11 Networking Wih Windows 7

Windows 7 Windows 7 Networking Chapter 11
Windows 7 Windows 7 Networking

Introduction
This block of notes discusses the technologies behind making a Windows 7 based computer work within a Windows 2008 domain environment using both IPv4 and IPv6. The topics covered include: include wireless and wired network connectivity, Windows HomeGroup, Firewalls, remote management, and virtualisation. Understanding Networking Like almost anything in computer networking analysis and design is vital and will determine where and how the hosts will be installed on the network. Factors that will influence the design include: the number of users on the network, the organisational structure, geographical location and the amount of money in the budget. There are two basic design methodologies: client server networks and peer-to-peer networks. In Microsoft speak client server networks are Active Directory domain-based and peer-to-peer networks are workgroup networks. Peer-to-peer networks tend to be small networks and every computer has the same status they are peers and can act as clients or servers. Microsoft recommends no more than ten hosts in a peer-to-peer network. The big advantage of a peer-to-peer network is that they dont need expensive server software. The downside is they are difficult to manage and keep secure. If the network has ten users and ten computers and every user needs access to every computer they need a username and password on every computer. This amounts 10 x 10 or 100 usernames and
passwords for someone to manage. Another disadvantage of peer-to-peer networks is backups. It is very difficult to
backup up ten individual workgroup-based machines centrally and even more difficult to get the individual users to back up their own machines. Client Server (Windows Server 2008 Active Directory) Networks Active Directory requires a Windows Server platform such as Windows 2008 R1 or R2. Active Directory is a single distributed database that contains all the objects Page | 1
Windows 7 Windows 7 Networking contained within a domain-based network. It is a logical representation of the
physical network and the logical structure maps onto the physical structure. Some of the objects in Active Directory include user accounts, group accounts, and published objects, such as folders and printers. The big advantage of Active Directory based networks is centralised management. In the earlier peer-to-peer example, it needed to 100 accounts to give the users access to the resources they needed. Now with a domain, only 10 accounts are required. An administrator can determine, based on job function, which files or
folders a user can access and which system privileges they need. An Active Directory structure is made up of one or more domains. In Microsoft speak a domain is represented by a triangle. See Figure 1
Figure 1 An Active Directory Forest
An Active Directory structure is made up of one or more domains. A domain is a logical grouping of objects within an organization. The Active Directory namespace is arranged in a hierarchy starting with a root domain at the top. If a domain branches off from another domain, it is called a child domain and the domain it branches off from is called the parent domain. The name of the child domain will include the full name of the parent.
Page | 2
Windows 7 Windows 7 Networking Looking at Figure 1 it can be seen that stevenson.ac.uk is the parent domain and that it has two child domains: leith.stevenson.ac.uk and dalry.stevenson.ac.uk and computing.leith.stevenson.ac.uk is the child of leith.stevenson.ac.uk and so on. As shown in Figure 1, child domains can be based on location but they can also reflect organisation structure as well A benefit of creating child domains is scalability. A single Active Directory domain has the ability to store millions of objects, but child domains give an administrator the flexibility to design a structure layout that meets the needs of their organization. Between a parent domain and a child domain there exists a two-way transitive trust. A trust allows a user to be granted access to resources in a domain even their accounts reside in a different domain. A two-way transitive trust means that by
default all domains within the same forest automatically trust one another. Another important feature of an Active Directory domain is an extensible schema. The Active Directory schema contains all the objects and attributes of the Active database. For example when a new user is created using Active Directory Users and Computers (AUDC) the system asks for the users first name, last name, username and password. The definitions for these fields are defined within the
schema. The schema is extensible and a Schema Administrator can amend the schema. This is not normally recommended practice. However, programs that are Active Directory aware frequently modify the schema when they are installed. A common example is Exchange Server, which modifies the schema to accommodate details of a users e-mail account. Microsoft Networking Terms and Roles A server is a machine that users connect to so they can access resources located on that machine. For example, a file server stores files. Application servers can run applications for the users. Sometimes a server is referred to by the specific application it runs, for example, an SQL Server or an Exchange server. A domain controller is a server that contains a replica of the Active Directory database. All domain controllers in are created equal in as much as they all they all have the same copy of Active Directory. However some domain controllers have Page | 3
Windows 7 Windows 7 Networking specialised roles such as hosting the Global Catalogue, but these roles, except that of the Global Catalog are outside the scope of this course. The Global Catalog is a database consisting of a partial representation of the Active Directory objects. When it is necessary to locate a domain-based resource, the Global catalogue is used to find its location. an Active Directory domain. A member server is a server that is a member of a domain-based network but does not contain a copy of Active Directory. It is good practice to put applications such as Exchange and SQL Server on a member server. A standalone server is not a member of a domain. Many organizations use this type of server for server virtualization. This is when Windows Server 2008 is installed on a powerful server and multiple copies of Hyper-V are installed on to the server. A copy of Windows Server is installed into Hyper-V and these can then act as domain controllers, member servers or any other type of server. A client machine is a computer that normally is used by a companys end users. The most common operating systems for a client machine are Windows Vista, and Windows 7. A Domain Name Service (DNS) server has the DNS service running on it. DNS is a name resolution service that turns a host name into a TCP/IP address (forward lookup) or converts an IP address to a host name (reverse lookup). easily remembered user-friendly host names like Hosts have Global Catalogs are a requirement on
www.stervenson.ac.uk.
Unfortunately computers use rather less convenient IP addresses and binary to talk to each other. DNS takes the user-friendly host name and returns an IP address. It can also convert IP addresses into hostnames when required to do so. DNS can help resolve either IPv4 or IPv6 TCP/IP addresses. This is possible because the Link Local Multicast Name Resolution, or LLMNR, protocol. The Link Local Multicast Name Resolution protocol is based on DNS packet formats that allow both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. DNS is a requirement for Active Directory. DNS can be installed before or during the installation of Active Directory.
Page | 4
Windows 7 Windows 7 Networking Dynamic Host Configuration Protocol (DHCP) automatically assigns IP address configurations to appropriately configured client computers. Every computer needs at least three things to operate properly with the Internet and intranet and these are: a TCP/IP address, a sub-net mask, and a default gateway, which is the IP address of the internal network interface of a router that connects the internal LAN to the outside world. A properly configured DHCP server can provide much more including the IP addresses of a preferred a secondary DNS Server and the IP address of a WINs server if required. If a client cannot access a DHCP server when configured to use a DHCP server it will assign itself an address in the range 169.254.x.x. This is called an Automatic Private IP Address and is provided by the Automatic Private IP Addressing (APIPA) service. addresses. For redundancy, a network should, budget permitting have multiple domain controllers, DHCP, DNS and Global Catalogues for redundancy. For example if the network only has one DHCP Server, should it fail clients requesting IP addresses will end up with APIPA addresses and will be unable to communicate with computers with valid IP addresses, or with the Internet. Configuring Windows 7 NIC Devices A network interface card (NIC) is a hardware component used to connect one host to other hosts on the network. The most common place to find a network adapter is in a computer, but they are needed for any host connecting to a network, such as network printers, routers, switches, firewalls and Intrusion Detection Systems (IDS)s. Network adapters do not need to he separate cards; they can he built in, as in the case of most medium and budget-priced motherboards. Like any other hardware DHCP can issue either IPv4 or IPv6 TCP/IP
device a NIC needs a driver to communicate with the operating system. Check to see that a NIC is on the Windows 7 compatibility list before trying to use it with Windows 7 and that it has plug n play capabilities. If it is on the approved list it is likely as not there will be a driver in the Windows 7 driver CAB file, which means that when installed it plug n play will install it properly and use the driver in the CAB file.
Page | 5
Windows 7 Windows 7 Networking Configuring a Network Adapter Once installed, the NIC can be configured using its Properties dialog box. There are several ways to get to the network adapter property pages, one being the Network and Sharing Center, another through Computer Management, and yet a third directly through Device Manager. Since the Network and Sharing Center will be covered in detail later in the chapter, this is how it is done using the Device Manager. access the Properties dialog box, choose 1. Start and type Device Manager in the Windows search box to launch the Device Manager. 2. Expand the Network Adapters node 3. Right-click the NIC and click Properties to open the drivers property box as shown in Figure 2 To
Figure 2 NIC drive r Poperty box
The Properties dialogue box has five tabs: General, About, Driver, Details and Resources. The General tab shows the name of the adapter, the device type, the manufacturer, and the location. T he Device Status box represents whether the device is working properly or not. If the NIC isnt working properly the Device Status box will display and error code and a brief description of what the operating system deems to be the
Page | 6
Windows 7 Windows 7 Networking problem. The error code can be used to do an Internet search for a resolution to the problem. The content of the About tab rather depends upon the NIC itself and the driver. Figure 3 shows the About tab for the NIC currently installed in my PC. Some NICs will replace the About tab with an Advanced tab
Figure 3 The About tab in the NIC driver Poperty box
In general the Advanced tab where it exists will contain a property list and a value list. To configure options in this dialog box, choose the property to be modified in the Property list box and specify the desired value for the property in the Value box on the right. See Figure 4
Figure 4 The Advanced tab in the Marvell Libitas Wireless NIC driver Poperty box
The sort of information that Driver tab provides includes the following: the driver provider, the date the driver was released, the driver version and the provider of the Page | 7
Windows 7 Windows 7 Networking digital signature. The information will often vary depending upon the NIC. The driver tab from my NIC is shown in Figure 5. Clicking the Driver Details button launches the Driver File Details dialogue box that provides the following information about the driver: the location of the driver file (useful for troubleshooting), the original provider of the driver, the file version (useful for troubleshooting), copyright information about the driver and the digital signer for the driver.
Figure 5 The Driver tab in the NIC driver Poperty box
The Update, Roll back Disable and Uninstall buttons do pretty much what they say. The Update button launches a Wizard that steps through the driver update process. The Roll back button can be used to roll the driver back to the previous version should an update disable the driver. The Disable button is used to disable the
device. Once the device is disabled, the Disable button becomes an Enable button. The Uninstall button removes the driver from the computers configuration. The
device would be uninstalled prior to physically removing the device from the computer. The Details tab box lists the resource settings for the network adapter. This
information will vary from device to device. Figure 6 shows the Details tab for my own NIC.
Page | 8

Figure 6 The Details tab in the NIC driver Poperty box
The Resources tab of the network adapters Properties dialog box lists resource settings for the NIC including: interrupt request (IRQ) memory, and input/output (I/O) resources. This can be important if other devices are trying to use the same resource settings. This is this is normally the case with Windows 7 as plug n play should set up non-conflicting parameters. However, if there are issues, the Conflicting Device list box at the bottom the Resources tab shows the conflicts. Troubleshooting a NIC When a NIC just wont work their can be a number of causes. For example the NIC may not be on the Windows 7 Hardware Compatibility List (HCL) use the Internet to see if the vendor has released a compatible drive, since there is unlikely to be one in the Windows 7 CAB file. The driver might be out-dated in which case click the Update Driver button and having Windows search for a better driver, or check for the latest driver on the hardware vendors website. If Windows 7 does not recognise the NIC then try to install it manually. Another troubleshooting ploy is to make sure that are correct configured. Make sure that all network cables are functioning and are the correct type. This includes making sure that the connector is properly seated, the cable is straight Page | 9 the settings for the network card
Windows 7 Windows 7 Networking through or cross over cable depending on what sort of device it is plugged into. If it plugged into a switch it would need a straight through and if it is plugged into another PC it would need a cross over cable. Finally, verify that the device(s) that the computer is connected to is (are) working. For example, on a Fast Ethernet network, make sure the switch ports are functioning properly. Configuring Wireless NIC Devices Wireless technology is maturing to the point where it is becoming a cost-effective and secure method of networking. Very few homes in the UK are without their own mini-wireless networks as several member of the family all want to use the same router to get out onto the Internet. Windows 7 supports wireless auto-configuration, which will automatically discover the available wireless connections and connect the computer to the preferred network. Although conveniently connected, there is still at least one vital
consideration to take into account, namely security. A Windows 7 compatible wireless NIC will be recognised automatically by the operating system. Once installed the wireless NIC will be displayed in both the Device Manager and the Network and Sharing Center. The Network and Sharing Center is illustrated in Figure 7 showing a wireless connection to stevenson.ac.uk.
Figure 7 The Network and Sharing Center
Page | 10
Windows 7 Windows 7 Networking To access the Network Sharing Centre click Start Control Panel Network and Internet Network And Sharing Center or Click Start and type Network and Sharing Center in the Windows integrated search box. Viewing the Wireless Network Connection Status The Wireless Network Connection Status window displays, among other things, the network layer (layer 3) connectivity status for IPv4 and IPv6, media state, the Service Set ID (SSID), how long the connection has been active, and the signal quality. See Figure 8
Figure 8 . The Wireless Network Connection Status
The Details button of the Wireless Network Connection Status window provides, detailed information including physical address, logical address, DHCP settings, name resolution, and much more. troubleshooting a connection. Exercise 1 Viewing the Network Connection Details 1. Choose Start and type Network and Sharing Center in the Windows 7 integrated search window and press Enter. 2. Select the Wireless Network Connection menu item from the View Your Active Networks section 3. Click the Details button Page | 11 This a very useful place to look when
Windows 7 Windows 7 Networking 4. Review the Network Connection Details for this connection The Activity section of the Wireless Network Connection Status window shows realtime traffic (in bytes) sent to and received from the network. The Wireless Network Connection Status window also provides access to the Wireless Connection Properties which includes which includes access to the wireless adapter configuration. To access the Properties dialogue click the Activity section. The Wireless Network Connection Properties dialogue is shown in Figure.9.
Figure 9 The Wireless Network Connection Properties dialogue
The Networking tab on the Wireless Network Connection Properties page can be used to show which NIC is being used for the connection. The Sharing tab is for configuring Internet Connection Sharing, which is a mechanism for allowing the other users on the network access to the Internet through this machines Internet connection. The This Connection Uses The Following Items is used to display and configure the various clients, services, and protocols that are currently available for the connection. Network clients, network services, and network protocols can be
installed or uninstalled by clicking the appropriate buttons. Clicking the Properties button opens the Properties page for the currently selected item. If the Properties Page | 12
Windows 7 Windows 7 Networking button is greyed-out then a properties page is not available for the item. The
Configure button is used to access the network adapters hardware configuration Property pages, which are the same pages as those that are accessed through the Device Manager. Exercise 2 Viewing the Wireless Network Connection Properties 1. Click Start and type Network and Sharing Center in the Windows 7 integrated search window and then press Enter. 2. Select Wireless Network Connection from the View Your Active Networks section. 3. Click the Properties button from the Activity section. 4. Click the Configure button 5. .View the various tabs regarding the network adapter properties. 6. Choose Cancel to return to the Wireless Network Connection Status window. Configuring Wireless Network Security Network security is vital and is intimately related to the wireless access point or wireless router to which the computer is connected However, large or the network security is vital and needs careful planning. There are several basic steps that can be taken to secure the network including disabling the broadcasting of the SSID, creating a MAC address filter list and enabling encryption such as WPA or WPA2. When the SSID is not broadcast the network cannot be automatically detected until the wireless NIC is manually configured to connect to that SSID. Creating a MAC address filter list creates a list of specific MAC addresses that are allowed to connect to the device. Remember however that MAC addresses just like IP addresses can be spoofed. The best way to secure the network is with good, solid encryption. There are a variety of wireless network connectivity devices ranging from enterprise scale to home-based wireless routers. In either case the Windows 7 client must be set up to match the security settings of the wireless network access devices. Most Page | 13
Windows 7 Windows 7 Networking modern wireless network connectivity devices have a built-in web server to allow the HTTP connection from a web browser. wireless access device. Exercise 3 Configuring a Wireless Access Point 1. Click Start and type Network and Sharing Center in the Windows 7 integrated search window and then press Enter 2. Select the Choose the Set Up A New Connection Or Network option 3. Select Set Up A New Network to configure a new router or access point and then click Next 4. Select the appropriate wireless access device from the Set Up A Network window and then click Next. 5. If requested, enter a PIN or password or any other required identification and click Next 6. On the next screen, configure the security settings. And then click Next These settings need to be configured for each client connecting to the wireless network. 7. Click Finish. However once the network access connection has been configured, the Windows 7 clients still need to be configured. If the network connection is unencrypted, This is not a Windows 7 can be used to configure a
Windows 7 will connect automatically without much user intervention.
good idea even on a home-based network as other nearby users can use the connection, which amounts to stealing by using the bandwidth someone else has paid for, that is quite apart from the risk of somebody reading the data, like bank or credit card details, going across the connection. If the connection is secured, the Windows 7 client will have to be configured with the correct security settings. Exercise 4 Accessing the Wireless Properties. 1. Click Start and type Network and Sharing Center in the Windows 7 integrated search window and then press Enter. Page | 14
Windows 7 Windows 7 Networking 2. Choose the Wireless Network Connection from the View Your Active Networks section of the Network and Sharing Center. 3. Click the Wireless Properties button from within the Connection area of the Wireless Network. See Figure 10
Figure 10 The Wireless Network Connection Properties
4. The Wireless Network Properties tabbed dialog box opens, displaying the current setup for the wireless network. Some wireless cards have an extra button in addition to the Details button called Wireless Properties that when clicked opens the Wireless Network Properties dialogue box, from which the Windows 7 client configuration can be set. This particular card a relatively inexpensive Realtek 8185 lacks this facility. Where this facility does exist it usually has two tabs: Connection and Security. The Connection tab, which displays the following information: the name assigned to the network, the SSID, the network type, network availability, Connect Automatically When This Network Is In Range Connect To A More Preferred Network If Available and Connect Even If The Network Is Not Broadcasting Its Name The SSID defines a user-friendly name for the wireless network Some wireless access devices are able to broadcast more than one SSID at the same time, allowing it to support more than one wireless network. broadcast be default. Network type shows the mode the wireless network is using. If this parameter is set to Access Point the wireless network is in infrastructure mode. Computer-To-Computer then the network is in ad hoc mode. If it is set to The SSID is usually
Page | 15
Windows 7 Windows 7 Networking Network Availability displays to whom the wireless network is available. example, this could be All Users or Me Only. When selected, the Connect Automatically When This Network Is In Range option allows automatic connection for the wireless network. Deselecting this option requires the user to select this wireless network for connection. If the Connect To A More Preferred Network If Available option is selected as well, Windows 7 will attempt to connect to a preferred network. If there is more than one preferred network, Windows 7 might switch back and forth if they are both available at the same time. Clearing this check box will allow the currently connected network to stay connected until it is no longer available, possibly preventing the dropping of data or even dropped connections. If the network is not broadcasting its SSID, the select the Connect Even If The Network Is Not Broadcasting Its Name (SSID) option to allow Windows 7 to automatically connect. The Security tab is for configuring the security parameters as defined in the security policy and configured on the wireless network access devices. Troubleshooting Wireless Connectivity There are a few common issues that can occur with wireless networks and here are a few of them together with possible solutions. The first and obvious thing to do is make sure that the wireless NIC is enabled. If a For
laptop has a hotkey for enabling and disabling the NIC make sure it hasnt been accidently disabled. Sometimes the signal from a from an access point is attenuated by walls or other barriers between the access point and the computer with a wireless NIC. This is a comon problem in Edinburgh where the walls in some of the citys Georgian buildings in the New Town are very thick. The access device and the wireless card must be fully compatible. For example an 802.11a wireless NIC can only connect to an 802.11a access device or an 802.11a/b/g device that has been configured to accept connections from an 802.11a NIC. Page | 16
Windows 7 Windows 7 Networking Wireless NICs that are compatible with the 802.11b standard can connect to only 802.11b or 802.11b/g access devices configured to accept connections from an 802.11b NIC. An 802.11n card needs to connect to an 802.11n access device for efficiency although most will auto-negotiate to the best specification available. Make sure that the security parameters are the same on the NIC and the access point. When connecting to an access point that is not broadcasting an SSID, select the Connect Even If The Network Is Not Broadcasting check box in the Wireless Network Properties dialog box. Smaller organisations and home networks use so-called wireless routers, which are in fact small layer three switches as the combine the functions of router and have a number of Ethernet switch ports for connecting hard-wired devices on the private network as well as an Internet port to connect to the outside world. When troubleshooting this type of device start with the hard-wired devices, and see whether they can communicate with each other and the Internet and with each other, just to eleimate the router as the source of the problem
Understanding TCP/IP
Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of industry standard protocols for network, internetwork, and Internet connectivity
including:Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), and Internet Group Management Protocol (IGMP). The Features of TCP/IP TCP/IP is a dependable and scalable suite of protocols that provides a common structure for network communications across a wide variety of hardware and operating system software. It is independent of the operating systems used at the upper end of the OSI model and of the physical components at the lower end of the OSI model.
Page | 17
Windows 7 Windows 7 Networking TCP/IP comes with a host of connectivity tools including among others: HTTP, FTP, TFTP, Telnet, Finger and support for TCP/IP network printing, together with a plethora of diagnostic and management tools including: ipconfig, arp, ping, nbtstat, netsh, route,nslookup,tracert,and pathping and a Simple Network Management Protocol (SNMP) agent used to monitor performance and resource use of a TCP/IP host, server, or other network hardware device. TCP/IP also supports multihoming, that is the inclusion of multiple NICs, which is usually associated with routing for internetwork connectivity. TCP/IP is without doubt the industry standard networking protocol suite and with the introduction of IPv6 is likely to remain so for the foreseeable future. TCP is designed where necessary to verify at the connection layer to that each data segment is received and passed to the application running at the Application Layer. Where packets are lost or corrupted it can request data retransmission. TCP/IP also supports (Quality of Service), which allows time-sensitive data streams to get preferential treatment. TCP/IP is flexible and scalable enough to allow a network to be divided into multiple segments or subnets to facilitate network traffic management. In addition it is highly fault tolerant and can dynamically re-route packets around failed links, assuming that such paths exist. TCP/IP provides support for Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP). DNS provides host name-to-IP address resolution and DHCP provides automatic IP address configurations to appropriately configured clients. For clients that are unable to contact a DHCP server APIPA will provide an IP address in the range 169.254.0.0 to169.254.255.255. The inclusion of Alternate IP Configuration allows users to have a static and a DHCP-assigned IP address mapped to a single network adapter. This feature supports mobile users who may lease a DHCP address when working in the office and attach to a static network in their homes or at another office. The biggest change to occur to TCP/IP is the introduction of IPv6, which supports a IPv6 incorporates a much larger address space, and more importantly, incorporates many of the additional features of TCP/IP into a standardized protocol. Take up in Page | 18
Windows 7 Windows 7 Networking the UK has been slow but it is being rolled out by Internet Service Providers in the USA and where the USA leads the UK is bound to follow. IPv6 Addressing At first sight IPv6 looks daunting. although an IPv6 address like: 4305:A93E:BADC:8956:3586:8D9C:7032:1423 has a good deal of logic to its construction. IPv6 Shorthand Notation An IPv6 address consists of 8 groups of 4 totaling 32 hexadecimal digits. The IPv6 shorthand notation replaces consecutive zeros with the colon notation, which can be interpreted to mean use zeros until. For example the multicast address: FF02:0000:0000:0000:0000:0000:0001:0002 can be shortened to FF02::1:2. A single colon is used to replace the zeros in a group of zeros in a single group of hexadecimal digits such as the final group 0002, which becomes :2 and the double colon is used to replace multiple groups of four zeros. 0000:0000:0000:0000:0000:0001 which becomes ::1. To retrieve the original IPv6 address insert zeros until the original is obtained. Starting with the final group :2 which becomes 0002. As the first group is FF02 and the final group :0002 adds up to 8 digits. 32-8 = 24 therefore there must be twenty four missing digits the last of which is a 1 preceded by 23 zeros. segments are therefore: FF02: 0000:0000:0000:0000:0000:0001: 0002 Putting them together gives FF02:0000:0000:0000:0000:0000:0001:0002, which is the original IPv6 address. Page | 19 The three In this case In truth it is easier than IPv4 and
Windows 7 Windows 7 Networking For those needing a mantra or set of rules: 1 Count how many octets are at the end. In this case, there are two octets. One octet contains one, and the other octet contains two. 2. Place zeros until reaching the first of the octets at the end. 3. Next start with FF02 and then place zeroes until the seventh octet, which ends in a 2: FF02:0000:0000:0000:0000:0000:0001:ZZZZ 3 Check the remaining octets for possible shorthand; then place zeros to fill them in. Anatomy IPv6 At the most basic level IPv6 addresses are broken into two 64-bit portions, one of which is called the prefix portion and one of which is called the host portion, or the interface ID. The first 48 bits of the prefix portion of the address is given over to three organizations: Internet Corporation for Assigned Names and Numbers (ICANN) Regional Internet Registry (RIR) the Internet service provider (ISP). The next 16 bits are allocated to subnet addressing, which is sufficient for 65,536 subnets. portion of the network. This is enough for 224 hosts. IPv6 Address Types In IPv6 there are three important address types: Unicast, Multicast and Anycast. A unicast address is an address that is absolutely unique to a particular host. A multicast address is effectively a grouping of addresses that is used for sending and receiving information to (from) that group. Anycast is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address. The
second portion of the address, the 65th to the 128th bit of the address, is the host
Page | 20
Windows 7 Windows 7 Networking IPv6 Static and Dynamic Addressing IPv6 addresses can be dynamic or static. Dynamic addresses are assigned by a Dynamic Host Control Protocol version 6 (DHCPv6) Server, whereas static addresses are assigned manually by someone with the appropriate rights. It is important both for the SQA and Microsoft tests to have a clear understanding of the conventions IPv6 uses to assign addresses to a network. There are four
possible combinations: two of which are used for static addressing and two of which are used for dynamic addressing. EUI-64 One of the great benefits of having such a long host field is the ability to specify a great deal of uniqueness into an individual address. A host interface normally
supports two types of address a unique physical address (MAC address) and a configurable logical address (IP address). A MAC addresses is 48 bits in length, which is normally expressed as 6 pairs of hexadecimal digits. For example: 00-1AA0-05-2A-B7. For the purposes of getting to grips with the anatomy of an IPv6 address split the MAC address into two sets of 6 digits as follows: 001AA0 052AB7. When the Internet Engineering Task Force (IETF) formulated the IPv6 standard they deduced that the use of the modified MAC address in the host field would have the dual benefit of making the host address unique and allow a static address to be entered without the need to enter every single digit. However a MAC address is 16bits short of the full host field of 64 bits so some padding is required. This entails taking the hex field FFFF into the centre of the MAC address so that it becomes: 001AA0 FFFF 052AB7. To conclude the seventh bit of the MAC address has to be inverted1. This means taking the first two hex digits which happen in this case to be 00hex or 00000000 in binary and changing inverting the penultimate bit so that it reads as 00000010
bin
or 02
hex
thus the new address becomes 021AA0 FFFF
052AB7 or more concisely 021A:A0FF:FF 05:2AB7.
The reasons for this are fully specified in the appropriate RFC. Recommended reading for the merely curious or the insomniac.
Page | 21
Windows 7 Windows 7 Networking Manual Assignment An IPv6 address can be assigned manually. Each piece of the address is typed in manually using hexadecimal notation. See Figure 11
Figure 11 Configuring IPv6
DHCP v 6 In DHCPv6 there are two supported states stateful and stateless. Stateful DHCP tracks the state of the interfaces it communicates such as how long the lease on the dynamic address lasts. Since IPv6 doesnt use broadcasts it requires the use of a default multicast address: FF02:0000:0000:0000:0000:0000:0001:0002. In stateless DHCP, the "state information" such as whether an interface is up or down, how long the lease exists, and so on is ignored. Typically, stateless DHCP is used in conjunction with stateless autoconfiguration, a method used by IPv6 to automatically assign addresses to given interfaces based on their EUI-64 address. The essential difference between stateless and stateful is that stateless doesn't remember IP addresses, but it can still supply information such as the location of a DNS server. There will be much more to say about IPv6 and DHCPv6 in the DF9M 34 and DF9N 34 Network Server Operating Systems and Network Infrastructure.
IP v 4
It is customary in textbooks to introduce IPv4 before IPv6, unfortunately this creates the impression that IPv6 is more difficult than IPv4, which simply isnt true. If Page | 22
Windows 7 Windows 7 Networking anything the very opposite is true. However, even though IPv4 will eventually be replaced by IPv6 it will be a relatively slow process and it is necessary therefore to understand the principles of IPv4 IP v 4 IP Address Ranges IPv4 uses a set of four octets to create an individual, but not necessarily unique, logical address that can be used for the purposes of routing packets across networks. A subnet mask partitions the address into different subnets for the
purpose of sending and receiving broadcast traffic There are five basic classes of IP address that are defined by the first few bits of the first octet of the IP address and by the subnet mask. For the benefit of the SQA exams and the Microsoft exam the most important classes are classes A, B and C, which are described in Table 1.
Table 1: TCP/IP address classes
Address Class A B C
Number of network bits 8 16 24
Number of host bits 24 16 8
Maximum number of hosts 16,777,214 65,534 254
Each of these classes of networks is assigned a given range that is predefined for a given network design. Given your address class, you will fall into one of the ranges listed in Table 2.
Table 2: TCP/IP address class ranges
Address Class A B C
Number of network bits
1.0.0.0 to 126.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255
When designing a network two key pieces of information are the number of subnets and the number of hosts that are required. Once in possession of this information then the process of sub-netting can begin. Addressing and Sub-netting IPv4 The following sections assume a working knowledge of the basics of binary, hex, and decimal conversion.
Page | 23
Windows 7 Windows 7 Networking Working with the Number of Hosts and Sub-networks Assume that the brief is to build a network to support one server and 5 clients so that the subnet mask must support six computers. The default subnet mask for a Class C network is 255.255.255.0 or in binary notation 11111111.11111111.11111111.00000000. The ones represent the network portion and the zeros represent the host portion. One way to calculate the number of host bits required is by taking 2 and raising it to the number of host bits and then subtracting two to allow for the network and broadcast addresses. For example: 21 = 2 22 = 4 23 = 8 24 = 16 25 = 32 26 = 64 27 = 128 28 = 256 From the list it can be seen that 23 = 8 will support 6 hosts plus the network and broadcast addresses. This means the subnet mask for the network is In shorthand, this
11111111.11111111.11111111.11111000 or 255.255.255.248. would be written as /29, because it uses 29 bits.
The number of bits available for the sub-networks is five. 25 = 32 subnets Addressing a Given Topology Consider a network with six offices. Office two acts as a hub for the other five offices. The immediate job in hand is to subnet the network. The network address assigned to the project is 209.81.3.0. Checking back to Table 2 indicates that this a Class C network, which means a default subnet mask of 255.255.255.0, which means concentrating on the last octet. To support six subnets requires 3 bits, because 22 = 4 is not enough but 23 = 8, which is two more than required thus the subnet mask is 209.81.3.224. The number of hosts is given by the formula 2n 2, where the minus 2 accounts for the network Page | 24
Windows 7 Windows 7 Networking address and the subnet broadcast address. Hence the number of hosts that can be supported on each network is 25 2 = 30. When sub-netting an IP address in this way, it is necessary to calculate the range of the IP addresses in each network because a sub-netted network cannot communicate with an IP address that is out of the range of its own subnet without a router. To calculate the range of the sub-nets take the value the last bit position in the subnet mask and calculate its value, which in the case under consideration, 32. By starting at zero in the last octet keep adding 32 until reaching the total of 224 as follows 209.81.3.0 209.81.3.32 209.81.3.64 209.81.3.96 209.81.3.128 209.81.3.160 209.81.3.192 209.81.3.224 The broadcast address can be located by subtracting 1 from the last octet in all these numbers, with the exception of 0 as follows: 209.81.3.0 209.81.3.31 209.81.3.63 209.81.3.95 209.81.3.127 209.81.3.159 209.81.3.191 209.81.3.223 Page | 25
Windows 7 Windows 7 Networking The usable addresses are those in between and are summarized in Table 3
Table 3: The TCP/IP subnet ranges
Network Address
209.81.3.0 209.81.3.32 209.81.3.64 209.81.3.96 209.81.3.128 209.81.3.160 209.81.3.192 209.81.3.224
Broadcast Address
209.81.3.31 209.81.3.63 209.81.3.95 209.81.3.127 209.81.3.159 209.81.3.191 209.81.3.223 209.81.3.254
Usable Addresses
209.81.3.1 to 30 209.81.3.33 to 62 209.81.3.65 to 94 209.81.3.97 to 126 209.81.3.129 to 158 209.81.3.161 to 190 209.81.3.193 to 222 209.81.3.225 to 253
Exercise 5 Sub-netting a network Debbie has just been employed by MegaGames a leading firm of games developers. MegaGames is an multi-national corporation with an office in Dundee that has about 100 users. Currently, the part of the network that Debbie has responsibility for into three separate networks connected by WAN links. is broken down The Enterprise
Administrator, who is based in the California office, has decided that he wants Debbie to re-address her network using the address space of 209.113.60.0. The topology consists of three sites. Site A has one user, Site B has 25 users and Site C has 30 users. Debbies brief is to use the fewest number of possible subnetworks but each of these sustains enough host bits to support the required number of users. What subnet mask would Debbie need for the whole network and what three broadcast addresses would she need to assign assuming that the corporate specifications for network design require the lowest incremental broadcast address to be applied to Site A, then the next highest to Site B, and the next highest to Site C. MegaGames have no plans to expand its operations in Dundee given the refusal of the UK Government to provide adequate tax incentives, so growth is not a consideration in this design. Since none of the networks have more than 30 users and growth is not an issue the number of bits required for the hosts is 25 = 32. This leaves 3 bits for the network portion. Page | 26
Windows 7 Windows 7 Networking This means that the subnet mask for the network as a whole is a /27 mask or in long hand 255.255.255.224 and the network addresses are 209.113.60.0 209.113.60.32 209.113.60.64 209.113.60.96 And the required broadcast addresses are: 209.113.60.31 209.113.60.63 209.113.60.95 Having learned the theory behind sub-netting now would be a good time to introduce a use shorthand method of calculating subnets called Clarks Magic Number2. Clarks Magic number is 256. Having worked out what the value of the final octet of the subnet mask, subtract it from 256. For example in the example above it becomes 256 224 = 32, which is the number that is repeatedly added in order to get all of the subnets. There is a lot more to say about IPv4 that is beyond the scope of this course. However, it covers enough to demonstrate how much harder IPv4 is than IPv6. Configuring a Windows 7 Machine to use DHCP If a client is configured to receive a dynamic IP configuration a DHCP is required to provide that IP configuration. On a large network trying to assign IP addresses by hand would be both time consuming and error prone. Exercise 5 Configuring the NIC in a Windows 7 client to obtain a dynamic address 1. Click Start and type Network and Sharing Center in the Windows 7 integrated search box.
Clarks Magic Number is named after my colleague Margaret Clark, who first explained it to me.
Page | 27
Windows 7 Windows 7 Networking 2. In the Network and Sharing Center window, click the Local Area Connection item in the View Your Active Networks section. 3. Click the Properties button from the Activity section of the Local Area Connection Status box. 4. In the Local Area Connection Properties dialog box, make sure IPv4 check box is checked and then select Properties. (DHCP also works for IPv6) 5. Choose the Obtain An IP Address Automatically radio button from the General tab of the Properties dialog box. 6. Choose the Obtain DNS Server Address Automatically radio button from the General tab Properties dialog box. 7. To use this configuration, click OK to accept the selection and close the dialogue box. If the machine is not connecting to the local LAN and the Internet correctly open a command-line window ant type ipconfig and then press Enter. If the IP address begins with 169.254.x.y it is unable to locate a DHCP Server and the computer has leased itself an APIPA address. Automatic Private IP Addressing (APIPA) An APIPA address is assigned to a computer that is configured to lease a dynamic IP configuration from a DHCP Server but cannot locate a DHCP Server. Because it leases itself the IP configuration it may lease itself the same address as another node on the network. To prevent this, a client leasing itself an APIPA address will broadcast its address to the network and if another node has the same address it will lease itself another APIPA address and try again. It will do this up to ten times. This means APIPA could be used to provide IP configurations to a small office or home network to save using DHCP or configuring all of the hosts with static IP addresses. However, there is potentially scope for duplicate IP addresses if there are more than ten hosts on the network. If on a larger enterprise network the DHCP Server fails, and there is no other DHCP Server available to service a DHCP request any client requesting an IP address Page | 28
Windows 7 Windows 7 Networking configuration will end up with an APIPA address, while some of the hosts will have a properly configured IP address leased from the DHCP server before it crashed. The computers with the addresses leased before the DHCP server crashed will be able to communicate with each other. communicate with each other. The computers with APIPA addresses can Unfortunately the two groups wont be able to
communicate as they are effectively are on separate subnets. A wise administrator, if he or she can afford it will have multiple DHCP Servers to address this particular scenario.
IPv4 to IPv6 Transitional Techniques

In spite of its obvious advantages it will be impossible to switch over to IPv6 overnight. This means that for the transitional period there needs to be a
mechanism for interoperating IPv4 with IPv6. The three methods discussed in the next few sections: dual stacking, tunneling, and translation. Dual Stacking Dual stacking involves operating both an IPv4 address and an IPv6 address. In Windows 7 dual stacking is implemented by default, which means the ipconfig command displays both the IPv6 hexadecimal address and the dotted decimal IPv4 address. Both the IPv4 and the IPv6 addresses are logical addresses and there is
no reason why a network adapter can be identified with multiple logical addresses. This can be done in one of two ways by using a complete dual stack or by using a dual IP layer. Dual stacking creates a separate stack through which each protocol travels. An implication of this is that networking devices like routers must be capable of supporting both IPv4 and IPv6 and each stack will require its own Transport Layer (Layer 4) implementation that interfaces with the Application Layer. In dual layer implementations the network portion contains both the IPv4 and IPv6 implementations, and they both access the same transport layer. This technology is supported by Windows 7 and Windows Server 2008 R1 and R2.
Page | 29
Windows 7 Windows 7 Networking Dual stacking and dual layer becomes complicated with the introduction of DNS. Unfortunately, the record types for IPv4 and IPv6 are completely different so it is necessary to maintain records for both types of implementation. Tunneling IP Tunneling is in principle very simple. Tunneling IPv6 through an IPv4 infrastructure can be achieved by attaching an IPv4 header to the IPv6 packet. This can be done in one of two ways, automatically or manually. Manually configured tunnels can be configured by using the netsh interface ipv6 add v6v4tunnel command. Automatic tunnels can be configured using 6to4, Teredo, or ISATAP. Tunneling Between Devices Suppose there are two IPv6 networks separated by an IPv4-only infrastructure. Given that the routers that connect the IPv6 networks to the IPv4 network are capable of supporting both IPv6 and IPv4, they will communicate with each other by referencing the network behind each of the routers and then sending the IPv6 packets across the IPv4 infrastructure by encapsulating them in IPv4 packets. When two hosts running both IPv4 and IPv6 stacks in an IPv4 infrastructure communicate, IPv6 packets can be sent across the IPv4 infrastructure by encapsulating the IPv6 packets in and IPv4 packet to create a tunnel through the IPv4 network. When operating between hosts that reside between firewalls or routers, a host running IPv4 can communicate between infrastructures operating different IP protocols by encapsulating the IPv6 packets in an IPv4 packet to create a tunnel containing IPv6 packets. As usual routers have to be capable of supporting both IPv4 and IPv6. When an IPv4-capable computer sends a request to the router with an embedded IPv6 packet, the receiving router, examines the internal IPv6 packet, and then forwards that packet onto the IPv6 host computer running in an IPv6 infrastructure. 6to4 6to4 is a direct method of translating from IPv6 to the IPv4 protocol. It does so by implementing both the IPv4 and IPv6 protocol stacks converting the IPv4 addresses Page | 30
Windows 7 Windows 7 Networking into standard IPv6 addresses by inserting them into hexadecimal IPv6 format. The translated address takes the form 2002:AABB:CCDD:subnet:InterfaceID where AA is the hexadecimal representation of the first octet of the IPv4 addresst, BB is the second octet, CC is the third octet, and DD is the fourth octet. As an example consider the IPv4 address 129.118.1.3. Converting each octet to hex gives: 129 = 81 118 = 76 1 3 = = 1 3
So the fully translated address would take the form: 2002:8176:13:subnet:InterfaceID Within 6to4 tunneling, the entire subnet is treated as a single link. Hosts are automatically given their 2002:AABB:CCDD:Subnet address with a /64 mask. If the given address is not found the information is passed onto a 6to4 router that exists on a /16 mask by default. A Windows Server 2008, Windows Vista and Windows 7 computer can act as a 6to4 router through Internet Connection Sharing (ICS). Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ISATAP is an automatic dual stacking tunneling technology that is installed by default in Windows Vista, Windows 7 and Windows Server 2008. ISATAP allows computers operating IPv6 in IPv4 infrastructures to communicate with IPv4 clients in the same subnet. ISATAP can be used for either public or private addressing. With public unicast addressing, ISATAP uses the global address ::5EFE:A.B.C.D. where A.B.C.D are the octets of the IPv4 address, together with the private address of ::200:5EFE:A.B.C.D Page | 31
Windows 7 Windows 7 Networking where once again, A.B.C.D are the octets of the IPv4 address. Using this
methodology ISATAP creates a link-local address that can be used to communicate between devices through tunneling. To communicate with additional subnets running either pure or mixed IP protocols, an ISATAP router is required. Normally, this router is resolved either through the mapping of the "ISATAP" hostname or by the use of the netsh interface isatap set router command, which allows the address of the router to be manually specified in either Windows Server 2008 or Windows 7. Teredo Teredo is also known as Network Address Translator Traversal (NAT-T). What it does is provide a unicast address for each device located within the NAT pool. It does so by sending out IPv6 data over Uniform Data Protocol (UDP) establishing a tunnel directly between two individual hosts. The process breaks down into two portions: initial client configuration and initial client communication. 1. The client sends a router solicitation request (RS) to a Teredo server with the cone flag set. The cone flag is a high-order bit that indicates a device is behind a NAT. 2. The Teredo server responds with a router advertisement (RA) from a router that is on an alternate IPv4 address so it can determine whether the address is behind a NAT. 3. If the RA is not received, the client repeats the RS with the cone flag not set. 4. The server responds with an RA from the source address to the destination address. If the client receives the RA, it is behind a restricted NAT. 5. To make sure there isn't a symmetric NAT in place, the client sends another RS to an alternate server. 6. The alternate server responds. If the RAs are different, the map is mapping the same internal address and UDP port number, and Teredo will not be available. Teredo has several different methods of initial communication based on what type of NAT the client is assigned under. The most commonly referenced of these is a
Page | 32
Windows 7 Windows 7 Networking situation where a client resides on a restricted NAT. In which case, the process of two computers, A and B, communicating is as follows: 1. Client A sends a bubble packet to Client B. 2. Client A sends a bubble packet to Client B through Client B's Teredo server. 3. Client B's Teredo server forwards the packet to Client B. 4. Client B responds to the packet with its own bubble packet to Client A. 5. Client A determines NAT mappings for both NATs. Testing an IP Configuration There are a number of tools and utilities that can be used to test and troubleshoot a TCP/IP configuration. These include: pconfig, ping, and nbtstat. A graphical view of the connection details is available using Local Area Connection Status of the Network and Sharing Center. The ipconfig command see Figure 12 is a command line utility used to examine the IP address configuration on the network interfaces on a network host.
Figure 12: ipconfig
Ipconfig comes with a number of switches ranging from /? For getting help /setclassID that can be used to modify the DHCP class ID. See Table 4
Page | 33

Table 4: Ipconfig switches
Switch /? /all
Description Provides help for all of the ipconfig switches Shows verbose information about an IP configuration, including ther computers physical address, the preferred DNS server, and whether the address is static or dynamically assigned
/allcompartments /release /release6 /renew /renew6 /flushdns /registerdns /displaydns /showclassid /showclassid6 /setclassID /setclassID6
allcompartments Shows IP information for all compartments

Releases the current IPv4 address assigned by DHCP Releases the current IPv6 address assigned by DHCP Renews the current IPv4 address assigned by DHCP Renews the current IPv6 address assigned by DHCP Flushes the DNS Resolver cache Registers or re-registers clients credentials with DNS Displays the contents of the DNS Resolver cache Lists the DHCP IPv4 class IDs allowed by the computer Lists the DHCP IPv6 class IDs allowed by the computer Modifies the IPv4DHCP class ID Modifies the IPv6DHCP class ID
TCP/IP Troubleshooting The way in which to troubleshoot a TCP/IP configuration rather depends on the nature of the problem. For example if a single machine cannot access the Internet then start troubleshooting from that machine as the fault is likely to be with that machine. If all of the users are having the same problem a good place is to start is with the default gateway. When troubleshooting a PC, start by checking that the Ethernet drop cable is properly connected. Next, make sure the NIC and the NIC driver are properly
installed. If the driver for the NIC is not in the Windows 7 driver .cab file it might be necessary to get the driver from an accompanying CD or from the manufacturers Web site. The next step is to open a command window and run ipconfig and make sure there is a valid IP address configuration. If the IPv4 address is in the range 169.254.0.0 to169.254.255.255 the NIC has been configured to obtain its IP configuration from a DHCP Server but cannot locate a DHCP Server. If the network uses static IP
addressing give the computer a static IP address. If the computer should be getting an IP address from a DHCP Server make sure the server is up and running and Page | 34
Windows 7 Windows 7 Networking hasnt crashed. Next ping the loopback address on the NIC. Do this by typing ping 127.0.0.1 at a command prompt and then pressing Enter. See Figure 13
Figure 13: Pinging the loopback address
This will test to make sure the TCP/IP stack is correctly installed on the NIC. Next use ping to try and reach a host on the same subnet. If this works ping the default gateway. Finally, ping a remote host. Methodically work outwards eliminating one
thing at a time until the problem is isolated. Configuring Windows 7 on a Network In a large enterprise environment, the client machines will almost certainly connected to an Active Directory domain. A computer can be joined to a domain either from the Windows 7 operating system or from within Active Directory. Active Directory
confers many benefits. One of the most important features of an Active Directory is the notion of a single login, which gives a user access to any resources the administrator gives them permissions for wherever those resources are on the network. Another big benefit is the ability to deploy software or configure security from a single Active Directory Group Policy Object (GPO) rather that configuring Local GPOs on each individual client. If users save their data to a centralized file server it can be backed up centrally. There are many more benefits which are
outside the scope of this unit but will become apparent when studying DF9N 34 Network Server Operating Systems and DF9R 35 Network Infrastructure 1: Implementation and Management. Exercise 6 Joining a Windows 7 Computer to an Active Directory domain From a Windows 7 Computer 1. Start and then right-click Computer. Choose Properties Page | 35
Windows 7 Windows 7 Networking 2. Under the Computer Name, Domain, And Workgroup section, click the Change Settings link 3. Click the Change button next to the To Rename This Computer Or Change Its Domain Or Workgroup section 4. In the Member Of section, click the Domain radio button and type in the name of the Windows Server 2008 Active Directory domain to launch the Active Directory credential dialogue 5. Enter the username and password of a user with the necessary privileges to join a client computer to the domain This is frequently the domain administrator 6. A dialog box stating that the computer is a part of the domain appears. Click OK and reboot the machine A word of warning: Before a computer can be joined to a domain it will want to access the domain SRV record in the domains DNS server. computers NIC is pointing at the correct DNS Server. Exercise 7 Joining a Windows 7 Computer to an Active Directory domain From Active Directory Users and Computers (AUDC) 1 On a Windows Server 2008 Active Directory Domain Controller (DC) click Start | Administrative Tools | Active Directory Users And Computers 2 Expand the domain and right-click the container object within which the computer is to be installed and select New | Computer 3 In the Computer Name field, type in the name of the Windows 7 computer. Click OK 4. Double-click the new Windows 7 computer in the right-hand window to open the properties and look at the different tabs and then click the Cancel button. Joining and Sharing HomeGroups in Windows 7 HomeGroups was designed to simplify the sharing of music, pictures, documents and USB-connected printers within a small office or home office (SOHO) network. Page | 36 Make sure the
Preferred DNS setting the Properties dialogue for the NIC in the Windows 7
Windows 7 Windows 7 Networking For example, a shared USB printer is automatically installed onto the other HomeGroup-enabled computers. This extends to Windows 7 computers joined to a domain as they can also participate in a HomeGroup but not create one. HomeGroups can be created only on computers running Home Premium, Enterprise, Professional, or Ultimate, however once it is up and running all versions of Windows 7 can participate in a HomeGroup. IPv6 must be running in for computers to create and participate in HomeGroups. If the Windows 7 network discovery feature is not enabled the system will ask for the HomeGroup to be created. To do this open the Network and Sharing Center, select Choose HomeGroup And Sharing Options and then click the Create A HomeGroup button. See Figure 14.
Figure 14: Creating a HomeGroup
With Windows 7 network discovery turned on (the default), HomeGroup is created automatically. However, it will still be necessary to join the HomeGroup. To join a Home Group open the Network and Sharing and click the Join Now button. An important part of joining a HomeGroup is to decide what exactly should be shared. The Share with other home computers running Windows 7 page has
check-boxes for Pictures, Documents, Music, Printers and Videos. Check the boxes for the things that will be shared. See Figure 15
Page | 37

Figure 15: Configuring what can be shared
The next step is to enter the HomeGroup password. See Figure 16

Figure 16: Entering the HomeGroup password
The first machine in the HomeGroup will create a random secure password. To view and or print the HomeGroup password, open the Network and Sharing Center click the Choose HomeGroup And Sharing Options link and then choose View Or Print The HomeGroup Password item, as shown in Figure 17.
Page | 38

Figure 17: Viewing / printing the HomeGroup password
To change the password open the Network and Sharing Center click the Choose HomeGroup And Sharing Options link and then choose Change the password to launch the change password dialogue as shown in Figure 18.
Figure 18: Changing the HomeGroup password
Note the warning at the top of the dialogue that states that changing the password will disconnect everyone. After changing the HomeGroup password, it will be
necessary to go to each of the other Windows 7 machines in the HomeGroup and change the password. Once the HomeGroup is set up the other members shared resources can be viewed from the HomeGroup option of Windows Explorer. It can also be added to the Start menu if required.
Page | 39
Windows 7 Windows 7 Networking Configuring Windows Firewall Windows Firewall is designed to prevent unauthorized users or malicious software from accessing a computer. Windows Firewall does not pass unsolicited traffic. That is traffic that was not sent in response to a request Windows Firewall is configured by clicking Start | Control Panel | Large icons | View Windows Firewall. See Figure 19.
Figure 19 Configuring Windows Firewall
The Windows Firewall settings dialog box, see Figure 20 is used to turn Windows Firewall on or off for both private and public networks.
Figure 20 Turning on Windows Firewall
Page | 40
Windows 7 Windows 7 Networking The Off setting will allow external sources to connect. The On setting will block external sources except those that are specified on the Exceptions tab. When Block All Incoming Connections is enabled, exceptions are ignored and no notification will be given when an application is blocked by Windows Firewall. The exceptions section of the Windows Firewall settings dialog box, shown in Figure 21, is used to define which programs and services should be allowed to pass through the Firewall.
Figure 21 Windows Firewall Allowed Programs dialogue
Think carefully when enabling exceptions as there is potential for letting traffic through the firewall that could be used by a hacker to hack into the system. Windows Firewall with Advanced Security (WFAS) WFAS can be used to configure more advanced settings. To launch WFAS click Start Control Panel | Large Icons View Windows Firewall and then click the Advanced Settings link. See Figure 22 The items in the scope pane include inbound and outbound rules, connection security rules, and monitoring rules. The central pane displays an overview of the firewalls status, as well as the current profile settings.
Page | 41

Figure 22 Windows Firewall with Advanced Security
Inbound and Outbound Rules Inbound rules monitor inbound traffic, see Figure 23 and outbound rules monitor outbound traffic. Many of the rules are disabled by default. Double-clicking a rule will bring up its Properties dialog box, as shown in Figure24
Figure 23 Windows Firewall Outbound connections
Page | 42

Figure 24 Outbound rule Properties dialogue box
A filter can be applied to the rules to make them easier to view. Filtering can be performed based on the profile the rule affects, by state that is whether the rule is enabled or disabled, or based on the rule group. See Figure 25.
Figure 25 Setting up filtering
If there isnt a predefined rule that meets a specific need it is possible to create a new rule by right-clicking Inbound Rules or Outbound Rules in the scope pane, and then selecting New Rule to launch the New Inbound (or Outbound) Rule Wizard. The Wizard will ask whether the rule should be based on a particular program, protocol or port, predefined category, or custom settings. Page | 43
Windows 7 Windows 7 Networking Exercise 8 Creating a New Inbound Rule 1. Choose Start | Control Panel Large Icon View | Windows Firewall 2. Click Advanced Settings on the left side 3. Right-click Inbound Rules and select New Rule 4. Choose a Rule Type. For this exercise, choose Custom then click Next. 5. Choose the programs or services that are affected by this rule. For this exercise, lets choose All Programs. Then click Next. 6. Choose the protocol type, as well as the local and remote port numbers that are affected by this rule. Click Next to continue. For the benefit of this exercise choose TCP and All ports is selected for both Local Port and Remote Port and click Next. 7. Choose the local and remote IP addresses that are affected by this rule then click Next For this example select Any IP Address for both local and remote 8. Specify whether this rule will allow the connection, allow the connection only if it is secure, or block the connection. For the current example select the options Allow The Connection If It Is Secure then click Next. 9. Specify whether connections should be allowed only from certain users, then click Next 10. Specify whether connections should be allowed only from certain computers 11. Choose which profiles will be affected by this rule and then click Next 12. Give the profile a name and description, and then click Finish. The newly created customized rule will appear in the list of Inbound Rules, and the rule will be enabled 13 To change any of the options double click the rule. 14 To disable the rule un-check the check box. And click OK. Connection Security Rules Connection security rules do not specifically allow connections, instead they are used to configure how and when authentication occurs. There are four security rules: Isolation, Authentication Exemption, Server-to-server and Tunnel Page | 44
Windows 7 Windows 7 Networking Isolation is used to restrict a connection based on authentication criteria. Authentication Exemption is used to specify computers that do not need to authenticate. Server-to-Server is used to authenticate connections between
computers and Tunnel is used to authenticate connections between computers acting as gateways Monitoring The Monitoring section provides detailed information about how the firewall has been configured for the Domain, Public and Private profiles.
Configuring Remote Management

Windows PowerShell and Windows Remote Management can be used in addition to Remote Assistance and Remote Desktop to help Windows 7 users remotely. Windows PowerShell A complete study of Windows PowerShell is well beyond the scope of this unit, however it is a very powerful tools and it is certainly worth knowing that it exists and what it can do. PowerShell runs at the command line and can be used to execute command on a remote Windows 7 computer. One of the benefits it confers is the use of cmdlets which are command that are built into PowerShell. There are more than one
hundred pre-defined cmdlets and administrators can also write their own customized cmdlets. PowerShell can be used to gain access to a file system, Registry, digital certificate stores, and other data stores on a computer. Table 5 lists a few of PowerShells pre-defined cmdlets.
Table 5 Common PowerShell cmdlets
Cmdlet Clear-History Format-table Get-Date Get-Event Import-Module Invoke-command
Description Deletes entries from the command history Shows results as a table Gets the date and time Gets and event in the event queue Adds modules to the current session Runs commands on local or remote computers
Page | 45

Cmdlet Start-job Stop-job Description Starts a PowerShell background job Stops a PowerShell background job
Exercise 9 Starting PowerShell 1. Start PowerShell by clicking Start | All Programs Accessories | Windows PowerShell | PoweShell. 2. Type Help and press Enter to get Help with PowerShell. See Figure 26
Figure 26 Windows PowerShell
Windows Remote Management (WinRm) WinRM is the Microsoft implementation of the industry standard WS-Management Protocol, designed to allow different vendor operating systems and hardware to work together. WinRm utility can be accessed either through the WinRM command-line tool, WinRM scripting objects or through the Windows Remote Shell command-line tool. WinRm can be used to remotely execute commands and obtain management data from local and remote computers. A big advantage of WinRm is that because it is an implementation of an industry standard protocol it can be used on Windows- based operating systems and non-Windows-based operating systems. some of the WinRm commands and their meanings. Table 6 shows
Page | 46

Table 6 WinRm Commands
Command WInRM eorWinRM enumerate WInRM c or WnRM create WInRM I orWinRM invoke WInRM d or WinRM delete WinRM s or WinRM set WnRM g orWinRM get
Description Lists all instances of a managed resource Creates a new instance on the managed resources Executes a method on a managed resource Removes an instance from a managed resource Modifies management information Retrieves management information
BranchCache
BranchCache is designed for organizations with multiple offices connected with slow links so that they can cache data so that data does not have to be transferred across a slow link each time a file is accessed. distributed cache mode and hosted mode. Distributed Cache Mode When running in distributed cache mode client machines cache the files locally on the client machines so that a server running Windows Server 2008 R2 is not required at the branch office. However the content servers at the main office must be running Windows Server 2008 R2. Essentially, the Windows 7 computers download the data files from the content servers at the main office and become the local cache servers. To function as local cache servers the Windows 7 computers must be running Windows 7 Enterprise Edition or Windows 7 Ultimate Edition. To implement distributed cache mode as well as having a content server at the main office running Windows Server 2008, R2 the branch office also needs a server running R2 of Windows Server 2008. Once the content server is installed physical connections (WAN or VPN connections) between the sites and branch offices must be established. Client computers running Windows 7 have BranchCache installed by default, but it must be enabled and configured before it can be used and an exception configured on the firewall. Page | 47 There are two BranchCache modes
Windows 7 Windows 7 Networking Exercise 10 Configuring the Firewall for BranchCache. 1. On a domain controller, click Start | Administrative Tools | Group Policy Management to launch the Group Policy Management console. 2. In the Group Policy Management console, browse to Forest | Domains | Group Policy Objects making sure that the domain contains the Windows 7 client computer accounts that need to be configured. 3. In the Group Policy Management console, right-click Group Policy Objects and select Create And Link Group Policy Here. Name the policy BranchCache Client and press Enter. Right-click BranchCache Client and click Edit to launch the Group Policy Management Editor console 4. In the Group Policy Management Editor console, browse to: Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security | LDAP | lnbound Rules. 5. Right-click Inbound Rules and then click New Rule to launch the. The New Inbound Rule Wizard 6. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Content Retrieval (Uses HTTP) then click Next. 7. In Predefined Rules, click Next. 8. In Action, ensure that Allow The Connection is selected, and then click Finish. 9. Now to create the WS-Discovery firewall exception, right-click Inbound Rules, and click New Rule to launch the New Inbound Rule Wizard 10. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Peer Discovery (Uses WSD) and then click Next. 11. In Predefined Rules, click Next. 12. In Action, ensure that Allow The Connection is selected, and then click Finish.
Page | 48
Windows 7 Windows 7 Networking 13. In the Group Policy Management Editor console, right-click Outbound Rules, and then click New Rule to launch the New Outbound Rule Wizard 14. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Content Retrieval (Uses HTTP) and click Next. 15. In Predefined Rules, click Next. 16. In Action, ensure that Allow The Connection is selected, and then click Finish. 17. Create the WS-Discovery firewall exception by right-clicking Outbound Rules, and then clicking New Rule to launch the Outbound Rule Wizard. 18. In Rule Type, click Predefined, expand the list of choices, and then click BranchCache - Peer Discovery (Uses WSD) and then click Next. 19. In Predefined Rules, click Next. 20. In Action, ensure that Allow The Connection is selected, and then click Finish. Hosted Mode Hosted mode requires a Windows Server 2008 R2 based computer in both offices and all of the client computers at the branch must be running Windows 7 Enterprise or Ultimate editions. A Windows 7 machine downloads data from the main cache server, and then the cache servers at the branch offices store a copy of the downloaded data for other users to use. Once a caching server at the branch office has been set up it needs to get a server certificate so the client computers in the branch offices can identify it. Exercise 11 Installing BranchCache on a Windows Server 2008 R2 machine 1. Logon as an Administrator 2. Click clicking Start | Administrative Tools | Server Manager 3. In Server Manager, right-click Features and then choose the Add Feature link 4. The Add Features Wizard starts. Select the BranchCache check box and then click Next 5. . At the Confirm Installation Selections screen, click Install Page | 49
Windows 7 Windows 7 Networking 6. After the BranchCache feature installs, click Close. 7. In the Server Manager left window pane, double-click Configuration and then click Services 8. In the Services detail pane, double-click BranchCache to launch the BranchCache Properties dialog box 9. Click the General tab and then click Start. Click OK. 10. Close Server Manager. 11. Repeat steps 1 10 on all branch office cache servers
Configuring Direct Access

DirectAccess is new to the Windows Server 2008 R2 and Windows 7 operating systems. It allows a remote user to connect to their corporate network without using a VPN. As long as the user is connected to the Internet DirectAccess will Because the
automatically connect the remote user to the corporate network.
connection is bidirectional, the IT administrator can also remotely manage the Windows 7 machine while the machine is away from the network. DirectAcess vs VPNs. VPNs allow a remote user to securely connect to a corporate network by tunneling through the Internet however VPNs do have a number of downsides. For example, if a user gets disconnected from their VPN connection, they must reestablish the VPN connection. Also if an organizations Internet connections are the same as their VPN connections it cause their Internet connections to be slower. Finally for security reasons it may not be possible for an organization to open a port on their firewall to allow VPN traffic. DirectAcess DirectAccess does not face the same limitations of a VPN. To establish a connection DirectAcess uses Internet Protocol Security (IPsec) to provide a high level of security between the client and the server. According to Microsoft the way in which DirectAcess works is as follows:
Page | 50
Windows 7 Windows 7 Networking 1. The Windows 7 DirectAccess client determines whether the machine is connected to a network or to the Internet. 2. The Windows 7 DirectAccess computer tries to connect to the web server specified during the DirectAccess setup configuration. 3. The Windows 7 DirectAccess client computer connects to the Windows Server 2008 R2 DirectAccess server using IPv6 and IPsec. Because most users connect to the Internet by using IPv4, the client establishes an IPv6-over-IPv4 tunnel using 6to4 or Teredo. 4. If an organization has a firewall that prevents the DirectAccess client computer using 6to4 or Teredo from connecting to the DirectAccess server, the Windows 7 client automatically attempts to connect by using the IP-HTTPS protocol. 5. As part of establishing the IPsec session, the Windows 7 DirectAccess client and server authenticate each other by using computer certificates for authentication. 6. The DirectAccess server uses Active Directory membership and the DirectAccess server verifies that the computer and user are authorized to connect by using DirectAccess. 7. The DirectAccess server begins forwarding traffic from the DirectAccess client to the intranet resources to which the user has been granted access. Setting up DirectAcess To set up DirectAccess, your network infrastructure must meet some minimum requirements. The Windows Server 2008 R2 computer that has been configured to use DirectAccess must be a multihomed device with one NIC connected to the Internet and the other NIC connected to the intranet. configured with its own TCP/IP address. Each network adapter will be
The DirectAccess server must be
configured to use IPv6 and be capable of supporting ISATAP, Teredo, or 6to4. The client machines must be configured to use DirectAccess. Exercise 12 Installing DirectAccess 1. Start Server Manager by clicking Start | Administrative Tools | Server Manager. Page | 51
Windows 7 Windows 7 Networking 2. 3. 4. 5. In the left window pane, click Features. In the right window, click the Add Feature link. Click the DirectAccess Management Console check box. A dialog box may appear, asking to install any other features required by DirectAccess. Click the Add Required Features button. 6. Click Next and then click the Install button.
7. Verify that the installation was complete and then close Server Manager. Open the Direct Access Manager from Administrative Tools. When the DirectAccess Manager starts up, click Setup to launch the DirectAccess Setup Wizard. This will step through setting up the Remote Clients, DirectAccess Server, Infrastructure Servers, Application Servers and the selection of the Windows 7 computers that can use DirectAccess. To complete the setup and allow this to function properly, a certificate server, domain controller, and DNS server are required.
Understanding Virtualization
Server virtualization can be used to run more than one operating systems in virtual machines on a single physical server platform using Hyper-V. The notion behind server virtualization is to reduce their hardware costs. At the client level virtualization can take place using Virtual PC. Virtual machines are full operating systems that run in a virtualized environment. The end users that connect to the virtual machines cannot tell the difference between a normal machine and virtualized machine. Hyper-V Microsoft has now incorporated server virtualization into the operating system with the release of Hyper-V. One of the big advantages of Hyper-V is that it will support multiple operating systems, including non-Windows operating systems, running on the same Windows Server 2008 machine. Each VM can have its own unique resources running on its operating system. Another advantage is the ability to rapidly recover from a crash Page | 52
Windows 7 Windows 7 Networking because it is only necessary to move the Hyper-V virtual machine to another machine. One thing to be careful to avoid is not to put all the servers that have specialized functions in virtual machines on the same physical server. For example if all the virtual DHCP servers are on the same physical platform and it goes down, there will be no DHCP service until the VMs can be moved to another physical server. Creating a Hyper-V Windows 7 Virtual Machine The hypervisor, in Hyper-V, is a 64-bit mechanism that allows Hyper-V to run multiple virtual machines on the same physical machine. The hypervisor's job is to create and manage the partitions between virtual machines. The hypervisor is a thin software layer that sits between the virtual machines and the hardware. Exercise 12 Making a Windows 7 .VHD 1. Start the Hyper-V Manager by clicking Start | Administrative Tools | HyperV Manager. 2. When the Hyper-V Manager starts, under the Actions section click the New, Virtual Machine link. 3. At the Before You Begin screen click Next. 4. At the Specify Name And Location screen, type Win7VM in the Name field. Leave the default location. Click Next. 5. At the Assign Memory screen, type 1024MB and click Next. 6. At the Configure Networking screen, pull down the Connection type and choose the network adapter and then click Next. 7. At the Connect Virtual Hard Disk screen. Click Create A New Virtual Hard Disk. 8. TypeWin7.vhd and make the hard drive size 20 GB. Click Next. 9. At the Summary screen, select the Start The Virtual Machine After It Is Created check box and click Finish. 10. When the Win7VM starts, you will receive a boot failure. Click the Media menu option. Click the DVD Drive option and then Capture Your DVD Drive. Then click Enter. Page | 53
Windows 7 Windows 7 Networking 11. Install the Windows 7 Enterprise Edition as normal. Windows Virtual PC Microsoft also has a virtualization environment that can operate on its client software called Windows Virtual PC. Windows Virtual PC enables can be used to create and manage virtual machines without the need of a server operating system. The advantage here is that a server operating systems can run in a client environment such as Windows XP, Windows Vista, or Windows 7. Virtual PC is good for testing things before implementing on a physical hardware platform. It is also useful when a user has an application that ran on a legacy system such as Windows 2000 Professional but will not run in Windows 7. Windows 2000 can be installed in virtual PC and the application run on the Virtual machine.
Page | 54

11 Networking Wih Windows 7

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

11 Networking Wih Windows 7

Uploaded by

Copyright:

Available Formats

Windows 7 Windows 7 Networking Chapter 11

Windows 7 Windows 7 Networking

Figure 2 NIC drive r Poperty box

Windows 7 Windows 7 Networking

Windows 7 will connect automatically without much user intervention.

thus the new address becomes 021AA0 FFFF

052AB7 or more concisely 021A:A0FF:FF 05:2AB7.

Number of network bits 8 16 24

Number of host bits 24 16 8

Maximum number of hosts 16,777,214 65,534 254

Number of network bits

1.0.0.0 to 126.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255

11111111.11111111.11111111.11111000 or 255.255.255.248. would be written as /29, because it uses 29 bits.

IPv4 to IPv6 Transitional Techniques

Windows 7 Windows 7 Networking

allcompartments Shows IP information for all compartments

Windows 7 Windows 7 Networking

The next step is to enter the HomeGroup password. See Figure 16

Windows 7 Windows 7 Networking

Windows 7 Windows 7 Networking

Windows 7 Windows 7 Networking

Configuring Remote Management

Cmdlet Clear-History Format-table Get-Date Get-Event Import-Module Invoke-command

Windows 7 Windows 7 Networking

Windows 7 Windows 7 Networking

Configuring Direct Access

automatically connect the remote user to the corporate network.

The DirectAccess server must be

You might also like