Professional Documents
Culture Documents
M I C R O S O F T
L E A R N I N G
P R O D U C T
6292A
Installing and Configuring Windows 7 Companion Content
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2009 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.
1-1
Module 1
Installing, Upgrading, and Migrating to Windows 7
Contents:
Lesson 1: Preparing to Install Windows 7 Lesson 2: Performing a Clean Installation of Windows 7 Lesson 3: Upgrading and Migrating to Windows 7 Lesson 4: Performing an Image-Based Installation of Windows 7 Lesson 5: Configuring Application Compatibility Module Reviews and Takeaways Lab Review Questions and Answers 2 5 9 11 16 18 21
1-2
Lesson 1
1-3
Editions of Windows 7
Question 1: Which edition of Windows 7 might you choose in the following scenarios? Scenario 1: There are a few users in your organization. Currently, you do not have a centralized file server and all of the computers are not joined to a domain. Scenario 2: Your organization has more than one hundred users who are located in several offices across the country. In addition, you have several users that travel frequently. Answer: Choose Windows 7 Professional for Scenario 1 and Windows 7 Enterprise for Scenario 2. Scenario 1: For a business environment, choose either Windows 7 Professional or Windows 7 Enterprise. Windows 7 Home Premium, Windows 7 Home Basic, and Windows 7 Starter are targeted for home users. Because you only have few users, Windows 7 Professional will be the best fit. Scenario 2: Choose Windows 7 Enterprise and take the advantage of features such as BranchCache and DirectAccess to increase the productivity of your mobile users. Question 2: What is the difference between the Enterprise and the Ultimate edition of Windows 7? Answer: There is no difference in terms of features between the Enterprise and Ultimate editions. Windows 7 Enterprise is available through Microsoft Software Assurance with Volume Licensing and Windows 7 Ultimate is available through the retail channel. There is no upgrade path between the two.
1-4
Scenario 1: Your users have computers that are at least three years old and your organization plans to deploy Windows 7 to many new computers. Scenario 2: There are only a few users in your organization, their computers are mostly new, but they have many applications installed and a lot of data stored in their computers. Answer: The answers may vary. Your selection of the type of installation may not be decided by just these factors. In general, it is recommended that you perform a clean installation followed by migration of user settings and data. Avoid selecting upgrade, unless it only involves a few users or computers. In Scenario 1, you may want to purchase new hardware for your organization, perform a clean installation of Windows 7, and migrate the necessary user settings and data. In Scenario 2, you may want to perform an in-place upgrade to Windows 7.
1-5
Lesson 2
1-6
A clean installation is the preferred installation method. Performing a clean installation ensures that all of your systems begin with the same configuration and all applications, files, and settings are reset.
1-7
video cards and memory modules. Use Windows Catalog to locate products designed for Microsoft Windows and ensure that your hardware meets the minimum requirements for the edition of Windows 7 that you want to install. Carefully note any messages and search the Microsoft Knowledge Base for an explanation.
1-8
10. Click OK to close the message about restarting. 11. In the System Properties window, click the Change button. Note that the Network ID button performs the same task with a wizard. 12. In the Computer Name/Domain Changes window, click Domain and type Contoso.com. This is the name of the domain to be joined. 13. Click the More button. Use this primary DNS suffix to have the computer search DNS domains other than the Active Directory domain that it is joined to. The NetBIOS name is used for backward compatibility with older applications. 14. Click the Cancel button. 15. In the Computer Name/Domain Changes window, click OK. 16. When prompted, in the Windows Security box, type Administrator with a password of Pa$$w0rd. 17. Click OK three times and then click Close. 18. Click Restart Now. 19. After the system restarts, log on as Contoso\Administrator with a password of Pa$$w0rd.
1-9
Lesson 3
1-10
1-11
Lesson 4
1-12
1-13
Note: If a catalog file does not exist for this edition of Windows 7, then you will be prompted
to create a catalog file. The creation process takes several minutes. In this demonstration, you are not prompted to create a catalog file because it has already been created for you. 5. 6. In the Answer File area, right-click Create or open an answer file, and then click New Answer File. In the Windows Image area, expand Components and scroll down and expand x86_MicrosoftWindows-Setup. This group of settings is primarily used in the windowsPE stage of an unattended installation. Notice that it includes Disk Configuration. Expand UserData and right-click ProductKey. Notice that this setting can only be applied in the windowsPE stage. This is used for an unattended installation where Windows 7 is installed from the install.wim file on the Windows 7 installation DVD. Scroll down and click x86_Microsoft-Windows-Shell-Setup. Notice that the option for the product key is available here and shown in the Properties area. Right-click x86_Microsoft-Windows-Shell-Setup and click Add setting to Pass 4 specialize. These settings are applied after an operating system has been generalized by using Sysprep.
7.
8. 9.
10. In the Microsoft-Windows-Shell-Setup Properties area, in the ProductKey box, type 1111122222-33333-44444-55555 and press Enter. Placing a product key in this answer file prevents the need to enter the product key during the installation of a new image. 11. Close Windows System Image Manager and do not save any changes.
Note: For more information, please refer to Windows SIM Technical Reference at http://go.microsoft.com/fwlink/?LinkID=154216.
1-14
4.
5.
Note: For more information on copype, copy, and oscdimg, refer to:
http://go.microsoft.com/fwlink/?LinkID=154217 http://go.microsoft.com/fwlink/?LinkID=154218 http://go.microsoft.com/fwlink/?LinkID=154219
6.
1-15
7. 8. 9.
Type cd C:\img and press Enter. At the command prompt, type dir and press Enter. You can see the installation files for Windows 7 ENTERPRISE and modify them. At the command prompt, type cd \ and press Enter.
10. At the command prompt, type dism /image:C:\img /? and press Enter. This displays the available options for servicing an image such as adding a driver or adding a feature. 11. At the command prompt, type dism /image:C:\img /add-driver /driver:E:\LabFiles\Mod01\vx6000\vx6000.inf and press Enter. This adds the driver for the VX6000 Lifecam to the image so that it is available for all computers configured with this image. 12. At the command prompt, type dism /unmount-wim /mountdir:C:\img /discard and press Enter. Use the /commit option to save changes. 13. Close all open Windows.
1-16
Lesson 5
1-17
1-18
1-19
Install add-on hardware properly, such as video cards and memory modules. Use Windows Catalog to locate products designed for Microsoft Windows and ensure that your hardware meets the minimum requirements for the edition of Windows 7 that you want to install. Carefully note any messages and search the Microsoft Knowledge Base for an explanation.
1-20
Tools
Tool Use for Installing Windows or upgrading previous Windows versions Assessing the feasibility of an upgrade to Windows 7 Assessing organization readiness for Windows 7 Migrating user settings and data in side-by-side migration for a single or few computers Supporting the deployment of Windows operating system Migrating user settings and data for a large number of computers Creating unattended installation answer files Capturing, creating, modifying, and applying the WIM file Installing and deploying Windows operating system Preparing Windows installation for disk imaging, system testing, or delivery Configuring the hard disk Deploying Windows over the network Servicing and managing Windows images Inventorying and analyzing organization application compatibility Creating application fixes Where to find it
Windows Setup Windows Upgrade Advisor Microsoft Assessment and Planning Toolkit Windows Easy Transfer Windows Automated Installation Kit (Windows AIK) User State Migration Tool Windows SIM
Windows AIK
Windows AIK
ImageX
Windows AIK
Windows PE
Sysprep
Windows AIK
Diskpart
Windows 7 Microsoft Download Center for Windows Server 2003 SP1 Server Role in Windows Server 2008 and Windows Server 2008 R2 Windows 7 Windows AIK
WDS
DISM
ACT
1-21
2-1
Module 2
Configuring Disks and Device Drivers
Contents:
Lesson 1: Partitioning Disks in Windows 7 Lesson 2: Managing Disk Volumes Lesson 3: Maintaining Disks in Windows 7 Lesson 4: Installing and Configuring Device Drivers Module Reviews and Takeaways Lab Review Questions and Answers 2 5 9 13 17 23
2-2
Lesson 1
2-3
2-4
2-5
Lesson 2
2-6
2-7
2-8
6. 7. 8.
On the Assign Drive Letter or Path page, click Next. On the Format Partition page, in the Volume label box, type Spanned, click Next and then click Finish. In the Disk Management dialog box, click Yes.
2-9
Lesson 3
2-10
2-11
Test the configured quotas by using a standard user account to create files
1. 2. 3. 4. 5. 6. 7. 8. 9. Log off and then log on to the LON-CL1 virtual machine as Contoso\Alan with a password of Pa$$w0rd. Click Start, click Computer, and then double-click Striped (I:). On the toolbar, click New Folder. Type Alans files and then press ENTER. In the file list, right-click 2mb-file, drag it to Alans files, and then click Copy here. Double-click Alans files. Right-click 2mb-file and then click Copy. Press CTRL+V. In the Address bar, click Striped (I:).
10. In the file list, right-click 1kb-file, drag it to Alans files, and then click Copy here. 11. Double-click Alans files. 12. Right-click 2mb-file and then click Copy.
2-12
13. Press CTRL+V. 14. In the Copy Item dialog box, review the message and then click Cancel.
10. In the Programs list, click Event Viewer. 11. In the Event Viewer (Local) list, expand Windows Logs and then click System. 12. Right-click System and then click Filter Current Log. 13. In the <All Events IDs> box, type 36 and then click OK. 14. Examine the listed entry. 15. Close all open windows.
2-13
Lesson 4
2-14
2-15
10. Click Start, right-click Computer, and then click Manage. 11. In Computer Management, click Device Manager. 12. Expand Keyboards and then click Standard PS/2 Keyboard. 13. Verify that you have successfully rolled back the driver. 14. Close Computer Management.
2-16
2-17
What two commands must you use for these tasks? Answer: The two commands are as follows:
format fs=ntfs label=sales-data
assign
Question 3: Your organization has recently configured Windows Update to automatically update the Accounting departments computers at 03:00. This conflicts with the weekly defragmentation of the computers on Wednesday mornings. You must reconfigure the scheduled defragmentation task to occur at midnight on Tuesdays instead. List the steps to modify the defragmentation schedule. Answer: Follow these steps to modify the defragmentation schedule: 1. 2. 3. 4. Right-click the volume in Windows Explorer, click Properties, click the Tools tab, and then click Defragment Now. In the Disk Defragmenter window, click Configure schedule. In the Disk Defragmenter: Modify Schedule window, change Choose day to Tuesday, and change Choose time to 12:00 AM (midnight). Click OK. Click Close on the Disk Defragmenter window, and OK on the Properties window.
Question 4: You recently upgraded to Windows 7 and are experiencing occasional problems with the shortcut keys on your keyboard. Describe the first action you might take to the resolve the issue and list the steps to perform the action. Answer: 1. 2. 3. Update the device driver for the keyboard. To manually update the driver used for the keyboard, follow these steps in Device Manager: Double-click the Keyboard category of devices. Right-click the device and then click Update Driver Software.
2-18
4.
Common issues
Identify the causes for the following common issues and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module and the course companion CD content. Issue Troubleshooting tip Once a quota is created, you can export it and then import it for a different volume. In addition to establishing quota settings on an individual computer by using the methods outlined above, you can also use Group Policy settings to configure quotas. This enables administrators to configure multiple computers with the same quota settings. To increase free disk space after exceeding the quota allowance, the user can try the following: Delete unnecessary files Have another user claim ownership of non-user specific files Increase the quota allowance as volume size and policy permits To identify a device driver problem, answer the questions: Did you recently upgrade the device driver or other software related to the hardware? If so, roll back the device driver to the previous version. Are you experiencing occasional problems, or is the device not compatible with the current version of Windows? If so, upgrade the device driver. Did the hardware suddenly stop working? If so, upgrade the device driver. If that does not solve the problem, reinstall the device driver. If the problem continues, try troubleshooting the hardware problem. To verify that a disk requires defragmentation, in Disk Defragmenter select the disk you want to defragment and then click Analyze disk. Once Windows is finished analyzing the disk, check the percentage of fragmentation on the disk in the Last Run column. If the number is high, defragment the disk. To view shadow copy storage information, use the Volume Shadow Copy Service administrative command-line tool. Start an elevated Command Prompt and then type vssadmin list shadowstorage. The used, allocated, and maximum shadow copy storage space is listed for each volume.
If you have a hardware problem, it can be caused by hardware or a device driver. Troubleshooting hardware problems often starts by troubleshooting device drivers.
Best practices
Supplement or modify the following best practices for your own work situations: Every time a change is made to a computer, record it. It can be recorded in a physical notebook attached to the computer, or in a spreadsheet or database available on a centralized share that is backed up nightly.
2-19
If you keep a record of all changes made to a computer, you can trace the changes to troubleshoot problems and offer support professionals correct configuration information. The Reliability Monitor can be used to track changes to the system such as application installs or uninstalls. When deciding what type of volume to create, consider the following questions: How critical is the data or information on the computer? Can automatic replication be set up quickly and easily? If the computer became unbootable, what will be the impact on your business? Is the computer handling multiple functions? Is the data on the computer being backed up on a regular basis?
Task Add a new disk Best Practices for Disk Management Confirm that you are a member of the Backup Operators group or the Administrators group Create partitions or volumes Device Management and Installation For information about driver signing, including requirements, review the Driver Signing Requirements for Windows page in Windows Hardware Developer Central
Search Help and Support for standard account and administrator account. For information about groups: http://go.microsoft.com/fwlink/?LinkId=64099 http://go.microsoft.com/fwlink/?LinkId=64106 http://go.microsoft.com/fwlink/?LinkId=64107 http://go.microsoft.com/fwlink/?LinkId=143990
http://go.microsoft.com/fwlink/?LinkId=14507
2-20
guidelines Windows 7 Springboard Series Windows Device Experience Best Practices for Disk Management http://go.microsoft.com/fwlink/?LinkId=147459
http://go.microsoft.com/fwlink/?LinkId=132146
http://go.microsoft.com/fwlink/?LinkId=153231
Tools
Tool Use for Performing disk defragmentation tasks from the command-line Viewing and updating hardware settings, and driver software for devices such as internal hard drives, disc drives, sound cards, video or graphics cards, memory, processors, and other internal computer components Help when interacting with any compatible device connected to the computer. From Device Stage, you can view the devices status and run common tasks from a single window. There are pictures of the devices which helps make it simpler to view what is there. Provides users a single location to find and manage all the devices connected to their Windows 7 -based computers. Also provides quick access to device status, product information, and key functions such as faxing and scanning to enhance and simplify the customer experience with a Windows 7 - connected device. Where to find it
Defrag.exe
Command Prompt
Device Manager
Control Panel
Device Stage
Taskbar
Control Panel
Disk Defragmenter
Rearranging fragmented data so that disks and drives can work more efficiently
In Windows Explorer, right-click a volume, click Properties, click the Tools tab, and then click Defragment Now. Click Start, type diskmgmt.msc in the search box, and then click diskmgmt.msc in the results list. Open a command prompt
Disk Management
Managing disks and volumes, both basic and dynamic, locally or on remote computers.
Diskpart.exe
2-21
command-line or from Windows PE Performing tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume Adding drivers to and managing drivers in the device store
Fsutil.exe
Pnputil.exe
Command Prompt (elevated) In Windows Explorer, right-click a volume, click Properties, click Quota, and then click Show Quota Settings.
Quota Settings
Use to check if unsigned device drivers are in the system area of a computer
Start menu
Viewing and managing shadow copy storage space Automatically applying updates that are additions to software that can help prevent or fix problems, improve how your computer works, or enhance your computing experience.
Windows Update
Online
Basic disk
Dynamic disk
Volume
System volume
2-22
There is only one system volume. The disk volume that contains the Windows operating system files and the supporting files. The boot volume can be the same volume as the system volume; this configuration is not required. There is one boot volume for each operating system in a multi-boot system. A contiguous space of storage on a physical or logical disk that functions as though it were a physically separate disk. The process of dividing the storage on a physical disk into manageable sections that support the requirements of a computer operating system. A method of expressing a data address on a storage medium. Used with SCSI and IDE disk drives to translate specifications of the drive into addresses that can be used by enhanced BIOS. LBA is used with drives that are larger than 528MB.
Boot volume
2-23
3-1
Module 3
Configuring File Access and Printers on Windows 7 Clients
Contents:
Lesson 1: Overview of Authentication and Authorization Lesson 2: Managing File Access in Windows 7 Lesson 3: Managing Shared Folders Lesson 4: Configuring File Compression Lesson 5: Managing Printing Module Reviews and Takeaways Lab Review Questions and Answers 2 4 9 11 14 17 20
3-2
Lesson 1
3-3
3-4
Lesson 2
3-5
3-6
Question 2: The Users group has Read permission for Folder1. The Sales group has Write permission for Folder2. What permissions does User1 have for File2? Answer: User1 has Read and Write permissions for File2, because User1 is a member of the Users group, which has Read permission for Folder1, and the Sales group, which has Write permission for Folder2. File2 inherits permissions from both Folder2 and Folder1. Question 3: The Users group has Modify permission for Folder1. File2 is accessible only to the Sales group, and they are only able to read File2. What do you do to ensure that the Sales group has only Read permission for File2? Answer: Prevent permissions inheritance for Folder2 or File2. Remove the permissions for Folder2 or File2 that Folder2 has inherited from Folder1. Grant only Read permission to the Sales group for Folder2 or File2.
3-7
5. 6. 7.
5. 6. 7. 8.
3-8
10. In the Deliverables Properties dialog box, click OK. 11. Close the Project Documents window.
3-9
Lesson 3
3-10
3-11
Lesson 4
3-12
AG00011_ Close the PUB60COR folder. Switch back to the C:\Project Documents folder. Right-click Compressed Files folder and then click Paste. Double-click Compressed Files folder. Right-click AG00004_ and then click Properties. Click Advanced.
10. Click Cancel and then click Cancel again to close the properties dialog box.
3-13
4. 5. 6.
In the Project Documents folder, double-click Uncompressed Files. Right-click the Taskbar and then click Show Windows Side by Side. In the Compressed Files folder, drag AG00004_ to the Uncompressed Files folder.
10. Right-click Zipped Data and then drag it to the Compressed Files folder. 11. Click Copy Here. 12. Double-click Compressed Files. 13. Close all open windows.
3-14
Lesson 5
Managing Printing
Contents:
Detailed Demo Steps 15
3-15
4. 5. 6. 7. 8. 9.
10. In the Location field, type Headquarters. 11. Click Preferences. 12. Set Quality Option to Best Photo. 13. Click OK and then click OK again to close the dialog box. 14. Click OK to close the Epson Stylus Photo RX630 (M) Properties box.
3-16
The Printer Properties dialog box also included the following printer options that can be maintained. Location General tab Ports tab Advanced tab Advanced tab Advanced tab Advanced tab Printer Option Printing Preferences, such as portrait/landscape orientation option and print quality Configure Printer Port Assign printer driver
3-17
3-18
When setting up a computer, you are required to create a user account. This account is an administrator account used to set up your computer and install any required programs. Once you are finished setting up the computer, it is recommended to use a standard user account for your daily computing. It is safer to use a standard user account instead of an administrator account because it can prevent users from making changes that affect everyone who uses the computer, especially if your user account logon credentials are stolen.
Considerations when taking ownership of a file or folder include: An administrator can take ownership of any file on the computer. Assigning ownership of a file or folder might require elevating your permissions through User Access Control. The Everyone group no longer includes the Anonymous Logon group.
3-19
Tools
Use the following Command Prompt tools to manage file and printer sharing. Tool Net share Net use Cacls.exe Compact.exe Pnputil.exe Description Share folders from the Command Prompt Connect to shared resources from the Command Prompt Configure NTFS file and folder permissions from the Command Prompt Compress NTFS files and folders from the Command Prompt Preinstall printer drivers into the driver store
3-20
4-1
Module 4
Configuring Network Connectivity
Contents:
Lesson 1: Configuring IPv4 Network Connectivity Lesson 2: Configuring IPv6 Network Connectivity Lesson 3: Implementing Automatic IP Address Allocation Lesson 5: Troubleshooting Network Issues Module Reviews and Takeaways Lab Review Questions and Answers 2 5 8 10 13 15
4-2
Lesson 1
4-3
Answer: A and B.
4-4
10. In the Local Area Connection 3 Status window, click Properties. This window allows you to configure protocols. 11. Click Internet Protocol Version 4 (TCP/IPv4) and then click Properties. You can configure the IP address, subnet mask, default gateway and DNS servers in this window. 12. Click Advanced. The Advanced TCP/IP Settings window allows you to configure additional settings such as additional IP addresses, DNS settings, and WINS servers for NetBIOS name resolution. 13. Close all open windows without modifying any settings.
4-5
Lesson 2
4-6
4-7
Note: The local Area Connection number may be different in some cases.
8. 9.
In the Local Area Connection 3 Status window, click Details. This window shows the same configuration information for this adapter and the ipconfig command. In the Network Connection Details windows, click Close.
10. In the Local Area Connection 3 Status window, click Properties. This window allows you to configure protocols. 11. Click Internet Protocol Version 6 (TCP/IPv6) and then click Properties. You can configure the IPv6 address, subnet prefix length, default gateway, and DNS servers in this window. 12. Click Use the following IPv6 address and enter the following: IPv6 address: 2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A Subnet prefix length: 64
13. Click Advanced. The Advanced TCP/IP Settings window allows you to configure additional setting such as additional IP addresses and DNS settings. 14. In the Advanced TCP/IP Settings window, click Cancel. 15. In the Internet Protocol Version 6 (TCP/IPv6) Properties window, click OK. 16. In the Local Area Connection 3 Properties window, click Close. 17. In the Local Area Connection 3 Status window, click Details. Verify that the new IPv6 address has been added. 18. Close all open windows.
4-8
Lesson 3
4-9
10. Click Obtain an IP address automatically. Notice that the Alternate Configuration tab becomes available when you do this. 11. Click Obtain DNS server address automatically. 12. Click the Alternate Configuration tab. Configuration information on this tab is used when no DHCP server is available. 13. Click OK to save the changes. 14. In the Local Area Connection 3 Properties window, click Close. 15. In the Local Area Connection 3 Status window, click Details. Notice that DHCP is enabled and the IP address of the DHCP server is displayed. 16. Close all open windows.
4-10
Lesson 5
4-11
4-12
4-13
4-14
Tools
You can use the following tools to troubleshoot network connectivity issues. Tool Description The Network and Sharing Center informs you about your network and verifies whether your PC can successfully access the Internet; then, it summarizes this info in the form of a Network Map. A command that you can use to configure network properties from the command-line. A command-line tool that combines the functionality of Ping and Tracert, and that you can use to troubleshoot network latency and provide information about path data. A command-line tool that you can use to test and troubleshoot DNS and name resolution issues. A general IP configuration and troubleshooting tool. A basic command-line tool that you can use for verifying IP connectivity. Similar to Pathping, which provides information about network routes.
Netsh.exe
Pathping.exe
4-15
5-1
Module 5
Configuring Wireless Network Connections
Contents:
Lesson 2: Configuring a Wireless Network Module Reviews and Takeaways Lab Review Questions and Answers 2 6 8
5-2
Lesson 2
5-3
5-4
Note: If you select an enterprise option, you must provide additional information about how
authentication is handled within your organization. For example, the name of a RADIUS server and other settings.
10. Enter Pa$$w0rd in the Network Key. 11. Click Apply to save the settings. Most wireless APs have a separate persistent save which means that the device remembers the settings even after you power it down and start again. 12. Most wireless APs also provide options for more advanced settings. These include MAC address filtering and bridging and are out of the scope of this demonstration. 13. Close all opened Windows.
5-5
2. 3. 4. 5.
Click Manage wireless networks. Click Add to launch the wizard to guide you through the process of defining the properties of the network. Click Manually create a network profile to configure an infrastructure network. Enter ADATUM in Network name, select WPA2-Personal for Security type, select AES for Encryption type, and enter Pa$$w0rd for Security Key/Passphrase to define the appropriate SSID and the security settings that correspond to those defined on the wireless AP.
Note: The specifics of the settings vary from network to network. In addition, the options
available may be restricted by Group Policy. Your ability to create a network connection may be restricted.
6. 7. 8. 9.
Click Next to connect to the network and then click Close. Right-click the wireless network icon on the system tray and click Open Network and Sharing Center. Click Wireless Network Connection (ADATUM) to view the status of the network. Click Close to close the Wireless Network Connection Status dialog box. By default, all networks are placed in the Public network profile, which is the most restrictive. From the Network and Sharing Center, click Public network.
10. Click Work Network and then click Close. Once you define a network location profile for a network connection, Windows remembers it for subsequent connections to that network. 11. Close all opened Windows.
2.
3. 4. 5.
5-6
Cannot detect wireless network Windows is not configured to connect to the right type of network
5-7
Tools
Tool Network and Sharing Center Connect to a Network Netsh Windows Network Diagnostics Use to Where to find it
Configure network settings Configure Windows 7-based client to connect to a wireless network Configure local or remote network settings Troubleshoot access to wireless networks
Control Panel Systray Network and Sharing Center Systray Command prompt Network and Sharing Center Systray
5-8
6-1
Module 6
Securing Windows 7 Desktops
Contents:
Lesson 1: Overview of Security Management in Windows 7 Lesson 2: Securing a Windows 7 Client Computer by Using Local Security Policy Settings Lesson 3: Securing Data by Using EFS and BitLocker Lesson 4: Configuring Application Restrictions Lesson 5: Configuring User Account Control Lesson 6: Configuring Security Settings in Windows Internet Explorer 8 Lesson 7: Configuring Windows Defender Lesson 8: Configuring Windows Defender Module Reviews and Takeaways Lab Review Questions and Answers 2 4 10 15 20 24 29 33 37 44
6-2
Lesson 1
6-3
6-4
Lesson 2
6-5
6-6
10. In the Select Group Policy Object dialog box, click Finish. 11. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Group Policy Object Editor and then click Add. 12. In the Select Group Policy Object dialog box, click Browse. 13. In the Browse for a Group Policy Object dialog box, click the Users tab. 14. In the Local Users and Groups compatible with Local Group Policy list, click NonAdministrators and then click OK. 15. In the Select Group Policy Object dialog box, click Finish. 16. In the Add or Remove Snap-ins dialog box, click OK. 17. In Console1 [Console Root], on the menu, click File and then click Save. 18. In the Save As dialog box, click Desktop. 19. In the File name box, type Multiple Local Group Policy Editor and then click Save.
6-7
6. 7. 8. 9.
In the Browse dialog box, right-click in the empty folder, point to New, click Text Document, and then press ENTER. Right-click New Text Document, and then click Edit. Type msgbox Default Computer Policy , click File, click Save As. Type ComputerScript.vbs, change Save as type: to All Files, and then click Save.
10. Close ComputerScript.vbs. 11. In the Browse dialog box, click on the ComputerScript file and then click Open. 12. In the Add a Script dialog box, click OK. 13. In the Logon Properties dialog box, click OK.
10. Close AdminScript.vbs. 11. In the Browse dialog box, click on the AdminScript file and then click Open. 12. In the Add a Script dialog box, click OK. 13. In the Logon Properties dialog box, click OK.
6-8
8. 9.
Type msgbox Default Users Policy , click File, and then click SaveAs. Type UserScript.vbs, change Save as type: to All Files, and then click Save.
10. Close UserScript.vbs. 11. In the Browse dialog box, click on the UserScript file and then click Open. 12. In the Add a Script dialog box, click OK. 13. In the Logon Properties dialog box, click OK. 14. Log off of LON-CL1.
10. In the Logon Properties dialog box, click Remove and then click OK. 11. In Multiple Local Group Policy Editor [Console Root], in the tree, expand Local Computer\Administrators Policy. 12. Expand User Configuration, expand Windows Settings, and then click Scripts (Logon/Logoff). 13. In the results pane, double-click Logon. 14. In the Logon Properties dialog box, click Remove and then click OK. 15. In Multiple Local Group Policy Editor [Console Root], in the tree, expand Local Computer Policy. 16. Expand User Configuration, expand Windows Settings, and then click Scripts (Logon/Logoff). 17. In the results pane, double-click Logon. 18. In the Logon Properties dialog box, click Remove and then click OK. 19. Close the Multiple Local Group Policy Editor [Console Root] snap-in. 20. Click Yes if prompted to save. 21. Log off.
6-9
10. Click Security Options. 11. In the left pane, click and expand Windows Firewall with Advanced Security and then click Windows Firewall with Advanced Security Local Group Policy Object. 12. In the left pane, click Network List Manager Policies. 13. In the left pane, click and expand Public Key Policies and then click Encrypting File System. 14. Click BitLocker Drive Encryption. 15. In the left pane, click Software Restriction Policies. 16. In the left pane, click and expand Application Control Policies. 17. Click and expand AppLocker. 18. In the left pane, click IP Security Policies on Local Computer. 19. In the left pane, click and expand Advanced Audit Policy Configuration. 20. Click and expand System Audit Policies Local Group Policy Object. 21. Close the Local Group Policy Editor. 22. Log off LON-CL1.
6-10
Lesson 3
6-11
What Is BitLocker?
Question: BitLocker provides full volume encryption. What does this mean? Answer: Full volume encryption means: 1) the entire Windows operating system volume can be encrypted, and 2) fixed data volumes can be encrypted (with the requirement that the OS volume is also encrypted).
BitLocker Modes
Question: What is a disadvantage of running BitLocker on a computer that does not contain TPM 1.2? Answer: Computers without TPMs will not be able to use the system integrity verification during boot-up that BitLocker can also provide.
Configuring BitLocker
Question: When turning on BitLocker on a computer with TPM version 1.2, what is the purpose of saving the recovery password? Answer: If the TPM ever changes or cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a product CD or DVD to circumvent the operating system, the computer will switch to recovery mode and will remain there until the user provides the recovery password. Storing the recovery password so that it is accessible to the user allows him or her to complete the startup process.
Configuring BitLocker to Go
Question: How do you enable BitLocker To Go for a USB flash drive? Answer: Insert the drive, and in Windows Explorer, right-click the drive and then click Turn On BitLocker.
6-12
Find the password ID under a Computers properties, which you can use to locate recovery passwords stored in Active Directory.
6-13
10. On the General tab, click Advanced. 11. Select the Encrypt contents to secure data check box and then click OK. 12. In the Encrypted Properties dialog box, click OK, and then in the Confirm Attribute Changes dialog box, click Apply changes to this folder, subfolders and files. 13. Click OK. 14. Click OK to close the Encrypted Properties dialog box and then log off.
6-14
3. 4. 5. 6. 7. 8.
Right-click the Encrypted folder and then click Properties. On the General tab, click Advanced. Clear the Encrypt contents to secure data check box and then click OK. Click OK to close the Encrypted Properties dialog box. In the Confirm Attribute Changes dialog box, click OK. Log off.
6-15
Lesson 4
6-16
AppLocker Rules
Question: When testing AppLocker, you must carefully consider how you will organize rules between linked GPOs. What do you do if a GPO does not contain the default AppLocker rules? Answer: If a GPO does not contain the default rules, then either add the rules directly to the GPO or add them to a GPO that links to it.
6-17
10. On the Conditions screen, select Path and then click Next. 11. Click the Browse Files button and then click Local Disk (C:). 12. Double-click Windows, select Regedit, and then click Open. 13. Click Next. 14. Click Next again and then click Create. 15. Click Yes when prompted to create default rules.
6-18
10. Close the Command Prompt. 11. In the Event Viewer, expand Application and Services Logs and then expand Microsoft.
6-19
12. Expand Windows, expand AppLocker, and then click EXE and DLL. 13. Review the entries in the results pane. 14. Close Computer Management. 15. Log off.
6-20
Lesson 5
6-21
6-22
6-23
3. 4. 5. 6. 7.
Type Administrator in the User name field. Type Pa$$w0rd in the Password field. Click Yes. Close the Computer Management console. Log off.
6-24
Lesson 6
6-25
You can modify the firewall settings for each type of network location from the main Windows Firewall page. To set up or modify network location profile settings, click Change advanced sharing settings in the left pane of the Network and Sharing Center. Multiple active firewall policies enable computers to obtain and apply domain firewall profile information, regardless of the networks that are active on the computers.
6-26
Custom rules
Connection Security Rules Isolation rules Authentication exemption rules Server-to-server Tunnel rules Custom rules
6-27
10. Select both of the Remote Scheduled Tasks Management (RPC) rules and then click Next. 11. Select Block the connection and then click Finish.
10. Click Next. 11. Select Block the connection and then click Next. 12. On the Profile page, click Next. 13. Type HTTP TCP 80 in the Name field and then click Finish.
6-28
2. 3. 4.
Click Internet Explorer. Type http://LON-DC1 into the Address field and then press ENTER to attempt to connect to the default Web site on LON-DC1. Close Internet Explorer.
10. In the Add Second Authentication Method dialog box, select User (Kerberos V5) and then click OK. 11. In the Customize Advanced Authentication Methods, click OK. 12. Click Next and then click Next again. 13. Type Kerberos Connection Security Rule and then click Finish.
6-29
Lesson 7
6-30
6-31
10. Type http://LON-DC1 into the Address bar and then press ENTER. 11. Confirm the address you typed in is not stored by clicking on the down arrow next to the Address bar. 12. Close the InPrivate Browsing window. 13. Close Internet Explorer.
6-32
6-33
Lesson 8
6-34
Question: How can you be sure that you have addressed the appropriate security risks before and after a desktop deployment? Answer: Conduct a structured security risk management process that will help you to identify and assess risk, identify and evaluate control solutions, implement the controls, and then measure the effectiveness of the mitigation. Identifying security risks before a desktop deployment helps you to be proactive in mitigating and implementing solutions.
6-35
10. Ensure the Check for updated definitions before scanning check box is selected. 11. In Options, select Default actions. 12. Set Severe alert items to Remove. 13. Set Low alert items to Allow. 14. Ensure the Apply recommended actions check box is selected. 15. In Options, select Real-time protection. 16. In Options, select Excluded files and folders. 17. In Options, select Excluded file types. 18. In Options, select Advanced. 19. Click Scan e-mail. 20. Click Scan removable drives. 21. In Options, select Administrator. 22. Click Save.
Microsoft SpyNet
1. In Tools and Settings, click Microsoft SpyNet.
6-36
2. 3.
6-37
Turn on real-time protections by clicking Tools, clicking Options, and then clicking Real-time protection. In the Options area, perform the following additional tasks:
Configure automatic scanning Specify default actions for specific alert levels Customize a scan by excluding files, folders, and file types
6-38
Use the Advanced options to scan archived files, email, and removable drives, and to use heuristics and create a restore point.
Select whether to use Windows Defender and what information to display to all users of the computer. History, Allowed items, and Quarantined items are hidden by default to protect user privacy.
The Diagnose Connections Problems button helps users find and resolve issues potentially without involving the Helpdesk. When Internet Explorer 8 is unable to connect to a Web site, it shows a Diagnose Connection Problem button. Clicking the button helps the user resolve the problem by providing information to troubleshoot the problem. This option was available in Internet Explorer 7 but is now simpler to find in Internet Explorer 8.
Resetting Internet Explorer 8 settings
If Internet Explorer 8 on a users computer is in an unstable state, you can use the Reset Internet Explorer Settings (RIES) feature in Internet Explorer 8 to restore the default settings of many browser features. These include the following:
6-39
Search scopes Appearance settings Toolbars ActiveX controls (reset to opt-in state, unless they are pre-approved) Branding settings created by using IEAK 8
You can choose to reset personal settings by using the Delete Personal Settings option for the following:
Home pages Browsing history Form data Passwords
RIES disables all custom toolbars, browser extensions, and customizations that have been installed with Internet Explorer 8. To use any of these disabled customizations, you must selectively enable each customization through the Manage Add-ons dialog box. RIES does not do the following:
Clear the Favorites list Clear the RSS Feeds Clear the Web Slices Reset connection or proxy settings Affect Administrative Template Group Policy settings that you apply
Note: Unless you enable the Group Policy setting titled Internet Explorer Maintenance
policy processing, Normal mode settings on the browser created by using IEM are lost after you use RIES.
4. 5.
6-40
Note: To prevent users from using the RIES feature, enable the Do not allow resetting Internet Explorer settings policy in Group Policy Administrative Templates.
For example, you may require administrative permissions to change the UAC setting to Always notify me or Always notify me and wait for my response. With this type of configuration, a yellow notification appears at the bottom of the User Account Control Settings page indicating the requirement.
The most secure implementation of BitLocker leverages the enhanced security capabilities of Trusted Platform Module (TPM) version 1.2. On computers that do not have a TPM version 1.2, you can still use BitLocker to encrypt the Windows operating system volume. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation and does not provide the prestartup system integrity verification offered by BitLocker that is working with a TPM.
6-41
If AppLocker rules are defined in a Group Policy Object (GPO), only those rules are applied. To ensure interoperability between Software Restriction Policies rules and AppLocker rules, define Software Restriction Policies rules and AppLocker rules in different GPOs. When an AppLocker rule is set to Audit only, the rule is not enforced. When a user runs an application that is included in the rule, the application is opened and runs normally and information about that application is added to the AppLocker event log. At least one Windows Server 2008 R2 domain controller is required to host the AppLocker rules.
6-42
accounts. It is a good idea to have two recovery agent accounts to provide redundancy for file recovery. Having two computers that hold these keys provides more redundancy to allow recovery of lost data. Implement a recovery agent archive program to make sure that encrypted files can be recovered by using obsolete recovery keys. Recovery certificates and private keys must be exported and stored in a controlled and secure manner. Ideally, as with all secure data, archives must be stored in a controlled access vault and you must have two archives: a master and a backup. The master is kept on-site, while the backup is located in a secure off-site location. Avoid using print spool files in your print server architecture, or make sure that print spool files are generated in an encrypted folder. The Encrypting File System does take some CPU overhead every time a user encrypts and decrypts a file. Plan your server usage wisely. Load balance your servers when there are many clients using Encrypting File System (EFS).
Windows Internet Explorer 8 Technology Overview for Enterprise and IT Pros Internet Explorer 8 Support page Internet Explorer 8: Home Page Internet Explorer 8 Frequently Asked Questions Internet Explorer 8 newsgroups Internet Explorer 8 Forum on TechNet Internet Explorer 8: Help and Support The new Application Compatibility Toolkit (ACT) with support for Internet Explorer 8 is available from MSDN
6-43
The Application Compatibility Toolkit is accompanied by a white paper that explains compatibility issues identified by the tool Information about anti-phishing strategies Information about the RIES feature Internet Explorer Application Compatibility
6-44
7-1
Module 7
Optimizing and Maintaining Windows 7 Client Computers
Contents:
Lesson 1: Maintaining Performance by Using the Windows 7 Performance Tools Lesson 2: Maintaining Reliability by Using the Windows 7 Diagnostic Tools Lesson 3: Backing Up and Restoring Data by Using Windows Backup Lesson 4: Restoring a Windows 7 System by Using System Restore Points Lesson 5: Configuring Windows Update Module Reviews and Takeaways Lab Review Questions and Answers 2 7 10 14 17 19 21
7-2
Lesson 1
7-3
Demonstration: Analyzing System Performance by Using Data Collector Sets and Performance Monitor
Question: How can you use Performance Monitor for troubleshooting? Answer: You can use Performance Monitor to monitor resources when running an application that is having problems. If a problem is occurring at a specific time, you can schedule a data collector set to run at that time and collect additional information about resource usage when this problem occurs.
7-4
2. 3. 4. 5.
6.
7. 8.
9.
10. Expand the TCP Connections area. This shows current TCP connections and information about those connections. 11. Expand the Listening Ports area. This shows the processes that are listening for network connections and the ports they are listening on. The firewall status for those ports is also shown. 12. Close the Resource Monitor.
Demonstration: Analyzing System Performance by Using Data Collector Sets and Performance Monitor Detailed demonstration steps
This demonstration shows how to analyze system performance by using Data Collector Sets and Performance Monitor. 1. 2. Log on to the LON-CL1 virtual machine as Contoso\Administrator with a password of Pa$$w0rd. Click Start, and in the search box, type per, and then click Performance Monitor.
7-5
3. 4. 5. 6. 7. 8. 9.
In the Performance Monitor window, click the Performance Monitor node. Notice that only % Processor Time is displayed by default. Click the + symbol in the toolbar to add an additional counter. In the Available counters area, expand PhysicalDisk and then click % Idle Time. In the Instances of selected object box, click 0 C:, click Add, and then click OK. Right-click % Idle Time and then click Properties. In the Color box, click green and then click OK. In the left pane, expand Data Collector Sets and then click User Defined.
10. Right-click User Defined, point to New, and then click Data Collector Set. 11. In the Name box, type CPU and Disk Activity and then click Next. 12. In the Template Data Collector Set box, click Basic and then click Next. Using a template is recommended. 13. Click Next to accept the default storage location for the data. 14. Click Open properties for this data collector set and then click Finish. On the General tab, you can configure general information about the data collector set and the credentials that are used when it is running. 15. Click the Directory tab. This tab lets you define information on how the collected data is stored. 16. Click the Security tab. This tab lets you configure which users can change this data collector set. 17. Click the Schedule tab. This tab lets you define when the data collector set is active and collecting data. 18. Click the Stop Condition tab. This tab lets you define when data collection is stopped based on time or data that is collected. 19. Click the Task tab. This tab lets you to run a scheduled task when the data collector set stops. This can be used to process the collected data. 20. Click Cancel. 21. Notice that there are three kinds of logs listed in the right pane. Performance Counter collects data that can be viewed in the Performance Monitor. Kernel Trace collects detailed information about system events and activities. Configuration records changes to registry keys.
22. In the right pane, double-click Performance Counter. Notice that all Processor counters are collected by default. 23. Click Add. 24. In the Available counters area, click PhysicalDisk, click Add, and then click OK. All the counters for the PhysicalDisk object are now added. 25. In the left pane, right-click CPU and Disk Activity and then click Start. 26. Wait a few moments and the data collector set will stop automatically.
7-6
27. Right-click CPU and Disk Activity and then click Latest Report. This report shows the data that is collected by the data collector set. 28. Close the Performance Monitor.
7-7
Lesson 2
7-8
7-9
2. Restart LON-CL1 and press a key to start from the DVD when you are prompted. 3. On the Windows 7 page, click Next. 4. Click Repair your computer. 5. In the System Recovery Options window, read the list of operating systems found and then click Next. 6. Read the options that are listed.
Startup Repair tries to automatically repair a Windows system that is not starting correctly. System Restore is used to restore system configuration settings based on a restore point. System Image Recovery is used to perform a full restore from Windows backup. Windows Memory Diagnostic is used to test physical memory for errors. Command Prompt lets you manually access the local hard disk and perform repairs.
7. Click Command Prompt. 8. At the command prompt, type C: and press Enter. 9. At the command prompt, type dir and press Enter. Notice that there are no files on the C: drive. 10. At the command prompt, type E: and press Enter. 11. At the command prompt, type dir and press Enter. Notice that this drive is the C: drive when Windows 7 is running. 12. Close the command prompt and then click Restart.
7-10
Lesson 3
7-11
7-12
10. Click Let me choose and then Next. Notice that by default, both the libraries for all users and a system image are selected. 11. Clear all check boxes in the window, select the bolded Administrators Libraries check box, and then click Next. 12. Click Change schedule. 13. Ensure that the Run backup on a schedule (recommended) check box is selected; review the available options for How often, What day, and What time, and then click OK. 14. Click Save settings and Run Backup. 15. Watch as the backup completes. Click View Details to see detailed progress. 16. Close the Backup and Restore window
7-13
8. 9.
7-14
Lesson 4
7-15
7-16
10. In the Restore settings area, click Restore system settings and previous versions of files and then OK. 11. In the System Properties window, click Create. The system typically performs this automatically, rather than manually, before software installation is performed. 12. In the System Protection window, type Restore Point 1 and then click Create. 13. When the creation of the restore point is finished, click Close. 14. In the System Properties window, click OK and then close the System window. 15. Click Start and then click Documents. 16. Right-click Important Document and click Restore previous versions. This version of the file was created during the restore point creation. 17. Click Cancel and close the Documents window. 18. Click Start, point to All Programs, click Accessories, System Tools, and then System Restore. 19. In the Restore system files and settings window, click Next. 20. Click Restore Point 1 and then Next. 21. On the Confirm your restore point page, click Finish. 22. Click Yes to continue. Be aware that this restores only system files, not data files. 23. Log on to the LON-CL1 virtual machine as Contoso\Administrator with a password of Pa$$w0rd. 24. Read the message in the System Restore window and click Close.
7-17
Lesson 5
7-18
7-19
Tools
Tool Performance Information and Tools Performance Monitor Use for Lists information for speed and performance Multiple graph views of performance Monitor use and Performance for CPU, disk, network, and memory Where to find it
Control Panel
Administrative Tools Advanced tools in Performance Information and tools Performance Information and Tools Performance monitor Performance monitor
Resource Monitor
7-20
Event Traces and system configuration data Windows Memory Diagnostic Check your computer for memory problems
Administrative tools
Troubleshoots Network problems Review your computers reliability and problem history Choose when to check for solutions to problems reports Scan the computer for startup problems Back up or restore user and system files A copy of the drivers required for Windows to run Used to start the computer Restore the computer to an earlier point in time Copies of files and folders that Windows automatically saves as part of a restore point. A stored state of the computers system files. Adjust maximum disk space used for system protection Service that provides software updates Change settings for windows update Review the computers update history
Reliability Monitor
Action center
Problem reports and Solution tool Startup Repair Tool Backup and Restore Tool
Action Center
Windows 7 DVD
Image Backup
System restore
Control Panel
System Properties
System Properties
System Properties
Windows Update
Windows Update
7-21
8-1
Module 8
Configuring Mobile Computers and Remote Access in Windows 7
Contents:
Lesson 1: Configuring Mobile Computer and Device Settings Lesson 2: Configuring Remote Desktop and Remote Assistance for Remote Access Lesson 3: Configuring DirectAccess for Remote Access Lesson 4: Configuring BranchCache for Remote Access Module Reviews and Takeaways Lab Review Questions and Answers 2 7 11 13 17 20
8-2
Lesson 1
8-3
8-4
10. In the results pane, click the Month tab and then double-click tomorrow. 11. In the Untitled Event dialog box, in the Subject field, type Quarterly meeting. 12. In the Location field, type Meeting room 1 and then click Save & Close. 13. If prompted with a reminder for the appointment, click Dismiss. 14. In Outlook, on the left, click Contacts. 15. On the menu, click New. 16. In the Untitled Contact dialog field, in the Full Name field, type Amy Rusko. 17. In the Job title box, type Production Manager and then click Save & Close. 18. Close Outlook.
8-5
4. 5. 6. 7.
In the Connection Settings dialog box, in the Allow connections to one of the following list, click DMA and then click OK. In the User Account Control dialog box, in the User name box, type administrator. In the Password box, type Pa$$w0rd and then click Yes. Close Windows Mobile Device Center.
8-6
5.
On the Change settings for the plan: Amys plan page, in the Turn off the display box, click 5 minutes and then click Create.
Turn off hard disk after: 10 minutes Wireless Adapter Settings, Power Saving Mode: Maximum Power Saving Power buttons and lid, Power button action: Shut down
On the Change settings for the plan: Amys plan page, click Cancel. Close Power Options.
8-7
Lesson 2
8-8
8-9
8-10
10. Switch to the LON-DC1 virtual machine. 11. In Word, click the Review menu and select the text in the document window. 12. In the menu, click New Comment and then type This is how you place a comment in a document. 13. Click the cursor elsewhere in the document window. 14. In the Windows Remote Assistance Helping Don menu, click Chat. 15. In the Chat window, type Does that help? and then press ENTER. 16. Switch to the LON-CL1 virtual machine. 17. Observe the message. 18. Type Yes, thanks, press ENTER, and then in the Menu, click Stop sharing. 19. Close all open windows. 20. Discard the file changes and then log off of LON-CL1. 21. Switch to the LON-DC1 virtual machine. 22. Close all open windows and then log off of LON-DC1.
8-11
Lesson 3
8-12
8-13
Lesson 4
8-14
BranchCache Requirements
Question: Which of the following operating systems is a requirement on client computers using BranchCache? Answer: The answer(s) are in bold. Windows Server 2008 R2 Windows Vista Windows 7 Windows XP
8-15
10. In the Permissions for Authenticated Users list, select the Allow check box next to Full Control and then click OK. 11. In the Advanced Sharing dialog box, click Caching. 12. Select the Enable BranchCache check box and then click OK. 13. In the Advanced Sharing dialog box, click OK. 14. In the BranchCache Properties dialog box, click the Security tab. 15. Click Edit and then click Add. 16. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select (examples) field, type Authenticated Users, click Check Names, and then click OK. 17. In the Permissions for Authenticated Users list, select the Allow check box next to Full Control and then click OK. 18. In the BranchCache Properties dialog box, click the Close button.
8-16
2.
In Group Policy Management, expand Forest: Contoso.com, expand Domains, expand Contoso.com, expand Group Policy Objects, click BranchCache, right-click BranchCache, and then click Edit. Expand Computer Configuration, expand Policies, expand Administrative Templates, expand Network, and then click BranchCache. Double-click Turn on BranchCache, click Enabled, and then click OK. Double-click Set BranchCache Distributed Cache mode, click Enabled, and then click OK. Double-click Configure BranchCache for network files, click Enabled, under Options type 0, and then click OK. Double-click Set percentage of disk space used for client computer cache, click Enabled, under Options, type 10, and then click OK. Close Group Policy Management Editor. Close Group Policy Management.
3. 4. 5. 6. 7. 8. 9.
BranchCache Content Retrieval (Uses HTTP) BranchCache Peer Discovery (Uses WSD)
Close Windows Firewall. Open a Command Prompt. At the Command Prompt, type gpupdate /force and then press ENTER. At the Command Prompt, type netsh branchcache set service mode=DISTRIBUTED and then press ENTER.
8-17
Common issues
Issue Troubleshooting tip The client computer may be retrieving content from the Internet Explorer cache. Be sure to clear the IE cache by selecting Internet Options from the Tools menu and clicking Delete. Ensure that BranchCache is enabled on the first client using the netsh branchcache show status command. If attempting to access a file share, verify that the latency between the client and server is higher than the minimum threshold. Ensure that the BranchCache feature is installed on the server and is enabled for the protocol under test. Check that the peerdistsvc server has started on
BytesAddedToCache does not increase on the first client when accessing the BranchCacheenabled server.
8-18
both the client and the server. An intermediate proxy may alter the HTTP request coming from the client. Verify that the proxy does not modify the ACCEPT-ENCODING HTTP header. An intermediate proxy may downgrade the outgoing request from HTTP 1.1 to HTTP 1.0. If the symptom is specific to file traffic, ensure that the file is not in the transparent cache. Transparent cache is a secondary cache where the file is stored in addition to the BranchCache. Storing the file in the transparent cache enables subsequent reads of the file to be satisfied locally improving end-user response times and savings on WAN bandwidth. To delete transparently cached data, search for Offline Files applet in Control Panel. Click the Disk Usage tab and then click Delete Temporary Files. Note that this will not clear the BranchCache cache. Ensure that BranchCache is enabled and that both clients are configured to use the same caching mode using the netsh branchCache show status command. Ensure that the correct firewall exceptions are set on both clients using the netsh branchcache show status command. Ensure that both clients are connected to the same subnet using the ipconfig command. Make sure the client cache is not full by using the netsh branchcache show status ALL. Ensure that BranchCache is enabled and that both clients are configured to use the same caching mode using the netsh branchcache show status command. Verify basic connectivity from both client computers to the Hosted Cache using the ping command. Ensure that the correct firewall exceptions are set on both clients using the netsh branchcache show status command. Ensure that the correct firewall exceptions are set on the Hosted Cache server using the netsh branchcache show status command. Ensure that the certificate is properly installed and bound to port 443 on the Hosted Cache computer. Netsh checks the predefined BranchCache firewall rule group. If you have not enabled the default exceptions defined for BranchCache on Windows 7, Netsh will not report your configuration correctly. This is likely to happen if you defined firewall rules for clients using Group Policy and you defined the Group Policy object on a computer running an operating system older than Windows 7 or Windows Server 2008 R2 (which will not have the BranchCache firewall rule group). Note that this does not mean BranchCache will not function. Many computers drawing large amounts of content from one
BytesAddedToCache does increase on the first client when accessing the BranchCache enabled server. BytesFromCache does not increase on the second client when accessing the BranchCache enabled server. Deployment is Distributed Cache mode.
BytesAddedToCache does increase on the first client when accessing the BranchCache enabled server. BytesFromCache does not increase on the second client when accessing the BranchCache enabled server. Deployment is Hosted Cache mode.
Netsh shows BranchCache firewall rules have not been set, even though they have been configured using Group Policy.
8-19
BranchCache at fault?
client in a short time period may impact desktop performance. Use performance monitor to check for high service rates to peers. Examine BytesServedToPeers relative to BytesFromCache and BytesFromServer. The BranchCache service runs isolated in its own service host. Examine the CPU and memory consumption of the service host process housing the branch caching service. Sustained high rates of service to peers may be evidence of a configuration problem in the branch office. Check to make sure that the other clients in the branch office are capable of service data. Clear the cache on the affected client using the netsh branchcache flush command or reduce the cache size on the affected client. When BranchCache is unable to retrieve data from a peer or from the Hosted Cache, the upper layer protocol will return to the server for content. If a failure occurs in the Branch Caching component, the upper layer protocol must seamlessly download content from the server. No BranchCache misconfiguration or failure will prevent the display of a Web page or connection to a share. If a failure does occur, use the Network Diagnostic Framework Diagnose button provided by Windows Explorer or Internet Explorer. If the client computer is unable to access a file share on the server due to the error Offline (network disconnected), restart the client computer and access the share again. If the client computer is unable to access a file share on the server due to the error Offline (slow connection), delete the temporarily cached data, restart the computer, and access the share. To delete temporarily cached data (the same as the transparent cache described above), search for Offline Files applet in Control Panel. Click the Disk Usage tab, and then click Delete Temporary Files
The client computer is unable to access the file share even when connected to the server.
8-20
R-1
Resources
Contents:
Microsoft Learning Technet and MSDN Content Communities 2 3 4
R-2
Microsoft Learning
This section describes various Microsoft Learning programs and offerings. Microsoft Skills Assessments Describes the skills assessment options available through Microsoft. Microsoft Learning
Describes the training options available through Microsoft face-to-face or self-paced. Microsoft Certification Program
Details how to become a Microsoft Certified Professional, Microsoft Certified Database Administrators, and more. Microsoft Learning Support To provide comments or feedback about the course, send e-mail to support@mscourseware.com. To ask about the Microsoft Certification Program (MCP), send e-mail to mcphelp@microsoft.com
R-3
MSDN
This section includes content from MSDN for this course. Performance Tuning Guidelines for Windows Server 2008 Windows Device Class Fundamentals Driver Signing Requirements for Windows The new Application Compatibility Toolkit (ACT) with support for Internet Explorer 8 is available from MSDN Internet Explorer Application Compatibility
R-4
Communities
This section includes content from Communities for this course. Windows 7 hardware requirements List of the Device Stage experiences ACT 5.5 Driver Signing Requirements for Windows Windows Hardware Requirements Internet Explorer 8: Home page Internet Explorer 8 newsgroups Internet Explorer 8 FAQ Information about anti-phishing strategies Internet Explorer 8: Help and Support Internet Explorer 8 Forum on TechNet Internet Explorer 8 Help Microsoft Knowledge Base article 923737 Port Numbers
R-5
Courseware Feedback
Send all courseware feedback to support@mscourseware.com. We truly appreciate your time and effort. We review every e-mail received and forward the information on to the appropriate team. Unfortunately, because of volume, we are unable to provide a response but we may use your feedback to improve your future experience with Microsoft Learning products.
Reporting Errors
When providing feedback, include the training product name and number in the subject line of your email. When you provide comments or report bugs, please include the following: Document or CD part number Page number or location Complete description of the error or suggested change
Please provide any details that are necessary to help us verify the issue.
Important All errors and suggestions are evaluated, but only those that are validated are added to the product Knowledge Base article.