may use the UPN (joe@hq.local) format, or use the domain\user (HQ\Joe)
format.
After configuring the VPN connection object with the user name and password, the system creates
the connection and displays it in the Network Connection window of Control Panel. The
connection is configured, but one main item is left out of the wizard process: the security
parameters for the VPN connection. You must go back and enter the properties of the VPN
connection object and configure the security.
If the security information is set up incorrectly, the client will not connect to the VPN server. Pay
attention to the designated error codes. They help you to troubleshoot problems. Some of the error
codes that you may encounter include the following:
732: Your computer and the remote computer could not agree on the PPP control
protocols.
718: The connection timed out waiting for a valid response from the remote computer.
734: The PPP link control protocol was terminated.
736: The remote computer terminated the control protocol.
919: The connection could not be established because the authentication protocol used
by the RAS/VPN server to verify your user name and password could not be matched
with the settings in your connection profile.
Note
Windows 7 does not support the MS-CHAPv1 authentication methods.

7
8-7


LLC

Establish the Connection
Figure 241: Establish the Connection
After the connection is created, you can use it at any time by opening the list of network
connections in the Network and Sharing Center or by clicking the Network icon in the
notification area.
Using Windows 7 as a VPN Server
Figure 242: Using Windows 7 as a VPN Server
This topic explains how to set up and view the status of an incoming VPN session on a Windows 7
device by creating a new incoming connection, modifying protocols and services settings, viewing
the connection status, and opening the new VPN connection.
8-8
Administering
Adminnistering

Global
LL

Create an Incoming Connection
Figure 243: Create an Incoming Connection
Creating a new incoming connection is not straightforward as creating an outbound VPN session.
There is no standard link for creating the inbound connection within the Network and Sharing
Center. To see the New Incoming Connection option, open the Network and Sharing Center and
click the Change Adapter Settings link. Press the ALT key to view the File menu. On the File
menu, select the New Incoming Connection option.
The first window prompts you for the names of the users that should be allowed to connect to the
VPN server.

7
8-9


LLC

Choose Protocols and Services
Figure 244: Choose Protocols and Services
You can modify the protocols and services available through the VPN server for greater security.
Typically, most connections need the IPv4 protocol and the File and Printer Sharing for Microsoft
Networks service.
View Connection Status
Figure 245: View Connection Status
After creating the connection, view the status of incoming sessions in the list of network
connections by opening the Network and Sharing Center and selecting the Change adapter
settings link. You can also disconnect the incoming connection from here.
8-10
Administering
Adminnistering

Global
LL

Windows 7 DirectAccess
Figure 246: Windows 7 DirectAccess
Windows DirectAccess is a new technology that may make VPN technology obsolete. Windows
DirectAccess is a remote access tool that allows secure connections over the Internet without using
a VPN connection.
With VPN, just like DirectAccess, a remote user can to connect over the Internet and access
resources inside the corporate network, but the similarities end here. With VPN, the back-end
server must be set up and managed along with the connections. The VPN process is also a costly
process to manage. With VPN other issues exist as well. For example, many businesses have
visitors that need to connect to their own corporate offices to place orders or send e-mail. These
visitors try to establish a secure VPN connection, only to find out that firewalls block their
connection or they simply cannot connect.
With DirectAccess, the entire corporate network file shares, intranet Web sites, and any LOB
applications remain accessible wherever the user is if an available Internet connection exists.
This topic describes DirectAccess, the benefits of DirectAccess and its DirectAccess requirements
for servers, clients, and networks. It also describes the process of installing and configuring
DirectAccess.

7
8-11


LLC

DirectAccess Explained
Figure 247: DirectAccess Explained
DirectAccess is an enhancement to the mobile technologies of the past. DirectAccess requires

Windows Server 2008 R2 for functionality.
With DirectAccess, a user establishes a bidirectional secure connection with the DirectAccess
server in the users enterprise network every time the user connects his or her Windows 7 device
to the Internet. This happens even before the user logs on to his or her Windows 7 laptop or device
at home. This process involves several technologies. The Windows 7 laptop connects to the
DirectAccess server in the users enterprise network by establishing an IPSec tunnel, which allows
the IPv6 traffic to cross the tunnel to the DirectAccess server. The DirectAccess server acts as a
gateway to the intranet. The advantage of this entire mechanism is that the clients can connect to
the DirectAccess server even if they are behind a firewall.
Using DirectAccess technologies, IT administrators can manage remote devices much more
efficiently. With traditional networking technologies, IT administrators must wait until the users
connected to the network via VPN before administrators could make any changes or
administrators must physically come into the office to work on or update the user devices.
Predicting when a user will be on a VPN connection is very difficult, especially when critical
updates must be sent out as soon as possible. With DirectAccess, IT administrators can update
devices whenever the DirectAccess clients are on the Internet, regardless of whether they are
directly connected to the corporate environment. This proves invaluable to IT administrators who
need to roll out software through Group Policy or just perform simple upgrades to devices.
8-12
Administering
Adminnistering

Global
LL

DirectAccess Benefits
Figure 248: DirectAccess Benefits
Some of the benefits of DirectAccess include the following:
Works flawlessly with Terminal Services RemoteApp and the AppLocker features.
Provides enhanced network security. DirectAccess supports authentication at the
computer level and the user level.
Supports multifactor authentication with various technologies so you can easily deploy
smart card or thumbprint scanners as a second level of authentication before users are
allowed to connect to the DirectAccess mechanism in place.
DirectAccess technology secures the transmission by using IPv6 over IPSec. This mechanism
encrypts communications transmitted across the Internet, a volatile network. The communication
stream has real traffic-shaping mechanisms built in. This allows only traffic destined for the
corporate network to pass through to the Windows Server 2008 R2 DirectAccess server. With
advanced configurations, the administrator can choose to send all the communication through the
DirectAccess Windows Server 2008 R2 device, if necessary.
Helpful Hint
One of the other major benefits of the DirectAccess process is that you
can force updates down to the Windows 7 and Windows Vista devices
without waiting for them to connect to the VPN. Many companies pass
down updates as the client computers connect to the corporate VPN
server. The problem is that you cannot tell exactly when the client
computers will connect to the VPN server. Some client computers
connect daily and some connect once every two months. With
Windows DirectAccess, you can force updates anytime your client
computers connect to the Internet. The client computer negotiates and
connects even before the user logs on. You can configure a message
telling users that an update is being installed on their device from the
corporate office or the updates can happen behind the scenes.

7
8-13


LLC

DirectAccess Requirements
Figure 249: DirectAccess Requirements
Figure 250 shows the requirements for DirectAccess.
Server, Client, Network Requirements

Windows Server 2008 R2 Active Directory domain membership
Windows Server 2008 R2
Two or more physical network adapters
At least two consecutive, publicly addressable, static IPv4 addresses that
are externally resolvable through the Internet DNS architecture
Client Windows Server 2008 R2 domain membership
Windows 7
Network Group Policy: Polices required to pass down the DirectAccess
configurations and optionally the IPSec policies.
PKI: An AD CS is required to issue the necessary certificates that support
authentication and health policies known as NAPs, which are optional.
SSL: Certificates must have access to a publicly accessible CRL.
IPSec policies: IPSec drives the entire DirectAccess encryption
mechanism. These policies must be configured with the Windows Firewall
with Advanced Security option. Consider passing these policies down
using Windows Server 2008 R2 Group Policy for ease and consistent
configurations.
IPv6 and the necessary translation technologies must be available: To
tunnel IPv6 over an IPv4 network, you need the following technologies:
ISATAP, Teredo, and 6to4 conversions.
Figure 250: DirectAccess Requirements for Servers, Clients, and Networks
8-14
Administering
Adminnistering

Global
LL

Firewall exceptions are required on the Internet facing firewall on the DirectAccess server. The
following exceptions are necessary:
UDP 3544 for Teredo

Protocol 41 for 6to4 conversions
TCP 443 IP-HTTPS or SSL
ICMPv6 for Windows 7 Native IPv6
Protocol 50 for Windows 7 Native IPv6
Installing DirectAccess
Figure 251: Installing DirectAccess
DirectAccess must be installed on a Windows Server 2008 R2 device. To install DirectAccess,

open the Server Manager and select the Features container. Click the Add Features link and
select the DirectAccess Management Console check box, and then click Next.

7
8-15


LLC

Configuring DirectAccess
Figure 252: Configuring DirectAccess
Due to the variety of services and additional configuration that is necessary, the Windows
Server 2008 R2 DirectAccess technology is a complex technology to set up. However, after
performing the initial configuration, ongoing management is relatively easy, except for occasional
updates. You do not have any complex VPN connection objects to create or to manage. You need
some simple certificates and a client that is already embedded within the Windows 7 operating
system to complete the installation and configuration.
The Windows Server 2008 R2 provides the DirectAccess Management Console for managing the
DirectAccess processes and server-side configurations. From this console, you can see if issues
exist with the DirectAccess services and configurations or client connections.
8-16
Administering
Adminnistering

Global
LL

Remote Desktop
Figure 253: Remote Desktop
This topic describes the features and enhancements of Remote Desktop. Figure 253 lists the
subjects described in this topic.
Remote Desktop Features
Figure 254: Remote Desktop Features
Remote Desktop provides a user with the ability to remotely connect to his or her Windows 7
computer desktop. The connection is very fast and allows for an experience that is just like sitting
at the desktop of the physical computer.
Remote Desktop performs very well even over slower WAN connections. The Remote Desktop
service is highly optimized for displaying Windows content, and uses compression technology to
reduce bandwidth consumption.
Remote Desktop is not a true remote control type product. The desktop of the remote device will
go to a locked workstation console when a remote user is connected.

7
8-17


LLC

Remote Desktop Connection 7.0 Enhancements
Figure 255: Remote Desktop Connection 7.0 Enhancements
Helpdesk and other administrative users constantly connect to users devices to fix simple issues
and to make routine configurations. Windows 7 provides the latest RDP connection utility known
as RDPv7. The RDPv7 connection utility fully supports Windows 7 Aero, as well as, all Direct2D
and Direct3D 10.1 applications. You no longer have to use a single monitor. You can have your
workstation monitor that displays your helpdesk clients and an external monitor that shows the
desktop of the users device to which you are connected.
Behind the scenes, the RDP client is redesigned to give you better performance over a variety of
network connections as well as better multimedia performance with several key multimedia
enhancements. The enhancements include support for the following:
Streaming media
Media Foundation
DirectShow
Low latency audio playback
Bidirectional audio
8-18
Administering
Adminnistering

Global
LL

Windows 7 SP1 and Remote Desktop
Figure 256: Windows 7 SP1 and Remote Desktop
RemoteFX is a new technology included with Windows Server 2008 R2 SP1 and Windows 7 SP1.
It is designed to enhance the visual capabilities of Remote Desktop clients connected to a
Windows 7 virtual device running on Hyper-V R2 SP1. RemoteFX allows for 3D graphics
capabilities, OpenGL, full motion video, and USB redirection support. The server requires a
DirectX 10.0 capable graphics card and supports two to four clients per GPU depending on
resolution. Microsoft based RemoteFX on technology it acquired with the purchase of Calista
Technologies.
Using RemoteFX USB redirection, USB devices can be installed and used in the remote VDI
session. Also with RemoteFX USB redirection, many devices like scanners, multifunction
printers, webcams, and others can be used in the virtual device via the RDP session.

7
8-19


LLC

Configuring the Remote Desktop Server
Figure 257: Configuring the Remote Desktop Server
For all of the RDPv7 connection features to work, you have to enable remote access to and from
your devices by navigating to Control Panel, System and Security, System, and clicking the
UAC-protected Remote tab.
The Remote tab displays options for two types of remote access: Remote Assistance and Remote
Desktop. Remote Assistance allows you to configure access for users accessing your devices using
the invitation framework provided by Windows 7. With Remote Desktop, you can select the types
of connections users can make. For example, you can allow connections with older versions of
RDP clients, or you can set up a more secure environment and let users connect only if they have
the newest RDP connection utility, which uses network level authentication.
Note
Users that connect must be members of the RDP users group or they
must be administrators who already have membership within the RDP
users group.
8-20
Administering
Adminnistering

Global
LL

Remote Desktop and the Windows 7 Firewall
Figure 258: Remote Desktop and the Windows 7 Firewall
If your connection to the remote device fails, one of the first things you should check after you
check the remote settings is the firewall. If the firewall is blocking port 3389, the RDP cannot
establish a connection to a remote device. Depending on the type of firewall you are using, you
may have to create an incoming and outgoing rule allowing the passage of port 3389.
If you are using the Windows Firewall, you can simply create an exception for the RDP by
choosing the appropriate firewall exception for Remote Assistance or Remote Desktop and then
choosing the network category on which you need the protocol.
Note
Make sure that you understand the ramifications of opening firewall
ports. Also, close any and all ports that you will not be using. This
ensures that your network is as safe as possible.

7
8-21


LLC

Connecting to Remote Desktop
Figure 259: Connecting to Remote Desktop
The following topics explain how to create a connection to a Remote Desktop server.
Launching the Remote Desktop Connection
Figure 260: Launching the Remote Desktop Connection
Once you configure Remote Desktop Connection settings in Windows 7, you can launch the
RDPv7 Connection utility and create a connection to another device. To access the utility, you can
type remote or mstsc.exe in the Search box or click Start, All Programs, Accessories, and
Remote Desktop Connection.
The RDP Connection utility contains six tabs: General, Display, Local Resources, Programs,
Experience, and Advanced.
8-22
Administering
Adminnistering

Global
LL

General Settings
Figure 261: General Settings
Use the General tab to configure the connection-specific information, such as the computer name
and the user name that you use to connect to the device. The Computer field can contain an
FQDN, an IP address, or a NetBIOS name if you are using WINS. You can also save the
connection information you create to an RDP file, which can be used by other devices or used at a
later time.

7
8-23


LLC

Display Settings
Figure 262: Display Settings
Use the Display tab to begin the configuration for what Microsoft calls the Desktop Experience.
Using the Display tab, you can do the following:
Configure the display resolution of the connection. You can set the display resolution
to higher or lower by using the slider bar.
Select to use all of your monitors for the remote connection by selecting the Use all my
monitors for the remote session check box.
Configure the number of colors that are displayed over the connection.
Note
Higher resolutions and colors do require more resources. The rule is to
keep the configuration to a minimum to preserve the resources of the
connection.
8-24
Administering
Adminnistering

Global
LL

Local Resources Settings
Figure 263: Local Resources Settings
Use the Local Resources tab to configure which local resources are available during the remote
session to the remote device. For example, if you want to transmit sounds that are generated on the
remote device over the network to your device, click the Remote Audio Settings button and make
the correct selection. You can also choose to record remote audio from the remote device over the
network to your device.
In the Keyboard area, you can configure the behavior of your keyboard when you use multiple
key combinations such as CTRL+ALT+DELETE. You can configure the multi-keystroke to
toggle your local computer or the key combination to activate a process on the remote device.
In the Local devices and resources area, you can configure the devices and resources that are
available in your remote sessions, such as printers and the Windows keyboard. With the More
button, you can choose smart cards, ports, local drives, and other PnP devices.

7
8-25


LLC

Programs Settings
Figure 264: Programs Settings
The Programs tab within the Remote Desktop Connection dialog box allows users to configure an
application that they want to start automatically after a remote desktop connection is established.
This option is often used within a call center environment. These clients connect to a terminal
server, and their call center application starts automatically after a successful log on.
8-26
Administering
Adminnistering

Global
LL

Experience Settings
Figure 265: Experience Settings
Use the Experience tab to toggle on or off the items that can slow the desktop connection down
because of the rendering of excessive data over the connection. You can allow or disallow the
following options:
Desktop background
Font smoothing
Desktop composition
Show window contents while dragging
Menu and window animation
Visual styles
Persistent bitmap caching
You can also choose the connection speed of the network. The Choose your connection speed to
optimize performance drop-down list contains the following choices:
Modem (56 Kbps)

Low-speed broadband (256 Kbps 2 Mbps)
Satellite (2 Mbps 16 Mbps with high latency)
High-speed broadband (2 Mbps 10 Mbps)
WAN (Wide Area Network) (10 Mbps or higher with high latency)
LAN (Local Area Network) (10 Mbps or higher)

7
8-27


LLC

Advanced Settings
Figure 266: Advanced Settings
Use the Advanced tab to secure connections to authenticated servers with the server
authentication options. If a server authentication fails, the connection has three behavior options:
Warn me
Connect but dont warn me
Do not connect
You can also configure the connection behavior for devices that are connecting remotely outside
the network through a remote desktop or TS Gateway server. Use the Settings button to enter the
required connection information or tell Windows 7 to automatically discover the settings.
8-28
Administering
Adminnistering

Global
LL

Gateway Settings
Figure 267: Gateway Settings
Using the Remote Desktop Gateway feature, you can set up a server as a gateway to other Remote
Desktop hosts. The connection is very secure, operating over an SSL connection using port 443 by
default. You can use this in lieu of a VPN connection for accessing RDP servers on a private
network.

7
8-29


LLC

Power Management Options
Figure 268: Power Management Options
Windows 7 takes into account that laptops, notebooks, and other portable computers have a
completely different set of requirements than desktop computers. Windows 7 contains many new
features for the mobile computer users.
Previously, portable computers were treated as if they were desktop computers that folded up and
had batteries. Microsoft has changed its approach with Windows 7 and portable computers. This
new philosophy led to many changes such as faster boot and shutdown times and extended battery
preservation times. A major focus of Windows 7 is drivers.
With Windows Vista, faulty drivers do not allow a computer to efficiently go into sleep mode.
This causes a great amount of battery drainage on the system. With Windows Vista, computers
have problems moving from a suspended state to an awake state, connecting to projectors with 4:1
aspect ratios, switching between Wi-Fi networks in real time, and issues with power management.
Microsoft dealt with all of these issues with the Windows 7 operating system.
This topic describes the power management features of Windows 7, including power options,
power plan settings, custom power plans, the Windows 7 Mobility Center, and the battery meter.
8-30
Administering
Adminnistering

Global
LL

Power Options
Figure 269: Power Options
To access the power options, navigate to Control Panel, Hardware and Sound, and click the
Power Options link. The Power Options window contains two power options, as opposed to
Windows Vista, which had three power plans. The two power plans are Balanced
(recommended) and Power saver. These plans toggle the power plan settings between a
performance and an energy savings power plan. Options to customize these plans are available
both manually and through the use of Group Policy from the Windows Server 2008 R2 server.
More advanced power management settings are available through Group Policy. You can
configure power management settings such as adaptive display brightness settings, reserve battery
notification level, and automatic sleep with open network files. Now administrators can decide
which settings to enforce and which to configure as default settings that users can later modify.

7
8-31


LLC

Basic and Advanced Power Plan Settings
Figure 270: Basic and Advanced Power Plan Settings
By default, Windows 7 is configured to turn off a computers display after 10 minutes and to put
the computer to sleep after 30 minutes. To change these settings, navigate to Control Panel,
Hardware and Sound, Power Options, and Edit Plan Settings. Figure 270 shows the Edit Plan
Settings window and the Advanced Settings tab in the Power Options dialog box.
Hybrid Sleep Settings

Hybrid sleep protects open documents and programs by saving them to memory and to the hard
drive. The Windows 7 Hybrid sleep feature puts the computer into a low-power state. After you
select the Hibernate after time setting, Windows 7 will put the computer into hibernation.
8-32
Administering
Adminnistering

Global
LL

Use the following recommendations as guidelines for the Hybrid sleep settings.
Category Setting Recommended Setting
Hard disk Turn off hard disk Set it to at least one minute before the computer is set
to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and the
display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to On.
Sleep Hibernate after Set it to at least one minute before the computer is set
to sleep and at least one minute after the Sleep after
setting.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is set
to sleep. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 271: Hybrid Sleep Settings
Hibernate Settings
Windows 7 provides hibernation as a power-saving state that saves your open documents and
programs to your hard drive and then turns your computer off. Use the following
recommendations as guidelines for the hibernate settings.
Hard disk Turn off hard disk after Set it to at least one minute before the computer is set to
sleep.
Sleep Sleep after Set it to Never.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to at least one minute after the hard disk and the
display are set to turn off.
Power buttons and lid Start menu power Set it to Hibernate.
button
Display Turn off display after Set it to at least one minute before the computer is set to
hibernate. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 272: Hibernate Settings

indows 7
8-33


LLC
L

Display Settings
After a computer is inactive for 10 minutes, by default the monitor is set to turn off. To change the
default display settings, go to Control Panel, Hardware and Sound, Power Options, Edit Plan
Settings, and click the Turn off the display drop-down menu. Remember to pass these settings
down and lock them through the Group Policy.
Sleep Settings
You can also change the Sleep mode settings to protect your data. To access the settings, go to
Control Panel, Hardware and Sound, Power Options, Edit Plan Settings, and click the Put
the computer to sleep drop-down list.
Use the following recommendations as guidelines for the Sleep settings. You should pass these
settings down to your clients so that you have a consistent power management configuration
throughout the enterprise. Sleep mode protects any open documents and programs by committing
them to RAM. The sleep process then puts the computer into a low-power state. If you lose power
to the computer, you also lose the information stored in memory.
Hard disk Turn off hard disk Set it to at least one minute before the computer is
after set to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and
the display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to Never.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is
set to sleep. You should set the display the same as
the hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to
prevent the multimedia from waking up the computer.
Figure 273: Sleep Settings
Resume with Password Setting

Another feature of Windows 7 is the option to lock your desktop after a predetermined amount of
time. This is no longer only a function of the screen saver, although you can also use it with the
screen saver. This feature puts the desktop into a locked-down state. To access the desktop again,
press the usual CTRL+ALT+DELETE key combination and type your network or local password.
8-34
Administering
Adminnistering

Global
LL

Creating a Custom Power Plan
Figure 274: Creating a Custom Power Plan
Certain conditions and hardware require a completely unique power profile. If that is the case,
you may have to create a completely new custom power plan. Follow these steps to create a new
power plan.
1. In Control Panel, click the Power Options link.
2. In the Power Options window, click the Create a power plan link. The Create a power
plan window appears.
3. Select one of the three options:
Balanced (recommended)
Power saver
High performance
4. Follow the prompts to configure the power plan.
5. Give the power plan a name and save it.
The plan is now available for you to use from the Power Options window. Also, the settings are
stored and protected in the registry.

7
8-35


LLC

Windows 7 Mobility Center
Figure 275: Windows 7 Mobility Center
The Windows Mobility Center utility is a one-stop location for configuration items that are
pertinent to notebooks, laptops, and tablet computers. The configuration items include:
Display
Audio for the speakers
Battery and power plan options
Wireless networking
External displays
Windows synchronization settings
Presentation settings
8-36
Administering
Adminnistering

Global
LL

Battery Meter
Figure 276: Battery Meter
With previous desktop operating systems, the low battery user interface often showed the wrong
status. Windows 7 contains a new interface that provides more timely and accurate information
about the status of the battery.
When the battery is down to 7 percent power, a warning message displays. The message does not
go away until you take some action. The low battery threshold is also configurable.
In Windows 7, the notifications are more visible and occur more frequently than in previous
desktop operating systems. All of these low battery indications and settings are also configurable
using the Windows Server 2008 Group Policy.

7
8-37


LLC

Offline Files and Folders
Figure 277: Offline Files and Folders
Using the Offline Files and Folders technology, a user can access files on a server over the
network, yet have those files cached locally on his or her Windows 7 computer in the event he or
she disconnects from the network. With this features, server-based files become usable when the
person is traveling and network connectivity is not available.
Windows 7 carries over the Offline Files and Folders utility from older Windows versions. The
utility is available when you install Windows 7. You need to configure your servers to support
offline files and folders and you need to configure which files you want available offline on
the client.
8-38
Administering
Adminnistering

Global
LL

Configuring Offline Files and Folders Settings
Figure 278: Configuring Offline Files and Folders Settings
Use the Offline Files dialog box to make additional changes to the synchronization settings. You
can access the offline files settings by opening the Sync Center from Start, All Programs, and
Accessories.
Another way to access the offline settings you want to control and manage is by typing offline at
the Start menu Search box.
The Offline Files dialog box contains four tabs: General, Disk Usage, Encryption, and Network.
These tabs are used to:
Disable offline files.

Configure offline availability.
Synchronize the offline resource cache with the actual data on the server to ensure that
you have the latest copy of the data in your offline cache.
Manage your offline files by manipulating the files themselves by viewing them from
the Windows 7 Sync Center, which drives the offline synchronization process.
On the General tab, use the View your offline files button to view which folders and files take
part in the synchronization process. It shows all of the locations, mapped drives, and the folders
and files.
The Disk Usage tab contains features to configure your offline file store. It shows the size of the
offline file cache, the temporary file usage, and the data storage space. Use the Change Limits
button to change the size of your offline file store.
To protect the offline files from unwanted users, encrypt the contents of the offline file store by
clicking the Encryption tab and then the Encrypt button.
Use the Network tab to adjust the synchronization behavior of offline files when you encounter a
slow network. You do not want caching to use up any unnecessary bandwidth.

7
8-39


LLC

You can set the offline process to check the network bandwidth at a pre-determined time interval.
The default is five (5) minutes. Once a slow network is detected, your device works offline as if
you are not connected to the network. This cuts down on unnecessary bandwidth usage. Once the
network speed has increased, you are automatically placed back in an online status and
synchronization updates the network location with any bit-level changes that may have happened
while you were working offline.
You can also force your device to work online if you are working offline by using the Windows
Explorer to navigate to the mapped drive and clicking the Work Online button. You are then put
in an online status and the clock resets to five (5) minutes before the offline process checks for a
slow network.
Making Files Available Offline
Figure 279: Making Files Available Offline
To make a file or folder available offline, right-click the file or folder in Windows Explorer and
select the Always available offline option. The data synchronizes with the local resource. When
users disconnect from the network, a second synchronization occurs and any bit-level changes are
copied to the computer that is disconnecting. Users are then free to disconnect and leave the office.
The cached data remains active on the laptop or other mobile computer and is available as needed,
even as the device disconnects from the network.
8-40
Administering
Adminnistering

Global
LL

Windows 7 Sync Center
Figure 280: Windows 7 Sync Center
The Windows 7 Sync Center is a central location where you can view synchronization progress,
and resolve any synchronization conflicts or errors.
The Sync Center has been around since the introduction of Windows Vista. Use the Sync Center
for the following tasks:
Monitor and manage all types of synchronization between the Windows 7 operating
systems and devices.
Manage the synchronization between the mapped drives and the Windows 7 devices.
Manage the synchronization of e-contacts with a PDA.
Manage the synchronization of MP3 players and other audio devices that are used by
the Windows Media Player.
Drive the offline files mechanism and the configurations you make to the offline file
process.
To access the Sync Center, go to Control Panel and click the Sync Center link.
You can easily review the results of your synchronizations with your devices and your offline
files. To view the synchronization results, click the View sync results link in the Sync Center
window.

7
8-41


LLC

Acronyms
2D two dimensional
3D three dimensional
AD CS Active Directory Certificate Services
CMAK Connection Manager Administrator Kit
CRL certificate revocation list
EAP-MSCHAP Microsoft Challenge-Handshake Authentication Protocol version 2)
FQDN fully qualified domain name
GPU graphics processing unit
HTTPS Hypertext Transfer Protocol Secure
ICMP Internet Control Message Protocol
IKEv2 Internet Key Exchange version 2
IPSec IP Security
ISATAP Intra-Site Automatic Tunnel Addressing Protocol
Kbps kilobyte per second
L2TP Layer 2 Tunneling Protocol
LOB line of business
Mbps megabytes per second
MS-CHAP Microsoft Challenge Handshake Authentication Protocol
PDA personal digital assistant
PnP Plug and Play
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
RAM random access memory
RAS Remote Access Service
RC Release Candidate
RDP Remote Desktop Protocol
RSA Rivest, Shamir, and Adleman
8-42
Administering
Adminnistering

Global
LL

RSAT Remote Server Administration Tools

SP1 Service Pack 1
SSL Secure Sockets Layer
SSTP Secure Socket Tunneling Protocol
TS Terminal Services
UDP User Datagram Protocol
UPN user principal name
VDI Virtual Desktop Infrastructure
VPN virtual private network
WAN wide area network

indows 7
8-43


LLC
L

Section Review
Summary
Windows 7 supports the following VPN protocols:
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.
The DirectAccess benefits include the following:
Provides always-on connectivity
Provides seamless connectivity
Provides bidirectional access
Contains improved security
Provides an integrated solution
Works flawlessly with Terminal Services RemoteApp and AppLocker features
Provides enhanced network security; supports authentication at the computer level
and the user level
Supports multifactor authentication with various technologies
Secures the transmission by using IPv6 over IPSec
The features of the Remote Desktop version 7 utility include the following:
Windows 7 users can access the console of another Windows 7 or Windows
Server 2008 machine.
The remote desktop looks exactly like the local desktop.
Connection is incredibly fast on a LAN.
Performance is very good even on a WAN connection.
Provides seamless access to local devices and resources.
Takes Over the desktop session of the remote computer
To allow Remote Desktop to communicate through Windows Firewall, choose either
the Remote Assistance or Remote Desktop option and then choose the network type.
Windows 7 contains three standard power management plans::
Balanced (recommended): Balances the computer performance with energy
consumption
Power saver: Saves energy by reducing computer performance
High performance: Increase computer performance by consuming more energy.
With properly configured offline files and folders settings, you can access and work
with individual files or complete folders that are stored on the network when you are
not connected to the network or when the server is unavailable. To enable the offline
feature:
1. Right-click the item.
2. Select the Always available offline option.
8-44
Administering
Adminnistering

Global
LL

You can configure the following offline settings in the Offline Files dialog box:
o General: View and disable offline files or automatically synchronize offline
files.
o Disk Usage: View and change the size of the offline file store.
o Encryption: Protect the files in the offline file store from unwanted users.
o Network: Adjust the synchronization behavior of offline files during slow
network times.
Knowledge Check
1. Does Windows 7 provide a VPN connection object within the Windows 7 Accessibility location in
Control Panel?
2. To allow Remote Desktop to communicate through the Windows 7 Firewall, you must create an
incoming and outgoing rule allowing the passage of port 3389.
a. True
b. False
3. For each power plan, write a brief description in the space provided.
Power saver:
Balanced:
4. Which of the following is a DirectAccess requirement? (Choose all that apply.)

a. AD CS
b. Windows Firewall Services
c. VPN Modulation Services
d. CRL Distribution Points

indows 7
8-45


LLC
L

5. Does Windows 7 RDP support the Aero initiative across TCP/IP networks?
6. List four benefits of DirectAccess.
7. When configuring the sleep mode settings for your laptop, what should you set the Start menu
power button to?
8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
8-46
Administering
Adminnistering

Global
LL

10. List the VPN technologies that are supported by Windows 7.

indows 7
8-47


LLC
L


1. Does Windows 7 provide a VPN connection object within the Windows 7 Accessibility location in
Control Panel location?
No, the VPN wizard is located within the Network and Sharing Center.
2. To allow Remote Desktop to communicate through the Windows 7 Firewall, you must create an
incoming and outgoing rule allowing the passage of port 3389.
a. True
b. False
You must add the Remote Desktop or Remote Assistance program to the allow programs list
in the Windows Firewall settings.
3. For each power plan, write a brief description in the space provided.
Power saver: Saves energy by reducing computer performance
Balanced: Balances the computer performance with energy consumption
4. Which of the following is a DirectAccess requirement? (Choose all that apply.)
a. AD CS
b. Windows Firewall Services
c. VPN Modulation Services
d. CRL Distribution Points
5. Does Windows 7 RDP support the Aero initiative across TCP/IP networks?
Yes, the newest version of RDP does support Aero across the network connection, provided
it is configured to allow for Aero propagation.
6. List four benefits of DirectAccess.
Provides always-on connectivity
Provides seamless connectivity
Provides bidirectional access
Contains improved security
Provides an integrated solution
Works flawlessly with Terminal Services RemoteApp and AppLocker features
Provides enhanced network security; supports authentication at the computer
level and the user level
Supports multifactor authentication with various technologies
Secures the transmission by using IPv6 over IPSec
7. When configuring the sleep mode settings for your laptop, what should you set the Start menu
power button to?
The Start menu power button options should be set to Sleep.
8-48
Administering
Adminnistering

Global
LL

8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
The DirectAccess Management Console must be installed using the Server Manager.
10. List the VPN technologies that are supported by Windows 7.
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.

indows 7
8-49


LLC
L

8-50
Administering
Adminnistering

Global
LL

13
Running and Troubleshooting
Applications
Section Topics
Application Compatibility Tools
Windows 7 File and Registry Virtualization
Windows Virtual PC with XP Mode

indows 7
13-1


LLC
L

Running and Troubleshooting Applications
Section Objectives
Describe the purpose of each of the Application Compatibility Tools

Describe the UAC settings for applications
Describe the purpose of the Windows Virtual PC with XP mode
Explain how to use the Windows Virtual PC with XP mode
Section Overview
An operating system is only as good as the applications that it can run. A new operating system
that cannot run the applications that make you productive is an operating system that does nothing
for your business. Windows 7, like Windows Vista, takes into account the usefulness and
compatibility of applications. This section introduces the Windows 7 tools and other stand-alone
utilities used for application compatibility, remediation, and mitigation.
13-2
Administering
Adminnistering

Global
LL

Application Compatibility Tools
Figure 433: Application Compatibility Tools
You can use the Windows 7 application compatibility tools to quickly and temporarily bring an
application into compatibility. The tools adjust the environment variable of the Windows 7
computer to emulate another environment such as Windows XP or Windows 2000.
Following is a description of the tools that are available for application compatibility in
Windows 7.
Figure 433 lists the subjects described in this topic.
Program Compatibility Wizard
Figure 434: Program Compatibility Wizard
The Program Compatibility Wizard is located in the Programs category of Windows 7 Control
Panel. To run the wizard, click the Run programs made for previous versions of Windows link.
The wizard guides you through the simple process of configuring your incompatible application to
function.

indows 7
13-3


LLC

Figure 435: Program Compatibility Wizard (cont.)
The first step in using the Program Compatibility Wizard is to choose the application that has
trouble running on Windows 7.
You can let Windows choose compatibility options for you by selecting the Try Recommended
Settings option. For more control, you can select the Troubleshoot Program option and answer a
series of questions about the problems you are having with the program.
13-4
Administering
Adminnistering

Global
LL

When you select the manual method, you must choose the Windows environment that the
application was originally intended for. For instance, if the application was designed for
Windows XP, then choose the compatibility mode for Windows XP (SP 2). This adjusts the
default Windows 7 environment to emulate the Windows XP environment as best it can. Once the
wizard changes the settings, leave the wizard open and run the application using the new settings.
If the application runs, then complete the final steps of the wizard and solidify the environment
settings as they pertain to the application.
Helpful Hint
Selecting the Troubleshoot program option and manually
troubleshooting does not change the security of the Windows 7
environment at all. You are not violating anything that Windows 7
deems a risk, so the wizard might fail to produce the desired results.

indows 7
13-5


LLC

Compatibility Tab
Figure 438: Compatibility Tab
The Compatibility tab is available in the properties dialog of a program or shortcut. All of the
settings that are configured in the Program Compatibility Wizard are actually reflected here. To
set the compatibility options more quickly, you can go directly to the Compatibility tab and set
the options manually.
Standard User Analyzer
Figure 439: Standard User Analyzer
The SUA (Standard User Analyzer) tool enables you to test your applications and to monitor API
requests to detect potential compatibility issues due to the UAC feature in both Windows Vista
and Windows 7. UAC requires all users, including administrators, to operate as standard users
until the application is elevated by acknowledging the UAC prompt. Not all applications can run
properly with the Standard User role if the application requires access and privileges that are
unavailable to a standard user.
13-6
Administering
Adminnistering

Global
LL

Figure 440: Standard User Analyzer
You can use other tools to help you to discover issues with applications before they are
implemented, which can fix the problematic applications.
The SUA is a tool that tests the performance of an application under the strict guidelines of a
standard user. Remember, Windows Vista and Windows 7 require that all users, regardless of
group affiliation, interact with the operating system as a standard user. For security purposes,
some programs require interaction with the Windows platform by an administrator. The Windows
7 platform limits the use of administrative privileges by default. The SUA attempts to mitigate
problems before they are experienced in a live situation.
The tool analyzes your application during the installation and transparently records a log of what
action is taking place during the installation process. The tool generates a detailed report showing
what the program is attempting to access. Hard access can be defined as file system access in the
context of the administrator.
While the SUA does not repair any of the problems that it finds, it gives the administrator the
information required to avoid any issues during the application compatibility testing phase of the
Windows 7 migration.

indows 7
13-7


LLC

Figure 441: Standard User Analyzer (cont.)
To use the Standard User Analyzer, follow these steps:

1. Install the analyzer.
2. Select the application that you want the analyzer to check for issues.
3. Execute or run the application.
4. Close the application.
5. View the analysis details provided by the Standard User Analyzer.
6. Apply any application mitigations that were developed.
7. Repeat the process, if necessary.
8. If the issue is not resolved after applying all mitigations, run the application as an
administrator.
During the run time, the analyzer logs the events. If the application functioned correctly, the
analyzer closes. If the tool notices issues during the run time, it records the issues in a report. At
this point, you apply the application mitigations that have been developed and run the process
again. Repeat this process until the problems are fixed or you run out of options. If you exhaust all
mitigations, you can either not use the program with Windows 7 or configure it to run with
administrative privileges.
13-8
Administering
Adminnistering

Global
LL

Windows Application Compatibility Toolkit
Figure 442: Application Compatibility Toolkit
The Standard User Analyzer is available as a single download or as part of the ACT (Application
Compatibility Toolkit) version 5.5. The ACT version 5.5 provides a suite of application tools such
as the Compatibility Administrator, Application Compatibility Manager, Internet Explorer
Compatibility Test Tool, Setup Analysis tool, Standard User Analyzer wizard, and the Standard
User Analyzer tool. These tools can help you during your application-testing phase, and you can
download them for free.
For these tools to function properly, ensure that you have the proper user context and access to run
them. The tools let you know if you do not have the proper permissions. For all of the tool features
to function properly, you have to log on to your Windows computer with administrative privileges
or rights.

indows 7
13-9


LLC

Compatibility Administrator
Figure 443: Compatibility Administrator
You can use the Windows Compatibility Administrator tool to repair an application that is
experiencing problems with Windows Vista or Windows 7. You can adjust the environment
variable settings for an application to ease the requirements for run-time functionality. The tool
contains a database of thousands of patches and fixes for some popular applications. You need
more than just a basic understanding of development and application packaging to productively
use this tool.
Figure 444: Compatibility Administrator (cont.)
Many compatibility fixes are available to make your program mitigations more straightforward.
These fixes provide detail on the issues resolved, such as registry and file system permissions that
you can use to resolve specific compatibility issues.
13-10
Administering
Adminnistering

Global
LL

Figure 445: Compatibility Administrator (cont.)
With the new database tool, if an application, such as an in-house application, does not have a fix
already in the database, you can create your own. You can choose from three new objects types to
pair with the database. As shown in Figure 445, the three new objects are Application Fix,
Apphelp Message, and Compatibility Mode. You can also add the application in question to the
database and create these fixes for it.

indows 7
13-11


LLC

Application Compatibility Manager
Figure 446: Application Compatibility Manager
Using the ACM (Application Compatibility Manager) tool, you can collect data and analyze your
environment, so that you can resolve issues prior to deploying a new operating system in your
organization.
Figure 447: Application Compatibility Manager (cont.)
The basic ACM functionality is quite important. You can use the tool to navigate around the
network and gather information about Windows XP SP2 or SP3, Windows Vista, Windows Vista
SP1 or SP2, and Windows 7 computers. The Application Compatibility reports show the installed
applications, the application packages, and the computers and other devices that are under each of
the operating system categories. Along with this information, the reports also list any
compatibility issues that exist under each operating system.
13-12
Administering
Adminnistering

Global
LL

Windows 7 File and Registry Virtualization
Figure 448: Windows 7 File and Registry Virtualization Process
Windows Vista introduced a new method of executing and managing applications. This method,
called Windows file and registry virtualization, still applies to the Windows 7 operating system.
Following is a description o f the Windows 7 file and registry virtualization process for application
compatibility and security. Figure 448 lists the subjects described in this topic.

indows 7
13-13


LLC

File and Registry Virtualization Process
Figure 449: File and Registry Virtualization Process
Several things happen when you install an application. The program needs to set itself up in two
main locations, the registry and the Program Files group. Unfortunately, when the application has
problems, these locations are left vulnerable to corruption. The file and registry virtualization
method limits the effects of an application corruption issue.
With the file registry and virtualization feature, when a user installs an application, the installation
process creates a virtual store. This virtual store contains all of the typical installation files and a
copy of the appropriate registry location instead of writing to the live registry and file system. The
theory is simple: if the application crashes or becomes compromised with a virus, a bad macro, or
a driver, then the virtual store becomes corrupt. This action preserves the integrity of the live
registry and the Program Files group. Figure 449 shows the file and registry virtualization process
flow during the read and write phases. Notice the behavior during the write phase. If users have
the appropriate permissions, they can write to the Program Files group. Therefore, the local
administrator has access to the live locations as well as the virtualized locations.
13-14
Administering
Adminnistering

Global
LL

Virtual Store
Figure 450: Virtual Store
File and registry virtualization is a feature of the UAC that protects the registry and the Program
Files group from being manipulated by applications that standard users install or run in the context
of their standard user accounts.
The process works in a simple method. When an application attempts something that is considered
dangerous, for example write to an .ini file such as c:\program files\BadApp\options.ini,
Windows detects that the users privileges do not allow him or her to write to that location.
Instead, the file and registry process copies options.ini to
c:\users\yourAccouneName\AppData\Local|VirtualStore\Program Files\
BadApp\Options.ini. The file and registry virtualization process then lets the modification
proceed.
The same process happens for the registry values associated with the
HKEY_LOCAL_MACHINE registry hive. By protecting these two volatile locations, the
Program Files group and the HKEY_LOCAL_MACHINE registry hive, the process, hopefully,
keeps your machine more stable over its usage.

indows 7
13-15


LLC

Figure 451: Virtual Store (cont.)
When the UAC protected and managed application runs, it runs safely in the virtual store. In this
location, the applications process can safely manipulate a copy of the protected files. Running the
older application from this protected location maintains the security of the Windows 7 operating
system.
You can turn off the file and registry virtualization within the UAC policy settings under the local
security policy.
Policy Options for File and Registry Virtualization
Figure 452: Policy Options for File and Registry Virtualization
File and registry virtualization is a function of the UAC mechanism that is part of the local
security policy of a computer. Access the UAC locations by navigating to the LSP location and
follow the path: Local Policies/Security Options. Enable or disable the file and registry
virtualization process by clicking the UAC security setting in the list, User Account Control:
Virtualize file and registry write failures to per-user locations.
13-16
Administering
Adminnistering

Global
LL

Helpful Hint
File and registry virtualization is a powerful tool that helps you to
maintain the stability of your Windows 7 desktops and their
applications. A best practice is to leave it enabled.
Figure 452 shows several other UAC features that pertain to UIAccess applications and their
efficient operation. One of these is the User Account Control: Allow UIAccess applications to
prompt for elevation without using the secure desktop setting. For User Interface Accessibility
applications, it automatically disables the dim secure desktop during the initialization period.
Some types of applications are unable to function with the secure desktop. This configuration
turns off the secure desktop for User Interface Accessibility applications, such as the Windows
Remote Assistance.
The Detect application installations and prompt for elevation UAC setting controls whether
users can install applications on their desktops. This configuration requires that users have
administrative privileges during the installation process. If users do not have administrative
privileges, the installation does not start.
Helpful Hint
Applications that do not require administrative privileges install
regardless of this setting.
The User Account Control: Only elevate executables that are signed and validated setting
further controls application installations. This option configures the application installation and
execution permissions with the use of a PKI. It partners the application with a code-signing
certificate generated by a CA. You simply add these certificates to the Trusted Publishers
certificate store on the users local computers. If a valid certificate exists in the Trusted Publishers
certificate store for an application, then the application completes the installation and runs
successfully on the device.
Note
Troubleshooting applications involved with this type of environment
can be difficult without a working knowledge of the PKI in place at your
business.
The User Account Control: Only elevate UIAccess applications that are installed in secure
locations setting. UIAccess applications that are not located in one of the systems secure locations
cannot launch. The default secure locations include:
Program Files folder (includes all sub-folders )

System32 folder
Program Files (x86) folder (includes all 64-bit versions sub-folders)

indows 7
13-17


LLC

Windows Virtual PC with XP Mode
Figure 453: Windows Virtual PC with XP Mode
Occasionally, you may find applications that do not function on a new operating system, or do not
run in any compatibility mode. A possible solution to the problem is to run the application on its
intended operating system. This is possible due to virtual technologies that can assist you with this
problem. The Microsoft Virtual PC platform runs applications not designed for Windows 7. Using
Microsoft Virtual PC, a single computer can perform all of this.
Figure 453 lists the subjects described in this topic.
13-18
Administering
Adminnistering

Global
LL

Windows 7 Virtual PC Features
Figure 454: Windows 7 Virtual PC Features
The issue with running virtualized applications on the desktop is that the user has to log on to one
desktop for his or her new features and then log onto the other virtual desktop to run the legacy
applications. This is an unpleasant task for some users, because it is easy for them to become
confused regarding which desktop is currently in use.
Windows 7 provides the use of Virtual PC technology with one major improvement. Users do not
have to log on to another desktop to use Windows XP-based applications. The new Windows
Virtual PC with XP Mode, a free download for Windows 7 users, is a tool that contains a
Windows XP virtual machine you can open and log on to. For any applications that do not
function on Windows 7, install them directly on the Windows XP virtual machine. Once you
finish and log off the Windows XP virtual machine, you can access the applications from the
Windows 7 programs list as if they were installed on the Windows 7 machine. Users do not need
to switch back and forth to use the applications. This eases user confusion, which reduces the
number of help desk calls and increases productivity.

indows 7
13-19


LLC

Creating a New Virtual Machine
Figure 455: Creating a New Virtual Machine
When the Virtual PC application installation is complete and the Windows XP Mode virtual
machine from Microsoft is downloaded, the Windows XP Mode virtual machine automatically
registers with Virtual PC. Additional virtual machines can be created in Windows Virtual PC so
that you can run other operating systems as well.
To create a new virtual machine, click Start, All Programs, Windows Virtual PC, and then click
Windows Virtual PC. In the Virtual Machines window, click the Create Virtual Machine
button.
13-20
Administering
Adminnistering

Global
LL

Modifying Existing Virtual Machine Settings
Figure 456: Modifying Existing Virtual Machine Settings
Using the Virtual PC, you can adjust the virtual machine settings such as the memory used and the
network setting for the network interface card and for the hard drives. Remember to also enable
the virtual machine integration features, which make the physical hardware and the virtual
operating system work more smoothly and efficiently together.
The requirements for Microsoft Virtual PC are as follows:
Windows 7 RC1 or newer

Hardware assisted virtualization (Intel VT or AMD-V technology)
Hardware-assisted virtualization settings are configured within the BIOS and vary
between manufacturers
Users that access the VM must be members of the administrators group or the remote
desktop users group
The virtual machine integration features enable the following:
Windows Clipboard
USB device support
Printing
Physical hard drive availability
Mouse movement between the host machine and the virtual machine seamlessly

indows 7
13-21


LLC

To publish virtual applications from a guest operating system to the Windows 7 host, your guest
operating system must be one of the following:
Windows XP Professional SP 3
Windows Vista Enterprise
Windows Vista Ultimate
Windows 7 Enterprise
Windows 7 Ultimate
Installing Windows XP Mode
Figure 457: Installing Windows XP Mode
Windows XP Mode is a free copy of Windows XP prepackaged inside a virtual machine. You can
download this VM from Microsoft and run it free of charge as long as you own Windows 7.
After you meet all of the prerequisites, it should be very easy to build your environment. Start the
Windows XP Mode virtual machine and install your applications. If your installation does not
create a shortcut, you need to create a shortcut from the application install folder to the All Users
Start Menu folder. You can now turn off (not hibernate) the Windows XP virtual machine. The
user should now be able to find the virtualized applications within his or her Program Files group
on the Windows 7 machine.
13-22
Administering
Adminnistering

Global
LL

Launching Windows XP Mode
Figure 458: Launching Windows XP Mode
Launching Windows XP mode launches a virtual machine that Windows XP is installed in. If the
VM was running previously, it resumes from a saved state.
Figure 459: Launching Windows XP Mode (cont.)
After launching Windows XP Mode, the VM appears inside a window on the local Windows 7
desktop. You may interact with Windows XP normally, by using the mouse and the keyboard.
You can also take Windows XP Mode into and out of full screen mode by using the Action menu,
or by pressing the CTRL+ALT+PAUSE key sequence.

indows 7
13-23


LLC

Windows XP Mode Program Integration
Figure 460: Windows XP Mode Program Integration
Install any applications that you cannot run on Windows 7 inside the Windows XP Mode virtual
machine. Once the application is installed, it actually appears as a shortcut on the Windows 7
Start menu. When you launch the application from the Windows 7 shortcut, the application
launches in a single window all by itself. It does not appear like it is running inside a VM, even
though the VM is really running in the background.
13-24
Administering
Adminnistering

Global
LL

Acronyms
ACM Application Compatibility Manager

ACT Application Compatibility Toolkit
AMD Advanced Micro Devices
API application programming interface
BIOS basic input/output system
CA certification authority
LSP Local security policy
MB megabyte
PC personal computer
RC Release Candidate
SP2 Service Pack 2
SP3 Service Pack 3
SUA Standard User Analyzer
UIA User Interface Accessibility
VM virtual machine
VT virtualization technology

indows 7
13-25


LLC
L

Section Review
Summary
You use the following Windows 7 application compatibility tools to quickly and
temporarily bring an application into compatibility:
The Program Compatibility Wizard: Use this step-by-step process to help you
configure your incompatible application to run on Windows 7.
Compatibility tab: Use this tool to manually change the compatibility settings in
the Properties dialog box of the application.
Standard User Analyzer: Use the SUA tool to test an application and to see how
it performs under the strict standard user guidelines.
Windows Application Compatibility Toolkit 5.5: Use this free suite of
application tools during the application-testing phase. In addition to the SUA tool,
the ACT contains the Compatibility Administrator, Application Compatibility
Manager, Internet Explorer Compatibility Test Tool, and Setup Analysis Tool
Several UAC features exist within the local security policies that pertain to UIAccess
applications and their efficient operation:
Virtualize file and registry write failures to per-user locations: Enables the file
and registry virtualization process.
Allow UIAccess applications to prompt for elevation without using the secure
desktop: Disables the dim secure desktop for User Interfaces Applications, such
as Windows Remote Assistance.
Detect application installations and prompt for elevation: Enables only users
with administrative privileges to install applications on their desktops.
Only elevate executables that are signed and validated: Allows applications to
install only if a valid certificate exists in the Trusted Publishers certificate store for
an application.
Only elevate UIAccess applications that are installed in secure locations:
Enables or disables the launch of UIAccess applications that are not located in a
secure location.
Windows Virtual PC with XP mode launches legacy applications in older versions of
Windows inside a VM.
Before you can use the Windows Virtual PC with XP mode, you must download and
install the free copy of the Virtual PC application and the Windows XP mode virtual
machine. Once you install the free downloads, you can open the Windows XP mode
VM and install any applications that cannot run on Windows 7 inside the VM.
Installing an application in the Windows XP VM creates a shortcut on the Windows 7
Start menu. After installation, you can open an incompatible application in the VM by
clicking on the shortcut in the Windows 7 Start menu.
13-26
Administering
Adminnistering

Global
LL

Knowledge Check
1. Can you turn off the Windows file and registry virtualization within the Windows plan?
2. Can you use the Windows Virtual PC with XP Mode on 64-bit systems?
3. List two different methods used to modify application compatibility settings.
4. Using the Standard User Analyzer tool, you can manipulate the local security policies that pertain
to User Interface applications.
a. True
b. False
5. Which of the following tools are components of the Application Compatibility Toolkit v 5.5?
(Choose all that apply.)
a. Internet Explorer Compatibility Test tool
b. Compatibility Administrator
c. Compatibility tab
d. Setup Analysis tool
e. Standard User Analyzer

indows 7
13-27


LLC
L

6. List some of the features of Windows Virtual PC with XP Mode.
13-28
Administering
Adminnistering

Global
LL


1. Can you turn off the Windows file and registry virtualization within the Windows schema?
No, file and registry virtualization is turned off within the local security policy, but of course
it is not recommended that you actually do that.
2. Can you use the Windows Virtual PC with XP Mode on 64-bit systems?
Yes, as long as you download the 64-bit edition of the Virtual PC application and the
Windows XP Mode virtual machine.
3. List two different methods used to modify application compatibility settings.
Program Compatibility Wizard
Compatibility tab in the properties dialog box of an application or shortcut
4. Using the Standard User Analyzer tool, you can manipulate the local security policies that pertain
to User Interface applications.
a. True
b. False
You use the SUA tool to test an application and to see how it performs under the strict
standard user guidelines.
5. Which of the following tools are components of the Application Compatibility Toolkit v 5.5?
(Choose all that apply.)
a. Internet Explorer Compatibility Test tool
b. Compatibility Administrator
c. Compatibility tab
d. Setup Analysis tool
e. Standard User Analyzer
6. List some of the features of Windows Virtual PC with XP Mode.
Provides hardware emulation to runs operating systems in a VM.
Supports hardware assisted virtualization.
Emulates multiple hard disks and network cards.
Runs more than on operating system at the same time.
Launches legacy applications in older versions of Windows inside a VM.
Provides USB support and application integration from VM to host.

indows 7
13-29


LLC
L

13-30
Administering
Adminnistering

Global
LL

TechSherpas
Table of Contents
Lab 0: Configuring the Lab Environment
Lab Objectives ................................................................................................................... 0-2
Lab Overview ..................................................................................................................... 0-2
Lab Procedures ................................................................................................................. 0-3
Classroom Hosted Labs: Examining Hardware Components ........................................ 0-3
Lab Answer Key................................................................................................................. 0-6
Lab 1: Exploring the Features of Windows 7

Lab Objectives ................................................................................................................... 1-2
Lab Overview ..................................................................................................................... 1-2
Lab Procedures ................................................................................................................. 1-3
Exercise 1: Launching the Alpha VM ............................................................................. 1-3
Exercise 2: Launching the Windows XP VM .................................................................. 1-4
Exercise 3: Launching the Vista VM............................................................................... 1-5
Exercise 4: Launching the Windows 7 VM ..................................................................... 1-6
Exercise 5: Exploring Windows 7 ................................................................................... 1-6
Exercise 6: Preparing the Lab Environment ................................................................... 1-8
Lab Answer Key............................................................................................................... 1-11
Exercise 5: Exploring Windows 7 ................................................................................. 1-11
Lab 2: Installing Windows 7

Lab Objectives ................................................................................................................... 2-2
Lab Overview ..................................................................................................................... 2-2
Lab Procedures ................................................................................................................. 2-3
Prerequisites................................................................................................................... 2-3
Exercise 1: Installing Windows 7 on a Windows Vista Computer .................................. 2-4
Exercise 2: Viewing and Editing the BCD Store............................................................. 2-7
Exercise 3: Using Windows Easy Transfer to Migrate a Windows XP
Profile to Windows 7 ..................................................................................................... 2-11
Exercise 4: Using Windows Easy Transfer to Migrate a Windows Vista
Lab Answer Key............................................................................................................... 2-18
Exercise 1: Installing Windows 7 on a Windows Vista Computer ................................ 2-18
Exercise 2: Viewing and Editing the BCD Store ........................................................... 2-18
Exercise 3: Using Windows Easy Transfer to Migrate a Windows XP
Exercise 4: Using Windows Easy Transfer to Migrate a Windows Vista
Administering
This is a unique and Maintaining
copy of the course Windows
material identified 7 Lab Guide
by code 5a2bccb2-c5fd-4faf-8aa1-147b13239c22, and provided to you by TechSherpas. It isLTOC-1
illegal to reprint,
redistribute, orresell
Globalthis content.
KnowledgeThe Licensed
TrainingContent
LLC is licensed "as-is." Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling +1 800-785-3448.
TechSherpas
Lab 3: Configuring and Managing Windows 7

Lab Objectives ................................................................................................................... 3-2
Lab Overview ..................................................................................................................... 3-2
Lab Procedures ................................................................................................................. 3-3
Prerequisites................................................................................................................... 3-3
Exercise 1: Working with User Accounts in Windows 7 ................................................. 3-4
Exercise 2: Exploring System Properties ....................................................................... 3-6
Exercise 3: Navigating the Control Panel ..................................................................... 3-10
Exercise 4: Using the Ease of Access Center .............................................................. 3-12
Exercise 5: Configuring File and Folder Options .......................................................... 3-13
Exercise 6: Configuring Search Properties .................................................................. 3-14
Lab Answer Key............................................................................................................... 3-19
Exercise 1: Working with User Accounts in Windows 7 ............................................... 3-19
Exercise 2: Exploring System Properties ..................................................................... 3-20
Exercise 3: Navigating the Control Panel ..................................................................... 3-21
Exercise 4: Using the Ease of Access Center .............................................................. 3-21
Exercise 5: Configuring File and Folder Options .......................................................... 3-22
Exercise 6: Configuring Search Properties .................................................................. 3-22
Lab 4: Customizing the Windows 7 User Interface

Lab Objectives ................................................................................................................... 4-2
Lab Overview ..................................................................................................................... 4-2
Lab Procedures ................................................................................................................. 4-3
Prerequisites................................................................................................................... 4-3
Exercise 1: Customizing the Desktop Environment ....................................................... 4-4
Exercise 2: Exploring the Aero Features in the VM ....................................................... 4-6
Exercise 3: *BONUS LAB* Exploring the Aero Features on the Local Machine ............ 4-7
Lab Answer Key............................................................................................................... 4-13
Exercise 1: Customizing the Desktop Environment ..................................................... 4-13
Exercise 2: Exploring the Aero Features in the VM ..................................................... 4-13
Exercise 3: *BONUS LAB* Exploring the Aero Features on the Local Machine .......... 4-13
Lab 5: Windows 7 in the Workgroup

Lab Objectives ................................................................................................................... 5-2
Lab Overview ..................................................................................................................... 5-2
Lab Procedures ................................................................................................................. 5-3
Prerequisites................................................................................................................... 5-3
Exercise 1: Launching the Lima Windows 7 VM ............................................................ 5-4
Exercise 2: Using a Workgroup Environment ................................................................ 5-5
Exercise 3: Creating and Configuring Windows 7 HomeGroups ................................... 5-7
LTOC-2
This is a unique Administering
copy of the course material identified by code 5a2bccb2-c5fd-4faf-8aa1-147b13239c22, and and Maintaining
provided Windows 7 ItLab
to you by TechSherpas. Guide
is illegal to reprint,
redistribute, or resell this content. The Licensed Content is licensed "as-is." Microsoft does not support this Licensed
Content
Global inKnowledge
any way and Microsoft
Training gives
LLCno express
TechSherpas
Exercise 4: Using Windows 7 Libraries ........................................................................ 5-10

Lab Answer Key............................................................................................................... 5-14
Lab 6: Integrating Windows 7 with Active Directory

Lab Objectives ................................................................................................................... 6-2
Lab Overview ..................................................................................................................... 6-2
Lab Procedures ................................................................................................................. 6-3
Prerequisites................................................................................................................... 6-3
Exercise 1: Exploring the AD Environment .................................................................... 6-4
Exercise 2: Join Windows XP to the Domain ................................................................. 6-7
Exercise 3: Join Windows 7 to the Domain .................................................................... 6-8
Exercise 4: Administer the Domain from Windows 7 ................................................... 6-11
Exercise 5: Preparing the GPO Environment ............................................................... 6-12
Exercise 6: Implementing Folder Redirection .............................................................. 6-14
Exercise 7: *Bonus* Deploying Software with a GPO .................................................. 6-16
Exercise 8: *Bonus* Implementing Login Scripts ......................................................... 6-18
Exercise 9: *Bonus* Implementing Group Policy Preferences ..................................... 6-19
Lab Answer Key............................................................................................................... 6-21
Exercise 1: Exploring the AD Environment .................................................................. 6-21
Exercise 3: Join Windows 7 to the Domain .................................................................. 6-21
Exercise 5: Preparing the GPO Environment ............................................................... 6-22
Exercise 6: Implementing Folder Redirection .............................................................. 6-22
Exercise 7: *Bonus* Deploying Software with a GPO .................................................. 6-23
Exercise 8: *Bonus* Implementing Login Scripts ......................................................... 6-23
Exercise 9: *Bonus* Implementing Group Policy Preferences ..................................... 6-23
Lab 7: Windows 7 Networking

Lab Objectives ................................................................................................................... 7-2
Lab Overview ..................................................................................................................... 7-2
Lab Procedures ................................................................................................................. 7-3
Prerequisites................................................................................................................... 7-3
Exercise 1: Managing TCP/IP Settings .......................................................................... 7-4
Exercise 2: Configuring IP Remotely.............................................................................. 7-6
Exercise 3: Troubleshooting DHCP Addressing ............................................................ 7-8
Exercise 4: Using the BranchCache Feature ............................................................... 7-10
Lab Answer Key............................................................................................................... 7-15
Exercise 1: Managing TCP/IP Settings ........................................................................ 7-15
Exercise 2: Configuring IP Remotely............................................................................ 7-15
Exercise 3: Troubleshooting DHCP Addressing .......................................................... 7-16
Exercise 4: Using the BranchCache Feature ............................................................... 7-17
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Lab 8: Windows 7 Remote Access and Mobile Computing

Lab Objectives ................................................................................................................... 8-2
Lab Overview ..................................................................................................................... 8-2
Lab Procedures ................................................................................................................. 8-3
Prerequisites................................................................................................................... 8-3
Exercise 1: Configuring a VPN Server on Windows Server 2008 R2 ............................ 8-4
Exercise 2: Creating a VPN Connection with Windows 7 .............................................. 8-6
Exercise 3: Creating an Incoming VPN Connection on Windows 7 ............................... 8-8
Exercise 4: Creating an RDP Connection to Server 2008 ........................................... 8-10
Exercise 5: Creating an RDP Connection to another Windows 7 Host........................ 8-12
Exercise 6: Configuring Offline Files and Folders ........................................................ 8-14
Exercise 7: Configuring Power Management Options ................................................. 8-18
Lab Answer Key............................................................................................................... 8-21
Exercise 1: Configuring a VPN Server on Windows .................................................... 8-21
Exercise 2: Creating a VPN Connection with Windows 7 ............................................ 8-21
Exercise 3: Creating an incoming VPN Connection on ................................................ 8-22
Exercise 4: Creating an RDP Connection to Server 2008 ........................................... 8-22
Exercise 5: Creating an RDP Connection to another Windows 7 Host........................ 8-22
Exercise 6: Configuring Offline Files and Folders ........................................................ 8-23
Exercise 7: Configuring Power Management Options ................................................. 8-24
Lab 9: Working with File Systems

Lab Objectives ................................................................................................................... 9-2
Lab Overview ..................................................................................................................... 9-2
Lab Procedures ................................................................................................................. 9-3
Prerequisites................................................................................................................... 9-3
Exercise 1: Managing Volumes and File Systems ......................................................... 9-4
Exercise 2: Using Windows 7 to Create a VHD File ...................................................... 9-8
Exercise 3: Managing NTFS Permissions .................................................................... 9-10
Exercise 4: Managing Share Permissions.................................................................... 9-13
Exercise 5: Calculating Effective Permissions ............................................................. 9-17
Exercise 6: Using EFS to Secure Data ........................................................................ 9-18
Lab Answer Key............................................................................................................... 9-23
Exercise 1: Managing Volumes and File Systems ....................................................... 9-23
Exercise 2: Using Windows 7 to Create a VHD File .................................................... 9-24
Exercise 3: Managing NTFS Permissions .................................................................... 9-25
Exercise 4: Managing Share Permissions.................................................................... 9-25
Exercise 5: Calculating Effective Permissions ............................................................. 9-27
Exercise 6: Using EFS to Secure Data ........................................................................ 9-27
LTOC-4
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab 10: Securing Windows 7

Lab Objectives ................................................................................................................. 10-2
Lab Overview ................................................................................................................... 10-2
Lab Procedures ............................................................................................................... 10-3
Prerequisites................................................................................................................. 10-3
Exercise 1: Configuring UAC ........................................................................................ 10-4
Exercise 2: Managing the Windows Firewall with Advanced Security ....................... 10-11
Exercise 3: Using BitLocker To Go ............................................................................ 10-14
Exercise 4: *Bonus* Installing and Configuring Network Access Protection.............. 10-16
Lab Answer Key............................................................................................................. 10-21
Exercise 1: Configuring UAC ...................................................................................... 10-21
Exercise 2: Managing the Windows Firewall with Advanced Security ....................... 10-23
Exercise 3: Using BitLocker To Go ............................................................................ 10-23
Exercise 4: *Bonus* Installing and Configuring Network Access Protection.............. 10-24
Lab 11: Windows 7 Backup and Recovery

Lab Objectives ................................................................................................................. 11-2
Lab Overview ................................................................................................................... 11-2
Lab Procedures ............................................................................................................... 11-3
Prerequisites................................................................................................................. 11-3
Exercise 1: Using System Restore ............................................................................... 11-4
Exercise 2: Configuring and Using Previous Versions ................................................. 11-5
Exercise 3: Using the Windows Backup Feature ......................................................... 11-9
Lab Answer Key............................................................................................................. 11-13
Exercise 1: Using System Restore ............................................................................. 11-13
Exercise 2: Configuring and Using Previous Versions ............................................... 11-13
Exercise 3: Using the Windows Backup Feature ....................................................... 11-14
Lab 12: Troubleshooting and Monitoring Windows 7

Lab Objectives ................................................................................................................. 12-2
Lab Overview ................................................................................................................... 12-2
Lab Procedures ............................................................................................................... 12-3
Prerequisites................................................................................................................. 12-3
Exercise 1: Performance Monitoring ............................................................................ 12-4
Exercise 2: Task Manager ............................................................................................ 12-8
Exercise 3: Using the Event Viewer ........................................................................... 12-12
Lab Answer Key............................................................................................................. 12-15
Exercise 1: Performance Monitoring .......................................................................... 12-15
Exercise 2: Task Manager .......................................................................................... 12-15
Exercise 3: Using the Event Viewer ........................................................................... 12-17
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Lab 13: Running and Troubleshooting Applications on Windows 7

Lab Objectives ................................................................................................................. 13-2
Lab Overview ................................................................................................................... 13-2
Lab Procedures ............................................................................................................... 13-3
Prerequisites................................................................................................................. 13-3
Exercise 1: Using the Application Compatibility Toolkit ............................................... 13-4
Exercise 2: Configuring Application Compatibility Settings .......................................... 13-7
Lab Answer Key............................................................................................................. 13-10
Exercise 1: Using the Application Compatibility Toolkit ............................................. 13-10
Exercise 2: Configuring Application Compatibility Settings ........................................ 13-10
LTOC-6
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L0
Lab 0: Configuring the Lab
Environment
Administering
by code 5a2bccb2-c5fd-4faf-8aa1-147b13239c22, L0-1
and provided to you by TechSherpas. It is illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
In this lab, you will:
Prepare your computer for the lab environment
Lab Overview
In this lab, you will configure your host operating system for future labs.
Estimated Completion Time

15 minutes
L0-2copy of the course material identified by code 5a2bccb2-c5fd-4faf-8aa1-147b13239c22,

This is a unique Administering and and Maintaining
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
While you are performing the exercises in this lab, the instructor will do the same to prepare the
instructor machine for classroom demos.
Classroom Hosted Labs: Examining Hardware Components
Remote Lab
In the remote labs environment, you do not have access to the host
machine's configuration settings and these steps will not apply. Skip
the following exercises if that is the case. Only perform these tasks if
your instructor asks you.
In these tasks, you will prepare your system for future labs. Hyper-V will not install and run on a
system that is not configured properly. Many systems are produced with multi-core processors that
are capable of providing built-in hardware virtualization. Both Intel and AMD processors are
available with this feature. On some systems, the hardware virtualization capabilities are disabled
by default and must be turned on in the systems BIOS. Your instructor may tell you to skip tasks
if the BIOS is already configured.
Note
During the POST routine, the system will briefly flash the keystroke
necessary to enter System Setup or some other description of the
systems BIOS configuration screen. On most Dell systems, press the
F2 key. On Lenovo systems, press the F1 key.
Caution
Make sure the time and date in the BIOS reflects the current time and
date. If you are not sure how to check this or change it, consult with
your instructor.
Task 1: Configure the BIOS on a Dell D6xx Series Laptop

The following steps are for a Dell D6xx series laptop. In these steps, you will ensure that the
hardware virtualization is enabled.
1. If the system is currently on, power it off completely and turn it back on, again.
2. Press F2 when prompted during the POST routine.
3. Go to the Performance section and then press ENTER.
4. Press the down arrow key to the Multi-Core Support option. If Multi-Core Support is Off,
press ENTER, select the Enabled option, and then press ENTER again.
Administering
Globalthis content.
TrainingContent
TechSherpas
5. Press the down arrow key to the POST Behavior section and then press ENTER.
6. Press the down arrow key to the Virtualization option. If Virtualization is Off, press ENTER,
select Enabled, and then press ENTER again.
7. Press ESC to exit setup, select the Exit Setup option, and then press ENTER.
Task 2: Configure the BIOS on a Lenovo Laptop or Desktop

The following steps are for a Lenovo laptop or desktop. In these steps, you will make sure that
hardware virtualization is enabled.
1. If the system is currently on, power it off completely and turn it back on again.
2. Press F1 when prompted during the POST routine.
3. Go to the Config section and then press ENTER.
4. Press the down arrow key to the CPU option and then press ENTER.
5. Press ENTER on the Core Multi-Processing option.
6. Select the Enabled option, and press ENTER.
7. Press the down arrow key to move to the Intel Virtualization Technology option. Press ENTER,
select Enabled, and press ENTER again.
8. Press F10 to save the changes and exit System Setup, select Yes, and then press ENTER.
Task 3: Log On to the Host Operating System and Set the Computer
Name
In these steps, you will log on to the host operating system and set the computer name.
Caution
If you booted the host machine for the first time, wait one to two
minutes before logging on. The server will run several configuration
scripts that will restart the system shortly after the logon prompt
appears. If the system does not restart within a few minutes, those
scripts have likely already been run and you may proceed with
the logon.
1. Boot the host machine and log on as Administrator with a password of TrustM3 (capital T,
capital M, and the number 3).
2. Click Start.
3. Right-click Computer and select Properties.
4. Click the Remote Settings link.
5. Select the Allow connections from computers running any version of Remote Desktop option.
(This option may already be selected.)
6. Click the Computer Name tab.
7. Click the Change button.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Confirm that the computer name is Host##, where ## is your assigned student ID from 01 to 24.
(Ask your instructor to assign you a student ID, if you do not already have one. The instructor ID
will be Host00.)
9. If the computer name is not correct, change it, click OK several times, and then reboot the
machine when prompted. Log back on after the reboot.
Task 4: Configure Resolution, Screen Saver, and Power Settings

The Resolution, Screen Saver, and Power settings may already be configured as part of the
image. If they are not, follow these steps to correct them. In this task, you will configure the
Resolution, Screen Saver, and Power settings
Remote Lab
In the remote labs environment, the host computer's settings are
already established and cannot be changed. Skip these steps in
that case.
1. Right-click the desktop and select Screen Resolution.

2. Make sure that Resolution and Colors are set to their maximum values, and then click OK.
3. Right-click the desktop and select Personalize.

4. Click the Screen Saver link.
5. Change the screen saver to None.
6. Clear the On resume, display logon screen check box.
7. Click the Change power settings link.
8. Select the High performance option and then click the Change plan settings link beneath it.
9. From the Turn off display drop-down list, select 2 hours.

10. Under Standby or Sleep, change the Plugged in option to 4 hours.
11. Click Save Changes and then close the Power Options dialog box.
12. Click OK in the Screen Saver Settings dialog box, and then close the Personalize window.
You have successfully completed this lab.
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Answer Key

There are no lab questions in this lab.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L1
Lab 1: Exploring the Features of
Windows 7
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Connect to the remote lab environment

Launch prerequisite virtual machines
Explore Windows 7
Prepare the lab environment
Lab Overview
In this lab, you will start your VMs and prepare the lab environment for upcoming labs.
Lab Virtual Machines:

This lab utilizes the following virtual machines:
Alpha (Windows Server 2008 R2)

Hotel (Windows Vista)
India (Windows XP)
Kilo (Windows 7)
Note
The Alpha VM must be running throughout the entire course. This VM
provides DHCP addressing for the other VMs that are called on during
your labs. You will start the ALPHA VM in this lab. Do not shut it down
until the end of the course.

1 hour

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Exercise 1: Launching the Alpha VM
In this exercise, you will launch the initial Alpha VM required for future labs.
Task 1: Start the Alpha VM

The Alpha VM is already configured as a fully functional Windows Server 2008 R2 domain
controller. To make sure it is working properly, you will start it now.
1. For locally hosted labs, boot the host machine and log on as Administrator with a password of
TrustM3 (capital T, capital M, and the number 3).
Remote Lab
In the remote labs environment, the host machine is used only as a
terminal to connect to a remote labs host server. You will need to
connect to this host machine remotely using instructions provided to
you by your instructor or the Global Knowledge remote labs team.
2. From the desktop, double-click the LabVMs folder or shortcut. If the shortcut is not available,
click Start, Administrative Tools, and Hyper-V Manager.
3. Double-click the Alpha VM to open the Virtual Machine Connection window.
4. Click the Start button on the icon bar to start the VM. The Alpha VM should boot quickly and
present you with a logon prompt. DO NOT LOG ON right away. The Alpha VM runs several
scripts in the background at startup in preparation for the lab environment. Within one to two
minutes, the Alpha VM will reboot a final time.
Note
You will see a CTRL+ALT+DEL prompt for log on. Since you are
using a VM, this key sequence will not pass through. Instead,
select the Action, Ctrl+Alt+Delete option on the menu bar or click
the corresponding icon on the icon bar in the Virtual Machine
Connection window.
5. Log on as Administrator@hq.local with a password of TrustM3. (If you see a Windows

Activation message, click the Ask Me Later option and click OK to continue. This message
appears because Windows Activation has just been Rearmed.
Note
Leave the Alpha VM running at all times unless you are asked to shut
it down in a later lab exercise.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 2: Launching the XP VM

In this exercise, you will start and configure the India VM, a sysprepped Windows XP
operating system.
Task 1: Start the India VM

In this task, you will start the India VM.
1. From the desktop, double-click the LabVMs shortcut, if it is not already open. If the folder and
shortcut are not available, click Start, Administrative Tools, and Hyper-V Manager.
2. Double-click the India VM to open the Virtual Machine Connection window. Click the Start
button on the icon bar to start the VM. The VM takes a few minutes to boot while it goes through
a Sysprep boot process. Eventually, a logon prompt appears.
3. If necessary, log on as Administrator with a password of TrustM3. (The VM may automatically
log you on at the end of the Sysprep process.)
4. Right-click the desktop and select the Properties option.
5. Click the Settings tab.
6. Raise the resolution to 1024 768 only if your local display is capable of 1280 1024 or higher
resolutions. If you are using a laptop or remote connection to connect to the VM, set your
resolution to 800 600.
7. Click OK, and then click Yes to keep the settings.
Task 2: Change the VM Name

In this task, you will change the name of the VM to India.
1. Click the Start button, right-click My Computer, and then select the Properties option.
4. Type India in the Computer name text box.
5. Click OK to accept the changes.
6. Click OK in the restart warning dialog box.
8. Click Yes to restart.
9. After the reboot, log on as Administrator with a password of TrustM3.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 3: Launching the Windows Vista VM

In this exercise, you will start and configure the Hotel VM, a sysprepped Windows Vista
operating system.
Task 1: Start the Hotel VM

In this task, you will start the Hotel VM.
1. From the desktop, double-click the LabVMs folder, if it is not already open. If the folder and
2. Double-click the Hotel VM to open the Virtual Machine Connection window. Click the Start
button on the icon bar to start the VM. The VM takes a very long time to boot (five to ten minutes)
while it goes through a Sysprep boot process. Eventually, a logon prompt appears. (For several
minutes, a totally blank screen appears. Sysprep is still running at this point.)
3. If necessary, log on as Administrator with a password of TrustM3. (The system may
automatically log you on at the end of the Sysprep process.)
4. Click the Work location if the Set Network Location dialog box is displayed, and then
click Close.
5. Right-click the desktop and select the Personalize option.
6. Click the Display settings link.
8. Click OK to accept the change and click Yes to keep the settings.
9. Close the Personalization window.

In this task, you will change the name of the VM to Hotel.
1. Click the Start button, right-click Computer and then select the Properties option.
2. Click the Change Settings link. (You should now be on the Computer Name tab of the System
Properties dialog box.)
4. Type Hotel in the Computer name text box.
6. Click OK to reboot.
7. Click Close to accept the changes.
8 Click Restart Now to reboot.
9. After rebooting, log on as Administrator with a password of TrustM3. (If necessary, use the
Switch User option and select Other User to change the logon name.)
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 4: Launching the Windows 7 VM

In this exercise, you will start and configure the Kilo VM, a sysprepped Windows 7
operating system.
Task 1: Start the Kilo VM

In this task, you will start the Kilo VM.
1. From the desktop, open double-click the LabVMs folder, if it is not already open. If the folder and
2. Double-click the Kilo VM to open the Virtual Machine Connection window. Click the Start
button to boot Kilo. (Sysprep will run. Eventually, you will see a logon prompt. Wait one to two
minutes before logging on. A script will run in the background and it will perform several
configuration steps and reboot the Kilo VM. If the Kilo VM does not reboot within a few minutes,
proceed with the log on.
3. Log on as Administrator with a password of TrustM3. (If you see a Windows Activation
message, click the Ask Me Later option and click OK to continue. This message appears because
Windows Activation has just been Rearmed.)
4. Click Work Network if the Set Network Location dialog box displays. Click Close.

In this task, you will change the name of the VM to Kilo.
1. Click Start, right-click Computer, and then select the Properties option.
2. Click the Change Settings link. (You should now be on the Computer Name tab of the System
Properties dialog box.)
4. Type Kilo in the Computer name text box.

6. Click OK again on the Restart message.
7. Click Close to exit the System Properties dialog box.
8. Click Restart Now.
Exercise 5: Exploring Windows 7

This exercise will guide you through the Windows 7 operating system and expose you to some of
the new interface characteristics. If you have used Windows Vista at all, much of the interface
may be very familiar to you.
Task 1: Perform Initial Configuration Tasks

In this task, you will turn on and configure the firewall settings.
1. Switch to the Kilo VM.
2. On the menu bar of the Virtual Machine Connection window for the VM, click Media, DVD
Drive, and Insert Disk. (This menu option is located at the top of the Virtual Machine
Connection window.)

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
3. Browse to the C:\LabFiles\ISO folder, select the 6183-labFiles.iso file, and then click Open.
4. If an Autoplay window appears, click the X button to close it.
5. Verify that Administrator is the default user name.
6. Type TrustM3 for the password, and then click the right arrow button or press ENTER.
7. Click Start, Control Panel, System and Security, and Windows Firewall.
8. If the Windows Firewall is currently off, click the Use recommended settings button.
9. Close the Windows Firewall window.
10. Click the Network icon in the lower-right corner of the window, and then click the Open
Network and Sharing Center link.
11 Click the Local Area Connection link, and then click the Details button.
12. Write the following information:

Connection Specific
DNS Suffix: __________________________________
IPv4 Address: __________________________________
IPv4 Subnet Mask: __________________________________
IPv4 Default Gateway: __________________________________
IPv4 DNS server: __________________________________
13. Click Close and then click Close again to exit.
14. Close the Network and Sharing Center window.
Task 2: Configure the Desktop and Display Properties

In this task, you will configure the desktop and display properties for the Kilo VM.
1. Make sure you are logged on to the Kilo VM.

2. Minimize any other windows that may be open in the VM.
3. Right-click the desktop inside the Kilo VM and select the Screen Resolution option.
4. Click the Resolution drop-down list.
6. Click OK to accept the changes and then click Keep Changes.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 3: Explore the New Start Menu

The Start menu in Windows 7 is similar to the one in Windows Vista. It takes a little time to get
used to the new layout, but it can be very powerful and a timesaver in the long run. In this task,
you will explore the new Start menu.
1. Make sure that you are logged on to the Kilo VM.

2. Click the Start button. (Notice the Search box immediately above the Start button.)
3. Click inside the Search box and type *pad. You will now see a list of the closest matches within
the operating system.
4. Click WordPad from the list of matches and then close WordPad after it opens.
5. Click the Start button again.
6. Click inside the Search box and type note, press the down arrow key once, and then press
ENTER. (This should launch Notepad.)
7. Close Notepad after it opens.
8. Click Start, type exp in the Search box, and then select Windows Explorer from the list
of matches.
9. Click Organize, Folder and Search Options from the menu bar.
10. Click the View tab.
11. Clear the Hide extensions for known file types check box and click OK.
12. Click Start and notice the Shutdown button to the right of the Search box.
13. Click the right arrow to see a full list of available shutdown options.
14. Click Start, All Programs. You will notice that the program groups are now listed with the
folders at the bottom and loose programs are listed at the top.
15. Browse around and get familiar with the new look and feel of the Start menu structure. (You will
notice that the My prefix is no longer part of the shortcuts on the Start menu.)
16. When you are finished, leave the Kilo VM running.
Exercise 6: Preparing the Lab Environment

Task 1: Create an OU Structure with Users and Groups
In this task, you will run a Windows PowerShell script that creates the users and groups that are
called for in some of the upcoming labs.
1. Switch to the Alpha VM and make sure you are logged on as Administrator@hq.local with a
password of TrustM3.
2. On the menu bar of the Virtual Machine Connection window for the VM, click Media, DVD
Drive, and Insert Disk. (This menu option is located at the top of the Virtual Machine
Connection window.)
3. Browse to the C:\LabFiles\ISO folder, select the 6183-labFiles.iso file, and then click Open.
4. If an Autoplay window appears, click the X button to close it.
5. Click the Windows PowerShell shortcut on the taskbar.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
6. Type the following and press ENTER.

set-executionpolicy unrestricted
7. Type Y and then press ENTER to accept the change.
8. Type e: and press ENTER.

cd \LabFiles\Scripts\PowerShell
10. Type the following and press ENTER. (Note the dot before the slash, and the number 1 (one) at
the end.)
.\LabTrek.ps1
11. Click OK.
Note
The script takes a few seconds to start. Wait a minute or two for the
script to create the users and OUs. Then you may continue.
If the script runs, but displays the error message Unable to find a
default server with Active Directory Web Services running, perform
the following steps:
1. On the Alpha VM, click Start, Administrative Tools, Services.
2. In the Services listing, right-click Active Directory Web Services
and click Start.
3. Close the Services console and try to run the LabTrek.ps1
script again.
12. Click OK.
13. When the script finishes, click Start, Administrative Tools, and Active Directory Users
and Computers.
14. Expand hq.local.
15. Browse through the Accounts OU structure and examine the users and groups that are listed under
Engineering, IT, Management, and Sales.
For your reference, the following is the OU, Group, and User structure that created with the
Windows PowerShell script:
Organizational Units:
hq.local Accounts
hq.local Accounts Engineering
hq.local Accounts IT
hq.local Accounts Management
hq.local Accounts Sales
hq.local Accounts Sales East Coast
hq.local Accounts Sales West Coast
Administering
Globalthis content.
TrainingContent
TechSherpas
Groups:
hq.local Accounts Engineering Eng Admins
hq.local Accounts Engineering Eng Users
hq.local Accounts IT Help Desk
hq.local Accounts IT IT Admins
hq.local Accounts Management Executives
hq.local Accounts Sales Sales Admins
hq.local Accounts Sales Sales Users
Users:
hq.local Accounts Engineering Scooty
hq.local Accounts Engineering SooLoo
hq.local Accounts IT Ohara
hq.local Accounts IT Speck
hq.local Accounts Management Quirk
hq.local Accounts Sales Checkoff
hq.local Accounts Sales MackOy
L1-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

The correct answers to the lab questions are bolded.
Exercise 5: Exploring Windows 7

Task 1: Perform Initial Configuration Tasks
Answers may vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
L1-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L2
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Install Windows 7 using native VHD boot

View and edit the BCD store
Use Windows Easy Transfer to migrate a profile from Windows XP using the network
Use Windows Easy Transfer to migrate a profile from Windows Vista using the
hard disk
Lab Overview
In this lab, you will use the native VHD boot option to install Windows 7. You will use the
BCDEdit tool to view and edit the BCD store. You will also use the Windows Easy Transfer
process to migrate a profile from Windows XP and Windows Vista to Windows 7.


Hotel (Windows Vista)
India (Windows XP)

1 hour

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
The exercises in this lab require configuration that has been performed in previous labs. If you
skipped any of the previous labs, you may need to configure those items now. You may skip these
tasks if you have already performed them.
Task 1: Start the VMs

In this task, you will start the virtual machines that are required for this lab.
1. From the desktop, double-click the LabsVMs shortcut. (If the shortcut is not available, click
Start, Administrative Tools, and Hyper-V Manager.)
2. Double-click the Alpha VM to open the Virtual Machine Connection window. Click the Start
button on the icon bar to start the VM. (If this is the first time you have started the VM, DO
NOT LOG ON right away. The Alpha VM runs several scripts in the background at startup
in preparation for the lab environment. Within one to two minutes, the Alpha VM reboots a
final time.)
3. Double-click the Hotel VM to open the Virtual Machine Connection window. Click the Start
button on the icon bar to start the VM. (If this is the first time you have started the VM, you need
to rename the VM to Hotel inside the guest operating system. The Hotel VM takes 10 to 20
minutes to boot the first time.)
to rename the VM to India inside the guest operating system.)
Task 2: Mount the LabFiles ISO

In this task, you will mount the LabFiles ISO on any virtual machine that needs access to
E:\LabFiles.
1. On the menu bar in the Virtual Machine Connection window for each VM, click Media,
DVD Drive, and Insert Disk. (This is a menu option at the top of the Virtual Machine
Connection window.)
2. Browse to the C:\LabFiles\ISO folder, select the 6183-LabFiles.iso file, and then click Open.
3. If an AutoPlay window appears, click the X button to close it.
Task 3: Create the Lab OU Structure

In this task, you will run the E:\LabFiles\Scripts\PowerShell\LabTrek.ps1 script to create the
entire lab OU structure and all required user accounts.
1. Log on to the Alpha VM as Administrator@hq.local with a password of TrustM3.

2. Click the Windows PowerShell shortcut on the taskbar.
3. Type the following, and then press ENTER.
4. Type the following to confirm, and then press ENTER to accept the change.
Y
Administering
Globalthis content.
TrainingContent
TechSherpas

E:\LabFiles\Scripts\PowerShell\LabTrek.ps1
6. Click OK, and then click OK.
Exercise 1: Installing Windows 7 on a Windows Vista Computer

In this exercise, you will install Windows 7 in a dual-boot configuration with an existing Windows
Vista operating system.
Task 1: Explore the Upgrade Options for Windows 7

In this task, you will explore the upgrade possibilities for Windows 7. However, you will not
upgrade to Windows 7 at this time. Later, you will perform a clean installation of Windows 7.
1. Switch to the Hotel VM and minimize any other VMs that are running.
3. Log on to the Hotel VM as Administrator with a password of TrustM3.
4. On the menu bar in the Hotel VM window, click Media, DVD Drive, and Insert Disk.
5. Browse to the C:\LabFiles\ISO folder, select the WIN-7.iso file, and then click Open.
6. In the Autoplay window that appears, click the Run setup.exe option. (It may take a bit of time
for the AutoPlay window to show up.)
7. Choose Install Now.
8. Click Do not get the latest updates for installation.
9. Select the I accept the license terms check box, and then click Next.
10. Select the Upgrade option.
Caution
Stop here. Do not click next on the disk selection screen.
11. Does it appear that Windows Vista can be upgraded to Windows 7?
12. What upgrade issues have been detected?
13. Click the red X in the upper-right corner of the installation window.
14. Click Yes to cancel the installation.
15. Close the Install Windows screen.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Install Windows 7 Using Native VHD Boot

In this task, you will install Windows 7 using the new VHD boot capability of the operating
system. Instead of installing to a brand new machine, you will install Windows 7 as a dual-boot
with Windows Vista. In the past, dual-booting required separate partitions for each operating
system. In this case, you will install Windows 7 into its own self-contained VHD file that will
appear to be a separate disk to the Window 7 installation.
1. In the Hotel VM, click the Start button, and then click the right arrow next to the Shut
Down button.
2. Choose the Restart option.
3. When the screen goes black, quickly click inside the VM window and press a key to boot from the
DVD when prompted.
NOTE:
If you see a Virtual Machine Connection dialog with the message
Mouse not captured in Remote Desktop session, select the Please
dont show me this again checkbox and click OK. If necessary,
reboot the VM again, click inside the VM window, and press a key to
boot from the DVD when prompted.
4. When the Install Windows screen appears, press SHIFT+F10. (This will open a
command window.)
5. In the command prompt, type the following, and then press ENTER.
md c:\vhd

diskpart

create vdisk file=c:\vhd\win7.vhd maximum=20000 type=expandable
Note
Make sure to type in the command as a single command, and do not
forget the type=expandable string at the end of the command.

attach vdisk
9. Type exit, and then press ENTER to exit DiskPart.
10. Type exit, and then press ENTER to leave the command prompt.
11. Click Next on the main install screen.
Administering
Globalthis content.
TrainingContent
TechSherpas
12. Click Install now.

13. Select I accept the license terms, and then click Next.
14. Select Custom (advanced).
15. Select Disk 3 Unallocated Space on the disk selection screen. (It should be the disk with the
19.5 GB of free space.)
16. Click Next to begin the installation. (Ignore the warning that states that Windows cannot install to
this volume.)
17. The Installing Windows screen appears. Copying Windows files, Expanding Windows Files,
Installing features, Installing Updates, and Completing Installation also appears. This will
take some time, the screen may flicker, and an occasional reboot may occur.
18. Create your first user in the Windows 7 Ultimate Installation screen by typing the following
information in the Username and Computer Name text fields:
Username: Student
Computer Name: Hotel-7
19. Click Next.
20. Enter and confirm the following password, and then enter the following password hint:
Password: TrustM3
Password Hint: TrustM3
21. Click Next.
22. Do not enter a Windows product key.

23. Clear the Automatically Activate check box, and then click Next.
24. Click Ask Me Later on the Windows Update window.

25. Change the time zone to Eastern Time on the Time and Date Settings screen.
26. Verify that the date and time are correct, and then click Next.
27. Click Work Network on the Select your computers current location window. Windows
installation will finalize your settings. This will take several minutes.
28. Right-click the desktop and select the Screen Resolution option.
29. Slide the slider to the 800 600 setting within the Screen Resolution drop-down list. This should
eliminate any scroll bars on your VM window. (If you are using a larger format screen to connect
to the VM, a resolution of 1024 768 may be better.)
30. Click Media, DVD Drive and Eject WIN-7.iso on the menu bar in the Hotel VM window.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 2: Viewing and Editing the BCD Store

In this exercise, you will navigate the BCD store and manipulate the configurations and data such
as the default timeout value and the default operating system.
Task 1: View Contents of BCD Store

In this task, you will view the contents of the BCD store.
1. In the Hotel VM, click Start, type cmd in the Search box, and then press ENTER. (A command
prompt opens.)
2. In the command prompt, type the following, and then press ENTER to navigate to the root of the
command prompt.
cd \

bcdedit
4. What response did you get and why?
5. Close the command prompt.

6. Click the Start button.
7. Type cmd in the Search box. (Do not press ENTER this time.)
8. Right-click the CMD icon, and then select the Run as Administrator option.
9. Click Yes to acknowledge the UAC prompt. (The command prompt opens in the context of
the administrator.)
10. In the command prompt, type the following, and then press ENTER to navigate back to the root of
the command prompt.
cd \

bcdedit /enum all
12. Scroll up and down through the BCDEdit results and make a note of the following items:
What is the default boot menu timeout value?
What drive letter is the Microsoft Windows Vista installation located on?
Administering
Globalthis content.
TrainingContent
TechSherpas
What drive letter is the Windows 7 installation located on?
Where is the Windows Recovery Environment located?

bcdedit /v
Where is the Windows 7 entry really installed? (Look for the device entry.)
Task 2: Adjust the Boot Menu Timeout Value and Default Operating
System
In this task, you will adjust the Boot menu Timeout Value, as well as, the default
operating system.
bcdedit /set {bootmgr} timeout 10
2. Type the following then press ENTER.

bcdedit
Do you see the new value for the timeout listed?
Which operating system is listed with the identifier {current}?
Find and write the identifier for the Microsoft Windows Vista entry. (This is known as the GUID
value for the BCD entry. It is a very lengthy hexadecimal value.)
3. Type the following command using the GUID that you wrote down previously and press ENTER.
bcdedit /default {GUID}
(Replace GUID with the number you wrote down.)

4. Type the following then press ENTER.
bcdedit

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
5. Has Microsoft Windows Vista now become the default operating system?
Task 3: Create a New Diagnostic Boot Entry

In this task, you will create a new diagnostic boot entry.
bcdedit /copy {current} /d "Win7 SOS"
2. You should see a message that the entry was created successfully. Write the GUID value for the
new entry:
3. Type the following command using the GUID that you wrote down in the previous step, and then
press ENTER.
bcdedit /set {GUID} SOS Yes
(Replace GUID with the number you wrote down.)
Note
The SOS value directs the Windows boot process to display verbose
information during the boot process for diagnostics purposes. This
information can also be displayed by using the F8 key during the boot
sequence and using the Safe Mode options. The advantage of using
this switch is that nothing is disabled. It is just more informative.

bcdedit
5. Do you see the new Win7 SOS boot entry and the SOS value?
Task 4: Adjust the Boot Options Using the System Dialog

In this task, you will use the system dialog to adjust the boot options.
1. Click the Start button, right-click Computer, and then select Properties.
2. Click the Advanced System Settings link.
3. Click the Settings button located under Startup and Recovery.
Administering
Globalthis content.
TrainingContent
TechSherpas
4. Which operating system is currently listed as the default?
5. What is the current timeout value?
6. In the Default operating system drop-down list, select Windows 7.

7. Change the Time to display list of operating systems to 15 seconds.
8. Do you see any options to apply the diagnostic boot options?
9. Do you see any capabilities to create a new boot entry here?
10. Click OK to save your changes.

11. Click OK to close the System Properties dialog box.
12. Close the System window.
13. Which option for managing the timeout and boot options do you think is best for general use?
14. Which option is better for managing the more advanced boot features?
Task 5: Test the New Boot Option

In this task, you will test the new boot option that you just created.
1. Click the Start button, select the right arrow next to the Shutdown button, and then
choose Restart.
2. Wait for the system to restart. You should see the Boot menu with the new 15-second
countdown and the new Win7 SOS entry. Use the arrow keys to select the Win7 SOS
entry, and then press ENTER.
3. What is being displayed during the boot process?
L2-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
4. When you reach the Logon screen, log on as Student with a password of TrustM3.
5. Does it appear that there is anything different about the system since using the Win7 SOS
boot option?
Exercise 3: Using Windows Easy Transfer to Migrate a

Windows XP Profile to Windows 7
This exercise demonstrates how to use the Windows Easy Transfer Wizard over the network to
transfer personal user files from one system to another. The source machine could be Windows
XP, Windows Vista, or another Windows 7 machine. In this case, the source machine will be
Windows XP.
Task 1: Examine Windows XP on the India VM

In this task, you will examine Windows XP on the India VM.
1. Switch to the India VM. (Connect to the VM if you have not already done so.)
2. Log on as Administrator with a password of TrustM3.
3. Click Start, All Programs, and Tool+Utils.
4. Make a note of the programs that you see in the Tools+Utils group:
5. Click Start, My Documents.

6. Right-click in the blank window that opens, and then select the New, Text Document options.
7. Type File1.txt, press ENTER, and then press ENTER again to open the file in Notepad.
8. Type This is test file 1, save the document, and then close Notepad.
9. Repeat these steps to create File2.txt and File3.txt.
10. Close the My Documents window.

11. Right-click the desktop and select Properties.
12. Click the Desktop tab and select None for the background image.
13. Click the Appearance tab, choose Olive Green for the Color scheme, and then click OK.
Task 2: Prepare the Hotel VM for the Transfer

In this task, you will prepare the Hotel VM for the transfer of files from the India VM.
1. Switch to the Hotel VM and make sure you are booted into the Windows 7 operating system.
2. Click the Network icon in the lower right corner of the screen, and then select Open Network
and Sharing Center.
Administering
Globalthis content.
TrainingContent
TechSherpas
3. Click the Change Advanced Sharing Settings link.

4. Select the Turn on File and Printer Sharing option, and then click Save Changes.
6. Click the Windows Explorer icon on the taskbar, and then navigate to Computer,
Local Disk (D:).
7. Right-click Local Disk (D:) (or right-click a blank area in the right-window) and select the New,
Folder options.
8. Type Transfer for the folder name, and then press ENTER.
9. Right-click the Transfer folder and select Properties.
10. Click the Sharing tab, and then click the Advanced Sharing button.
11. Select the Share this Folder check box, and then click the Permissions button.
12. Select the Allow - Full Control check box, and then click OK.
13. Click OK again, and then click Close.
Task 3: Start Windows Easy Transfer Wizard on the Windows 7

Machine
In this task, you will start the Windows Easy Transfer wizard on the Windows 7 machine.
1. On the Hotel VM, click Start, All Programs, Accessories, System Tools, and Windows
Easy Transfer.
2. Click Next on the Welcome screen.
3. Click A Network.
4. Click This is My New Computer.
5. Click I need to Install it Now.

6. Click External Hard Disk or Shared Network Folder.
7. Browse to Computer, Local Disk (D:), and Transfer, and then click OK.
Task 4: Run Windows Easy Transfer Wizard on the Windows XP VM

In this task, you will run the Windows Easy Transfer wizard on the Windows XP VM.
1. Switch to the India VM.
2. Click Start, Run, type \\hotel-7\transfer, and then press ENTER. (It might take a few minutes for
a logon dialog box to appear.)
3. Type Student for the user name and TrustM3 for the password, and then click OK.
4. Open the WindowsEasyTransfer folder, and then open the x86 folder.
5. Double-click the MigSetup.exe file. (Be patient, it will take a few seconds for the system to verify
the integrity of the file.)
6. Click Run on the Open File warning dialog box.
L2-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Click A Network.
9. Click This is My Old Computer.
10. Write the Windows Easy Transfer Key that is displayed:
Task 5: Complete the Windows Easy Transfer Wizard on the

Windows 7 Machine
In this task, you will complete the Windows Easy Transfer wizard on the Windows 7 VM.
1. Switch to the Hotel VM.
2. Click Next on the Windows Easy Transfer screen.
3. Type the Windows Easy Transfer Key that you wrote in the previous task, and then click Next.
4. Wait for Windows Easy Transfer to connect to and scan the source computer.
5. Click the Customize link located under Shared Items, and then click the Advanced link.
6. Clear the Deploy folder check box.
7. Clear the Labs (D:) drive check box. (Make sure this item is now a gray box, not blue.)
8. Under the All Users folder, expand Start Menu, Programs, and Tools+Utils, and then select the
check boxes for:
BGInfo
CCleaner
9. Scroll down and expand C:\Program Files.
10. Select the check boxes for:
BGInfo
CCleaner
11. Click Save.
12. Make sure that your selections do not total over 20 to 30 MB of data to be transferred. If the data
is several hundred megabytes or gigabytes in size, go back to Customize your choices.
13. Click Transfer when you are done making changes.
14. When the transfer is complete, click See What Was Transferred.
15. View the details for the Transfer report and the Program report, and then close the Report window.
16. Close the Windows Easy Transfer window, and then click Restart Later.
17. Examine your system to see what has been transferred:
Did your File1, File2 and File3 documents transfer?
Administering
Globalthis content.
TrainingContent
TechSherpas
Did the Windows color scheme change to olive green?
Did the shortcuts under Tools+Utils transfer?
Do they work?
Note
The Windows Easy Transfer Wizard does not install programs for you.
It will only copy programs and their Start menu shortcuts if you select
them. This does not create registry entries or copy any special files
that may be needed in the Windows directory structure. Some
programs are fairly self-contained and will function if you select them
during the transfer. Other programs will fail to run unless they are
reinstalled manually on the new computer. WET is most concerned
with transferring your personal documents.
Exercise 4: Using Windows Easy Transfer to Migrate a Windows

Vista Profile to Windows 7
This exercise demonstrates the process of using the Windows Easy Transfer Wizard to and from
systems that either are not on a network together or are set up in a dual-boot with each other
(which is the case in our example).
Task 1: Examine Windows Vista on the Hotel VM

In this task, you will examine Windows Vista on the Hotel VM.
1. Switch to the Hotel VM.
2. Click the Start button, click the right arrow next to the Shutdown button, and then click Restart.
3. Choose Windows Vista from the boot menu.
5. Click Start, All Programs, and Tool+Utils.
L2-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
7. Click Start, Documents.

8. Right-click in the blank window that opens, and then select the New, Text Document options.
9. Type VistaFile1, press ENTER, and then press ENTER again to open the file in Notepad.
10. Type This is test file 1, save the document, and then close Notepad.
11. Repeat these steps to create VistaFile2 and VistaFile3.
12. Close the My Documents window.
14. Click the Desktop Background link, and then select Solid Colors in the Location drop-down list.
15. Choose the dark purple color swatch and click OK.
Task 2: Run the Windows Easy Transfer Wizard on the Vista

Machine
In this task, you will run the Windows Easy Transfer wizard on the Vista VM.
1. In the Windows Vista Hotel VM, click Start, type C:\transfer in the Search box, and then
press ENTER.
2. Open the WindowsEasyTransfer folder, and then open the amd64 folder.
3. Double-click the MigSetup file. (Be patient, it might take a few seconds for the system to verify
the integrity of the file.)
4. Click Run if an Open File warning dialog box appears.
6. Click An external hard disk or USB flash drive.

7. Click This is My Old Computer. (Wait for WET to scan your system.)
8. Click the Customize link located under Shared Items, and then click the Advanced link.
9. Clear the check boxes for the following folders:
PerfLogs
Transfer
vhd
Administering
Globalthis content.
TrainingContent
TechSherpas
10. Clear the Labs (D:) drive check box. (Make sure this item is now a gray box, not blue.)
11. Expand Users, Public.
12. Do you see any Start menu items?
13. Clear the check boxes for the following:

Public Music
Public Pictures
Recorded TV
Public Videos
14. Expand C:\Program Files (x86).
15. Select the check boxes for:

Defraggler
Notepad++
16. Click Save.
17. Make sure that your selections do not total over 20 to 30 MB of data to be transferred. If the data
is several hundred megabytes or gigabytes in size, go back to Customize your choices.
18. Click Next when you are done making changes.
19. Type TrustM3 for the password, confirm the password, and then click Save.
20. Browse to C:\Transfer, and then click Save.
21. Click Next when the transfer is complete.
22. Click Next again, and then click Close.

Machine
In this task, you will use the Windows Easy Transfer wizard on the Hotel VM.
1. In the Hotel VM, click the Start button, click the right arrow next to the Shutdown option, and
then select Restart.
2. Choose Windows 7 from the boot menu.
3. Log on as Student with a password of TrustM3.
4. Click the Windows Explorer icon on the taskbar, and then browse to Computer, Local Disk
(D:), and Transfer.
5. Double-click the Windows Easy Transfer - Items from old computer file.
6. Type TrustM3 for the password confirmation and then click Next.
7. Click the Transfer button to begin the transfer process.
8. When the transfer is complete, click See What Was Transferred.
L2-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
9. View the details for the Transfer report and the Program report, and then close the Report window.
10. Close the Windows Easy Transfer window, and then select Restart Later.
Did your VistaFile1, VistaFile2 and VistaFile3 documents transfer?
Did your background change to purple?
Did the Windows color scheme change to the Windows Vista scheme?
Note
The Windows Easy Transfer Wizard does not install programs for you.
It will only copy programs and their Start menu shortcuts if you select
them. This does not create registry entries or copy any special files
that may be needed in the Windows directory structure. Some
programs are fairly self-contained and will function if you select them
during the transfer. Other programs will fail to run unless they are
reinstalled manually on the new computer. WET is most concerned
with transferring your personal documents.
12. Once you have finished the transfer of data, shut down the Hotel VM and do not start it unless
called for in a later lab.
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Answer Key

Exercise 1: Installing Windows 7 on a Windows Vista Computer

Task 1: Explore the Upgrade Options for Windows 7
11. Does it appear that Windows Vista can be upgraded to Windows 7?
Yes.
12. What upgrade issues have been detected?
Answers will vary.
Exercise 2: Viewing and Editing the BCD Store

Task 1: View Contents of BCD Store
4. What response did you get and why?
Access is denied.
12. Scroll up and down through the BCDEdit results and make a note of the following items:
What is the default boot menu timeout value?
Answers will vary.
What drive letter is the Microsoft Windows Vista installation located on?
Answers will vary.
What drive letter is the Windows 7 installation located on?
Answers will vary.
Where is the Windows Recovery Environment located?
Answers will vary.
13. Where is the Windows 7 entry really installed? (Look for the device entry.)
Answers will vary.
L2-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Adjust the Boot Menu Timeout Value and Default Operating
System
2. Do you see the new value for the timeout listed?
Answers will vary.
Which operating system is listed with the identifier {current}?
Answers will vary.
Find and write the identifier for the Microsoft Windows Vista entry. (This is known as the GUID
value for the BCD entry. It is a very lengthy hexadecimal value.)
Answers will vary.
5. Has Microsoft Windows Vista now become the default operating system?
Answers will vary.
Task 3: Create a New Diagnostic Boot Entry

2. You should see a message that the entry was created successfully. Write the GUID value for the
new entry:
Answers will vary.
5. Do you see the new Win7 SOS boot entry and the SOS value?
Answers will vary.
Task 4: Adjust the Boot Options Using the System Dialog

4. Which operating system is currently listed as the default?
Answers will vary.
5. What is the current timeout value?
Answers will vary.
8. Do you see any options to apply the diagnostic boot options?
No.
9. Do you see any capabilities to create a new boot entry here?
No.
13. Which option for managing the timeout and boot options do you think is best for general use?
The System Properties dialog box.
14. Which option is better for managing the more advanced boot features?
BCDEdit.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 5: Test the New Boot Option

3. What is being displayed during the boot process?
A list of drivers and services being launched.
5. Does it appear that there is anything different about the system since using the Win7 SOS boot
option?
No.
Exercise 3: Using Windows Easy Transfer to Migrate a

Windows XP Profile to Windows 7
Task 1: Examine Windows XP on the India VM
Answers will vary.
Task 4: Run Windows Easy Transfer Wizard on the Windows XP VM

10. Write the Windows Easy Transfer Key that is displayed:
Answers will vary.
Task 5: Complete the Windows Easy Transfer Wizard on the

Windows 7 Machine
Did your File1, File2 and File3 documents transfer?
Answers will vary.
Did the Windows color scheme change to olive green?
Answers will vary.
Answers will vary.
Do they work?
Answers will vary.
L2-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 4: Using Windows Easy Transfer to Migrate a Windows

Vista Profile to Windows 7
Task 1: Examine Windows Vista on the Hotel VM
Answers will vary.
Task 2: Run the Windows Easy Transfer Wizard on the Vista

Machine
12. Do you see any Start menu items?
Answers will vary.

Machine
Did your VistaFile1, VistaFile2 and VistaFile3 documents transfer?
Answers will vary.
Did your background change to purple?
Answers will vary.
Did the Windows color scheme change to the Windows Vista scheme?
Answers will vary.
Answers will vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
L2-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L3
Lab 3: Configuring and Managing
Windows 7
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Manage user accounts and profiles with Control Panel and the Computer Management
Console
Configure Windows 7 system settings
Examine the Windows 7 Control Panel
Configure the Ease of Access Center settings
Manipulate file and folder settings
Configure searching and indexing properties
Lab Overview
In this lab, you will use tools and utilities such as the Computer Management Console, Ease of
Access Center, Device Manager, and Control Panel to configure desktop, folder, searching and
indexing and system settings.

Alpha (Windows 2008 R2)

Kilo (Windows 7)
Estimated Time Completion

1 hour

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
skipped any of the previous labs, you many need to configure those items now. You may skip
these tasks if you have already performed them.

1. From the desktop, open the LabVMs folder or shortcut. (Or, you may open Start, Administrative
Tools, and Hyper-V Manager if the shortcut is unavailable.)
final time.)
to rename the VM to Kilo inside the guest operating system.)

E:\LabFiles.
1. In the Virtual Machine Connection window for each VM, click Media, DVD Drive, and Insert
Disk. (This is a menu option at the top of the Virtual Machine Connection window.)

entire lab OU structure and all the required user accounts.
1. Log on to the Alpha VM as Administrator with a password of TrustM3.

2. Open Windows PowerShell.
4. Type the following to confirm, and then press ENTER to accept the change
Y

6. Click OK, and then click OK again.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 1: Working with User Accounts in Windows 7

In this exercise, you will create user accounts and work with user profiles.
Task 1: Create a User Account Using the Control Panel Wizard

In this task, you will create a user account using the Control Panel wizard.
1. Log on to the Kilo VM as Administrator with a password of TrustM3.
2. Click Start, Control Panel, User Accounts and Family Safety, and Add or Remove User
Accounts.
3. What user accounts do you see listed?
4. Click the Create a new account link.

5. Type Student for the account name, select the Administrator option, and then click the Create
Account button.
6. What critical piece of information did the account creation wizard not request?
7. Click the resulting Student account.

8. Click the Create a Password link.
9. Type TrustM3 in the New password and Confirm new password text boxes.
10. Type Standard Classroom Password for the password hint.
11. Click the Create Password button.
12. Click the Change the picture link.
13. Choose your favorite picture from the list of available pictures, and then click the Change
Picture button.
14. Close the Control Panel window.
Task 2: Create a User Account Using the Computer Management

Console
In this task, you will be able to create a user account using the Computer Management Console.
1. Click Start, and then type Computer in the Search box.
2. Select Computer Management from the search results.
3. Select Local Users and Groups, and then double-click Users.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
4. Which user accounts do you see?
5. Right-click Users, and then select the New User option.

6. Use the following information for the user account:
User name: Jane
Full name: Jane Doe
Description: Basic Student Account
Password: TrustM3
Confirm: TrustM3
7. Clear the User must change password at the next logon check box.
8. Click the Create button, and then click Close.

9. Which piece of information was not requested when you created the password?
10. Which kind of account have you created?
11. Double-click the Jane Doe user account.

12. Click the Member Of tab.
13. Which group is Jane Doe a member of?
14. Click Cancel.

15. Double-click the Student user account.
16. Click the Member Of tab.
17. What group is Student a member of?
18. Click Cancel.

19. Close the Computer Management Console window.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 3: Test the New User Accounts

In this task, you will test the accounts that you have previously created.
1. Click Start, click the right arrow next to Shut Down, and then select the Log off option.
2. What accounts do you see listed?
3. Click the Jane Doe user account, type TrustM3 for the password, and then press ENTER.
4. Once the desktop appears, right-click the desktop and select New, Text Document.
5. Type Jane Was Here for the file name, and then press ENTER.
6. Log off the Jane Doe user account.
7. Select the Student user account, type TrustM3 for the password, and then press ENTER.
8. Do you see Jane Does document?
9. Why?
Exercise 2: Exploring System Properties

In this exercise, you will examine and configure the settings of your Windows 7 system using the
Device Manager, Display Properties and System Properties tools.
Task 1: Use the System Properties Interface

In this task, you will use the System Properties interface to configure Windows 7.
3. What is the system rating of the Kilo VM?
4. Click the System rating is not available link.

5. Click the Rate this computer button.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
6. What is the error message you receive?
7. What is the reason that the Windows Experience Index cannot be computed?
8. Click Close.
9. Click the back arrow in the System window to return to the previous screen.
10. Click the Advanced system settings link.
11. List the tabs that are available in the System Properties dialog box:
12. Which tab would you use to join a domain?
13. Which tab would you use to enable Remote Desktop?
14. Click Cancel to exit the System Properties dialog box.

15. Click the links in the System window, such as the Device Manager, Remote Settings and
System Protection links.
16. What dialog box appears when you click the Remote Settings and System Protection links?
17. If you have the System Properties dialog box open, click Cancel to close it.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 2: Use the Device Manager

In this task, you will use the Device Manager to explore the systems hardware devices.
1. In the System window, click the Device Manager link.
2. Right-click the computer name in the upper left corner.
3. What options are available on the context menu?
4. Select the Add Legacy Hardware option.

5. Click Next.
6. Select Install the hardware that I manually select from a list, and then click Next.
7. Select Network Adapters from the list of hardware types, and then click Next.
8. Select Microsoft from the list of manufacturers, select Microsoft Loopback Adapter from the
list of network adapters, and then click Next.
9. Click Next to install the device, and then click Finish.
10. Take a few moments to explore some of the hardware that is available in the Device Manager.
11. When you finish exploring, expand Network Adapters, right-click Microsoft Loopback
Adapter, and then select Properties.
12. Click the Advanced tab and examine some of the hardware characteristics you can modify for
this device.
13. Click the Driver tab.
14. List some of the driver options that are available:
15. Click the Disable button, and then click Yes.

16. Click OK.
17. How does the Microsoft Loopback Adapter now appear in the Device Manager?
18. Close the Device Manager window.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 3: Change Your Display Settings

In this task, you will change your display settings in Windows 7.
1. In the Kilo VM, close any open windows.
2. Right-click the desktop and select the Screen Resolution option.
3. Click the Resolution drop-down list.

4. Slide the resolution slider to 800 600. (You can go higher if you do not mind having scroll bars
in the VM or if you are using a monitor that supports a resolution of 1280 1024 or higher.)
5. Click the Advanced Settings link.
6. Which type of video card does Windows 7 think is installed?
7. How much graphics memory is available?
8. Click the List All Modes button.

9. Notice that 640 480 is an option on this list.
10. Click Cancel.
11. Click the Monitor tab.
12. What kind of monitor is listed?
13. What color depth can you choose?
14. Click Cancel.

15. Click OK in the Screen Resolution window.
16. Click the Keep Changes button, if prompted.
Task 4: Adjust the Clear Type Text

In this task, you will modify the Clear Type Text settings of Windows 7.
1. In the Kilo VM, right-click the desktop and select the Personalize option.
2. Click the Display link under See Also.
3. Click the Adjust ClearType text link.
4. Make sure the Turn on ClearType check box is selected, and then click Next.
Administering
Globalthis content.
TrainingContent
TechSherpas
5. Choose the text that you prefer on screen 1 of 4, and then click Next.
6. Choose the text that you prefer on screen 2 of 4, and then click Next
7. Choose the text that you prefer on screen 3 of 4, and then click Next.
8. Choose the text that you prefer on screen 4 of 4, and then click Finish.
Exercise 3: Navigating the Control Panel

In this exercise, you will examine Windows 7 Control Panel.
Task 1: Navigate Control Panel

In this task, you will navigate Windows 7 Control Panel.
2. Click Start, Control Panel.
3. Which Control Panel categories do you currently see?
4. How is this different from Windows XP?
5. Click the Category drop-down list and select Small icons.

6. Does this look more like the Windows XP view of Control Panel?
7. Switch back to the Category view.
L3-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Click System and Security.

9. What items do you see in the System and Security category?
10. Click the back arrow in the System and Security window to return to the previous window.
11. Browse through some of the other Control Panel categories, but do not make any changes.
12. When you have finished exploring, close Control Panel and all other open windows.
Task 2: Create the Master Control Panel Shortcut

In this task, you will create a shortcut to the Master Control Panel view.
1. Right-click the desktop and select the New, Shortcut options.
2. Type the following for the shortcut, and then click Next.
explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}
3. Type Master Control Panel for the shortcut name, and then click the Finish button.
4. Double-click the Master Control Panel shortcut.
5. Scroll through the Control Panel items in the right window and notice the detailed listing of all the
Control Panel items and subitems.
6. Close the window when you finish.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 4: Using the Ease of Access Center

In this exercise, you will configure the Ease of Access Center settings.
Task 1: Use the Magnifier

The Magnifier is a useful tool when trying to view small text on a high-resolution monitor even
for those who do not have vision impairment. Be aware that using the Magnifier over a remote
desktop connection can be slow due to on-screen movement generating rapid screen updates. In
this task, you will use the Magnifier to zoom in on specific areas of the screen.

2. Click Start.
3. Click Control Panel, Ease of Access, and Ease of Access Center.
4. What are the four main components of the Ease of Access Center?
5. Click Start Magnifier.

6. Click the Magnifying glass icon.
7. Click the + (plus) sign to increase the magnification to 300%.
8. Click the (minus) sign to decrease the magnification to 200%.
9. What are the choices under the Views drop-down list?
10. Click the Magnifier Options icon. (It looks like a gear or sprocket.)
11. What does the Color Inversion option do?
L3-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
12. Can you fine-tune the Magnifier to follow keyboard inputs versus mouse movements?
13. Close the Magnifier Options dialog box by clicking the red X.
14. Close the Magnifier by clicking the red X in the Magnifier Option window.
Task 2: Use the On-Screen Keyboard

The on-screen keyboard can be useful in situations where a physical keyboard is unavailable, such
as when using a tablet computer. In this task, you will use the on-screen keyboard.
1. Click Start, On Screen Keyboard.
2. Minimize the Ease of Access Center.
3. Click Start, type Notepad in the Search box, and then click the Notepad option to start the
Notepad program.
4. Type your address on the Notepad document using the on-screen keyboard.
5. What do you notice about the key entry process? Does the keyboard suggest to you the word that
you are typing?
6. Save the document to your desktop.

7. Close the On-Screen Keyboard window.
8. Go back to the Ease of Access Center and explore some of the other options that are available.
9. Close Control Panel when you finish.
Exercise 5: Configuring File and Folder Options

In this exercise, you will manipulate file and folder options.
Task 1: Customize Folder Options

In this task, you will customize the folder options to change the display of files in Windows
Explorer.
2. Click Start, Control Panel, Appearance and Personalization, and Folder Options.
3. Click the View tab.
4. Clear the Hide extensions for known file types option, and then click OK.
Administering
Globalthis content.
TrainingContent
TechSherpas
5. Click the Windows Explorer icon on the taskbar.

6. Navigate to C:\Windows and scroll through the list of available files.
7. Did the folder option configurations work? Which file extensions do you see?
8. Click the Organize drop-down list in the upper-left corner, and then select Folder and Search
Options.
9. Does this appear to be the same Folder Options dialog box that you accessed from Control Panel?
10. Click Cancel, and then close all open windows.
Exercise 6: Configuring Search Properties

Task 1: Configure Search Properties
In this task, you will configure the Search and Index options in Windows 7.

2. Click Start.
3. Type Search in the Search box.
4. Choose Indexing options from the search results.

5. What is being indexed by default?
6. Click the Modify button.

7. Click the Show all locations button if it is not disabled.
8. Select the Local Disk (C:) check box under Change Selected Locations, and then click OK.
9. Click the Advanced button in the Indexing Options box.
10. Are Encrypted files indexed by default?
L3-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
11. Why do you think that encrypted files are configured the way they are by default?
12. What is the default location of the search index?
13. Can you change the location?
14. Click the File Types tab.

15. Scroll through the list of file types that are indexed.
16. Are executables indexed by default?
17. Click in the text box under Add new extension to list to add a custom file extension to index.
18. Type .WIN7. (Hint: Remember the period before WIN7 [.WIN7].)
19. Click the Add button.
20. What did the configuration do?
21. Click OK.

22. Click Close.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 2: Create a Custom Search

In this task, you will create and save a custom search that can be reused at any time.
1. Click the Windows Explorer icon on the task bar.
2. Press WIN+F.
Note
If the Windows key plus F key combination does not open the Search
feature in the VM, go to View, Full Screen Mode on the menu bar in
the Virtual Machine Connection window for the Windows keystrokes to
work. To exit Full Screen mode, use the Restore Down button on the
tab at the top of the screen.
3. Type .jpg in the Search box at the top right of the window.
4. Let the search run for several seconds.

5. Click Save search on the menu bar above the search results.
6. What is the default location of your custom searches?
7. Type Web Graphics, and then click Save.

8. Close all windows to return to the Windows 7 desktop.
9. Click Start.
10. Type Searches in the Search box.
11. Do you see the search that you previously configured and saved?
12. Click your Web Graphics search in the search results.

13. Right-click Lighthouse.jpg.
14. Select Properties.
15. Write the full path to the Lighthouse image.
16. Navigate to the path you wrote down for the Lighthouse image.
L3-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
17. Delete the image to the Recycle Bin.

18. Close the Sample Pictures window.
19. Navigate back to your Web Graphics custom search.
20 Open your Web Graphics custom search.

21. Does the Lighthouse image show up on the list?
22. What does this tell you about the Windows 7 custom searches?
23. Are custom searches dynamic or static?
24. Navigate back to the Sample Pictures location. Choose another image and move it to a new
location. Navigate to your custom search and see if the picture is still there. If it is, have the
properties of the image changed?
25. What service drives the Windows 7 search functionality?
Administering
Globalthis content.
TrainingContent
TechSherpas
L3-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Working with User Accounts in Windows 7

Task 1: Create a User Account Using the Control Panel Wizards
3. What user accounts do you see listed?
Administrator and Guest
6. What critical piece of information did the account creation wizard not request?
It did not ask you for a password.
Task 2: Create a User Account Using the Computer Management

Console
4. Which user accounts do you see?
Administrator, Guest, and Student
9. Which piece of information was not requested when you created the password?
You were not asked for group membership.
10. Which kind of account have you created?
A basic user account.
13. Which group is Jane Doe a member of?
Users.
17. What group is Student a member of?
Administrators and Users.
Task 3: Test the New User Accounts

2. What accounts do you see listed?
Administrator, Jane Doe, and Student
8. Do you see Jane Does document?
No.
9. Why?
The Student account is a different account with a separate desktop.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 2: Exploring System Properties

Task 1: Use the System Properties Interface
3. What is the system rating of the Kilo VM?
Answers will vary.
6. What is the error message you receive?
The Windows Experience Index for your system could not be computed. Unable to run an
assessment inside a virtual machine.
7. What is the reason that the Windows Experience Index cannot be computed?
The system is a virtual machine and does not have direct access to the hardware.
11. List the tabs that are available in the System Properties dialog box:
Computer Name, Hardware, Advanced, System Properties, and Remote
12. Which tab would you use to join a domain?
The Computer Name tab
13. Which tab would you use to enable Remote Desktop?
The Remote tab
16. What dialog box appears when you click the Remote Settings and System Protection links?
The System Properties dialog box
Task 2: Use the Device Manager

3. What options are available on the context menu?
Scan for Hardware Changes and Add Legacy Hardware
14. List some of the driver options that are available:
Driver Details, Update Driver, and Disable and Uninstall
17. How does the Microsoft Loopback Adapter now appear in the Device Manager?
A down-arrow appears next to the icon.
Task 3: Change Your Display Settings

6. Which type of video card does Windows 7 think is installed?
Microsoft Virtual Machine Bus Video Device
7. How much graphics memory is available?
4 MB
12. What kind of monitor is listed?
The Default Monitor
13. What color depth can you choose?
You can only choose High Color (16-bit).
L3-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 3: Navigating the Control Panel

Task 1: Navigate Control Panel
3. Which Control Panel categories do you currently see?
System and Security
Network and Internet
Hardware and Sound
Programs
User Accounts and Family Safety
Appearance and Personalization
Clock, Language and Region
Ease of Access
4. How is this different from Windows XP?
Windows XP lists all of the Control Panel items individually.
6. Does this look more like the Windows XP view of Control Panel?
Yes.
9. What items do you see in the System and Security category?
Action Center
Windows Firewall
System
Windows Update
Power Options
Backup and Restore
BitLocker Drive Encryption
Administrative Tools
Exercise 4: Using the Ease of Access Center

Task 1: Use the Magnifier
4. What are the four main components of the Ease of Access Center?
Start Magnifier
Start On-Screen Keyboard
Start Narrator
Set up High Contrast.
9. What are the choices under the Views drop-down list?
Full Screen
Lens
Docked
Preview Full Screen
Administering
Globalthis content.
TrainingContent
TechSherpas
11. What does the Color Inversion option do?

It makes the background in the Magnifier dark and the text light.
12. Can you fine-tune the Magnifier to follow keyboard inputs versus mouse movements?
Yes.
Task 2: Use the On-Screen Keyboard

5. What do you notice about the key entry process? Does the keyboard suggest to you the word that
you are typing?
Yes, the keyboard suggests close matches to the words as you type them.
Exercise 5: Configuring File and Folder Options

Task 1: Customize Folder Options
7. Did the folder option configurations work? Which file extensions do you see?
Yes, you now see .exe and .dll files, as well as many other types.
9. Does this appear to be the same Folder Options dialog box that you accessed from Control Panel?
Yes.
Exercise 6: Configuring Search Properties

Task 1: Configure Search Properties
5. What is being indexed by default?
Offline Files, Start Menu, and Users
10. Are Encrypted files indexed by default?
No.
11. Why do you think that encrypted files are configured the way they are by default?
The index database is NOT encrypted and may contain indexed items from the encrypted
file that you do not want divulged.
12. What is the default location of the search index?
The path should be: C:\Program Data\Microsoft
13. Can you change the location?
Yes.
16. Are executables indexed by default?
Yes. (They are listed as .exe files.)
20. What did the configuration do?
The new extension now appears on the list.
L3-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Create a Custom Search

6. What is the default location of your custom searches?
The default location is in the Searches folder.
11. Do you see the search that you previously configured and saved?
You should now see it listed in the results list.
15. Write the full path to the Lighthouse image.
The path should be: C:\Users\Public\Pictures\Sample Pictures.
21. Does the Lighthouse image show up on the list?
No.
22. What does this tell you about the Windows 7 custom searches?
Answers will vary.
23. Are custom searches dynamic or static?
Custom searches are dynamic and will refresh when changes occur.
24. Navigate back to the Sample Pictures location. Choose another image and move it to a new
location. Navigate to your custom search and see if the picture is still there. If it is, have the
properties of the image changed?
If you move an image, it should stay in the index, but the new location is reflected in its
properties.
25. What service drives the Windows 7 search functionality?
Windows Search (also known as the Indexing Service).
Administering
Globalthis content.
TrainingContent
TechSherpas
L3-24
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L4
Lab 4: Customizing the Windows 7
User Interface
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Customize the Windows 7 user interface

Explore the features of Windows Aero on a virtual machine
Explore the features of Windows Aero on a local machine (Bonus)
Lab Overview
In this lab, you will explore the customization options that are available in the Windows 7
operating system. You will also preview the Windows Aero features that are available in the
virtual machine environment.
Lab Virtual Machines


Kilo (Windows 7)

45 minutes

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
skipped any of the previous labs, you may need to configure those items now. You can skip any of
these tasks if you have already performed them.
Task 1: Start VMs

1. From the desktop, open the LabVMs folder or shortcut. If the shortcut is not available, click
Start, Administrative Tools, and Hyper-V Manager.
NOT LOGON right away. The Alpha VM runs several scripts in the background at startup
final time.)

E:\LabFiles.


Y
Administering
Globalthis content.
TrainingContent
TechSherpas


7. Close Windows PowerShell.
Exercise 1: Customizing the Desktop Environment

In this exercise, you will change and personalize the Windows 7 desktop settings.
Task 1: Personalize Desktop Settings

In this task, you will modify the desktop personalization settings in Windows 7.
1. Start the Kilo VM and log on as Administrator with a password of TrustM3.
3. Click the Change Desktop Icons link on the left side of the window.
4. Select the Computer, User's Files, Network, and Control Panel check boxes, and then click
OK. (The Recycle Bin should already be selected.)
5. To see the icons, click the Show Desktop bar in the right corner of the Windows 7 taskbar.
6. Click the Show Desktop bar again to bring the Personalization window back up.
7. Click the Change Mouse Pointers link.
8. In the drop-down list under Scheme, select Windows Black (system scheme).
9. Click OK to return to the Personalization window.
10. In the Themes section of the Personalization window, scroll down to Basic and High Contrast
Themes and select the High Contrast #1 theme.
11. Navigate around the interface a bit with the new theme selected.
12. Notice how this theme can be useful for those with vision issues and to reduce bandwidth usage
over RDP connections.
13. Select the Windows Classic theme.
14. What operating system does this remind you of?
15. Next, select the Windows 7 Basic theme.

16. Click the Desktop Background link.
17. Click the Picture Location drop-down list.
18. Select Solid Colors.
19. Select the Black background color, and then click the Save Changes button.
20. Click the Screen Saver link.
21. Click the drop-down list under Screen Saver.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
22. Select Blank for the screen saver.

23. Change the Wait value to 30 minutes.
24. Leave the On resume, display logon screen check box clear, and then click OK.
Note
In a production environment, we normally would secure the screen
saver. Here, we are leaving the screen lock off for simplicity.
Task 2: Customize the Taskbar

In this task, you will customize the taskbar interface.
1. Right-click the taskbar and select Properties.

2. Clear the Lock the taskbar check box.
3. Click the Start Menu tab.
4. Select Log off from the Power button action drop-down list.
5. Click the Customize button.
6. Scroll down and select the Run command check box.
7. Select the Display on the All Programs menu and the Start menu option under System
administrative tools.
9. Drag the taskbar to the top of your screen.
10. See if you can drag the taskbar anywhere else, and then drag it back to the bottom of your screen.
11. Click Start.
12. Do you see the Run option?
13. Do you see the Administrative Tools option?
14. Click Start, All Programs, and Accessories.

15. Right-click the Command Prompt, and select the Pin to Taskbar option.
16. Drag the Command Prompt icon on the taskbar so that it is next to the Start button.
17. Click the Command Prompt icon on the taskbar to open the window.
Administering
Globalthis content.
TrainingContent
TechSherpas
18. Right-click the Command Prompt icon on the taskbar and select the Command Prompt option.
(A second copy of the Command Prompt should open.)
19. Right-click the Command Prompt icon on the taskbar and select the Close all windows option.
Task 3: Use Desktop Gadgets

In this task, you will examine the Desktop Gadgets feature of Windows 7.
1. Right-click the desktop and select the Gadgets option.
2. Double-click the Clock, and then double-click the CPU Meter.
3. Close the Gadgets window.
4. Right-click the Clock and select Options.
5. Use the left and right arrows to select the clock you want to display, and then click OK. (Do NOT
show the second hand.)
6. Right-click the CPU Meter and select the Close gadget option.
Task 4: Optimize Display Settings

In this task, you will optimize the display settings for the best possible remote performance.

2. Click the Advanced system settings link.
3. Click the Settings button under Performance.
4. Select the Adjust for Best Performance option.
5. Select the Use visual styles on windows and buttons check box, and then click OK. (This should
now be the ONLY item selected.)
6. Navigate around the Windows interface and you should notice that it is a bit more responsive
than before.
Exercise 2: Exploring the Aero Features in the VM

In this exercise, you will explore the limited Windows 7 Aero features that are available in the
virtual machine environment.
Task 1: Use Aero Snap

In this task, you will examine the Aero Snap feature of Windows 7.
2. Open the Command Prompt, Windows Explorer, and Notepad.
3. Drag the Command Prompt window to the left until your mouse reaches the edge of the screen
and let go.
4. Did the Command Prompt resize itself to occupy half of the screen?

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
5. Drag the Windows Explorer window to the right until your mouse reaches the edge of the screen
and let go.
6. You should now have the Command Prompt and Windows Explorer side by side.
7. Click the Notepad icon on the taskbar.
8. Grab the title bar of Notepad and shake it rapidly back and forth.
9. Did anything happen?
Note
Sometimes the Aero Shake feature will not function in a VM session
due to the timing of the mouse movements.
10. Close the open programs.
Exercise 3: *BONUS LAB* Exploring the Aero Features on the

Local Machine
This exercise can only be completed on the local machine if it is running Windows 7.
Alternatively, you could perform these steps on your own personal Windows 7 machine if you are
comfortable doing so. Perform these steps at your own risk!
Task 1: Explore Aero Themes

In this task, you will explore the Aero Themes that are available.
1. Make sure you are performing these steps on the local machine or on your personal machine.
2. Right-click the desktop and choose the Personalize option.
3. In the Themes section of the Personalization window, scroll down and select the Windows
Classic theme. Notice how the themes are adjusted.
Note
When Classic is chosen, the appearance is as close to an older
desktop as allowed with the new Windows 7 system.
Administering
Globalthis content.
TrainingContent
TechSherpas
4. Is Aero functioning now?
5. Click Start.
6. Right-click Computer.
8. Click the Advanced systems setting link, if necessary. (You should be on the Advanced tab, if
not, then click the Advanced tab.)
10. Click the Adjust for best performance option, and then click OK twice.
11. How much memory is now being used by the Windows 7 system? How can you find out?
12. Navigate to the Task Manager by right-clicking the taskbar and selecting the Start Task
Manager option.
13. Click the Performance tab.
14. How much memory is being used?
15. Right-click the desktop and choose the Personalize option.

16. Click an Aero theme (for example, Nature).
17. Did you notice the windows become transparent?
18. Is Aero working?
19. Click Start.

20. Right-click Computer, and select Properties.
21. Click the Advanced systems setting link, if necessary. (You should be on the Advanced tab, if
not, then click the Advanced tab.)

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
23. Click the Adjust for best appearance option, and then click OK twice.
24. Open the Task Manager, if necessary.
26. How much memory is being used now?
27. At rest, how much memory did Windows Aero capture from your idle memory pool?
Task 2: Change the Aero Features

In this task, you will work with some of the Aero features to see the visual effects.
1. Open a few programs like Notepad, WordPad and Windows Explorer first.
2. Open Control Panel, Computer, Games, and Music.
3. Minimize the windows to the Windows 7 taskbar.
4. Press WIN+TAB on your keyboard. What do you notice? (This is the Aero Flip 3D feature.)
5. Scroll through the minimized windows by pressing WIN+TAB. Let go of the TAB key on a
specific window while still pressing the WIN key. What happens?
6. Close all the windows except for the Computer and Games windows.
7. Have you ever tried to adjust two windows together on the same desktop? This can be very
tedious. Drag the Computer window to the far left until your mouse reaches the edge of the screen
to see if Aero Snap can help.
8. What happens?
Administering
Globalthis content.
TrainingContent
TechSherpas
9. Now drag the Games window to the right left until your mouse reaches the edge of the screen.
Does it snap into position?
10. Close the Games window.

11. Drag the Computer window directly up to the top of the desktop. Does it snap there?
12. Open Computer, Games, and Music to view another new Aero feature.
13. Position your mouse pointer in the transparent bar of the Games window.
14. With the left mouse button, drag the window back and forth as fast as you can.
15. What happens?
16. Try it again with the same window. What happens when you shake the window again?
17. Open up five or six windows to view the Aero Peek feature.
18. Shake one window to minimize the rest.
19. Now minimize the last open window.
20. Press ALT+TAB on your keyboard.
21. What does this do?
L4-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
22. We have seen this for other versions of Windows, but what happens when you pause on one of the
minimized windows?
23. Windows Aero Peek gives a preview of the maximized window so it is easier to see. Shake a
window to close all other windows, and then close the last one again.
24. Use Windows Aero Snap to snap a window to the left and to the right. Remember how to snap?
25. Find the Show Desktop button on the new Windows 7 taskbar.
26. The Show Desktop button has moved and changed. Look to the right of the Windows 7 clock.
That rectangle is the Windows Peek button. Move your mouse pointer over the button and you
will see a preview of the desktop.
27. Click the Windows Peek button to see the dual function of this button; it acts like the old Show
Desktop button.
28. Right-click the Start button and select Properties to turn the Windows Aero Peek feature off.
29. Click the Taskbar tab.
30. Which options should you clear to turn the Windows Aero Peek feature off?
31. Minimize all windows.

32. Hold your mouse pointer over the Library icon within the Windows taskbar. (Hint: It looks like a
bunch of folders.)
33. What Aero technology is represented?
34. Did you also move the mouse in the Film strip of the minimized windows? If so, what happened?
35. Right-click the Library icon on the taskbar and select the Close all windows option.
Administering
Globalthis content.
TrainingContent
TechSherpas
L4-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Customizing the Desktop Environment

Task 1: Personalize Desktop Settings
14. What operating system does this remind you of?
This should be similar to the Windows Server 2008 scheme and is reminiscent of
Windows 2000.
Task 2: Customize the Taskbar

12. Do you see the Run option?
Yes, you should see the Run option.
13. Do you see the Administrative Tools option?
Yes, you should see the Administrative Tools option.
Exercise 2: Exploring the Aero Features in the VM

Task 1: Use Aero Snap
4. Did the Command Prompt resize itself to occupy half of the screen?
Yes.
9. Did anything happen?
Shaking the application back and forth should minimize all other running applications.
Exercise 3: *BONUS LAB* Exploring the Aero Features on the

Local Machine
Task 1: Explore Aero Themes
4. Is Aero functioning now?
No.
11. How much memory is now being used by the Windows 7 system? How can you find out?
Answers will vary. Using the Task Manager will help to find out how much memory is now
being used.
14. How much memory is being used?
Answers will vary.
17. Did you notice the windows become transparent?
Yes.
Administering
Globalthis content.
TrainingContent
TechSherpas
18. Is Aero working?

Yes.
26. How much memory is being used now?
Answers will vary.
27. At rest, how much memory did Windows Aero capture from your idle memory pool?
Answers will vary.
Task 2: Change the Aero Features

4. Press WIN+TAB on your keyboard. What do you notice? (This is the Aero Flip 3D feature.)
Aero Flip 3D appears.
5. Scroll through the minimized windows by pressing WIN+TAB. Let go of the TAB key on a
specific window while still pressing the WIN key. What happens?
The selected window is brought to the foreground.
8. What happens?
The window resizes to be full height and half of the screen width.
9. Now drag the Games window to the right left until your mouse reaches the edge of the screen.
Does it snap into position?
Yes.
11. Drag the Computer window directly up to the top of the desktop. Does it snap there?
Yes.
15. What happens?
The screen becomes full-screen size.
16. Try it again with the same window. What happens when you shake the window again?
The windows that were minimized will go back to their original locations.
21. What does this do?
It provides a list of thumbnail previews of the running applications.
22. We have seen this for other versions of Windows, but what happens when you pause on one of the
minimized windows?
The other windows become transparent.
30. Which options should you clear to turn the Windows Aero Peek feature off?
Use Aero Peek to Preview the Desktop.
33. What Aero technology is represented?
Aero Peek
34. Did you also move the mouse in the Film strip of the minimized windows? If so, what happened?
Each window is temporarily brought to the foreground as the windows become transparent.
L4-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L5
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Use a workgroup environment

Create and configure a Windows 7 HomeGroup
Manage Windows 7 libraries
Lab Overview
In this lab, you will examine the options for using Windows 7 in a workgroup environment. You
will then compare the workgroup functionality to the new Windows 7 HomeGroup feature.
Finally, you will use the Windows 7 library feature to consolidate access to frequently used files.

Alpha (Windows Server 2008 R2).

Kilo (Windows 7)
Lima (Windows 7)

1 hour

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites

In this task, you will start the Virtual Machines that are required for this lab.
1. From the desktop, open the LabVMs folder or shortcut. (If this shortcut is unavailable, click
final time.)

E:\LabFiles.


Y

Administering
Globalthis content.
TrainingContent
TechSherpas

Exercise 1: Launching the Lima Windows 7 VM

In this exercise, you will start and configure the Lima VM, a sysprepped Windows 7 operating
system.
Task 1: Start the VM

In this task, you will start and configure the Lima VM so that it can be used in this and future labs.
1. From the remote environment desktop, double-click the LabVMs shortcut. (If the shortcut is not
available, click Start, Administrative Tools, and Hyper-V Manager.)
2. Double-click the Lima VM to open the Virtual Machine Connection window. Click the Start
button on the icon bar to boot the Lima VM. (Sysprep should run. Eventually, you see a logon
prompt. Wait one to two minutes before logging on. A script runs in the background and it
performs several configuration steps and reboots the Lima VM. If the Lima VM does not reboot
within a few minutes, proceed with the logon.)
Note
Ignore any Windows Activation warning messages. They will
disappear after the logon.
Note
A Network Location dialog box may pop up at some point. If it does,
click Work Network, and then click Close.

In this task, you will change the name of the Lima VM inside the operating system.
2. Click the Change Settings link, and then click the Change button in the System Properties
dialog box.
3. Type Lima in the Computer name text box, and then click OK.
4. Click OK again on the restart message.
5. Click Close to exit the System Properties dialog box, and then click Restart Now.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 2: Using a Workgroup Environment

In this exercise, you will use the standard workgroup environment to share files and folders.
Task 1: Configure the Workgroup Name

In this task, you will configure the name of the workgroup for the Lima and Kilo VMs.
1. Log on to the Lima and Kilo Windows 7 VMs as Administrator with a password of TrustM3.
4. Click the Change Settings link.
5. Click the Change button in the System Properties dialog box.
6. What is the current workgroup name?
7. Type LABGROUP for the workgroup name, and then click OK.
8. Click OK in the Welcome to the LABGROUP dialog box.
9. Click OK in the restart message.

10. Click Close, and then click the Restart Now button.
11. Wait for the Kilo VM to reboot.
13. Switch to the Lima VM.
15. Click the Change Settings link.

16. Click the Change button in the System Properties dialog box.
18. Type LABGROUP for the workgroup name, and then click OK.
19. Click OK in the Welcome to the LABGROUP dialog box.
20. Click OK on the restart message.
21. Click Close, and then click the Restart Now button.
22. Wait for the Lima VM to reboot.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 2: Create a Shared Directory

In this task, you will create and share a directory for the Kilo VM and Lima VM to access over the
network.
1. Log on to the Lima VM as Administrator with a password of TrustM3.
2. Open Windows Explorer from the taskbar.
3. Navigate to C root folder.
4. Right-click the C drive in the left section of the window, and then select the New, Folder options.
5. Type MarketingData for the folder name, and then press ENTER.
6. Right-click the MarketingData folder, and then select the Share With, Specific People options.
7. In the drop-down list, select Everyone, and then click the Add button.
8. In the Read drop-down list, select Read/Write for the Everyone entry.
9. Click the Share button.
10. If you are prompted to turn on network discovery and file sharing, click the Yes option.
11. Click the Done button.
13. Click Start, Control Panel, User Accounts and Family Safety, and Add or Remove
User Accounts.
14. Do you see a Student account?
15. If you do not see the account, create a new account called Student now. Make the Student account
an Administrator and give it a password of TrustM3.
16. Log off the Kilo VM.
Task 3: Connect to the Shared Resource

In this task, you will connect to the shared directory on the Lima VM.
1. Log on to the Kilo VM as Student with a password of TrustM3.

3. In the left section of the window, click Network.
4. If you see the File Sharing is Turned Off message at the top of the window, click the message
bar and select Turn on Network Discovery and File Sharing.
5. Click Yes, turn on network discovery and file sharing for all public networks.
6. Wait while the network listing refreshes.
7. If it does not refresh, right-click in the blank window, and then select the Refresh option.
8. Double-click Lima when it appears.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
9. Why are you prompted for credentials?
10. Type Student with a password of TrustM3.

11. Do those credentials work?
12. Type Administrator with a password of TrustM3.

14. Open the MarketingData folder.

15. Right-click in the empty folder and select New, Text Document.
16. Type ACME Market Data for the document name, and then press ENTER.
17. Did you ever see the workgroup name LABGROUP appear in the network listing anywhere?
18. Does the workgroup name appear to have any security purpose?
Exercise 3: Creating and Configuring Windows 7 HomeGroups

In this exercise, you will create a Windows 7 HomeGroup and connect additional machines to the
HomeGroup.
Task 1: Create and Configure a Windows 7 HomeGroup

In this task, you will create a Windows 7 HomeGroup.
1. Log on to the Lima VM as the Administrator account with a password of TrustM3.
2. Switch to the Kilo VM and log on as student with a password of TrustM3.
3. Select Work if you are prompted to choose a network type.
4. Click the Start button.
5. Type Fire in the Search box.
6. Click Windows Firewall from the search results.
7. Click the Turn Windows Firewall on or off link.
Administering
Globalthis content.
TrainingContent
TechSherpas
8. Click the Turn off Windows Firewall (Not Recommended) option for both the Home and Public
networks, and then click OK.
9. On the Lima VM, repeat the steps to disable the firewall.
10. Switch back to the Kilo VM and click the Start button.
11. Type HomeGroup in the Search box, and then press ENTER.
12. If a yellow warning appears on the HomeGroup page, click the What is a network location link.
(If the warning does not appear, click the Create a homegroup button.)
13. Click Home Network for your network type.
14. Select all check boxes on the Create a Homegroup page, and then click Next.
15. Write your HomeGroup password here: (Please remember that this password is case sensitive.)
16. Can the HomeGroup password be retrieved if it is lost?
17. Highlight the HomeGroup password, right-click it, and then select the Copy option.
18. Click the Finish button.
19. Click Start , type Sticky in the Search box, and then press ENTER.
20. Right-click in the sticky note and select the Paste option.
21. Is this a wise security practice in the real world?
22. Select the Stream my pictures, music, and videos to all devices on my network check box in
the HomeGroup Settings window, and then click the Save Changes button.
24. Click Start, type HomeGroup in the Search box, and then press ENTER.
25. If a yellow warning appears on the HomeGroup page, click the What is a network location link.
(If the warning does not appear, click the Join Now button.)
26. Click Home Network for your network type.
27. Select all of the check boxes on the Share with other home computers running Windows page.
28. Click Next, type the HomeGroup password that you wrote previously. (Or look at the sticky note
on the Kilo VM.)
29. Click Next.
30. Click the Finish button on the You have joined the HomeGroup page.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
31. Click the Stream my pictures, music, and videos to all devices on my network check box in the
HomeGroup Settings window, and then click the Save Changes button.
32. Close all windows.
33. Open Windows Explorer from the taskbar and navigate to the C root folder.
34. Right-click the C drive in the left section of the window, and then select the New, Folder options.
35. Type SouthEastData for the folder name, and then press ENTER.
36. Double-click the SouthEastData folder to open it.
37. Right-click in the empty space in the right section of the window, and then select the New, Text
Document options.
38. Type Sales Meeting Summary.txt for the file name, and then press ENTER.
39. Double-click the new file to open it.
40. Type Q1 profits up 80% on the first line.

41. Type several additional lines of legible (but clean!) fictional sales figures. (Just make something
up that you can search for later)
42. Save and close the file.
43. Create another text document and name it Southeast regions new customer.txt.
44. This time, add some fictional customers that you can search for later.
46. Right-click SouthEastData, and then select the Share With, HomeGroup (Read) options.
48. Close the HomeGroup wizard (if it is open), click the Start button, and then select Computer.
49. Do you see any indication that the HomeGroup was created?
50. Double-click the Lima entry in the Homegroup listing.

51. Do you see SouthEastData listed?
52. Right-click the SouthEastData folder, and then choose Properties.

53. What is the actual path of the data?
54. Open the SouthEastData folder and navigate around.
Administering
Globalthis content.
TrainingContent
TechSherpas
55. What user account are you logged on as in the Kilo VM?
56. Does this account exist on the Lima VM?
57. Why were you not asked for credentials when accessing the SouthEastData resource on the
Lima VM?
Exercise 4: Using Windows 7 Libraries

In this exercise, you will explore the library feature within Windows 7.
Task 1: Prepare Content for the Library

In this task, you will create folders and data to include in the library.
1. Start the Kilo VM and log on as Administrator with a password of TrustM3.

2. Click Start, and then click Computer.
3. Expand Computer in the left section of the window.
4. Right-click Local Disk (C:), and then select the New, Folder options.
5. Type SalesData for the folder name, press ENTER, and then open the folder.
6. Right-click inside the SalesData folder, and then select the New, Text Document options.
7. Type June 2010 Sales.txt for the document name, and then press ENTER.
8. Open the file, and then write a few legible (and clean!) sentences.
10. Create two additional monthly sales files.
11. Close Windows Explorer.
L5-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Create a Windows 7 Library

In this task, you will create a Windows 7 library.
1. In the Kilo VM, open Windows Explorer from the taskbar.
2. What are the four default libraries?
a.
b.
c.
d.
3. Click Libraries in the left section of the window, and then click New Library on the toolbar.
4. Type Class Documents for the library name when the new library icon displays, and then
press ENTER.
5. In the Share with drop-down list on the toolbar, select HomeGroup (Read/Write).
6. Right-click the Class Documents library, and then select Properties.
7. Click the Include a Folder button.
8. Type \\lima\SouthEastData in the Folder text box, click the Include Folder button, and then
click OK.
9. In Windows Explorer, navigate to the C drive.
10. Select the SalesData folder in the right section of the window.
11. Click Include in Library on the toolbar and select the Class Documents library option.
12. Click Libraries in the left section of the window.
13. Select the Class Documents library.

14. How many locations are listed in the Class Documents library?
15. Click the blue 2 Locations link under the Class Documents library at the top of the window.
Administering
Globalthis content.
TrainingContent
TechSherpas
16. Based on the information contained in that location, what is a library? (Hint: Read the
description.)
17. Click OK to close the Class Documents Library Locations window.

19. Log on to the Lima VM as Administrator with the password of TrustM3.
20. Click the Start, Computer.

21. Click HomeGroup in the left section of the window.
22. Double-click the Kilo computer name in the right section of the window.
23. Is the new library listed?
24. If so, can you create new data within the SalesData folder in the library? (Right-click inside the
folder and select New, Text Document.)
25. In the Kilo VM, navigate back to the Class Documents library.
26. Right-click the Class Documents library, and then select Share with, HomeGroup (Read).
27. Close all windows on the Kilo VM.

29. Click the Start, Computer.
30. Click the HomeGroup link in the left section of the window.
31. Double-click the Kilo HomeGroup.
32. Double-click the Class Documents library.
33. Double-click the SalesData folder within the Class Documents library.
34. Right-click inside the class folder, and then select the New Folder option.
L5-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
35. Were you allowed to create new data within the library?
36. If not, why?
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Answer Key

Exercise 2: Using a Workgroup Environment

Task 1: Configure the Workgroup Name
Workgroup
Workgroup
Task 2: Create a Shared Directory

14. Do you see a Student account?
Answers will vary.
Task 3: Connect to the Shared Resource

9. Why are you prompted for credentials?
Yes, because you are logged on as student, which does not exist on the Lima VM.
No. The student account does not exist on the Lima VM.
Yes. The administrator account does exist on the Lima VM.
17. Did you ever see the workgroup name LABGROUP appear in the network listing anywhere?
No.
18. Does the workgroup name appear to have any security purpose?
No.
Exercise 3: Creating and Configuring Windows 7 HomeGroups

Task 1: Create and Configure a Windows 7 HomeGroup
15. Write your HomeGroup password here: (Please remember that this password is case sensitive.)
Answers will vary.
16. Can the HomeGroup password be retrieved if it is lost?
The HomeGroup password can be reset.
21. Is this a wise security practice in the real world?
No.
L5-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
49. Do you see any indication that the HomeGroup was created?
In the left window pane of Windows Explorer, you should see a HomeGroup section.
51. Do you see SouthEastData listed?
Yes.
53. What is the actual path of the data?
\\Lima\SouthEastData
55. What user account are you logged on as in the Kilo VM?
You should be logged on as student.
56. Does this account exist on the Lima VM?
No.
57. Why were you not asked for credentials when accessing the SouthEastData resource on the Lima
VM?
The HomeGroup setup does not require a user to exist. The HomeGroup shared password
confirms that other machines have authorization.
Exercise 4: Using Windows 7 Libraries

Task 2: Create a Windows 7 Library
2. What are the four default libraries?
a. Documents
b. Music
c. Pictures
d. Videos
14. How many locations are listed in the Class Documents library?
2
16. Based on the information contained in that location, what is a library? (Hint: Read the
description.)
A Library contains links to folders that may be stored anywhere on the local machine or
over the network on remote machines.
23. Is the new library listed?
Yes.
24. If so, can you create new data within the SalesData folder in the library? (Right-click inside the
folder and select New, Text Document.)
Yes.
35. Were you allowed to create new data within the library?
No.
36. If not, why?
Because the HomeGroup share was set to Read.
Administering
Globalthis content.
TrainingContent
TechSherpas
L5-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L6
Lab 6: Integrating Windows 7 with
Active Directory
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Boot and join lab machines to the domain

Explore the default policy settings
Manage the active domain from Windows 7
Prepare the environment for group policy application
Implement a folder redirection policy
Implement a software deployment policy
Create a log in script policy
Manage Group Policy preferences
Lab Overview
In this lab, you will integrate Windows 7 into an Active Directory environment. You will join
Windows 7 to the Active Directory domain, and use Group Policy to centrally manage Windows 7
configuration settings.


India (Windows XP)
Kilo (Windows 7)
Lima (Windows 7)

1 hour and 30 minutes

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
skipped any of the previous labs, you may need to configure those items now. You can skip these

NOT LOGON right away. The Alpha VM runs several scripts in the background at startup
final time.)
to rename the VM to India inside the guest operating system.)
to rename the VM to Lima inside the guest operating system.)

E:\LabFiles.

Administering
Globalthis content.
TrainingContent
TechSherpas
Y


Exercise 1: Exploring the AD Environment

In this exercise, you will launch the initial Alpha VM and explore its configuration.
Task 1: Start the Alpha VM

The Alpha VM is already configured as a fully functional Windows Server 2008 R2 domain
controller. In this task, you will start the Alpha VM.
1. Open the Alpha VM and start it if it is not already running.
2. Log on as Administrator@hq.local with a password of TrustM3.
Note
Leave the Alpha VM running at all times unless you are asked to shut
it down in a later lab exercise.
Task 2: Explore the Current Domain Configuration

In this task, you will examine the current domain layout prior to working with Group Policy.
1. After you successfully log on to the Alpha VM, click Start, Administrative Tools, and Active
Directory Users and Computers.
2. Right-click hq.local in the left section of the window and select the Raise domain functional
level option.
3. What is the current domain functional level?
4. Do not make any changes here now. Click the Cancel button.
5. Expand the hq.local container in the left section of the window, and then select the
Computers container.
6. Do you see any computers listed?

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
7. In the left section of the window, select the Domain Controllers container.
8. Which domain controller is listed?
9. Right-click hq.local, and then select Properties.

10. Do you see a Group Policy tab?
11. Right-click the Domain Controllers OU, select Properties, and then see if a Group Policy tab
listed.
Note
In Windows Server 2008 and later versions, the Active Directory Users
and Computers tool no longer displays policies for editing.
12. Close Active Directory Users and Computers.
13. Click Start, Administrative Tools, and Group Policy Management. Now you should see
policies listed under the hq.local domain root and the Domain Controllers OU.
14. Where did this Group Policy Management Console come from?
Note
The Group Policy Management Console is now installed by default on
all Windows Server 2008 domain controllers. For Windows Server
2008 member servers, the GPMC can be added as a feature using the
Server Manager tool.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 3: Analyze a Few of the Default Policy Settings

In this task, you will examine the current domain policy settings.
1. Right-click Default Domain Policy and select the Edit option.
2. Expand the Computer Configuration, Policies, Windows Settings, Security Settings, Account
Policies node, and then click Password Policies.
3. Write the values for the following policy settings:
Enforce password history:
Maximum password age:
Minimum password age:
Minimum password length:
Password must meet complexity requirements:
4. Expand the Computer Configuration, Policies, Windows Settings, Security Settings, Local
Policies node, and then click Security Options.
5. Write the values for the following policy setting:
Network security: Do not store LAN Manager hash value on next password change.
6. Close the Group Policy Management Editor without making any changes.
7. Close the Group Policy Management Console.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 2: Join Windows XP to the Domain

In this exercise, you will start and configure the India VM, a sysprepped Windows XP
operating system.
Task 1: Start the VM

In this task, you will start the India VM.
1. Start the India VM if it is not already running.
2. Log on as Administrator with a password of TrustM3. (You may be logged on automatically if
this is the first time the India VM has been started.)
Task 2: Rename the Computer

In this task, you will rename the Windows XP VM to India if this has not already been performed
in previous exercises.
1. Click Start, right-click My Computer, and then select Properties.
4. Type India in the Computer name text box. (If the name is already India, skip to the Join the
Domain task below and configure the domain name.)
Task 3: Join the Domain

In this task, you will join the India VM to the hq.local domain.
1. After the reboot, log on as Administrator with a password of TrustM3.
2. Click Start, right-click My Computer, and then select Properties.
5. Select the Member of Domain option and type hq.local in the text box.
7. Type Administrator with a password of TrustM3, and then click OK.
8. Click OK in the Welcome to the hq.local domain dialog box.
Administering
Globalthis content.
TrainingContent
TechSherpas
Note
After the reboot, you will see a CTRL+ALT+DEL prompt for logon.
Since you are using a VM, this key sequence will not pass through.
Instead, on the menu bar select Action, Ctrl+Alt+Delete or on the
icon bar in the VM Connection window use the corresponding icon.
12. After the reboot, log on as Administrator@hq.local with a password of TrustM3.
Note
From this point forward, always log on as Administrator@hq.local
unless otherwise noted in the labs.
Exercise 3: Join Windows 7 to the Domain

In this exercise, you will join the Kilo and Lima VMs to the domain.
Task 1: Start the Kilo and Lima VMs

In this task, you will start the Kilo and Lima VMs.
1. From the desktop, open the LabVMs folder.

2. Start the Kilo and Lima VMs if they are not already running. (Start the Kilo VM and wait for it to
boot before you start the Lima VM.)
3. Log on to both the Kilo and Lima VMs as Administrator with a password of TrustM3.
Task 2: Explore the Local Policies before Joining the Domain

In this task, you will explore the properties of the Kilo VM before joining the hq.local domain.
1. Switch to the Kilo VM, and then click the Start button.
2. Type gpedit.msc in the Search box, and then press ENTER.
3. Expand the Computer Configuration, Windows Settings, Security Settings, Account Policies
node, and then click Password Policies.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
5. Expand the Computer Configuration, Windows Settings, Security Settings, Local Policies
node, and then click Security Options.
7. Close the Local Group Policy Editor without making any changes.
Task 3: Join the Kilo VM to hq.local

In this task, you will join the Kilo VM to the hq.local domain.
1. In the Kilo VM, click Start, right-click Computer, and then select Properties.
2. Click the Change Settings link, and then click the Change button in the System Properties dialog
box.
3. Type Kilo in the Computer name text box, select the Member of Domain option, type hq.local
in the Domain name text box, and then click OK.
7. Click Close to exit the System Properties dialog box, and then click the Restart Now button.
Note
After reboot, you will see a CTRL+ALT+DEL prompt for logon. Since
you are using a VM, this key sequence will not pass through. Instead,
select the Action, Ctrl+Alt+Delete option on the menu bar or use
the corresponding icon on the icon bar in the Virtual Machine
Connection window.
8. After the reboot, log on as Administrator@hq.local with a password of TrustM3. (Use the
Switch User option to change the logon name.)
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 4: Join the Lima VM to hq.local

In this task, you will join the Lima VM to the hq.local domain.
1. Switch to the Lima VM, click Start, right-click Computer, and then select Properties.
2. Click the Change Settings link, and then click the Change button in the System Properties
dialog box.
3. Type Lima in the Computer name dialog box, select the Member of Domain option, type
hq.local in the Domain name text box, and then click OK.
7. Click Close to exit the System Properties dialog box, and then click Restart Now.
8. After the reboot, log on as Administrator@hq.local with a password of TrustM3. (Use the
Switch User option to change the logon name.)
Task 5: Explore the Local Policies AFTER Joining the Domain

In this task, you will explore the policies on the Kilo VM after joining the hq.local domain so that
you can see the changes that have been made to the computer through the domain based policies.
1. In the Kilo VM, click Start, type gpedit.msc in the Search box, and then press ENTER.
2. Expand the Computer Configuration, Windows Settings, Security Settings, Account Policies
node and click Password Policies.
L6-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
4. Expand the Computer Configuration, Windows Settings, Security Settings, Local Policies
node and click Security Options.
6. Close the Local Group Policy Editor without making any changes.
7. How are the above settings different from what you saw before joining the domain?
Exercise 4: Administer the Domain from Windows 7

To manage an active directory domain from a Windows 7 console, you must install the RSAT
package.
Task 1: Install the RSAT for Windows 7

In this task, you will install the RSAT package on Windows 7 for remote administration.
1. Start the Kilo VM if it is not already running.

3. Open Windows Explorer and navigate to the E:\LabFiles\Install\Win7 folder if E is the drive
letter assigned to the LabFiles ISO that you have mounted.
4. Double-click the RSAT-Win7-64bit.msu file.
5. Click Yes to install the package. (This will take several minutes to complete. It is a fairly large
update.)
6. Click the I accept button on the license window. (Again, be patient. This installation will take a
few minutes.)
7. Close the help window that appears at the end of the installation.
8. Click Close in the Installation Complete window.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 2: Enable the RSAT and GPMC Tools

In this task, you will enable the RSAT and GPMC tools using Programs and Features in Control
Panel.
1. Click Start, Control Panel, and Programs.
2. Click Turn Windows Features on or off under Programs and Features.
3. Expand the Remote Server Administration Tools component.
4. Expand and select all check boxes next to each component under the Feature Administration
Tools and Role Administration Tools components. (You must expand several subnodes as well.
Unfortunately, there is no easier way to do this.)
5. Click OK. (This will take a little bit of time.)
6. To configure the Start menu to display the Administration Tools shortcut, right-click Start,
select Properties, and then click the Customize button.
7. In the Customize Start Menu dialog box, scroll down to the System administrative tools option,
and select the Display on the All Programs menu and the Start menu option.
9. Click Start, Administrative tools. You should now see all the tools available for managing the
domain environment, including the Active Directory Users and Computers and Group Policy
Management consoles.
Exercise 5: Preparing the GPO Environment

In this exercise, you will prepare the lab environment for the application of policies.
Task 1: Configure the Quirk Account

In this task, you will add the Quirk account as a member of the Domain Admins group for use in
some of the other exercises in this lab.
1. Switch to the Alpha VM and log on as Administrator@hq.local with a password of TrustM3.

2. Click Start, Administrative Tools, and Active Directory Users and Computers.
3. Expand the hq.local, Accounts node, and then click the Management OU.
4. Double-click the Quirk user, and then click the Member of tab.
5. Click the Add button, type Domain Admins, and then click OK.
6. Click OK to save the changes to Quirk.
Task 2: Prepare for the Group Policy Demo

In this task, you will create a few directories and files needed for the remainder of this lab.
1. Open Windows Explorer from the taskbar and create the following folders:
C:\Software
C:\Home
2. Right-click the Software folder, and then select Properties.
L6-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
4. Select the Share this folder check box, and then click the Permissions button.
5. Select the Allow Full Control check box for the Everyone group.
6. Click OK, click OK again, and then click Close to save the changes.
7. Right-click the Home folder, and then select Properties.

10. Select the Allow - Full Control check box for the Everyone group.
12. Click the Security tab.
13. Click the Advanced button, and then click the Change Permissions button.
14. Clear the Include inheritable permission from this object's parent check box.
15. Click the Add button in the warning dialog box.
16. Select the entry for Users with the Special permission designation from the Permission entries list,
and then click the Remove button.
17. Select the entry for Users with the Read & Execute permission and click the Edit button.
18. In the Apply to drop-down list, select This folder only. (This prevents the permission from being
inherited into other user's home folders.)
19. Click OK three times.
20. Click Close to save the changes.
21. Navigate to the E:\LabFiles\Install folder.
22. Copy the AdobeReader folder and the stopwatch.msi file to the C:\Software folder.
23. Switch to the Kilo VM, and then log on as Administrator@hq.local with a password of
TrustM3.
24. Click Start, Administrative Tools, and Active Directory Users and Computers. (If you do not
see Administrative Tools, use the Search box to find and launch the Active Directory tool.)
25. Expand the hq.local, Accounts node, and then click the Management OU.
26. Double-click the Quirk user account, and then click the Profile tab.
27. Select the Connect option, type \\Alpha\home\%username% in the To: text box, and then click
OK.
28. Repeat the above steps for any other user accounts you see in the Accounts OU structure.
Note
You can use multiple select techniques when there is more than one
user in the same OU. The Home folder will be used in a demo of folder
redirection later in this lab.
Administering
Globalthis content.
TrainingContent
TechSherpas
29. Navigate back to Windows Explorer in the Alpha VM and look at the C:\Home folder. Is there
anything in this folder?
Task 3: Move the Computer Objects into the Management OU

In this task, you will create a few directories and files needed for the remainder of this lab.
1. In the Kilo VM, click Start, and type Active in the Search box, and then select Active Directory
Users and Computers from the search results.
2. Expand the hq.local node, and then click the Computers object.
3. What computers do you see listed?
4. Hold the CTRL key and select India, Kilo, and Lima.
5. Right-click India, and then select the Move option.
6. Expand the hq, Accounts node, select the Management OU, and then click OK.
7. Expand the hq, Accounts node, click the Management OU, and ensure the computer objects
are present.
Exercise 6: Implementing Folder Redirection

In this exercise, you will create a folder redirection policy to redirect the local Documents folder
to the user's home directory on a server.
Task 1: Use Folder Redirection

In this task, you will enable Folder Redirection using Group Policy.
1. Log on to the Kilo VM as Quirk@hq.local with a password of TrustM3.
2. Click Start, and then type Group in the Search box.
3. Choose Group Policy Management from the search results.
4. Expand the Forest: hq.local, Domains, hq.local, Accounts node, and then click the
Management OU.
5. Right-click the Management OU, and then select the Create a GPO in this domain and link it
here option.
6. Type Management Folder Redirection and click OK.
7. Expand the Management OU.
L6-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Select the Management OU in the left section of the window.

9. Right-click the Management Folder Redirection GPO, and then select the Edit option.
10. Expand the User Configuration, Policies, Windows Settings, and Folder Redirection node.
11. Right-click the Documents folder, and then select Properties.

12. In the Settings drop-down list, select Basic - Redirect everyone's folder to the same direction.
13. Type: \\Alpha\Home in the Root path text box.
14. Click the Settings tab.
15. Clear the Grant the user exclusive rights to Documents check box, select the Also apply
redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows
Server 2003 operating systems check box, and then click OK.
16. Click Yes to continue.
Task 2: Test Folder Redirection

In this task, you will test the folder redirection policy by logging on as a user that is affected by
the policy setting.
1. Log off the Kilo VM and log back on as Quirk@hq.local with a password of TrustM3. (You
must log off first, even if Quirk is already logged on. Folder Redirection will not process except at
logon time.)
2. After you log on, click Start, right-click Documents, and then select Properties.
3. What is the current path to the Documents folder? (If the setting does not change right away, wait
a few minutes and log on again.)
4. Close the Documents Properties dialog box without making any changes.
5. Click Start, Documents, and then create several new text documents in the Documents folder.
Add some text to each document.
6. Log on to the India VM as Quirk@hq.local with a password of TrustM3.
7. Open the My Documents folder.
8. Do you see the documents you created on the Kilo VM? (If you do not, wait a few minutes, then
log off and log back on again.)
9. Create a few new documents in the My Documents folder on the India VM.
Administering
Globalthis content.
TrainingContent
TechSherpas
10. Log on to the Lima VM as Quirk@hq.local with a password of TrustM3.

11. Open the Documents folder.
Exercise 7: *Bonus* Deploying Software with a GPO

Perform this exercise if time permits. In this exercise, you will create a software deployment
policy to install several software packages using Group Policy.
Task 1: Create a New Software Distribution Policy for Users

In this task, you will create a software distribution policy to affect user accounts.

4. Expand the Forest: hq.local, Domains, hq.local Accounts node, and then click the Management
OU.
5. Right-click the Management OU, and then select the Create a GPO in this domain and link it
here option.
6. Type Management Software, and then click OK.

8. Select the Management OU in the left section of the window, select the Do not show this
message again option if a pop-up message appears, and then click OK.
9. Right-click the Management Software GPO, and then select Edit. If prompted, press OK.
10. Expand the User Configuration, Policies, Software Settings Software Installation node.
11. Right-click the Software Installation option, and then select the New, Package options.
12. Type \\Alpha\software in the File name text box, and then click the Open button.
13. Select the stopwatch.msi package, and then click Open.
14. Select the Advanced option, and then click OK.
15. Click the Deployment tab, select the Assigned option and the Install this application at logon
check box, and then click OK.
16. Close the Group Policy Management Editor.
L6-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Create a New Software Distribution Policy for Computers

In this task, you will create a software distribution policy for computer accounts in Group Policy.
1. Right-click the hq.local domain, and then select Create a GPO in this domain and link it here.
2. Type Domain Software, and then click OK.
3. Right-click the Domain Software GPO, and then select the Edit option.
4. Expand the Computer Configuration, Policies, Software Settings, Software Installation node.
5. Right-click Software Installation, and then select the New, Package options.
6. Type \\Alpha\software in the File name box, and then click Open.
7. Double-click the Adobe Reader folder, and then double-click the AcroRead.msi package.
8. Leave the default option selected, and then click OK. (Be patient; this may take some time.)
Task 3: Test Software Deployment

In this task, you will test the software distribution policies that you have created in previous tasks.

2. After you log on, check the Start menu for the presence of any new programs.
3. Do you see a Tools+Utils\Stopwatch program group under Start, All Programs? (If the setting
does not change right away, wait a few minutes and log on again.)
4. Do you see an Adobe Reader icon on the desktop?
5. Click Start, type cmd in the Search box, and then press ENTER.
gpupdate
7. Wait for the update to finish and check the programs again.
8. Are they installed yet?
9. Go back to the command prompt, type the following, and then press ENTER.
gpupdate /force
Administering
Globalthis content.
TrainingContent
TechSherpas
10. Type the following, and then press ENTER when asked to reboot.
Y
11. After the reboot, log back on as Quirk@hq.local with a password of TrustM3
12. Is the software available now?
Exercise 8: *Bonus* Implementing Login Scripts

Perform this exercise if time permits. In this exercise, you will create a login script policy to
execute a VBScript at logon for users that are affected by this Group Policy. Logon scripts can be
used to map drives or printers and much more.
Task 1: Use Logon Scripts

In this task, you will create logon scripts for users in the Management OU.

3. Choose the Group Policy Management item from the search results.
4. Expand the Forest: hq.local, Domains, hq.local, Accounts node, and then click the
Management OU.
5. Right-click Management, and then select the Create a GPO in this domain and link it
here option.
6. Type Management Login Scripts, and then click OK.

9. Right-click the Management Login Scripts GPO, and then select Edit.
10. Expand the User Configuration, Policies, Windows Settings, Scripts node.
11. Double-click the Logon option in the right section of the window.
12. Click the Add button, and then click the Browse button.
13. Right-click in the empty window, and then select the New, Text Document options.
14. Rename the file to Logon.VBS, press ENTER, and then click Yes to accept the name change.
15. Right-click Logon.VBS, and then select the Edit option.
16. Click Open in the warning dialog box.
17. In the Notepad window, type the following:

Wscript.echo Welcome to HQ
18. Close and save the file.

19. Select Logon.VBS, and then click Open.
20. Click OK in the Add a Script window, and then click OK again.
L6-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Testing Logon Scripts

In this task, you will test the logon scripts that you created in the previous task.
must log off first, even if Quirk is already logged on. Logon scripts will not process except at
logon time.)
2. Did you see a pop-up message?
3. Click OK to close the message.
Exercise 9: *Bonus* Implementing Group Policy Preferences

Perform this exercise if time permits. In this exercise, you will manage Group Policy
preferences. Preferences can be used to configure items that are not available in the standard
group policy settings.
Task 1: Use GPO Preferences

In this task, you will use GPO preferences to configure mapped drives and folder settings in a
Group Policy.
3. Choose the Group Policy Management item from the search results.
4. Expand the Forest: hq.local, Domains, hq.local Accounts node and click the Management OU.
5. Right-click Management, and then select Create a GPO in this domain and link it here.
6. Type Management Preferences, and then click OK.
9. Right-click the Management Preferences GPO, and then select Edit.
10. Expand the User Configuration, Management Preferences, and Windows Settings.
11. Right-click Drive Maps, and then select the New, Mapped Drive options.
12 Type \\alpha\software in the Location field.
13. Select the Reconnect check box.
14. Under Drive Letter, select S from the drop-down list.

15. Click the Common tab.
16. Select the Item-level targeting check box, and then click the Targeting button.
17. Select New Item, Operating System from the menu bar.
18. Ensure Windows 7 is the selected product, click OK, and then click OK again.
Administering
Globalthis content.
TrainingContent
TechSherpas
19. Expand the Control Panel Settings, Folder Options node.

20. Right-click Folder Options, and then select the New, Folder Options (Windows Vista and
later) options.
21. Clear the Hide extensions for known file types check box.
22. Select the Show hidden files and folders option.

23. Click the Common tab.
24. Select Item-level targeting, and then click Targeting.
25. Select New Item, Security Group from the menu bar.
26. Click the ellipsis button (three dots), type Enterprise Admins for the group name, and then click
OK.
27. Click OK twice to save the changes.
28. Close the Group Policy Management Editor and the Group Policy Management Console.
Task 2: Test GPO Preferences

In this task, you will test the GPO Preferences that you configured in the previous task.
must log off first, even if Quirk is already logged on. Some preferences will not process except at
logon time. The Drive Map option is one of those.)
3. Do you see a new mapped drive?
4. Navigate to the root of C.

5. Do you see any folders that would normally be hidden?
6. Open the Windows folder.

7. Do you see extensions on files? (If the setting does not change right away, wait a few minutes and
log on again.)
L6-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Exploring the AD Environment

Task 2: Explore the Current Domain Configuration
3. What is the current domain functional level?
Windows Server 2003
6. Do you see any computers listed?
No. You have not joined any computers to the domain yet.
8. Which domain controller is listed?
Alpha
10. Do you see a Group Policy tab?
No. The new Active Directory Users and Computers tool does not have a tab called Group
Policy like it did under Windows Server 2003 and Windows XP.
14. Where did this Group Policy Management Console come from?
It is installed by default on Windows Server 2008 domain controllers.
Task 3: Analyze a Few of the Default Policy Settings

3. Write the values for the following policy settings: Enforce password history, Maximum password
age, Minimum password age, Minimum password length, and Password must meet complexity
requirements.
Answers will vary.
5. Write the values for the following policy setting: Network security: Do not store LAN Manager
hash value on next password change.
Answers will vary.
Exercise 3: Join Windows 7 to the Domain

Task 2: Explore the Local Policies before Joining the Domain
requirements.
Answers will vary.
Answers will vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 5: Explore the Local Policies AFTER Joining the Domain

requirements.
Answers will vary.
Answers will vary.
7. How are the above settings different from what you saw before joining the domain?
The settings now reflect the Security Policy from the Default Domain Policy on the hq.local
domain.
Exercise 5: Preparing the GPO Environment

Task 2: Prepare for the Group Policy Demo
29. Navigate back to Windows Explorer in the Alpha VM and look at the C:\Home folder. Is there
anything in this folder?
You should now see folders for each of the users where you specified a home folder path.
Task 3: Move the Computer Objects into the Management OU

3. What computers do you see listed?
You should now see the India, Kilo, and Lima computers listed.
Exercise 6: Implementing Folder Redirection

Task 2: Test Folder Redirection
3. What is the current path to the Documents folder? (If the setting does not change right away, wait
a few minutes and log on again.)
The folder path should now be: \\Alpha\home\Quirk.
Yes. The documents should be present.
Yes.
L6-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 7: *Bonus* Deploying Software with a GPO

Task 3: Test Software Deployment
3. Do you see a Tools+Utils\Stopwatch program group under Start, All Programs? (If the setting
does not change right away, wait a few minutes and log on again.)
Yes. The software should be present.
4. Do you see an Adobe Reader icon on the desktop?
No. Adobe Reader was deployed to the computer, and a restart is required to get it installed.
8. Are they installed yet?
No. Adobe Reader was deployed to the computer, and a restart is required to get it installed.
12. Is the software available now?
Yes. The gpupdate /force discovered the software package and the reboot forced the
installation.
Exercise 8: *Bonus* Implementing Login Scripts

Task 2: Testing Logon Scripts
2. Did you see a pop-up message?
Yes.
Exercise 9: *Bonus* Implementing Group Policy Preferences

Task 2: Test GPO Preferences
3. Do you see a new mapped drive?
Yes.
5. Do you see any folders that would normally be hidden?
Yes, you should.
7. Do you see extensions on files? (If the setting does not change right away, wait a few minutes and
log on again.)
Yes, you should.
Administering
Globalthis content.
TrainingContent
TechSherpas
L6-24
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L7
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Configure TCP/IP settings

Use remote tools to view network settings
Troubleshoot DHCP
Configure a BranchCache environment
Lab Overview
In this lab, you will explore the network settings in Windows 7. You will configure TCP/IP
settings and use remote management tools to view network settings and details. You will use
DHCP configuration settings and troubleshoot DHCP issues. You will also configure and manage
a BranchCache environment for Windows 7 and Windows Server 2008 R2.


Kilo (Windows 7)
Lima (Windows 7)

1 hour

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
skip any of the previous labs, you may need to configure those items now. You can skip these

Start, Administrative Tools, Hyper-V Manager.
final time.)
button on the icon bar to start the VM. (If this is the first time you have started the VM, you
need to rename the VM to Kilo inside the guest operating system and join the VM to the
hq.local domain.)
need to rename the VM to Lima inside the guest operating system and join the VM to the
hq.local domain.)

E:\LabFiles.
2. Browse to the C:\LabFiles\ISO folder, select the 6183-LabFiles.iso file, and then and then
click Open.


Administering
Globalthis content.
TrainingContent
TechSherpas
Y


7. Close Windows PowerShell
Exercise 1: Managing TCP/IP Settings

In this exercise, you will explore the current TCP/IP configuration and set a manual IP address for
the DNS server.
Task 1: Configure a Static IP Address

In this task, you will configure a static IP address for Windows 7.
1. Start the Alpha, Kilo, and Lima VMs.

2. Switch to the Kilo VM and log on as Administrator with a password of TrustM3.
3. Click Start, type Fire in the Search box, and then and then select the Check firewall status item
from the search results.
4. Click the Turn Windows Firewall on or off link.
5. Select the Turn off Windows Firewall option for all network locations, and then click OK.
6. Close the Windows Firewall settings window.
7. Click Start, Control Panel, Network and Internet, and Network and Sharing Center.
8. Click the Local Area Connection link.
9. Click the Details button.
IPv4 IP address: ___________________________________________
Link-local IPv6 address: _____________________________________
11. Switch to the Lima VM and log on as Administrator with a password of TrustM3.
12. Open the command prompt.
13. Type the following command, and then press ENTER.
netsh advfirewall set allprofiles state off
(This is just an alternative way to disable the firewall instead of using Control Panel.)
14. Type the following commands and write the results. (Type each command, and then press
ENTER.):
ping Kilo Address: ____________________________
ping -6 Kilo Address: ____________________________

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
15. Do these match any of the addresses you wrote from the IP address details of the Kilo VM?
16. Close the command prompt, and then switch back to the Kilo VM.
17. Close the details window, and then click the Properties button.
18. Select Internet Protocol Version 6, and then click the Properties button.
19. Notice that the address fields are not fixed octets as they are in IPv4.
20. Does it appear that you could enter an IP address manually?
21. When would you need to assign the address manually?
22. How is IPv6 currently obtaining its IP address information?
23. Click the Cancel button.

24. Select Internet Protocol Version 4, and then click the Properties button.
25. Select the Use the following IP address option.

26. Enter the following for the IP address details:
IP address: 10.0.0.51
Subnet mask: 255.255.255.0
Default gateway: 10.0.0.1
27. Select the Use the following DNS server addresses option and enter the following details:
Preferred DNS: 10.0.0.201
28. Click OK to save the changes.
29. Click OK again, and then click Close.
30. Open a command prompt.
ipconfig /all
32. Do you see any DHCP-related information like the DHCP server IP address and lease time?
33. Switch to the Lima VM and open a command prompt.
Administering
Globalthis content.
TrainingContent
TechSherpas
ENTER.)
ping Kilo Address: ____________________________
35. Do you see the new IPv4 address for the Kilo VM as a response? If you do not, the entry is
cached. Type the following and press ENTER to flush the cache and try to ping again.
ipconfig /flushdns
Exercise 2: Configuring IP Remotely

In this exercise, you will view the Lima machines IP settings remotely.
Task 1: Remotely View IP Settings

In this task, you will remotely view TCP/IP settings on a Windows 7 machine.
1. Switch to the Lima VM and log on as Administrator@hq.local with a password of TrustM3.
2. Click Start, type cmd.exe in the Search box, and then and then press ENTER.
winrm quickconfig
4. Type the following, and then press ENTER to confirm.

Y
5. Type the following, and then press ENTER to allow the firewall exception.
Y
6. Switch to the Kilo VM and open a command prompt.

7. Type the following, and then press ENTER. (This opens a remote shell to the Lima VM
running netsh.)
winrs r:lima netsh
8. Type the following commands. (Type each command, and then press ENTER.).
Interface (Switches to the interface context.)
ipv4 (Switches to the IPv4 context.)

show addresses
9. Which addresses are displayed?

show dnsservers

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
11. Which DNS servers are displayed?

set
(This command displays a list of the possible configuration items.)
13. What do you think would happen if you used the set command to reset the IP address of the
remote host?
14. Type the following, and then press ENTER to exit the netsh tool and WinRS.
q

winrs r:lima ipconfig /all
16. What IP address and hostname are listed in the IPConfig output?
17. Type the following, and then press ENTER. (This opens an entire command prompt session on the
Lima VM. This is similar to a telnet session but more secure.)
winrs r:lima cmd

hostname
19. Try some commands such as Ping, Ipconfig, and others.
20. Can you tell that you are running the command prompt on the Lima VM and not locally?
21. Type the following, and then press ENTER to exit the WinRS remote command prompt.
exit
22. Close the command prompt on the Kilo VM.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 3: Troubleshooting DHCP Addressing

Most networks rely heavily on dynamic addressing for the bulk of their client machines. When the
centralized DHCP server experiences problems, or there are network issues, it is very important to
know how to troubleshoot and determine the source of the problem.
Task 1: Troubleshoot DHCP

In this task, you will configure and troubleshoot DHCP addressing.
1. Switch to the Alpha VM and click Start, Administrative Tools, and DHCP to launch the
management console.
2. Expand the alpha.hq.local, IPv4 node, right-click Classroom Scope, and then and then select the
Deactivate option. (This prevents the Alpha VM from giving out addresses.)
3. Click Yes to confirm.
4. Switch to the Kilo VM and log on as Administrator with a password of TrustM3.
6. Click the Local Area Connection link.
7. Click the Properties button.

8. Double-click Internet Protocol version 4.
9. Change the address settings to Obtain an IP address automatically for the address and Obtain
an DNS server address automatically for the DNS server information, and then click OK.
10. Click OK, and then click Close to accept the changes.
11. Open the command prompt and type the following commands. (Type each command, and then
press ENTER.)
ipconfig /release
ipconfig /renew
(This may take a few minutes to time out.)

ipconfig /all
13. What IPv4 address do you have now?
14. Where did the IP address come from?
15. Can you communicate with the other machines on your network using that address?

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas

ping Alpha
17. Did you get a response?
18. Which address was used for the ping?
19. Switch back to the Alpha VM and click Start, Administrative Tools, and DHCP to launch the
management console.
20. Expand the alpha.hq.local, IPv4 node, right-click the Classroom Scope, and then and then select
the Activate option. (This allows the Alpha VM to give out addresses again.)
21. Switch back to the Kilo VM and open the command prompt.
ipconfig /all
23. What is your IPv4 address?
24. Is there anything that you need to do in order to obtain the correct DHCP address again? (Do not
do anything now.)
25. Wait two to three minutes, then type the following again. (It may take as long as 5 minutes to
refresh automatically.)
ipconfig /all
26. What is your IPv4 address now?
27. Why did you not have to manually renew the address?
28. Exit the command prompt.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 4: Using the BranchCache Feature

In a widely distributed environment, BranchCache can help reduce WAN traffic and speed up the
availability of files in remote offices. In this exercise, you will use the BranchCache feature of
Windows Server 2008 R2 and Windows 7.
Task 1: Enable BranchCache on the Server

In this task, you will install in configure BranchCache on Windows Server 2008 R2.
2. Click the Start, Administrative Tools, and Server Manager.
3. Select Features in the left section of the window, and then click the Add Features link.
4. Select the BranchCache check box, and then and then click Next.
5. Click the Install button.
6. Click Close.
7. Double-click Configuration in the left section of the Server Manager window, and then
select Services.
8. Right-click BranchCache in the Services listing, and then select Start.
Task 2: Publish Content on the Server

In this task, you will make content available on the BranchCache server.
1. On the Alpha VM, open Windows Explorer and navigate to the E:\LabFiles\Install folder.
2. Right-click WordViewer2007.exe and select the Copy option.
3. Navigate to C:\InetPub\WWWRoot, right-click WWWRoot, and then and then select the
Paste option.
Task 3: Enable BranchCache for the Clients

In this task, you will use a GPO to enable the BranchCache feature on the Windows 7 clients.
1. In the Alpha VM, click Start and type group in the Search box.
3. Expand the Forest: hq.local, Domains, hq.local, Accounts node, and then select the
Management OU.
4. Right-click the Management OU, and then and then select Create a GPO in this domain and
link it here.
5. Type Management BranchCache, and then click OK.
8. Right-click the Management BranchCache GPO and select Edit.
9. Expand the Computer Configuration, Policies, Windows Settings, Security Settings, System
Services node.
L7-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
10. Double-click the BranchCache service.

11. Select the Define this Policy Setting check box, select the Automatic option, and then click OK.
12. Expand the Computer Configuration, Policies, Administrative Templates, Network,
BranchCache node.
13. Double-click Turn on BranchCache in the right section of the window.
14. Select the Enabled option, and then click OK. (Double-click the title bar if you cannot see the
OK button.)
15. Double-click Set BranchCache Distributed Cache Mode.
16. Select the Enabled option, and then click OK.
17. Double-click Configure BranchCache for network files.
18. Select the Enabled option, change the round trip network latency value from 80 to 0 (zero), and
then and then click OK.
19. Close the Group Policy Management Editor window.
Task 4: Apply the BranchCache Group Policy

In this task, you will apply the BranchCache Group Policy to enable BranchCache on the
Windows 7 clients.
1. Switch to the Kilo VM and log on as Administrator@hq.local with a password of TrustM3.

2. Click Start, type Services in the Search box, and then and then select Services from the
search results.
3. What is the current state of the BranchCache service? (Do not change anything now.)
4. Leave the Services tool running and open a command prompt.

5. Type the following, and then press ENTER. (Wait for the command to finish.)
gpupdate
6. Switch back to the Services tool and press F5 to refresh.

7. Now what is the status of the BranchCache service?
8. Perform the above steps on the Lima VM to apply the BranchCache policy and make sure
BranchCache is running.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 5: Access the Content from the Kilo VM

In this task, you will initiate the caching of files by accessing the content from the Kilo VM.
1. In the Kilo VM, click Start, type perf in the Search box, and then and then select Performance
Monitor from the search results.
2. Select the Performance Monitor item in the left section of the Performance Monitor window.
3. On the toolbar, click the graph icon drop-down arrow, and then select Report.
4. Right-click the report window, and then select Add Counters.
5. Scroll to the BranchCache counter and click the down arrow to expand the list of counters.
6. Hold down the CTRL key and select Retrieval: Bytes from cache, Retrieval: Bytes from server
and Retrieval: Bytes served.
7. Click the Add button, and then click OK. (All BranchCache values should now be zero.)
8. Keep the Performance Monitor window open so that you can watch the progress of
BranchCache activity.
9. Click Start, type http://Alpha/WordViewer2007.exe in the Search box, and then and then
press ENTER.
10. Click Ask Me Later if a Setup Internet Explorer 8 message appears.
11. Click Save in the File Download dialog box, and then click Save again.
12. Click Close.

13. Look at the Performance Monitor report. Did any of the numbers change?
14. Where was the content retrieved from?
Task 6: Access the Content from the Lima VM

In this task, you will access the cached content from the Lima Windows 7 machine.
1. In the Lima VM, click Start, type perf in the Search box, and then and then select Performance
Monitor from the results list.
2. Select the Performance Monitor item in the left section of the Performance Monitor window.
3. Click the graph icon drop-down arrow on the toolbar, and then click Report.
4. Right-click the report window, and then select Add Counters.
5 Scroll to the BranchCache counter and click the down arrow to expand the list of counters.
6. Hold down the CTRL key and select Retrieval: Bytes from cache, Retrieval: Bytes from server
and Retrieval: Bytes served.
7. Click the Add button, and then click OK. (All values should now be zero.)
L7-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Keep the Performance Monitor window open so that you can watch the progress of the
BranchCache activity.
9. Click Start, type http://alpha/WordViewer2007.exe in the Search box, and then press ENTER.
10. Click Ask Me Later if a Setup Internet Explorer 8 message appears.
11. Click Save in the File Download dialog box, and then click Save again.
12. Click Close.
Note
If you did not see any Retrieval: Bytes from Cache numbers, repeat
the download of WordViewer2007.exe on the Kilo VM, then on the
Lima VM, and see if the numbers increment.
Task 7: Disable BranchCache for the Clients

In this task, you will turn off the BranchCache feature on the Windows 7 clients.
1. On the Alpha VM, click Start, and then type Group in the Search box.
3. Expand the Forest: hq.local, Domains, hq.local, Accounts, Management node.
4. Right-click the Management BranchCache GPO, and then clear the Link Enabled option.
5. If prompted, click OK to confirm.
6. Switch to the Kilo VM, and then open the command prompt.
gpupdate
8. Type the following, and then press ENTER. (There is a space after the = sign.)
sc config peerdistsvc start= disabled

sc stop peerdistsvc
Administering
Globalthis content.
TrainingContent
TechSherpas
11. Switch to the Lima VM and open the command prompt.

gpupdate
13. Type the following, and then press ENTER. (There is a space after the = sign.)
sc config peerdistsvc start= disabled

sc stop peerdistsvc
Task 8: Disable BranchCache on the Server

In this task, you will disable the BranchCache feature on the Windows Server 2008 R2 machine.
2. Click Start, click Administrative Tools, and then and then select Server Manager.
3. Click Features in the left section of the window, and then click the Remove Features link.
4. Clear the BranchCache check box, and then click Next.
5. Click the Remove button.
6. Click Close, and then click Yes to restart.
7. After the reboot, log back on as Administrator@hq.local with a password of TrustM3. The
removal continues in the Server Manager.
8. Click Close when the removal is complete.
L7-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Managing TCP/IP Settings

Task 1: Configure a Static IP Address
Answers will vary.
ENTER.):
Answers will vary.
15. Do these match any of the addresses you wrote from the IP address details of the Kilo VM?
Yes, it should.
20. Does it appear that you could enter an IP address manually?
Yes.
21. When would you need to assign the address manually?
Rarely. IPv6 is primarily addressed dynamically.
22. How is IPv6 currently obtaining its IP address information?
Currently, your system is using a self-assigned Link Local address.
32. Do you see any DHCP-related information like the DHCP server IP address and lease time?
No. You are now using a static address.
ENTER.)
Answers will vary.
Exercise 2: Configuring IP Remotely

Task 1: Remotely View IP Settings
9. Which addresses are displayed?
Answers will vary.
11. Which DNS servers are displayed?
Answers will vary.
13. What do you think would happen if you used the set command to reset the IP address of the
remote host?
If you change the IP address information DURING a remote session, you would likely end
your remote session and might not be able to remotely access the system again.
Administering
Globalthis content.
TrainingContent
TechSherpas
16. What IP address and hostname are listed in the IPConfig output?
The command should return the characteristics of the Lima VM.
20. Can you tell that you are running the command prompt on the Lima VM and not locally?
Not unless you run a command like Hostname that tells you the name of the host you are
working on.
Exercise 3: Troubleshooting DHCP Addressing

Task 1: Troubleshoot DHCP
13. What IPv4 address do you have now?
You should now have a 169.254.y.z address.
14. Where did the IP address come from?
Your IPv4 address was self-assigned.
15. Can you communicate with the other machines on your network using that address?
Only if other machines have the same 169.254.y.z type of address, or if they have an IPv6
address on your network.
17. Did you get a response?
Yes.
18. Which address was used for the ping?
The IPv6 address was used.
23. What is your IPv4 address?
You should still have the 169.254.y.z address.
24. Is there anything that you need to do in order to obtain the correct DHCP address again? (Do not
do anything now.)
No. Your system will poll for a DHCP server once every 5 minutes.
26. What is your IPv4 address now?
You should now have a DHCP provided IP address.
27. Why did you not have to manually renew the address?
When a system has an APIPA address, it will continue to poll for a DHCP server once every
5 minutes until one responds.
L7-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 4: Using the BranchCache Feature

Task 4: Apply the BranchCache Group Policy
3. What is the current state of the BranchCache service? (Do not change anything now.)
It should not be running.
7. Now what is the status of the BranchCache service?
Now it should be running.
Task 5: Access the Content from the Kilo VM

Answers will vary.
Answers will vary.
Task 6: Access the Content from the Lima VM

Answers will vary.
Answers will vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
L7-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L8
Lab 8: Windows 7 Remote Access
and Mobile Computing
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Configure a Windows Server 2008 R2 VPN connection

Configure a Windows 7 VPN connection
Create an incoming Windows 7 VPN connection
Use Remote Desktop to connect to Windows Server 2008 R2
Use Remote Desktop to connect to Windows 7 host
Manage offline files and folders
Configure Power Management Settings
Lab Overview
In this lab, you will examine the VPN features of the Windows 7 operating system. You will
access a Windows Server 2008 R2 server running the Routing and Remote Access Service. You
will configure Windows 7 as a one connection VPN server. You will also use the Remote Desktop
feature of Windows 7 to provide access to the Windows 7 desktop, or to connect remotely to other
RDP servers.

Kilo (Windows 7)
Lima (Windows 7)

40 minutes

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
Task 1: Starting VMs

1. From the desktop, open the LabVMs folder or shortcut. (If the shortcut is not available, click
final time.)
hq.local domain.)
hq.local domain.)

In this task, you will mount the LabFiles ISO on any Virtual Machine that needs access to
E:\LabFiles.

Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Configuring a VPN Server on Windows

Server 2008 R2
In this exercise, you will configure a VPN server on a Windows Server 2008 R2 server.
Task 1: Install the Routing and Remote Access Components

In this task, you will install the routing and remote access components.
2. Click Start, Administrative Tools, Server Manager, and Roles.
3. Do you see the Network Policy and Access Services role listed?
4. If the role is already installed, scroll down in the right section of the window and click the Add
Role Services link under Network Policy and Access Services.
5. If the role is not already installed, click the Add Roles link on the right section of the main
window, and then click Next in the Before you Begin dialog box.
6. Select the Network Policy and Access Services check box in the Select Server Roles dialog box.
7. Click Next.
8. Read the complete Network Policy and Access Services introduction, and then click Next.
9. Select the Routing and Remote Access Services check box in the Select Role Services
dialog box.
10. Which two role services were automatically chosen?
11. Click Next.

12. Click the Install button to confirm your choices.
13. Click Close after the install is complete.
14. Close Server Manager.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Configure Routing and Remote Access

In this task, you will configure the routing and remote access server on the Windows
Server 2008 R2 server.
1. Click Start, Administrative Tools, and Routing and Remote Access on the Alpha VM.
2. Right-click on the Alpha server name in the left section of the window and select the Configure
and Enable Routing and Remote Access option.
3. Click Next on the first wizard-driven screen.
4. Ensure the last option, Custom Configuration, is selected.
5. Click Next.
6. Select the VPN Access check box, and then click Next.
7. Click the Finish button to finish the configuration in the Completing the Routing and Remote
Access Server Setup Wizard window.
8. Click the Start service button in the Start the Service dialog box.
Task 3: Enable a User Account for Remote Access

User accounts are not allowed dial-in/VPN connection privileges by default. In this task, you will
connect to the RRAS server with a user account.
2. Expand the hq.local, Accounts, Management node.
3. Right-click Quirk and select Properties.

4. Click the Dial In tab.
5. What is the default dial in setting?
6. Change the Dial In option to Allow Access, and then click OK.
7. Close the Remote Active Directory Users and Computers window.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 2: Creating a VPN Connection with Windows 7

In this exercise, you will configure a Windows 7 VPN connection.
Task 1: Create the VPN Connection

In this task, you will create the VPN connection.
2. Click Start, Control Panel, Network and Internet, and Network and Sharing center.
3. Click the Set up a new connection or network link under Change your Networking Settings.
4. Select the Connect to a Workplace option, and then click Next.
5. Click the Use my Internet connection (VPN) option. You may be prompted to set up an Internet
connection or set one up later.
6. Click the Ill set up an Internet connection later option.
7. Type Alpha.hq.local in the Internet address text box.
8. Type Corporate VPN Connection in the Destination Name text box.

9. Select the Dont connect now; just set it up so I can connect later check box, if available.
10. Click Next.
11. Enter the following User Name and Password:
User Name: Quirk
Password: TrustM3
12. Select the Show Characters check box to see if you typed the password correctly.
13. Select the Remember this password check box.

14. Type hq.local in the Domain (optional) text box.
15. Click the Create button.
16. Click Close in the Connect to Workplace window.
Task 2: Establish the VPN Connection

In this task, you will launch the connection to the Windows Server 2008 R2 server.
1. If necessary, switch to the Kilo VM and log on as Administrator@hq.local with a password
of TrustM3.
2. Click Start, type cmd in the Search box, and then press ENTER to open the command prompt.
ipconfig
4. Write the IPv4 addresses you see:

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
6. Click the Connect to a network link.
7. Select Corporate VPN Connection.
8. Click the Connect button.

9. Select the Save this user name and password for the following users check box. (This may
already be selected.)
10. Type TrustM3 in the Password text box, and then click Connect.
11. Did you connect successfully?

13. Switch back to the command prompt or open it.
ipconfig
15. Write the IPv4 addresses that you see:
16. Click the Network icon in the lower-right corner of the screen and click the Network and
Sharing Center link.
17. Do you see the VPN connection listed under View your active networks?
18. Click the Corporate VPN Connection link, and then click the Details button. (This displays the
IP settings for the VPN connection.)
19. Close the Details and Status windows.
20. Close the Network and Sharing Center.
21. After you finish testing the VPN connection, click the Network icon in the lower-right corner of
the screen.
22. Select the Corporate VPN Connection, and then click the Disconnect button.
Administering
Globalthis content.
TrainingContent
TechSherpas
23. Switch back to the command prompt or open it.

ipconfig
Task 3: Create a VPN Shortcut on the Windows 7 Desktop

In this task, you will create a VPN shortcut on the Windows 7 desktop.
1. Click the Network icon in the lower-right corner of the screen, and then click the Network and
Sharing Center link to navigate to the Networking and Sharing center.
2. Click the Change Adapter Settings link.
3. Right-click Corporate VPN Connection and select the Create Shortcut option.
4. Select Yes in the Windows cant create a shortcut here dialog box to create the shortcut on
the desktop.
5. Close the Network and Sharing Center and any other open windows.
6. Do you see the Corporate VPN Connection shortcut on your desktop?
Exercise 3: Creating an Incoming VPN Connection on

Windows 7
Windows 7 has the ability to provide a single inbound VPN server connection. This could allow a
home user to connect securely to their computer at home over the Internet while they are traveling.
In this exercise, you will configure an incoming Windows 7 VPN connection.
Task 1: Create the Incoming VPN Connection

In this task, you will create the incoming VPN connection
2. Click the Network icon in the lower-right corner of the screen and click the Open Network and
3. Click the Change Adapter Settings link.
4. Press the ALT key on the keyboard.
5. Click File, New Incoming Connection.
6. Select Jane as the user who may connect to the computer.
7. If Jane is not present, click the Add Someone button, type Jane in the User Name text box, and
then type TrustM3 in the Password and Confirm Password text boxes.
8. Click Next.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
9. Select the Through the Internet check box, and then click Next.
10. Click the Allow Access button, and then click Close.
11. You should now see Incoming Connections listed.
Task 2: Test the VPN Connection

In this task, you will test the incoming VPN connection.
3. Click the Set up a new connection or network link.
4. Select the Connect to a Workplace option, and then click Next.
5. Click the Use my Internet connection (VPN) option.
6. Click the I'll set up an Internet connection later option.
7. Type Kilo in the Internet address text box, type VPN Connection to Kilo in the Destination
name text box, and then click Next.
8. Type Jane in the User name text box and TrustM3 in the Password text box.
9. Select Remember this Password, and then click the Create button.
10. Click Close.
11. In the Network and Sharing Center, click the Connect to a network link.
12. Select the VPN Connection to Kilo, and then click the Connect button.
13. Type TrustM3 in the Password text box, and then select the Save this User Name and
Password for the Following Users check box.
14. Click the Connect button.
15. Click Start, type cmd in the Search box, and then press ENTER to open the command prompt.

ipconfig
18. When you finish testing the VPN Connection, click the Network icon in the lower-right corner of
the screen, select VPN Connection to Kilo, and then click the Disconnect button.
19. Close the Network and Sharing Center and any other open windows.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 4: Creating an RDP Connection to Server 2008

Windows Server 2008 R2 provides two RDP sessions for administrative use. These remote
sessions can facilitate remote administration from most operating systems. In this exercise, you
will create an RDP connection to the Windows Server 2008 R2 server.
Task 1: Configure the Windows Server 2008 R2 to Accept RDP

Connections
In this task, you will configure the Windows Server 2008 R2 server to accept RDP connections.
1. Switch to the Alpha VM and log on as Administrator with a password of TrustM3.
3. Click the Remote settings link.
4. Select the Allow connections from computers running any version of remote desktop option,
and then click OK. (The option may already be selected.)
Task 2: Connect to the Alpha VM with RDP

In this task, you will connect to the Windows Server 2008 R2 server via remote desktop.

2. Click Start, All Programs, Accessories, and Remote Desktop Connection.
3. Click Options in the Remote Desktop Connection dialog box.
4. Type Alpha.hq.local in the Computer text box.
5. Type Quirk in the User Name text box.
6. Select the Allow me to save credentials check box.
7. Click the Display tab.
8. Slide the slider to 800 600 under Display configuration.

9. In the drop-down list, select High Color (16 bit) in the Colors section.
10. Click the Local Resources tab.
11. Click the More button under Local devices and resources section.
12. Click the + (plus) sign next to Drives.
13. Select the Local Disk (C:) and the Drives that I plug in later check boxes, and then click OK.
14. Click the Experience tab.
15. In the Choose your connection speed to optimize performance drop-down list, select LAN (10
Mbps or higher).
16. What happened to the Allow the Following choices option when you selected the highest setting
for connection speed? If you did not notice the changes, go back and decrease the connection
speed, and then increase it again to see the changes that occur.
L8-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
17. Click the Advanced tab.

18. In the If server authentication fails drop-down list, make sure the Warn me option is selected.
19. Click the General tab, and then click the Save As button.
20. Save this custom .RDP (Remote Desktop Protocol) connection object in the Documents library. If
you are not already there, navigate to the Documents library and type Corporate Server RDP
Connection in the File name text box.
21. Click Save.
22. Click the red X in the top right corner of the Remote Desktop Connection you just created and
saved to the Documents library. (Do NOT connect now.)
Task 3: Connect to the RDP Server

In this task, you will connect to the Alpha VM.
1. Make sure you are logged on to the Alpha VM as Administrator@hq.local with a password
of TrustM3.
2. Wait for the desktop to appear.
3. Bring up the Kilo VM and position it side-by-side with the Alpha VM.

6. Click Documents under Libraries.
7. Double-click the Corporate Server RDP Connection.

8. Click Connect if you are presented with a Remote Desktop warning that asks you to verify the
unknown publisher.
9. Enter your hq.local password (TrustM3), if asked, and click OK.
10. What happened to the Alpha VM session after you successfully connected?
11. Are you remote controlling the Alpha VM or is this a unique session?
12. Explore what the connection actually provided in terms of local resources. On the Alpha VM
Remote Desktop, adjust the windows sliders so that you can see the Start button.
Administering
Globalthis content.
TrainingContent
TechSherpas
14. Find Computer in the left section of the window.

15. How many C drives do you see? What are they?
16. When you have finished exploring, click Start, Logoff.
Exercise 5: Creating an RDP Connection to another Windows 7

Host
Windows 7 provides a single incoming RDP connection capability. This can be very useful when
a user is traveling and needs to access programs or data that reside only on the desktop at work or
home. In this exercise, you will create an RDP connection to the Kilo VM.
Task 1: Configure the Kilo VM to Accept RDP Connections

In this task, you will configure the Kilo VM to accept connections via remote desktop.

3. Click the Remote settings link.
4. Select the Allow connections from computers running any version of remote desktop option,
and then click OK. (The option may already be selected.)
Task 2: Connect to the Host Kilo VM with RDP

In this task, you will connect to the host Kilo VM via remote desktop.
2. Click Start, All Programs, Accessories, and Remote Desktop Connection.
3. Click Options in the Remote Desktop Connection dialog box.
4. Type Kilo in the Computer text box.
5. Type Administrator@hq.local in the User Name text box.
6. Click the Allow me to save credentials check box.
7. Click the Display tab.
8. Slide the slider to 800 600 in the Display configuration section.
9. In the drop-down list, select High Color (16 bit) in the Colors section.
10. Click the Local Resources tab.
11. Click the More button under the Local devices and resources section.
12. Click the + next to Drives.

13. Select the Local Disk (C:) and the Drives that I plug in later check boxes.
14. Click OK.
L8-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
15. Click the Experience tab.

16. In the Choose your connection speed to optimize performance drop-down list, select LAN (10
Mbps or higher).
17. Select the Advanced tab.
18. In the If server authentication fails drop-down list, make sure the Warn me option is selected.
19. Click the General tab, and then click the Save As button.
20. Save this custom .RDP (Remote Desktop Protocol) connection object in the Documents library. If
you are not already there, navigate to the Documents library and type Kilo RDP Connection in
the File Name text box.
21. Click Save.
22. Click the red X in the top right corner of the Remote Desktop Connection you just created and
saved to the Documents library. (Do NOT connect now.)
Task 3: Connect to the Windows 7 RDP Server

In this task, you will connect to the Kilo VM.
1. Make sure you are logged on to the Kilo VM as Administrator@hq.local with a password
of TrustM3.
2. Wait for your desktop to appear.
3. Bring up the Lima VM and position it side-by-side with the Kilo VM.
6. Click Documents under Libraries.
7. Double-click the Kilo RDP Connection.
8. Give your consent by clicking Connect if you are presented with a Remote Desktop warning that
asks you to verify the unknown publisher.
9. Enter your password if asked (TrustM3) and click OK.
10. What happened to the Kilo VM session after you successfully connected?
11. What does this tell you about the number of simultaneous sessions that are allowed on a
Windows 7 machine?
Administering
Globalthis content.
TrainingContent
TechSherpas
12. Explore what the connection actually provided in terms of local resources. In the Alpha VM
Remote Desktop, adjust the windows sliders so you can see the Start button.
14. Look in the left section of the window and find Computer.
15. How many C drives do you see there? What are they?
16. When you have finished exploring, click the X button on the tab at the top of the screen to
disconnect the session.
Exercise 6: Configuring Offline Files and Folders

Offline files can be implemented to allow users to function in an offline manner while still
accessing files as if they were still stored on a server. In this exercise, you will configure offline
files and folders.
Task 1: Prepare the Server for Offline Files

In this task, you will prepare files to work on offline.
2. Click the Windows Explorer icon on the taskbar.
3. Navigate to the C drive root.
4. Right-click C and select the New, Folder options.
5. Type SalesPresentations for the folder name, and then press ENTER.
6. Right-click SalesPresentations and select Properties.
7. Click the Sharing tab.
8. Click the Advanced Sharing button.
10. Select Allow - Full Control for the Everyone group, and then click OK.
11. Click the Caching button on the Advanced Sharing dialog box.
12. What is the current offline setting for this folder?

14. Click Close.
15. Open SalesPresentations, right-click inside the empty folder, and then select the New, Text
Document options.
16. Type Q1-Sales.txt, and then press ENTER.
L8-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
17. Open the file and add a few words. (Keep it clean!)
18. Save and close the document.
19. Create a few more documents for Q2, Q3, and Q4.
20. Leave the SalesPresentations folder open.
Task 2: Configure Offline Settings on the Client

In this task, you will configure the offline file settings.
1. Log on to the Kilo VM as Administrator@hq.local with the TrustM3 password.
2. Click Start, type Offline in the Search box, and then select Manage Offline files from the
search results.
3. Click the Enable offline files button, if it is not enabled.
4. Click the Disk usage tab.
5. What is the limit for the size of all offline files?
6. Click the Change Limits button.

7. Change the maximum for offline file space and temporary space to 5 GB (or as close as you can
get to 5 GB) by adjusting the sliders.
8. Click OK.
9. Click the Encryption tab. (Do NOT select the Encrypt button.)
10. What is the benefit of encrypting your offline files and folder? (Select Why should I encrypt my
offline files? to find out.)
11. Can you think of any issues to consider when encrypting the offline files stored on your computer?
Administering
Globalthis content.
TrainingContent
TechSherpas
12. Click the Network tab.

13. Examine the notice regarding slow networks.
14. Click OK.
15. If prompted, click Yes to restart and log back on as Administrator@hq.local with the
TrustM3 password.
Task 3: Make the Files Available Offline

In this task, you will make the files available offline.
1. In the Kilo VM, click the Start button.
2. Type \\Alpha in the Search box, and then press ENTER.
3. Right-click SalesPresentations.
4. Do you see the Always Available Offline option? (Do not select it now. This will make all files in
the folder available offline.)
5. Double-click SalesPresentations.
6. Right-click the Q1-Sales file and select the Always Available Offline option. (The Sync Center
briefly appears and syncs the file. The file size is small and synchronization should not take
much time.)
7. Close all windows and navigate back to the desktop when the preparation of the offline files
is complete.
8. Click Start, type Sync in the Search box, and then select the Sync Center from the search results.
9. Click the View sync results link.
10. What is the result of your synchronization?
11. Close the Sync Center.

12. Close the SalesPresentations folder.
14. Click the Change adapter settings link.
15. Right-click the Local Area Connection and select the Disable option.
16. Click Start, type \\Alpha in the Search box, and then press ENTER. (It may take a few seconds
for the window to appear.)
17. What shares are listed?
L8-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
18. Open the SalesPresentations folder.

19. What files are listed?
20. Open the Q1-Sales file.

21. Add a new line of text, save the file, and then close Notepad.
22. Switch to the Alpha VM.
23. Open Windows Explorer from the taskbar and navigate to the C:\SalesPresentations folder.
24. Open the Q1-Sales file.
25. Do you see the new content? Why not?

27. Click the Network icon in the lower-right corner of the screen and click Open Network and
28. Click the Change adapter settings link.
29. Right-click the Local Area Connection and select the Enable option.
30. Click Start, type \\Alpha in the Search box, and then press ENTER.
32. Open the SalesPresentations folder.

34. Switch to the Alpha VM and open the Q1-Sales file again.
35. Do you see the new content now?
36. When did the synchronization occur?
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 7: Configuring Power Management Options

Windows 7 provides very granular power management options, allowing for the battery life on a
laptop to be extended, and the overall power consumption of a system to be reduced. In this
exercise, you will create a custom Windows 7 power plan.
Task 1: Configure Power Management Options

In this task, you will configure the power management options for Windows 7.
2. Click Start, Control Panel, and Hardware and Sound.
3. Notice the Power Options control panel item. What are the options under the Power
Options link?
4. Click the Power Options link.

5. How many default power plans do you see?
6. Click the down arrow to the right of Show Additional Plans.

7. What plan is listed here?
8. Click the Create a power plan link.

9. Type Lab Power Settings in the Plan name text box, and then click Next.
11. Click the Change Plan Settings link to the right of the Lab Power Settings plan, then click the
Change Advanced Power Settings link.
12. Expand the Hard Disk section.
13. What is the default setting for turning off the hard disk?
14. Expand the Power buttons and lid section.

15. What is the default Power button action?
L8-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
16. Expand the Display section.

17. What is the default setting for turning off the display?
18. Click the Cancel button to close the Advanced Settings dialog box.
19. Click the Cancel button to return to the Select a power plan window.
20. Select the Balanced (recommended) power plan radio button, then close the Power
Options window.
Note
Since Virtual Machines do not have direct access to the physical
hardware, you will not see all the power management options that
would be available on a physical machine.
Task 2: Explore Group Policy Power Management Options

In this task, you will explore the power management options available through Group Policy.

2. Click Start, Administrative Tools, and Group Policy Management.
3. Expand the hq.local, Accounts, Sales node.
4. Right-click the Sales OU and select the Create a GPO in this domain, and link it here option.
5. Type Power Options Laptops for the Group Policy name.
6. Leave the Source Starter GPO settings as (none), and then click OK.
7. Right-click the Power Options Laptops policy and click the Edit option.
8. Expand the Group Policy Management Editor window.
9. Expand the Computer Configuration, Policies, Administrative Templates, System, and
Power Management node.
10. Double-click Select an Active Power Plan GPO from the list.
11. Click the Enabled option.
12. In the Active Power Plan drop-down list under Options, select Power Saver, and then click OK.
13. Double-click the Video and Display Settings folder.
14. Double-click Turn off the display (Plugged In).
15. Click the Enable option.
Administering
Globalthis content.
TrainingContent
TechSherpas
16. Type 120 in the Turn Off the Display (seconds) text box under Options, and then click OK.
18. Close the Group Policy Management utility.
L8-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Configuring a VPN Server on Windows

Server 2008 R2
Task 1: Install the Routing and Remote Access Components
3. Do you see the Network Policy and Access Services role listed?
Answers will vary.
10. Which two role services were automatically chosen?
Remote Access Service and Routing
Task 3: Enable a User Account for Remote Access

5. What is the default dial in setting?
Control access through NPS Network Policy
Exercise 2: Creating a VPN Connection with Windows 7

Task 2: Establish the VPN Connection
4. Write the IPv4 addresses you see:
Answers will vary.
11. Did you connect successfully?
Yes.
You should now see an additional IP address for the VPN connection.
17. Do you see the VPN connection listed under View your active networks?
Yes.
Answers will vary.
Task 3: Create a VPN Shortcut on the Windows 7 Desktop

6. Do you see the Corporate VPN Connection shortcut on your desktop?
Answers will vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 3: Creating an incoming VPN Connection on

Windows 7
Task 2: Test the VPN Connection
Answers will vary.
Exercise 4: Creating an RDP Connection to Server 2008

Task 2: Connect to the Alpha VM with RDP
16. What happened to the Allow the Following choices option when you selected the highest setting
for connection speed? If you did not notice the changes, go back and decrease the connection
speed, and then increase it again to see the changes that occur.
All of the experience options will be selected automatically.
Task 3: Connect to the RDP Server

10. What happened to the Alpha VM session after you successfully connected?
Nothing. The RDP session is connected as the Quirk user and is another desktop session on
the same server.
11. Are you remote controlling the Alpha VM or is this a unique session?
This is a unique session.
15. How many C drives do you see? What are they?
You will see one C drive for the server, and one C drive from the RDP client.
Exercise 5: Creating an RDP Connection to another Windows 7

Host
Task 3: Connect to the Windows 7 RDP Server
10. What happened to the Kilo VM session after you successfully connected?
The Kilo desktop will switch to a locked console.
11. What does this tell you about the number of simultaneous sessions that are allowed on a
Windows 7 machine?
Windows 7 only supports one session at a time.
15. How many C drives do you see there? What are they?
You will see one C drive for the remote machine, and one C drive from the RDP client.
L8-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 6: Configuring Offline Files and Folders

Task 1: Prepare the Server for Offline Files
12. What is the current offline setting for this folder?
You will see one C drive for the remote machine, and one C drive from the RDP client.
Task 2: Configure Offline Settings on the Client

5. What is the limit for the size of all offline files?
Answers will vary.
10. What is the benefit of encrypting your offline files and folder? (Select Why should I encrypt my
offline files? to find out.)
Because you may be traveling around with cached files that contain sensitive data.
11. Can you think of any issues to consider when encrypting the offline files stored on your computer?
The encryption process could impact performance, and if your EFS keys are lost, you will
have to perform EFS recovery to open the content of the files.
Task 3: Make the Files Available Offline

4. Do you see the Always Available Offline option? (Do not select it now. This will make all files in
the folder available offline.)
Yes.
10. What is the result of your synchronization?
It should have been successful.
Answers will vary.
Answers will vary.
25. Do you see the new content? Why not?
No. Because the network is currently offline.
Answers will vary.
Answers will vary.
35. Do you see the new content now?
Yes. The network is now online and synchronization has occurred.
36. When did the synchronization occur?
Answers will vary.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 7: Configuring Power Management Options

Task 1: Configure Power Management Options
3. Notice the Power Options control panel item. What are the options under the Power Options
link?
Change power-saving settings, Change what the power buttons do, Require a password
when the computer wakes, Change when the computer sleeps, and Choose a power plan.
5. How many default power plans do you see?
Two, Balanced and Power Saver
7. What plan is listed here?
High Performance
13. What is the default setting for turning off the hard disk?
20 minutes
15. What is the default Power button action?
Shut down
17. What is the default setting for turning off the display?
10 minutes
L8-24
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L9
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Use the Disk Management snap-in to create and manage volumes

Work with the VHD mount capability of Windows 7
Manage and configure NTFS permissions
Use Share permissions to secure files
Check effective permissions
Use EFS to secure files
Lab Overview
In this lab, you will create and manage Windows file systems. You will manage NTFS and share
permissions and use EFS to secure files. You will also use the native VHD mount capability of
Windows 7 to mount a VHD file as a drive letter in Windows.

Kilo (Windows 7)
Lima (Windows 7)

30 minutes

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites

1. From the desktop, open the LabVMs folder or shortcut. (If the shortcut is unavailable, click Start,
Administrative Tools, and Hyper-V Manager.)
final time.)
hq.local domain.)
hq.local domain.)

E:\LabFiles.


Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Managing Volumes and File Systems

The Windows 7 Disk Management tool now supports limited expanding and shrinking of
volumes, even on a basic disk under certain circumstances. In this exercise, you will create
volumes and explore some of the limitations of these new capabilities.
Task 1: Use the Disk Management Tool

In this task, you will shrink and extend volumes, as well as create a simple volume.
1. Log on to the Kilo VM as Administrator@hq.local with a password of TrustM3.
2. Click Start, right-click Computer, and then select the Manage option.
3. In the left section of the window, select the Storage, Disk Management option.
4. If you are prompted to initialize disks, click OK. (This is only an identifier, not a format.)
5. What type of disk is Disk 0? (Basic or dynamic? Keep this in mind as you go through the
following steps.)
6. Right-click the C volume on Disk 0, and then select the Shrink Volume option.
7. Type 60000 in the Enter the amount of space to shrink in MB text box, and then click the
Shrink button. (This is a dynamic shrink and does not require a reboot.)
8. On Disk 0, right-click the Unallocated space, and then select the New Simple Volume option.
9. Click Next on the welcome screen.
10. Type 20000 in the Simple volume size in MB text box (do not use a comma), and then
click Next.
11. Choose F as the drive letter, and then click Next.
12. Select the Perform a quick format check box, and then click Next.
13. Click the Finish button to create the new volume.
14. What kind of partition is F? (Primary or logical drive?)
15. Create another volume of 10000 MB using G as the drive letter.

16. What kind of partition is G? (Primary or logical drive?)

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
17. Did you have to choose the partition type when you created them?
18. Right-click the G volume and notice the Extend volume and Shrink volume options.
19. Which volumes can you shrink?
20. Which volumes can you extend?
21. Right-click the G volume, select the Extend volume option, and then click Next.
22. Type 10000 in the Select the amount of space in MB text box to extend the volume, and then
click Next.
23. Click the Finish button to extend the volume.
24. Right-click the F volume, and then select the Shrink volume option.
25. Type 5000 in the Enter the amount of space to shrink in MB text box, and then click the
Shrink button. (Notice the gap of unallocated space that appears between F and G.)
26. Did you have to convert to dynamic disk in order to perform these operations?
27. Do you think it would be a good idea to shrink a volume that has another volume after it?
28. With a basic disk, does it appear possible to extend anything but the last volume?
Task 2: Create a Spanned Volume

In this task, you will create a spanned volume.
1. Right-click the Unallocated space on Disk 1 (Not Disk 0).
2. What options do you see for creating volumes?
3. Select the New Spanned Volume option, and then click Next.
Administering
Globalthis content.
TrainingContent
TechSherpas
4. Choose the Disk 2 option from the left, and then click the Add button.
5. What is the total volume size that will be created?
6. Click Next.
7. Choose H as the drive letter, and then click Next.
8. Ensure that NTFS is the selected File system.
9. Also, ensure the Perform a quick format check box is selected.
10. Click Next, and then click the Finish button.
11. Click Yes to convert the disks to dynamic.
12. When the formatting is complete, examine the H volume.
13. What disks are being occupied by the H volume?
14. Are equal amounts of space being used from each disk?
15. Right-click the H volume.

16. Do you have the ability to extend or shrink this volume?
17. Select the Delete Volume option, and then click Yes to confirm.
Task 3: Create a Striped Volume

In this task, you will create a striped volume
1. Right-click the Unallocated space on Disk 1, select the New Striped Volume option, and then
click Next.
2. Choose the Disk 2 option from the left, and then click the Add button.
4. Click Next.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
7. Ensure the Perform a quick format check box is selected.



15. Select the Delete Volume option, and then click Yes to confirm.
Task 4: Create a Mirrored Volume

In this task, you will create a mirrored volume.
1. Right-click the Unallocated space on Disk 1,select the New Mirrored Volume option, and then
click Next.
2. Select the Disk 2 option from the left, and then click the Add button.
3. Type 10000 in the Select the amount of space in MB text box.
4. After typing 10000, notice how both the amount of space taken from each disk and the total
volume size change.
5. Click Next.

8. Ensure the Perform a Quick Format check box is selected.
Administering
Globalthis content.
TrainingContent
TechSherpas


17. What is the total size of the H volume?
18. Right-click H, select Delete Volume, and then click Yes.
Exercise 2: Using Windows 7 to Create a VHD File

In this exercise, you will use Windows 7 to create a VHD file.
Task 1: Create a VHD File

In this task, you will create VHD files.

3. Maximize the Computer Management window.
4. In the left section of the window, double-click Disk Management to display the current disks
and volumes.
5. How large is the C volume that is listed?
6. Right-click Disk Management.

7. What options do you see that relate to VHD files?
8. Select the Create VHD option.

9. Click the Browse button.
10. Navigate to the C root.

Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
11. Click the New Folder button, and then type VHD for the folder name.
12. Double-click the VHD folder to open it.
13. Type DiskOne.vhd.in the File name text box, and then click the Save button.
14. Select the Dynamically expanding option.

15. Type 200 in the Virtual hard disk size text box, and then select GB from the drop-down list.
16. Click OK. (The VHD mounting appears in the list of available disks.)
17. What is the status of the new disk?
18. Right-click the newly created VHD-based disk (Disk 3), select the Initialize Disk option, and then
click OK.
19. Right-click the Unallocated space area next to Disk 3, select the New Simple Volume option, and
then click Next.
20. Leave the default amount of space as is, and then click Next.
21. Choose drive letter V, and then click Next.

22. Leave the default formatting options, and then click Next.
24. Right-click Disk 3, and then select the Explore option. (You should see an empty V drive.)
25. Navigate to C:\VHD.
26. How large is the DiskOne.vhd file?
27. Navigate to D:\LabFiles\Install.

28. Hold the CTRL key, and then select a few files totaling no more than 100 MB.
29. Right-click one of the files, and then select the Copy option.
30. Navigate back to the V drive, right-click in the empty area, and then select Paste.
31. After the files have been copied, navigate back to the C:\VHD folder.
32. How large is the DiskOne.vhd file now?
33. Switch back to the Disk Management tool.

34. Right-click Disk 3, select Detach VHD, and then click OK.
35. Close Computer Management and any other open windows.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 3: Managing NTFS Permissions

In this exercise, you will use NTFS permissions to protect files that are stored on the local system.
Task 1: Create the Directory Structure

In this task, you will create the folder structure for the Quirk user account.
2. Open Windows Explorer from the taskbar, and then navigate to drive C.
3. Click the New Folder button at the root of drive C to create the following folder structure:
C:\Customers
C:\SpreadSheets
Task 2: Set NTFS Permissions

In this task, you will assign add users to the ACL list.
1. Right-click the Customers folder, and then select Properties.
2. Click the Security tab.
3. Which users and groups are currently on the ACL and what permissions do they have?
Note
Normal users should not be allowed access to the
Customers folder. The following will become the ACL.
(Only these entries should be on the list. The steps that
follow will show you how to achieve this.)
Creator Owner Full control
System Full control
Administrators Full control
Sales Admins Full control
Sales Users Read & Execute
List folder contents
Read
Write
L9-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
4. How could this goal be accomplished?
5. Click the Edit button, highlight the Users group, and then click the Remove button. (Read the
message that appears thoroughly.)
6. Why were you not successful?
7. Click OK.
8. Can you remove the grey check boxes for the permissions assigned to the Users group?
9. Can you select the Deny Full Control check box for the Users group?
Note
Most users, including administrators, are also members of the Users
group. If you select the Deny Full Control check box for the Users
group, you would be denying access to yourself as well as to the Sales
Admins and Sales Users groups.
10. Click the Cancel button to return to the Security tab.

11. Click the Advanced button, and then click the Change Permissions button on the Advanced
Security Settings screen.
12. Notice the Include inheritable permissions check box. Clear it.
13. Click the Add button in the warning dialog box that appears. (This will prevent you from having
to add back the permissions you do want to preserve.)
14. Click OK, and then click OK again to return to the Security tab.
15. Now click the Edit button again. Do you see any differences in this window?
Administering
Globalthis content.
TrainingContent
TechSherpas
16. How do the existing permission check boxes appear for the Users group now?
17. Select the Authenticated Users group, and then click the Remove button.
18. Select the Users group, and then click the Remove button.
19. Were you successful this time?
20. Click the Add button, and then click the Locations button. (The users you want are in the hq.local
domain. You need to know how to change the focus when you are in a multi-domain environment
or when you are sitting at a member server or workstation.)
21. Select hq.local in the Locations window, and then click OK.
22. Type sales ad; sales us; creator owner in the Enter the object name to select text box, and then
click OK. (You will find the closest matches to the semicolon separated list. Notice that you did
not have to fully spell out each group name.)
23. Select the Creator Owner group, and then select the Allow Full Control check box.
24. Select the Sales Admins group, and then select the Allow Full Control check box.
25. Select the Sales Users group, and then select the Allow Read & Execute, Allow List Folder
Contents, Allow Read, and Allow Write check boxes.
26. Click OK when you are done, and then click OK again to save the changes.
27. On your own, set the ACL for the SpreadSheets folder to look like the list that follows.
(Remember to remove inheritance before you can remove the Users group.)
CREATOR OWNER Full control
SYSTEM Full control
Administrators Full control
Sales Users Full control
Help Desk Deny Full Control
28. Based on these permissions, will a person who is a member of both the Help Desk group and the
Domain Admins group be able to access the Management folder?
(He or she should not be able to because the Deny permission always takes precedence.)
L9-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 4: Managing Share Permissions

In this exercise, you will use Share permissions to protect files that are stored in a common
location on a file server.
Task 1: Share the Folders

In this task, you will assign Share permissions for shared folders.
2. Open Windows Explorer from the taskbar, and then navigate to the C root.

5. Select the Share this folder check box, and then click the Permissions button.
6. Who is currently on this list and what are his or her permissions?
7. How are these permissions different from the NTFS permissions?
8. Do these permissions apply to someone who is sitting at the computer where the folder exists?
9. Select the Allow Full Control check box for the Everyone group.
10. Why should you not be concerned about securing this more thoroughly?
11. Click OK, click OK again, and then click Close to save the changes.
Administering
Globalthis content.
TrainingContent
TechSherpas
Note
Once the share has been created, you will not see the traditional
sharing indicator on the folder. Click the folder and look at the
bottom of the Windows Explorer interface to see the sharing status
of the folder.
12. Share the SpreadSheets folder using the same settings.

13. Navigate to the C:\Customers folder in Windows Explorer and open it.
14. Right-click the empty folder, and then select the New, Text Document options.
15. Name the file SouthEastRegion.txt, and then press ENTER.
16. Open the file and create a few lines of text. (Keep it clean!) Save and close the file.
17. Create another file called NorthEastRegion.txt, and add some text to it.
18. Open the SpreadSheets folder and create two files with text called SouthEast Sales.txt and
NorthEast Sales.txt.
Task 2: Test the Permissions

In this task, you will test the permission created previously.
1. Log on to the Lima VM with the Quirk user account and the password TrustM3.
2. Click Start, in the Search box type \\kilo.hq.local, and then press ENTER. You should now see a
list of shared folders.
3. Open the Customers share.
4. Navigate around the folders and see what you can access.
Can you modify any files?
Can you create new files?
Can you delete existing files?
5. Open the SpreadSheets share.

L9-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Note
The answer should be yes to all of these questions since Quirk is a
member of the Domain Admins group.
7. Now try logging on to the Lima VM as MackOy and attempt to access the Customers and the
SpreadSheets shares.
Can MackOy delete existing files and create new files in Customers?
Can MackOy delete existing files and create new files in SpreadSheets?
Helpful Hint
MackOy is a member of the Sales Admins group but is not a member
of Sales Users.
Does it appear that with these share permissions MackOy can do more than what he was allowed
with the NTFS permissions?
8. Now try logging on to the Lima VM as CheckOff and attempt to access the Customers and the
Can CheckOff delete existing files and create new files in Customers?
Administering
Globalthis content.
TrainingContent
TechSherpas
Can CheckOff delete existing files and create new files in SpreadSheets?
Helpful Hint
CheckOff is a member of the Sales Users group but is not a member
of Sales Admins.
Does it appear that with these share permissions CheckOff can do more than what he was allowed
with the NTFS permissions?
9. Now try logging on to the Lima VM as Scooty and attempt to access the Customers and the
Can Scooty delete existing files and create new files in Customers?
Can Scooty delete existing files and create new files in SpreadSheets?
Helpful Hint
Scooty is a member of the Eng Admins group but is not a member of
Sales Users or Sales Admins.
Does it appear that the share permissions allow Scooty to do more than what the NTFS
permissions allowed?
L9-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 5: Calculating Effective Permissions

In this exercise, you will use tools to calculate the effective permissions that a user has in a folder
or file.
Task 1: Check Effective Permissions

In this task, you will check the effective permissions for specific users.
1. In the Kilo VM, open Windows Explorer, and then navigate to the C volume.
3. Click the Security tab, and then click the Advanced button.
4. Click the Effective Permissions button.
5. Click the Select button, type Quirk in the Enter the object name to select text box, and then
click OK.
6. What are the resulting permissions?
7. Click the Select button, type MackOy in the Enter the object name to select text box, and then
click OK.
9. Click the Select button, type Scooty in the Enter the object name to select text box, and then
click OK.
Administering
Globalthis content.
TrainingContent
TechSherpas
11. Click the Select button, type Sales Users in the Enter the object name to select text box, and
then click OK.
13. Try a few other user and group names to see the different effective permissions.
14. Click the Cancel button twice to close the security dialog when you are finished.
Exercise 6: Using EFS to Secure Data

NTFS permissions are the best way to secure folders that reside on a server in a locked down
facility. However, NTFS does not protect against unauthorized access of files that are stored in a
physically vulnerable location like a laptop hard disk. For those situations, EFS is the best answer.
Task 1: Demonstrate NTFS Vulnerabilities

In this task, you will demonstrate the NTFS security risks when files are located in an unsecure
location.

2. Open Windows Explorer, and then navigate to the C root.
3. Make sure you have a Customers folder and that it contains a few text files. (If not, create the
folder and the files now.)
4. Click Media, DVD Drive, and Insert Disk at the top of the Virtual Machine Connection window.
5. Navigate to the C:\LabFiles\ISO folder, and then select the Win-7.iso file.
6. Click the Open button.
7. Close the Autoplay dialog box that appears.
L9-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Click Start, click the right arrow next to Shutdown, and then select the Restart option.
9. Click Yes to confirm restart.
10. Quickly click inside the VM window as it is restarting. Press a key when prompted to boot from
the CD/DVD.
11. Wait for the Install Windows screen to appear with the language selection.
12. Press SHIFT+F10 on the keyboard simultaneously to open a command prompt.
13. Type the following commands, and then press ENTER after each. (If you cannot locate customers
on C, try using another drive letter, such as D, E or F.)
C:
cd customers

dir
15. Do you see the files you created earlier?
16. Type the name of one of your files, and then press ENTER.
17. Does the file open?
18. Make a change to the file and save it.

19. Were you successful?
20. If someone stole your laptop, would the NTFS permissions you established prevent unauthorized
access?
21. Click the Action, Reset menu option in the Virtual Machine Connection window.
22. Click the Reset button to confirm.
23. This time, boot normally. (Do not boot from the DVD.)
Task 2: Enable EFS on a Folder

In this task, you will create a folder and secure it with EFS.
1. Log on to the Kilo VM with the CheckOff@hq.local domain with the password of TrustM3.
2. Open Windows Explorer and navigate to the C root.
Administering
Globalthis content.
TrainingContent
TechSherpas
3. Right-click C, and then select the New, Folder options.

4. Type TopSecret for the folder name, press ENTER, and then press ENTER again.
5. Right-click the empty area in the TopSecret folder and select the New, Text Document options.
6. Type EyesOnly, and then press ENTER.

7. Open the file, add a few lines of legible text to the text file, and then save it.
8. Navigate to C, right-click the TopSecret folder, and then select Properties.
9. Click the Advanced button on the General tab.
10. Select the Encrypt contents to secure data check box in the Advanced Attributes dialog box, and
then click OK.
11. Click OK again on the General tab to save your changes, and then click OK to apply the setting
to this folder, subfolders, and files.
Task 3: Access EFS Encrypted Files

In this task, you will attempt to access a file secured using EFS.
1. Open the TopSecret folder, and then double-click the EyesOnly.txt file.
2. Does it appear encrypted?
3. Add a few words to the file and save it again.

4. Do you need to re-encrypt the file?
(No, the encryption attribute is still on the file, and the re-encryption is transparent.)
5. Log off, and then log on as Administrator@hq.local with a password of TrustM3.

6. Try to open the file.
7. Were you successful? _______________
Why?
Note
The administrator from the domain is the EFS recovery agent, and the
file to be recovered is not stored on the domain controller with the
recovery agent key. Since the file is stored on the Kilo VM, the
recovery agent cannot inherently open the file. It would have to
be moved to the domain controller where the recovery agent key
is located.
L9-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 4: Test EFS Security

In this task, you will test the EFS security.
1. Make sure that the Kilo VM is the currently selected VM and that you are logged on as
Administrator@hq.local with a password of TrustM3.
2. Click Media, DVD Drive, and Insert Disk at the top of the Virtual Machine Connection window.
3. Navigate to the C:\LabFiles\ISO folder, and then select the Win-7.iso file.
4. Click Open.
5. Close the Autoplay dialog box that appears.
6. Click Start, click the right arrow next to Shutdown, and then select the Restart option.
7. Quickly click inside the VM window as it is restarting.
8. Press a key when prompted to boot from the CD/DVD.

9. Wait for the Install Windows screen to appear with the language selection.
10. Press SHIFT+F10 on the keyboard simultaneously to open a command prompt.
11. Type the following commands, and then press ENTER after each. (If you cannot locate TopSecret
on C, try using another drive letter, such as D, E, or F.)
C:
cd TopSecret
12. Type the following and press then ENTER.

dir
13. Do you see the EyesOnly.txt file?
14. Type EyesOnly.txt and press then ENTER.

15. Does the file open? Why not?
16. If someone stole your laptop, would EFS encryption prevent unauthorized access?
17. Click the Action, Reset menu option in the Virtual Machine Connection window.
18. Click the Reset button to confirm.
19. This time, boot normally. (Do not boot from the DVD.)
Administering
Globalthis content.
TrainingContent
TechSherpas
L9-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Managing Volumes and File Systems

Task 1: Use the Disk Management Tool
5. What type of disk is Disk 0? (Basic or dynamic? Keep this in mind as you go through the
following steps.)
Basic
14. What kind of partition is F? (Primary or logical drive?)
Primary
16. What kind of partition is G? (Primary or logical drive?)
It is a logical drive in the extended partition.
17. Did you have to choose the partition type when you created them?
No. Windows 7 no longer asks you what type of partition to create.
19. Which volumes can you shrink?
C, F, and G
20. Which volumes can you extend?
Only G
26. Did you have to convert to dynamic disk in order to perform these operations?
No. Extending a volume can now be performed on Basic disks.
27. Do you think it would be a good idea to shrink a volume that has another volume after it?
Possibly not. This would leave a gap between partitions that may be hard to utilize.
28. With a basic disk, does it appear possible to extend anything but the last volume?
No. Volumes can only be extended when they have contiguous free space immediately
following them.
Task 2: Create a Spanned Volume

2. What options do you see for creating volumes?
New Simple Volume, New Spanned Volume, New Striped Volume, New Mirrored Volume,
and New RAID-5 Volume
Answers will vary.
Disk 1 and Disk 2
Administering
Globalthis content.
TrainingContent
TechSherpas
No. The spanned volume can be created from unequal amounts of space.
Yes.
Task 3: Create a Striped Volume

Answers will vary.
Disk 1 and Disk 2
Yes. A striped volume must be created from equal amounts of space.
No.
Task 4: Create a Mirrored Volume

Disk 1 and Disk 2
Yes.
No.
17. What is the total size of the H volume?
Answers will vary.
Exercise 2: Using Windows 7 to Create a VHD File

Task 1: Create a VHD File
5. How large is the C volume that is listed?
Answers will vary.
7. What options do you see that relate to VHD files?
Create VHD and Attach VHD
17. What is the status of the new disk?
Unknown and Not Initialized
L9-24
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
26. How large is the DiskOne.vhd file?

Answers will vary.
32. How large is the DiskOne.vhd file now?
Answers will vary.
Exercise 3: Managing NTFS Permissions

Task 2: Set NTFS Permissions
3. Which users and groups are currently on the ACL and what permissions do they have?
Answers will vary.
4. How could this goal be accomplished?
You must disable inheritance on the folder so that it can be configured independently of its
parent.
6. Why were you not successful?
Because the entry has been inherited from the parent folder.
8. Can you remove the grey check boxes for the permissions assigned to the Users group?
No.
9. Can you select the Deny Full Control check box for the Users group?
Yes.
15. Now click the Edit button again. Do you see any differences in this window?
Yes.
16. How do the existing permission check boxes appear for the Users group now?
The check boxes are no longer gray.
19. Were you successful this time?
Yes.
28. Based on these permissions, will a person who is a member of both the Help Desk group and the
Domain Admins group be able to access the Management folder?
No.
Exercise 4: Managing Share Permissions

Task 1: Share the Folders
6. Who is currently on this list and what are his or her permissions?
Everyone - Read
7. How are these permissions different from the NTFS permissions?
They are much less detailed.
Administering
Globalthis content.
TrainingContent
TechSherpas
8. Do these permissions apply to someone who is sitting at the computer where the folder exists?
No. These permissions only apply to those who connect to this share via the network.
10. Why should you not be concerned about securing this more thoroughly?
Because the NTFS permissions have been configured to be more secure.
Task 2: Test the Permissions

Yes.
Yes.
Yes.
Yes.
Yes.
Yes.
7. Now try logging on to the Lima VM as MackOy and attempt to access the Customers and the
Can MackOy delete existing files and create new files in Customers?
Yes.
Can MackOy delete existing files and create new files in SpreadSheets?
No.
Does it appear that the share permissions allow MackOy to do more than what the NTFS
No.
L9-26
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. Now try logging on to the Lima VM as CheckOff and attempt to access the Customers and the
Can CheckOff delete existing files and create new files in Customers?
No.
Can CheckOff delete existing files and create new files in SpreadSheets?
Yes.
Does it appear that the share permissions allow CheckOff to do more than what the NTFS
No.
9. Now try logging on to the Lima VM as Scooty and attempt to access the Customers and the
Can Scooty delete existing files and create new files in Customers?
No.
Can Scooty delete existing files and create new files in SpreadSheets?
No.
Does it appear that the share permissions allow Scooty to do more than what the NTFS
No.
Exercise 5: Calculating Effective Permissions

Task 1: Check Effective Permissions
Answers will vary.
Answers will vary.
Answers will vary.
Answers will vary.
Exercise 6: Using EFS to Secure Data

Task 1: Demonstrate NTFS Vulnerabilities
15. Do you see the files you created earlier?
Yes.
17. Does the file open?
Yes.
Administering
Globalthis content.
TrainingContent
TechSherpas

Yes.
20. If someone stole your laptop, would the NTFS permissions you established prevent unauthorized
access?
No.
Task 3: Access EFS Encrypted Files

2. Does it appear encrypted?
It is blue in color which signifies encryption, but does not appear any different in content.
The decryption process is transparent to the user.
4. Do you need to re-encrypt the file?
No. It will automatically encrypt the new content.
No.
Why?
The recovery key is not on the Kilo machine.
Task 4: Test EFS Security

13. Do you see the EyesOnly.txt file?
Yes.
15. Does the file open? Why not?
No. It is encrypted.
16. If someone stole your laptop, would EFS encryption prevent unauthorized access?
Yes.
L9-28
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L10
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Configure UAC
Configure the Windows 7 Firewall
Use BitLocker to Secure Data
Implement Network Access Protection
Lab Overview
In this lab, you will examine some of the advanced options available to secure the Windows 7
operating system. You will configure the UAC system to protect users from malicious software.
You will configure the Windows 7 firewall to prevent unauthorized access over the network. You
will use BitLocker to encrypt data and implement Network Access Protection to ensure that
systems on the network are healthy before they are allowed access.

Alpha (2008 R2)
Kilo (Win 7)
Lima (Win7)

1 hour
L10-2
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
tasks may be skipped if you have already performed them.

final time.)
hq.local domain.)
hq.local domain.)

E:\LabFiles.

Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Configuring UAC

In this exercise, you will configure the UAC prompts and prompt frequency.
Task 1: Configure the Quirk Account

The Quirk account must be a member of the Domain Admins group for some of the lab exercises.
In this task, you will create and assign the Quirk user account.
3. Navigate to hq.local, Accounts, and Management.

4. Double-click the Quirk user, and then click the Member of tab.
5. Click the Add button, type Domain Admins, and then click OK.
6. Click OK to save the changes to Quirk.
Task 2: Configure Standard UAC Settings

In this task, you will review the standard UAC settings.

2. Click Start, Control Panel, and User Accounts.
3. Click User Accounts again.
4. Click the Change User Account Control Settings link. The Choose when to be notified about
changes to your computer window appears.
5. What is the default setting for the tool?
L10-4
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
6. When will the user be prompted based on the default configuration?
7. Slide the slider to the location that would provide the user with the least amount of UAC prompts.
Does Microsoft recommend this configuration?
8. What will the user see in terms of UAC prompts with the selected setting?
9. What is the most informative choice for this tool?
10. Does Microsoft recommend this setting? Why?
Administering
Globalthis content.
TrainingContent
TechSherpas
11. When will the user see the UAC prompts?
12. Click the Cancel button to discard any changes and leave the default settings.
Task 3: Test the Standard UAC Settings

In this task, you will test the UAC settings for different user types.
1. Switch to the Kilo VM and log on as Quirk@hq.local with a password of TrustM3. (If you were
already logged on to the Kilo VM as Quirk, you must log off and log back on again.)
2. Click Start, right-click Computer, and then select the Manage option. (Notice the security shield
next to the Manage option.)
3. Were you prompted to confirm running the tool?
4. Navigate around the Computer Management console. Does it appear fully functional?
5. Close the Computer Management console.

7. Click the Change Settings link under Computer name, domain, and workgroup settings.
9. Close the System Properties dialog box and the System Control Panel.
10. Click Start, type cmd in the Search box, and then click the cmd item in the search results.
11. Type the following, and then press ENTER in the command prompt.
bcdedit
12. What was the result?
L10-6
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas

exit
14. Click Start, and then type cmd in the Search box.
15. Right-click cmd.exe in the search results, and then select the Run As Administrator option.
bcdedit
18. What are the results this time?

logoff
20. Log off the Kilo VM and log back on as Scooty@hq.local with a password of TrustM3.
21. Click Start, right-click Computer, and then select the Manage option. (This time you are
prompted for credentials.)
22. Type Scooty with a password of TrustM3. What are the results?

24. Click the Change Settings link under Computer name, domain, and workgroup settings.
Again, you are prompted for alternate credentials because Scooty is not already an administrator
like Quirk.
25. Click No to abort the process, and then close the System Control Panel.
26. Click Start, type cmd in the Search box, and then click the cmd item in the search results.
27. Type the following, and then press ENTER in the command prompt.
bcdedit

exit
30. Click the Start button, and then type cmd in the Search box.
Administering
Globalthis content.
TrainingContent
TechSherpas
31. Right-click cmd.exe in the search results and select the Run As Administrator option.
32. Are you prompted to simply confirm running the tool this time?
33. Click No to abort the process.
Task 4: Configure UAC Settings with Group Policy

In this task, you will use Group Policy to configure the UAC settings.
3. Navigate to hq.local, Computers.
4. Do you see the Kilo VM listed? If so, right-click Kilo, select the Move option, select hq.local,
Accounts, Sales as the destination, and then click OK. (If you do not see Kilo listed in the
Computers container, look in the Management OU.)
5. Close Active Directory Users and Computers.
6. Click Start, type Group Policy in the Search box, and then select Group Policy Management
from the search results.
7. Navigate to hq.local, Accounts, and Sales.
8. Right-click the Sales OU, and then select the Create a GPO in this domain, and Link it
here option.
9. Type Sales UAC Settings in the Name text box, and then click OK.
10. Right-click Sales UAC Settings, and then select the Edit option.
11. Navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Local
Policies, and Security Options.
12. Scroll down to the bottom in the right section of window to see all the User Account Control
related options.
13. On the title bar at the top of the Local Security Policy window, there is a line between the Policy
column and the Policy Setting column. Drag that line to the right to maximize the Policy column
until all the headings are exposed.
14. Double-click the following policy: User Account Control: Behavior of the elevation prompt
for standard users.
15. What are the options for the elevation prompt?
L10-8
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
16. Is it possible to completely stop standard users from configuring advanced settings on their
computers?
17. Click the Cancel button to close the window.

18. Double-click the following policy: User Account Control: Behavior of the elevation prompt
for administrators in Admin Approval Mode.
19. What are the options for the prompt behavior with this policy?
20. Can administrators in Admin Approval Mode be treated like standard users?
21. Select the Define this policy setting check box.

22. Select Prompt for Consent on the Secure Desktop from the drop-down list, and then click OK.
Note
Setting this option is effectively the same as configuring the Always
Notify option for UAC in Control Panel on the local machine.
23. Double-click the User Account Control: Admin Approval Mode for the Built-in
Administrator account.
24. What are the options for this setting?
25. What would be the impact of enabling this option?
Administering
Globalthis content.
TrainingContent
TechSherpas
26. Which UAC setting can you configure to block standard users from installing applications?
27. Which UAC setting can you configure to only allow applications that have a signing certificate?

29. Close the Group Policy Management Editor but leave the Group Policy Management
Console open.
Task 5: Test UAC Settings Configured with Group Policy

In this task, you will test the UAC settings you configured using Group Policy.

2. Click Start, Control Panel, and User Accounts
4. Click the Change User Account Control Settings link.
5. Ensure the UAC is set to Default - Notify me only when programs try to make changes to my
computer (the second option), and then click OK.
6. Click Start, type cmd in the Search box, and then select the cmd item from the search results.
gpupdate /force
8. Switch back to the User Accounts dialog box when the policy update is complete in the
command prompt.
10. What is the current setting for UAC? (If it has not changed, wait a few minutes and try to run the
gpupdate /force again.)

12. Log off of the Administrator account on the Kilo VM.
13. Log back on to the Kilo VM as Quirk with a password of TrustM3.
L10-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
15. Are you prompted for consent to run the tool?
16. Switch back to the Alpha VM.

17. In the Group Policy Management Console, right-click the Sales UAC Settings policy, and then
clear the Link Enabled option to disable the policy.
18. Click OK if you are prompted to confirm.

20. Click Start, and then type cmd in the Search box.
21. Right-click the cmd item in the search results, and then select the Run As Administrator option.
23. Type the following, and then press ENTER. (If you are prompted to logoff, let gpudate logoff
your account and log on again as Quirk.)
gpupdate /force
24. Click Start, Control Panel, and User Accounts.

27. Click Yes if you are prompted for consent.
28. What is the current UAC setting?
29. Move the slider to the second notch down if it is not already there and click OK to save the
setting. (Click Yes if you are prompted to confirm.)
Exercise 2: Managing the Windows Firewall with Advanced

Security
In this exercise, you will explore the functionality of the Windows Firewall with
Advanced Security.
Task 1: Configure Firewall Settings with the Windows Firewall

Console
In this task, you will configure firewall settings with the Windows Firewall Console.
1. Log on to the Kilo VM as Administrator@hq.local with password of TrustM3, and then open
the command prompt.
2. Type the following, and then press ENTER. (This will completely disable the Windows Firewall.)
Administering
by code 5a2bccb2-c5fd-4faf-8aa1-147b13239c22, and provided to you by TechSherpas. It is L10-11
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
4. Run the same command on the Lima VM.

5. On the Kilo VM, click Start, type mmc.exe in the Search box, and then press ENTER.
6. Click File, Add, and Remove Snap-in.
7. Select Windows Firewall with Advanced Security in the list of available snap-ins, and then click
the Add button.
8. Select the Local Computer option, and then click the Finish button.
9. Click the Add button again, select the Another Computer option, type Lima.hq.local, and then
click the Finish button.
10. Click OK when you have finished adding the connections.
11. Click File, Save to save the console as Firewall Admin to the Desktop folder.
12. Navigate to the Windows Firewall with Advanced Security on Local Computer,
Inbound Rules.
13. Scroll down to the bottom of the list and find all of the Windows Firewall Remote
Management entries.
14. Right-click each entry and select the Enable Rule option if it is not already enabled.
15. Navigate to the settings for the Windows Firewall with Advanced Security on Lima,
Inbound Rules.
16. Scroll down to the bottom of the list and find all of the Windows Firewall Remote
Management entries.
17. Right-click each entry and select the Enable Rule option if it is not already enabled.
18. Keep the Windows Firewall with Advanced Security on Lima selected.
19. Scroll to the right in the list of available rules until you see the Protocol column.
20. Click the Protocol column header to sort by protocol.
21. Scroll through the list of protocols until you find the ICMPv4 and ICMPv6 protocol types.
22. Right-click and Disable all of the ICMPv4 and ICMPv6 related rules.
23. Open a command prompt on the Kilo VM, type the following, and then press ENTER.
ping t 4 Lima
24. Why is the ping successful?
25. Open the command prompt on the Lima VM.

26. Type the following command, and then press ENTER. (This will enable the firewall minus
any exceptions.)
netsh advfirewall set allprofiles state on
L10-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
27. Switch to the Kilo VM after running this command and check the ping that is running against the
Lima VM.
28. Is it still working?
29. Press CTRL+C to stop the continuous ping in the command prompt on the Kilo VM.
30. Switch back to the Kilo VM and browse through the list of enabled rules for the Kilo and Lima
VMs in the firewall.
31. Click the Name column header to sort by name instead of protocol type. Notice that while many
rules are enabled, a large number of them are not.
32. Enable the following inbound rules on both the Kilo and Lima VMs if the service is present.
(Some may have multiple entries. Enable all of them. If any of these items is not present, skip
them.) Now most of the management tools will work remotely against the Kilo and Alpha VMs.
Network Discovery
Performance Logs and Alerts
Remote Assistance
Remote Desktop
Remote Event Log Management
Remote Scheduled Tasks Management
Remote Service Management
Remote Volume Management
Windows Remote Management
33. On the Kilo VM, click Start, right-click Computer, and then select the Manage option.
34. Right-click Computer Management (Local), and then select the Connect to another
computer option.
35. Type Lima, and then click OK.
36. Explore the Computer Management Console and see which options work properly.
37. When you finish, open the command prompt on the Kilo VM and type the following:
38. Run the above command in the command prompt on the Lima VMs as well.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Exercise 3: Using BitLocker To Go

In this exercise, you will use the Windows 7 BitLocker To Go feature. In the virtual machine
environment, you cannot fully encrypt the hard disks of the Windows 7 system due to the fact that
VMs do not have direct access to the TPM hardware. However, you can simulate using BitLocker
To Go on a UFD by mounting a VHD file in the Disk Management tool.
Task 1: Prepare the Test Disk

In this task, you will prepare the VHD to simulate a UFD.
3. Maximize the Computer Management window.
4. Select Disk Management to display the current disks and volumes.
5. Right-click Disk Management, and then select the Create VHD option.
7. Navigate to the C root.
8. Click the New Folder button and type VHD for the folder name. (This folder may already exist
from a previous lab.)
9. Double-click the VHD folder to open it.
10. Type UFD-One.vhd for the file name and click Save.
11. Click the Dynamically Expanding option.
12. Type 1024 in the Virtual hard disk size text box, ensure that MB is selected in the drop-down
list, and then click OK. (The VHD mounting now appears in the list of available disks.)
13. Right-click the newly created VHD-based disk, select the Initialize Disk option, and then
click OK.
14. Right-click the Unallocated area next to the new disk, select the New Simple Volume option, and
then click Next.
15. Leave the default amount of space selected and click Next.
16. Choose drive letter U and click Next.
17. Leave the default formatting options and click Next.

19. Right-click the new volume and select Explore. (You should see an empty U drive.)
20. Navigate to E:\LabFiles.
21. Right-click the Scripts folder, and then select Copy.
22. Navigate back to the U drive, right-click in the empty area, and then select the Paste option.
L10-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Encrypt the Removable Disk

In this task, you will use the VHD to simulate the encryption of a UFD.
1. In Windows Explorer, right-click the U drive, and then select the Turn on BitLocker option.
2. Select the Use a password to unlock the drive check box.
3. Type Password123 in the Type your password and the Retype your password text boxes, and
then click Next.
4. Click Save the recovery key to a file, and then click Save.
5. Click Yes to the confirmation prompt, and then click Next.
6 Click the Start Encrypting button, and then click Close when the encryption is complete.
7. Navigate to the U drive in Windows Explorer.
8. Can you see the Scripts folder?
9. Do the files and directories appear any different?
10. Can you open the ReadMe file in the Scripts folder?
Task 3: Simulate Removal and Reinsertion of the Disk

In this task, you will use the VHD to simulate the removal and reinsertion of a UFD.
1. Switch back to the Disk Management tool.

2. Right-click the VHD based disk (Disk 3),select the Detach VHD option, and then click OK.
3. After the disk is detached, right-click Disk Management again, and then select the Attach
VHD option.
4. Click Browse, navigate to the C:\VHD folder, and then select the UFD-One.vhd file.
5. Click the Open button, and then click OK to mount the file. Notice that behind the Computer
Management Console, the system performs an AutoPlay, and the BitLocker unlock dialog
box appears.
6. Switch to the BitLocker unlock dialog box and click the Cancel button on the unlock screen.
7. Switch to Windows Explorer and navigate to the U drive.
8. What happens when you click the U drive?
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
9. Right-click the U drive, and then select the Unlock Drive option.
10. Type Password123 for the password, and then click the Unlock button.
11. Click Open Folder to View Files.
12. Open the Scripts folder.

13. Can you open the Readme file and view its content?
14. When you finish exploring the encrypted disk, switch back to the Disk Management tool.
15. Right-click VHD based disk (Disk 3), select the Detach VHD option, and then click OK.
Exercise 4: *Bonus* Installing and Configuring Network Access

Protection
This is an optional lab. If you finish the other exercises and have extra time, you can do this lab.
In this lab, you will install and configure the NAP services to restrict access to the network.
You will use the DHCP form of NAP in this demonstration since it does not require any
specialized hardware.
Task 1: Install the NPS Server Role

In this task, you will use the Server Manger to install the NPS server role.
1. On the Alpha VM, open Server Manager.

2. Select Roles in the left section of the window.
3. If the Network Policy and Access Services is listed as installed in the Roles Summary, skip
ahead to the Configure the DHCP Scope for NAP task.
4. If Network Policy and Access Services is not listed as installed, click the Add roles link. Click
Next on the Before You Begin page.
5. On the Select Server Roles page, select the Network Policy and Access Services role, and then
click Next.
6. Click Next again on the NPAS page.
7. Select the Network Policy Server check box and click Next.
8. Click the Install button, and then click Close when the installation is complete.
Task 2: Configure the DHCP Scope for NAP

In this task, you will configure the DHCP form of NAS.
1. Click Start, Administrative Tools, and DHCP.
2. Navigate to alpha.hq.local, IPv4, Scope Classroom.
3. Right-click Scope Classroom, and then click Properties.
4. Click the Network Access Protection tab, select the Enable for this scope option, and then
click OK.
L10-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 3: Configure the Default NAP Class

These options are used when a noncompliant client computer attempts to access the network and
obtain an IP address. In this task, you will set these options.
1. Right-click Scope Options and click the Configure, Options option.
2. Click the Advanced tab.
3. In the User Class drop-down list, select Default Network Access Protection Class.
4. Select the 006 DNS Servers check box, type 10.100.100.201 in the IP address text box, and then
click the Add button.
5. Click Yes if you are asked to confirm.
6. Select the 015 DNS Domain Name check box, type restricted.local in the String value text box,
and then click OK.
Task 4: Configure NPS

In this task, you will configure NPS.
1. Click Start, type policy in the Search box, and then select Network Policy Server from the
search results.
2. Select NPS (Local).
3. Click the Configure NAP link in the right section of the window.
4. Select Dynamic Host Configuration Protocol (DHCP) from the Connection Method drop-
down list, and then click Next.(If you cannot see the Next button, drag the taskbar to the right-
hand side of your screen to expose the bottom part of the dialog box.)
5. Click Next on the RADIUS clients page.
6. Click Next on the Specify DHCP Scopes page.
7. Click Next on the Configure Machine Groups page.
8. Click Next on the Remediation Server Group page.
9. Clear the Enable auto-remediation of client computers check box on the Define NAP Health
Policy page, and then click Next.
10. Click Finish on the Completing NAP Enforcement Policy and RADIUS Client
Configuration page.
11. Leave the NPS console open for the following procedure.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Task 5: Configure SHVs

In this task, you will configure the system health validators.
1. In the Network Policy Server console, navigate to Network Access Protection, System Health
Validators, Windows Security Health Validator, and Settings.
2. Double-click the Default Configuration option.
3. Clear all check boxes except A firewall is enabled for all network connections, and then
click OK.
4. Leave the Network Policy Server console open.
Task 6: Configure NAP Client Settings in Group Policy

In this task, you will use Group Policy to configure the client settings for NAP.
1. On the Alpha VM, open the Group Policy Management Console.
2. Right-click hq.local and select the New Organizational Unit option.
3. Name the OU NAP Clients and click OK.
4. Right-click the NAP Clients OU and select the Create a GPO in this domain, and Link it
here option.
5. Name the GPO NAP Client Policy and click OK.
6. Right-click the new policy, and then select the Edit option.
7. Navigate to Computer Configuration, Policies, Windows Settings, Security Settings,
System Services.
8. Double-click Network Access Protection Agent.
9. Select the Define this policy setting check box, select the Automatic option, and then click OK.
10. Under Security Settings, navigate to Network Access Protection, NAP Client Configuration,
and Enforcement Clients.
11. Right-click DHCP Quarantine Enforcement Client, and then select the Enable option.
12. Navigate to Computer Configuration, Policies, Administrative Templates, Windows
Components, and Security Center.
13. Double-click Turn on Security Center, select the Enabled option, and then click OK.
Task 7: Move the Kilo VM into the NAP Clients OU

In this task, you will move the Kilo VM to the NAP Clients organizational unit.
1. On the Alpha VM, click Start, Administrative Tools, and Active Directory Users and
Computers tool.
2. Select Computers. (If you do not see the Kilo VM listed, check the hq.local, Accounts,
Management OU.)
3. Right-click Kilo and select the Move option.
4. Select NAP Clients, and then click OK.
L10-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 8: Test NAP from a Client Machine

In this task, you will test the NAP process from a Windows 7 client.
1. Log on to the Kilo VM as Administrator@hq.local with password of TrustM3.
2. Open a command prompt.
3. Type the following commands, and then press ENTER after each:
gpupdate
sc query napagent (Look at the State of the napagent service. It should be Running.)
Note
If the Group Policy settings do not appear to take effect right away,
wait a few minutes and run gpupdate again.

ipconfig /release

ipconfig /renew

ipconfig /all
7. Examine your IP characteristics. (Look at the ipconfig information at the top of the screen, and the
DNS domain name.)
8. Are you restricted, or do you have full access?
9. Why?


ipconfig /all
12. Examine your IP characteristics.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
14. Why?
Task 9: Clean Up
In this task, you will undo the changes made to the VM during this bonus exercise.
1. Switch to the Alpha VM and use the Active Directory Users and Computers tool to move the Kilo
VM back to the Computers container. (Or move it back to hq.local, Accounts, Management if
that is where it was originally located.)
2. Switch to or open the DHCP console.
3. Expand IPv4, right-click the Scope Classroom option, and then select Properties.
4. Click the Network Access Protection tab, select the Disable for This Scope option, and then
click OK.
5. Open the Server Manager, and then select Roles.
6. Click the Remove Roles link, and then click Next.
7. Clear the Network Policy and Access Services role check box, and then click Next.
8. Click the Remove button, and then click Close.
9. Click Yes to restart. (Wait for the Alpha VM to present a logon screen before continuing.)
10. Switch to the Kilo VM, and then run gpupdate from the command prompt.
12. Click Start button, type mmc in Search box, and then press ENTER.
13. Select Network Access Protection Agent from search results and click the Stop this service link.
(Unless it has already been stopped.)
L10-20
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Configuring UAC

Task 2: Configure Standard UAC Settings
5. What is the default setting for the tool?
Notify me only when programs try to make changes to my computer.
6. When will the user be prompted based on the default configuration?
Sometimes
7. Slide the slider to the location that would provide the user with the least amount of UAC prompts.
Does Microsoft recommend this configuration?
No.
8. What will the user see in terms of UAC prompts with the selected setting?
No UAC prompts will be given.
9. What is the most informative choice for this tool?
Always Notify
10. Does Microsoft recommend this setting? Why?
If you routinely install new software or access unfamiliar Web sites.
11. When will the user see the UAC prompts?
Any time the user or computer attempts to make changes to Windows.
Task 3: Test the Standard UAC Settings

No.
4. Navigate around the Computer Management console. Does it appear fully functional?
Yes.
No.
Access is denied. (The command prompt does not run elevated automatically.)
18. What are the results this time?
It runs successfully.
22. Type Scooty with a password of TrustM3. What are the results?
You cannot open it.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas

Access is denied.
32. Are you prompted to simply confirm running the tool this time?
No. You receive a user name and password prompt because Scooty is NOT an administrator.
Task 4: Configure UAC Settings with Group Policy

15. What are the options for the elevation prompt?
Automatically deny elevation requests, Prompt for credentials on the secure desktop and
Prompt for credentials.
16. Is it possible to completely stop standard users from configuring advanced settings on their
computers?
Answers will vary.
19. What are the options for the prompt behavior with this policy?
Elevate without prompting, Prompt for credentials on the secure desktop, Prompt for
consent on the secure desktop, Prompt for credentials, and Prompt for consent and Prompt
for consent for non-Windows binaries.
20. Can administrators in Admin Approval Mode be treated like standard users?
Yes, by configuring the Prompt for credentials on the secure desktop option.
24. What are the options for this setting?
Enabled or Disabled
25. What would be the impact of enabling this option?
The built-in Administrator account is treated the same as any additional Administrator
accounts that are created.
26. Which UAC setting can you configure to block standard users from installing applications?
User Account Control: Detect application installations and prompt for elevation.
27. Which UAC setting can you configure to only allow applications that have a signing certificate?
User Account Control: Only elevate executables that are signed and valid.
Task 5: Test UAC Settings Configured with Group Policy

10. What is the current setting for UAC? (If not changed, wait a few minutes and try to run the
gpupdate /force again.)
The top option, Always Notify, should be selected.
15. Are you prompted for consent to run the tool?
Yes.
28. What is the current UAC setting?
It should now be back to the default setting.
L10-22
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 2: Managing the Windows Firewall with Advanced

Security
Task 1: Configure Firewall Settings with the Windows Firewall
Console
24. Why is the ping successful?
Yes.
28. Is it still working?
Answers will vary.
Exercise 3: Using BitLocker To Go

Task 2: Encrypt the Removable Disk
8. Can you see the Scripts folder?
Yes.
9. Do the files and directories appear any different?
No.
10. Can you open the ReadMe file in the Scripts folder?
Yes.
Task 3: Simulate Removal and Reinsertion of the Disk

8. What happens when you click the U drive?
You are not allowed to access the disk.
13. Can you open the Readme file and view its content?
Yes.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Exercise 4: *Bonus* Installing and Configuring Network Access

Protection
Task 8: Test NAP from a Client Machine
You should be restricted.
9. Why?
Because the firewall is off and the NAP policy requires the firewall to be on.
Full access
14. Why?
Because the firewall is on as required by the NAP policy.
L10-24
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L11
Lab 11: Windows 7 Backup and
Recovery
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Use the System Restore feature

Configure and use the Previous Versions feature
Use the Windows 7 Backup tool
Lab Overview
In this lab, you will use the backup and recovery features of the Windows 7 operating system. You
will examine the System Restore feature and use the Previous Versions capability to restore
individual files. You will also use the Windows 7 Backup tool to backup specific files.

Kilo (Windows 7)

45 minutes
L11-2
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites

final time.)
need to rename the VM to Kilo inside the guest operating system and join the VM to the hq.local
domain.)

E:\LabFiles.
1. In the Virtual Machine Connection window for each VM, click Media, DVD Drive, Insert Disk.
(This is a menu option at the top of the Virtual Machine Connection window.)

Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Using System Restore

Every download, update, or installation makes changes to your computer. Some that changes can
make your system unstable. System Restore removes any system changes you made since the last
time you created a system restore point. In this exercise, you will use the System Restore feature.
Task 1: Create a System Restore Point

In this task, you will create a system restore point.
3. Click the System protection link.
4. Select Local Disk (C:) and click the Configure button.

5. Is System Protection on for the C drive?
6. What is the Max Usage value?

8. Click the Create button to create a new restore point now.
9. Type Original Configuration, and then click the Create button.

10. Click Close once the restore point is generated.
11. Click OK to exit the System Properties dialog box.
Task 2: Install a Software Package

In this task, you will install a new software package on the VM.
1. Open Windows Explorer and navigate to the E:\LabFiles\Install folder.
2. Double-click Stopwatch.
3. Click Next.
4. Click Next again, and then click the Install button.

6. Check the desktop for a Stopwatch icon.
L11-4
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 3: Restore the System

In this task, you will. undo any system changes made to the system using the system restore point
you created earlier.
1. Click the Start button and type Restore in the Search box.
2. Click the System Restore option in the search results.
3. Select Choose a Different Restore Point, and then click Next.
4. Select the original restore (Original Configuration) point, and then click Next.
5. Click the Finish button, and then click Yes to confirm.
6. The system will automatically restart to begin the System Restore.
7. Log back on to the Kilo VM as Administrator with a password of TrustM3.
8. Click Close on the system restore message that appears.
9. Do you see the Stopwatch icon on the Desktop now?
Exercise 2: Configuring and Using Previous Versions

In this exercise, you will restore previous versions of a file based on the version points that
you create.
Task 1: Configure Previous Versions

In this task, you will configure and use Previous Versions, and then you will restore
previous versions.
2. Right-click the desktop and select the New, Folder options.
3. Type PreviousVersion for the name, and then press ENTER.
4. Create a new text document called DATA within the newly created folder.
5. Open the PreviousVersion folder, right-click in the empty folder, and then select the New, Text
document option.
6. Type Data for the name, and then press ENTER.
7. Open the Data text document and type This data was created on Monday within the text
document. Save and close the document.
8. Close the PreviousVersion folder.
10. Click the System protection link.
11. Ensure that protection is set to On for the Local Disk (C:) (System) drive.
12. Click the Create button on the bottom of the System Properties dialog box.
13. Name the first system restore point Monday Midnight.
Administering
Globalthis content.
TrainingContent
TechSherpas
14. Click the Create button to create a manual system restore point.
15. Click Close and leave the System Properties dialog box open.
16. Double-click the PreviousVersion folder.
17. Double-click the Data text document.

18. Type This Data was created on Tuesday on the next line in the document.
19. Click File, and then click Save.
20. Close the file and folder.
21. Click the Create button in the System Properties dialog box.
22. Name the second system restore point Tuesday Midnight.

24. Click Close and leave the System Properties dialog box open.
25. Double-click the PreviousVersion folder.
26. Double-click the Data text document.

27. Type This Data was created on Wednesday on the next line in the document.
28. Click File and Save.
29. Close the file and folder.

30. Click Create in the System Properties dialog box.
31. Name the third system restore point Wednesday Midnight.
33. Click Close.
34. Click OK to close the System Properties dialog box.
35. Close all windows and navigate to the Windows 7 desktop.
Task 2: Examine and Restore Previous Versions

In this task, you will view the previous versions of files and restore them.
1. Right-click the PreviousVersion folder.
2. Click the Restore previous version option.
3. How many previous versions of the folder do you have?
4. Close the Previous Versions Properties dialog box and navigate back to the desktop.
L11-6
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
5. Open the PreviousVersion folder.

6. Delete the Data document you created.
7. Empty the Recycle Bin.
8. Do you think the information is deleted permanently?
9. Right-click the PreviousVersion folder and select the Restore previous version option.
10. Select the most recent version of the Data folder that is available on the list.
(Hint: It is the first one on the list.)
11. Click the Restore button.
12. Click the Restore button in the Are you sure message.
13. Click OK to close the success message.
14. Did it work?
15. When was the last data entry created within the Data document?
16. Close the Data document.

17. Delete the Data document again.
18. Empty the Recycle Bin again.
19. Right-click the PreviousVersion folder to restore the oldest version.
20. Select the Restore previous version option.
21. Select the oldest in the series.
Administering
Globalthis content.
TrainingContent
TechSherpas

23. Click the Restore button in the Are you sure dialog box.
24. Click OK to close the success dialog box.
25. Did it work?
26. Open the PreviousVersion folder and the Data document.

28. You can restore to a different location just in case you are afraid of overwriting good data
with bad.
29. In the PreviousVersion Properties dialog box, select the newest version in the list of
folder versions.
30. Click the Copy button.
31. Select Computer, Local Disk (C:) in the Copy Items dialog box.
32. Click the Copy button.
33. Click OK to close the PreviousVersion Properties dialog box.
34. Did it work?
L11-8
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
35. What do you see when you navigate to the Local Disk (C:) drive?
Helpful Hint
Remember that previous versions are not a substitute for regular
backups, and the Previous Versions client is already installed within
Windows 7 and Windows Vista.
Exercise 3: Using the Windows Backup Feature

In this exercise, you will use the Windows Backup feature to back up files.
Task 1: Create a Share for the Backup Destination

In this task, you will create a shared location to store backed up files.

2. Open Windows Explorer and navigate to the C root.
3. Right-click C and select the New, Folder options.
4. Name the folder Backup, and then press ENTER.

5. Right-click the Backup folder, and then select Properties.
6. Click the Sharing tab.
7. Click the Advanced Sharing button.
8. Select the Share this folder check box.
9. Click the Permissions button.
10. Click the Everyone group listing.
11. Select the Allow check box next to the Full Control designation.
12. Click OK, click OK again, and then click Close.
Administering
Globalthis content.
TrainingContent
TechSherpas
Task 2: Configure the Backup

In this task, you will back up data with the Windows 7 Backup Utility. The Kilo VM and the
Alpha VM are required for this task.
2. Open Windows Explorer and navigate to E:\LabFiles.
3. Right-click the Scripts folder and select the Copy option.
4. Navigate to the C root folder.

5. Right-click the C root in the left section of the window and select the Paste option.
6. Close Windows Explorer.
7. Click Start, Control Panel, System and Security, and Backup and Restore.
8. Click the Set up Backup link.
9. Click the Save on a network button.
10. Type \\alpha\backup in the Network Location text box.
11. Enter the following user name and password for the network account, and then click OK.
Username: Administrator
Password: TrustM3
12. Select \\alpha\backup, and then click Next.
13. Select the Let Me Choose option, and then click Next.
14. Clear the check boxes under Data Files.
15. Under Computer, expand C and select the Scripts check box.
16. Clear the Include a system image of drives: System Reserved, (C:) check box. This is an
important step.
17. Click Next.
18. Click the Change Schedule link.
19. Clear the Run Backup on a Schedule check box, and then click OK.
20. Click the Save settings and run backup button. The Backup in progress dialog box displays
within the Backup and Restore center. Detailed information about the backup performance and the
backup be displays.
21. Click the View Details button next to the Backup progress indicator while the backup is running.
22. When the backup is complete, you have successfully completed this part of the lab.
L11-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 3: Restore Files and Folders

In this task, you will restore files and folders to the appropriate location on the
Windows 7 workstation.
1. Switch to the Alpha VM and open Windows Explorer.
2. Navigate to the C:\Backup folder.
3. Which folders represent the backup that was created?
4. Switch back to the Kilo VM.

5. Navigate to the Backup and Restore utility.
6. Click the Restore my Files button.
7. Click the Browse for folders button in the Restore Files dialog box.
8. Navigate to the Alpha VM backup if you are not automatically directed to that location.
9. Browse to Backup of C, Scripts.
10. Select the PowerShell folder, and then click the Add folder button.
11. Click Next.

12. Select the In the following location option on the Where do you want to restore your files
dialog box.
13. Maintain the file structure by selecting the Restore the files to their original subfolders
check box.
15. Navigate to Local C, Users, Administrator.HQ, Desktop in the Browse for Folder dialog box,
and then click OK.
17. Click the View restored files link on the Your files have been restored dialog box to view which
files have been restored.
18. Open the C folder on the Kilo VM desktop, and then open the LabFiles folder. What do you see
within the LabFiles folder?
19. Close Windows Explorer and the Backup tool.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
L11-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Using System Restore

Task 1: Create a System Restore Point
5. Is System Protection on for the C drive?
Yes.
6. What is the Max Usage value?
Answers will vary.
Task 3: Restore the System

9. Do you see the Stopwatch icon on the Desktop now?
No.
Exercise 2: Configuring and Using Previous Versions

Task 2: Examine and Restore Previous Versions
3. How many previous versions of the folder do you have?
Answers will vary.
8. Do you think the information is deleted permanently?
Answers will vary.
14. Did it work?
Yes.
Answers will vary.
25. Did it work?
Yes.
Answers will vary.
34. Did it work?
Yes.
35. What do you see when you navigate to the Local Disk (C:) drive?
Answers will vary.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
Exercise 3: Using the Windows Backup Feature

Task 3: Restore Files and Folders
3. Which folders represent the backup that was created?
The folder with the name of the computer
18. Open the C folder on the Kilo VM desktop, and then open the LabFiles folder. What do you see
within the LabFiles folder?
The PowerShell folder
L11-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L12
Lab 12: Troubleshooting and
Monitoring Windows 7
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Use the Performance Monitor console

Explore Task Manager
Use the Event Viewer
Lab Overview
In this lab, you will monitor and troubleshoot the Windows 7 operating system. You will use the
Performance Monitor to analyze the performance characteristics of Windows 7. You will use the
Task Manager to view and stop running tasks. You will also use the Event Viewer to examine the
system for errors or other important messages.

Kilo (Windows 7)

1 hour
L12-2
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites
Task 1: Start VMs

1. From the desktop, open the LabVMs folder or shortcut. (if the shortcut is unavailable, click Start,
final time.)
hq.local domain.)

E:\LabFiles.

Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Performance Monitoring

In this exercise, you will use the performance monitoring tools to analyze server health and
performance statistics.
Task 1: Use the Reliability and Performance Tools

In this task, you will view real-time performance information using the Resource Monitor and the
Performance Monitor.
2. Click Start, type Perf in the Search box, and then press ENTER.
3. Click the Open Resource Monitor link and examine the real-time view of performance.
4. Expand the CPU section, and then click the CPU column header to sort by CPU time. Which
process is the busiest (other than System)?
5. Expand the Disk section, and then click the Read (Bytes/sec) column header. Which process is
reading the most from the disk?
6. Expand the Network section, and then click the Total (Bytes/sec) column header. Which process
is communicating with the network the most?
7. Expand the Memory section, and then click the Working Set column. Which process is
consuming the greatest amount of RAM?
8. Browse through the tabs at the top of the screen.

Do you think you will need to create a custom Performance Monitor session for the local machine
very often?
9. Close the Resource Monitor.
L12-4
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
10. Expand the Monitoring Tools container in the left section of the window.
11. Select the Performance Monitor tool. Are there any counters currently being graphed?
12. Click the plus (+) icon on the icon bar at the top of the screen.
13. From the list of available counters, add the following to the list:
Processor > % Processor Time
Logical Disk > % Disk Time
Logical Disk > % Free Space
Logical Disk > Disk Read Bytes/sec
Logical Disk > Disk Write Bytes/sec
Memory > Available Mbytes
Memory > Pages/sec
14. Click OK when you finish adding these items. (You should now see a running graph of
current performance.)
15. Expand the Data Collector Sets container in the left section of the window.
16. Expand the System container. Which predefined data collector sets are available in this list?
17. Highlight the System Performance set.

18. Double-click the Performance Counter entry. (Browse through the list of performance counters
being tracked. Notice that each object has an asterisk (*) next to it, indicating that all counters in
the object will be tracked.)
19. Click the Cancel button when you are finished.
Task 2: Create Custom Logs and Alerts

In this task, you will create a custom log of system counters whenever CPU usage rises above
80 percent.
1. Highlight the User Defined container in the left section of the window.
2. Right-click the User Defined container, and then select New, Data Collector Set.
3. Type Classroom Log for the name, select the Create Manually option, and then click Next.
Administering
Globalthis content.
TrainingContent
TechSherpas
4. Select the Performance Counter and System configuration information check boxes, and then
click Next.
5. In the Sample interval text box, type 1. (Longer sample intervals are better for long-term
monitoring.)
6. Click the Add button, and then add the following counters to the list:
Processor > % Processor Time
Logical Disk > % Disk Time
Logical Disk > % Free Space
Logical Disk > Disk Read Bytes/sec
Logical Disk > Disk Write Bytes/sec
Memory > Available Mbytes
Memory > Pages/sec
7. Click OK to add the counters to the list, and then click Next.
9. Click the Add button in the Registry keys window.
10. Type HKLM\System\CurrentControlSet\Services, and then click Next.
11. Click Next to accept the default log file name, and then click Finish.
12. Highlight the User Defined container in the left section of the window.
13. Right-click the User Defined container, and then select New, Data Collector Set.
14. Type Classroom Alert for the name, click the Create Manually option, and then click Next.
15. Select the Performance Counter Alert option, and then click Next.
16. Click Add, add the Processor > % Processor Time counter, and then click OK to add the
counter to the list.
17. In the Limit text box, type 80 for the percentage that the counter must be above to generate
the alert.
18. Click Next, and then click Finish.
19. Highlight the Classroom Alert in the left section of the window.
20. Double-click the DataCollector01 entry.
21. Click the Alert Action tab, and then select the Log an entry in the application log option.
22. Select the Classroom Log from the drop-down list, and then click OK.
23. Right-click the Classroom Alert, and then select the Start option.
Note
You now have a watchdog process that starts a log of system counters
whenever CPU usage rises above 80 percent.
L12-6
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 3: Use Reports

In this task, you will use reports to view system performance information.
1. Right-click the Classroom Log option, and then click the Start option.
2. Launch applications and generate activity on your system for the next 2 minutes. (Time yourself.)
3. When you finish, right-click the Classroom Log again, and then click the Stop option.
4. Open the System container in the left section of the window.
5. Right-click the System Diagnostics data collector, and then click the Start option.
6. Launch applications and generate activity. Within 60 seconds, the data collector
automatically stops.
7. After about a 1 minute, right-click the System Performance data collector and click the
Start option.
8. Once again, launch applications and generate activity. Within 60 seconds the data collector
automatically stops.
9. When you finish, expand the Reports container in the left section of the window.
10. Expand User Defined, Classroom Log.
11. Double-click the report in the right section of the window to view it. (A chart with the activity
generated during the 2-minute interval appears.)
12. In the left section of the window, expand System and view the reports in System Diagnostics.
(Notice that this report is text-based, but very detailed.)
13. Now view the System Performance report. (In this report, you can switch from text to chart view
with the icon bar at the top of the Performance Monitor tool.)
14. Once you finish viewing the data, go back and start the Classroom Log again and leave it
running. (Before starting the log, you may want to change the sample interval to 15 seconds. The
1 second interval you used earlier is fine for short-term monitoring, but not good for lengthy
periods of time.)
Note
The text reports are customizable and allow great flexibility and power
in monitoring a system.
Administering
Globalthis content.
TrainingContent
TechSherpas
Exercise 2: Task Manager

The performance monitoring tools are much more powerful than the Task Manager, but the Task
Manager is quick and easy to use. It also has a few features that can help track down a rogue
application. In this exercise, you will use the Task Manager tools to analyze server health and
performance statistics.
Task 1: Use the Task Manager Graphical Tool

In this task, you will use the Task Manager graphical tools.
2. Close all open programs, and then right-click the taskbar.
3. Select the Start Task Manager option.
4. Click the Applications tab.
5. Are any applications currently listed?
6. Leave the Task Manager open.

7. Click Start, type each of the following in the Search box, and then press ENTER after each.
(Minimize each one after launching.)
notepad
note
not
wordpad
internet exp
windows exp
computer man
cmd
8. Now do you see any programs listed in the Task Manager?
9. Right-click one of the Notepad instances, and then select the End Task option.
10. Right-click the Computer Management instance, and then select the Go to process option.
11. Which process did it take you to?
12. Right-click the mmc.exe process, and then select the End Process option.
13. Click End Process to confirm.
14. Right-click the wordpad.exe instance, and then select the Open File Location option.
L12-8
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
15. Which directory did this open?
16. Right-click one of the svchost.exe instances, and then click the Go to Service option.
17. Which service(s) was highlighted?
18. Perform the previous two steps on several of the other svchost.exe instances. Log your results
here:
19. Click the Processes tab again.

20. Click the CPU column header twice. (This sorts the CPU usage highest to lowest.)
21. Switch to the command prompt.

22. Type the following, and then press ENTER. The cmd.exe process should now be consuming more
CPU than some of the other processes
dir c:\*.* /s

24. Watch the CPU and Memory usage graphs.
25. Did the memory usage fluctuate much at all?
26. In the command prompt, type notepad c:\recovery\, and then press the TAB key. (Do NOT press
ENTER yet. This automatically fills in the name of the only subfolder under Recovery.)
27. At the end of this line, type \winre.wim, and then press ENTER.
28. Watch the Performance tab in the Task Manager.
Administering
Globalthis content.
TrainingContent
TechSherpas
29. What is happening to memory?
30. What is happening to the CPU?
31. This command prompt file is several hundred megabytes in size and would take a very long time
to open. Give it a few minutes to generate some data, and then close Notepad.
32. What is the physical memory usage now?
33. Launch two Notepad instances, type a few characters in each one, and then leave them running for
the next section.
Task 2: Use Command-Line Task Management Tools

Windows 7 also comes with a set of command-line task management tools that can be more
powerful in some cases. In this task, you will use the command-line task management tools.
1. Switch to the Kilo VM, close all open programs, and then open the command prompt.
2. Type the following commands, and then press ENTER after each. (Minimize each one
after launching.)
notepad
notepad
notepad
regedit
3. Type the following, and then press ENTER. (more is a program that text information can be
piped to using the pipe symbol (|) after any command that normally sends text to the screen.)
tasklist | more
4. Use the ENTER key to step through one line at a time and the SPACEBAR to page through the
information one screen at a time.
tasklist /svc | more
6. What is different this time?
L12-10
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
7. Write the process IDs for the following:

notepad ___________________________
notepad ___________________________
notepad ___________________________
regedit32 __________________________

taskkill /?
9. Scroll through the help listing and notice that a process can be eliminated using either the PID
(process ID) or the IM (image name).
10. When would it be better to use the PID?
11. Type the following (where #### is the PID of one of the Notepad instances), and then press
ENTER.
taskkill /pid ####
12. How many of the Notepad windows disappeared?

taskkill /im notepad.exe
14. This time how many of them disappeared?
15. Switch to the Alpha VM, open Notepad twice, and then enter a few lines of text in each
Notepad document.
16. Switch back to the Kilo VM.
17. Type the following in the command prompt, and then press ENTER.
tasklist /s alpha | more
18. Do you see any instances of Notepad?

taskkill /s alpha /f /im notepad.exe
20. Switch to the Alpha VM.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
21. Are the Notepad documents still there?
22. What happened to the data that you typed in each document?
23. What do you think the /f switch is for?
24. You can close all windows that are open on the Alpha and Kilo VMs.
Exercise 3: Using the Event Viewer

In this exercise, you will use the Event Viewer console to manage events in Windows
Server 2008.
Task 1: Explore the Event Viewer

In this task, you will explore the basic layout of the Event Viewer.

2. Click Start, Administrative Tools, and Event Viewer.
3. Notice the Summary of Administrative Events section. Are there any errors? If so, how many?
4. Expand the Error section and double-click the event ID with the most errors. A filtered view
appears listing only those events.
5. Double-click one of the events to display the details.
6. Close the event when you are finished.
7. Expand the Windows Logs container in the left section of the window.
L12-12
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
8. List the event logs that are available.
9. Scan through the event logs to become familiar with the new layout.
Task 2: Create a Custom Filter

In this task, you will create a custom filter in the Event Viewer.
1. In the Event Viewer, select Custom Views.
2. Right-click Custom Views, and then select the Create Custom View option.
3. Select the Critical and Error check boxes next to Event Level.
4. In the Event Logs drop-down list, select the check boxes for all of the event log types.
5. Click OK, and then click Yes when the warning about a large amount of events being
generated appears.
6. Name the filter All Critical Errors, and then click OK.
7. How many events were returned?
8. Are they all from the same event source?
Task 3: Forward Events

In this task, you will create a subscription that collects future events from the Alpha VM into the
Forwarded Events container on the Kilo VM.
1. In the Event Viewer, select Subscriptions.

2. Click Yes to configure and start the Event Collector Service when prompted.
3. Right-click the Subscriptions container and select the Create Subscription option.
4. Type Events from Alpha in the Subscription name text box.
5. Click the Select Computers button.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
6. Click Add Domain Computers, type Alpha in the list of computers, and then click OK.
7. Does it appear that you could add more than one computer to collect from?
8. Click OK again to add the computer.

9. Click the Select Events button, choose the Critical, Error, and Warning event levels, and then
choose all of the event logs on the drop-down list.
10. Click OK, and then click Yes to confirm the warning.
11. Click the Advanced button.
12. Choose the Specific User option and click the User and Password button.
13. Make sure the user is HQ\Administrator, type TrustM3 for the password, and then click OK.
14. Click OK to save the advanced settings.
15. Click OK to save the subscription.
16. On the Kilo VM, click Start, Administrative Tools, and Services.
17. Right-click Services (Local) in the left section of the window, and then select Connect to
another computer.
18. Type Alpha for the computer name, and then click OK.
19. Scroll down to Windows Event Collector in the list of services and double-click it.
20. Change the Startup Type to Automatic, click the Start button, and then click OK.
21. Close the Services console, and then switch back to Event Viewer.
22. Click Forwarded Events. What do you see?
Note
This subscription now collects future events from the Alpha VM into
the Forwarded Events container. You may look at this container later
in class to see if any events have been propagated.
L12-14
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Answer Key

Exercise 1: Performance Monitoring

Task 1: Use the Reliability and Performance Tools
4. Expand the CPU section, and then click the CPU column header to sort by CPU time. Which
process is the busiest (other than System)?
Answers will vary.
5. Expand the Disk section, and then click the Read (Bytes/sec) column header. Which process is
reading the most from the disk?
Answers will vary.
6. Expand the Network section and then click the Total (Bytes/sec) column header. Which process
is communicating with the network the most?
Answers will vary.
7. Expand the Memory section, and then click the Working Set column. Which process is
consuming the greatest amount of RAM?
Answers will vary.
8. Browse through the tabs at the top of the screen.
Do you think you will need to create a custom Performance Monitor session for the local machine
very often?
Now that the Resource Monitor exists, manual performance monitor sessions should not
have to be created as often.
11. Select the Performance Monitor tool. Are there any counters currently being graphed?
% Processor time.
16. Expand the System container. Which predefined data collector sets are available in this list?
Answers will vary.
Exercise 2: Task Manager

Task 1: Use the Task Manager Graphical Tool
5. Are any applications currently listed?
Answers will vary.
8. Now do you see any programs listed in the Task Manager?
Answers will vary.
11. Which process did it take you to?
mmc.exe
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
15. Which directory did this open?

C:\Program Files\Windows NT\Accessories
17. Which service(s) was highlighted?
Answers will vary.
18. Perform the previous two steps on several of the other svchost.exe instances. Log your
results here.
Answers will vary.
25. Did the memory usage fluctuate much at all?
Answers will vary.
29. What is happening to memory?
Available memory should be shrinking.
30. What is happening to the CPU?
Answers will vary.
32. What is the physical memory usage now?
Answers will vary.
Task 2: Use Command-Line Task Management Tools

6. What is different this time?
Services should now be expanded within the svchost.exe processes.
10. When would it be better to use the PID?
When there is more than one application with the same name and you only want to kill one
of them.
12. How many of the Notepad windows disappeared?
Only one.
14. This time how many of them disappeared?
All of them
18. Do you see any instances of Notepad?
Yes.
21. Are the Notepad documents still there?
No.
22. What happened to the data that you typed in each document?
It is gone.
23. What do you think the /f switch is for?
"/f" stands for Force.
L12-16
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Exercise 3: Using the Event Viewer

Task 1: Explore the Event Viewer
3. Notice the Summary of Administrative Events section. Are there any errors? If so, how many?
Answers will vary.
8. List the event logs that are available.
Application, Security, Setup, System, and Forwarded Events
Task 2: Create a Custom Filter

7. How many events were returned?
Answers will vary.
8. Are they all from the same event source?
Answers will vary.
Task 3: Forward Events

7. Does it appear that you could add more than one computer to collect from?
Yes.
22. Click Forwarded Events. What do you see?
Answers will vary.
Administering
illegal to reprint,
Globalthis content.
TrainingContent
TechSherpas
L12-18
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
L13
Lab 13: Running and Troubleshooting
Applications on Windows 7
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Objectives
Install and configure the Application Compatibility Toolkit

Configure the compatibility options for use in Windows 7
Lab Overview
In this lab, you will troubleshoot application issues for the Windows 7 operating system. You will
use the Application Compatibility Toolkit to view existing application patches and see how you
could possibly develop your own custom patches. You will use the built-in compatibility options
within Windows 7 to run legacy applications.

Kilo (Windows 7)

1 hour
L13-2
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Lab Procedures
Prerequisites

final time.)
will need to rename the VM to Kilo inside the guest operating system and join the VM to the
hq.local domain.)

E:\LabFiles.
2. Browse to the C:\LabFiles\ISO folder, select the 6183-LabFiles.iso file and then click Open.

Y
Administering
Globalthis content.
TrainingContent
TechSherpas


Exercise 1: Using the Application Compatibility Toolkit

In this exercise, you will install the Application Compatibility Toolkit to examine existing
compatibility patches and view the options for developing your own patches.
Task 1: Install the Application Compatibility Toolkit

In this task, you will install the ACT on the Kilo VM.
2. Open Windows Explorer and navigate to E:\LabFiles\Install\Win 7.
3. Double-click the Application Compatibility Toolkit executable.

4. Click Next on the Welcome screen, click Accept to accept the license terms, and then click Next.
5. Accept the default installation folder, and then click Next.
6. Click Install. The installation takes approximately one minute.
7. Clear the Start a quick tour check box when the installation is complete.
9. Navigate to the E:\Labfiles\Install\Win7 folder.

10. Double-click the ApplicationVerifier.amd64 installer.
11. Click the Run button if you see an Open File Security Warning dialog box.
12. Click Next in the Setup window.

13. Accept the license terms and click Next.
14. Click the Install button.
15. Click Yes if the UAC prompt appears.

L13-4
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
Task 2: Run the SUA against an Application

In this task, you will use the SUA Wizard to test the compatibility of an application.
Note
The SUA Wizard needs to be run as a standard user. However, the
Standard User Analyzer full version is run as an Administrator.
1. Click Start, All Programs, Microsoft Application Compatibility Toolkit, and Developer and
Tester Tools.
2. Click the Standard User Analyzer application to execute the program.

4. Navigate to the E:\Labfiles\install\Win7 location.
5. Double-click the SASP package.
6. Leave the Parameters check box clear.
7. Click the Launch button.
8. Click OK on the Standard User Analyzer information window regarding AppCompat shims.
9. Click Yes to delete all log files.

10. Click Yes if the UAC dialog box opens.
11. Click Yes if the UAC dialog box appears again. The SUPERAntiSpyware application installer
should execute.
Note
The SUA is monitoring, in the background, how the application goes
through its installation process.
12. Click Next.
13. Select the I Accept option on the license agreement, and then click Next.
14. Accept the defaults on the User Information window, and then click Next.
15. Accept the defaults on the Destination Folder window, and then click Next.
16. Click Next in the Ready to install the Application window. The SUA monitored
installation commences.
17. Click the Finish button in the SUPERAntiSpyware Professional has been successfully installed
window. The SUA tool calculates.
Administering
Globalthis content.
TrainingContent
TechSherpas
18. What is the last line in the SUA output?
19. Click OK in the Default Language window.

20. Click No in the Would you like SUPERAntiSpyware to check for updates window.
21. Click the Cancel button in the Welcome to SUPERAntiSpyware dialog box.
22. Click the Do Not Protect button on the Protect Home Page from Being Changed window.
23. Click Close in the Definitions Update Reminder window.
24. Select Close in the SUPERAntiSpyware main menu. Only the SUA window should open.
25. Again, what is the final line of the SUA output?
26. Based on the tabs you see at the top of the SUA window, how many issues were found with the
SUPERAntiSpyware product for the following tabs:
File = ___________________________________________________________
Registry = ______________________________________________________
Other Objects = ________________________________________________
(Hint: Look at the numbers in the tabs.)
27. What is the complete error on the File tab?
L13-6
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
28. Does this error suggest that sasp.exe works with File and Registry virtualization?
29. What are the three complete errors on the Registry tab?
a.
b.
c.
30. What do these three errors indicate about their corresponding registry keys and Windows 7?
31. On the Other Objects tab, are these OpenFileMappingW sections allowed by Windows 7?
(Hint: Color?)
Exercise 2: Configuring Application Compatibility Settings

In this exercise, you will use the application compatibility settings built-in to Windows 7 to enable
legacy applications to run.
Task 1: Install Zone Alarm without the Compatibility Settings

In this task, you will install the Zone Alarm application without the compatibility settings.
2. Navigate to the E:\Labfiles\install\Win7 location.
3. Double-click the zalarm20 application to install.
4. Click Yes in the UAC (User Account Control) dialog box. The Zone Alarm installation starts.
5. Click Next in the Welcome window.
6. Click Next in the Important Information window, and then click Next again.
7. Type the following e-mail address in the User Information window.
Test@test.com
Administering
Globalthis content.
TrainingContent
TechSherpas
8. Click Next in the Registration Information window.

9. Click Yes to accept the License Agreement.
10. Click Yes in the Select Destination Directory window.
11. Click Next in the Ready to Install window.

12. Type 1 for number of Computers and 1 for number of Users.
13. Click the Finish button in the Installation Completed window.
14. Was the installation successful?
16. Click Start, All Programs, and Zone Labs.

17. Click the Zone Alarm link to start the program.
18. What message do you receive when running Zone Alarm?
19. Click the Cancel button on the Compatibility Issues window.
Task 2: Run the Compatibility Tools Built into Windows 7

In this task, you will change the settings of the built-in compatibility tools for Windows 7.
1. In the Kilo VM, click Start, All Programs, and Zone Labs.
2. Right-click the Zone Alarm executable.
3. Select the Properties option.
4. Click the Compatibility tab.

5. Select the Run this program in compatibility mode for check box under the Compatibility
mode, and then select Windows XP (Service Pack 2) from the drop-down list.
6. Select the Run this program as an Administrator check box under Privilege Level, and then
click OK.
7. Click the Start, All Programs, Zone Labs, and Zone Alarm to try to execute the Zone Alarm
application again.
8. Click Yes in the UAC dialog box.
9. Click the Run Program button in the This Program Has Known Compatibility Issues dialog box.
The Zone Alarm Tips window appears, and the red and green Zone Alarm application runs in the
System Tray.
10. Click OK to close the Zone Alarm Tips window, and then close Control Panel.
L13-8
Content
Global inKnowledge
Training gives
LLCno express
TechSherpas
11. Click the up arrow in the System Tray if the red and green Zone Alarm icon disappears from the
System Tray. The icon appears.
12. Double-click the red and green Zone Alarm icon. The Zone Alarm application should
open successfully.
Task 3: Uninstall Zone Alarm

In this task, you will uninstall the Zone Alarm application from the Kilo VM.
1. Click Start, Control Panel.
2. Click the Uninstall a Program link.
3. Scroll to the bottom of the Installed Applications list, and then double-click the Zone
Alarm application.
4. Keep Automatic selected, and then click Next in the Uninstall Method dialog box.
5. Click the Finish button in the Perform Uninstall window.
6. Click the Run Program button when the This Program Has Known Compatibility Issues dialog
box appears. You need to run the program to uninstall it.
7. Click Yes in the Remove Shared Component window until all components have been removed.
Zone Alarm should have removed successfully.
Administering
Globalthis content.
TrainingContent
TechSherpas
Lab Answer Key

Exercise 1: Using the Application Compatibility Toolkit

Task 2: Run the SUA against an Application
18. What is the last line in the SUA output?
Answers will vary.
25. Again, what is the final line of the SUA output?
Answers will vary.
26. Based on the tabs you see at the top of the SUA window, how many issues were found with the
SUPERAntiSpyware product for the following tabs: File, Registry, Other Objects.
Answers will vary.
27. What is the complete error on the File tab?
Answers will vary.
28. Does this error suggest that sasp.exe works with File and Registry virtualization?
Answers will vary.
29. What are the three complete errors on the Registry tab?
Answers will vary.
30. What do these three errors indicate about their corresponding registry keys and Windows 7?
Answers will vary.
31. On the Other Objects tab, are these OpenFileMappingW sections allowed by Windows 7?
Answers will vary.
Exercise 2: Configuring Application Compatibility Settings

Task 1: Install Zone Alarm without the Compatibility Settings
14. Was the installation successful?
Yes.
18. What message do you receive when running Zone Alarm?
A program compatibility assistant message.
L13-10
Content
Global inKnowledge
Training gives
LLCno express

All Modules PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

All Modules PDF

Uploaded by

Copyright:

Available Formats

4

Customizing the Windows 7 User

Administering and Maintaining W Windows

Global Knowledge Training

Customizing the Windows 7 User Interface

After completing this section, you will be able to:

Customizing the Windows 7 User Interface

The New Windows Display Driver Model

Figure 93: The New Windows Display Driver Model

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

WDDM 1.1 Advantages

Figure 94: WDDM 1.1 Advantages

Customizing the Windows 7 User Interface

WDDM 1.0 Video Memory Allocation

Figure 95: WDDM 1.0 Video Memory Allocation

WDDM 1.1 Video Memory Allocation

Figure 96: WDDM 1.1 Video Memory Allocation

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Windows Vista GDI Global Lock

Figure 97: Windows Vista GDI Global Lock

Customizing the Windows 7 User Interface

Windows 7 GDI Global Lock

Figure 98: Windows 7 GDI Global Lock

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Start Menu and Taskbar Settings

Figure 99: Start Menu and Taskbar Settings

Customizing the Windows 7 User Interface

Figure 100: Taskbar Tab

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Start Menu Tab

Figure 101: Start Menu Tab

Customize the Start Menu

Figure 102: Customize the Start Menu

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Figure 103: Desktop Personalization

Customizing the Windows 7 User Interface

Figure 104: Desktop Themes

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Figure 105: Desktop Icons

Customizing the Windows 7 User Interface

Figure 106: Desktop Background

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface

Window Color and Appearance

Figure 107: Window Color and Appearance

Customizing the Windows 7 User Interface

Figure 108: Sounds

Administering and Maintaining W Windows

Global Knowledge Training L

Customizing the Windows 7 User Interface