Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Welcome!
Thank you for taking our training. Weve worked together with our Microsoft
Certified Partners for Learning Solutions and Microsoft IT Academies to bring
you a world-class learning experience, including:
Microsoft Certified Trainers + Instructors. Your instructor is a premier
technical and instructional expert who meets ongoing certification
requirements.
Customer Satisfaction Guarantee. Our Certified Partners for Learning
Solutions offer a satisfaction guarantee and we hold them accountable for it.
At the end of class, please complete an evaluation of todays experience. We
value your feedback!
Certification Exam Benefits. After training, consider taking a Microsoft
Certification exam. Independent research by IDC concluded that 75% of
managers believe certifications are important to team performance*. Ask your
instructor about available exam promotions and discounts.
We wish you a great learning experience and ongoing career success!
* IDC, Value of Certification: Team Certification and Organizational Performance, November 2006
3/11/2014
Introduction
Name
Company affiliation
Title/function
Job responsibility
Operating system, networking, security experience
Windows experience
Your expectations for the course
Course Material
Course Companion CD
Course Handbook
A succinct classroom learning guide
that provides critical technical
information to optimize your
in-class learning experience.
Online Resources
Student Course Files
Lessons
Labs
Module Reviews and Takeaways
Lab Answers
http://www.microsoft.com/learning/
3/11/2014
Course Companion CD
http://www.microsoft.com/learning/
Facilities
Class hours
Building hours
Parking
Restrooms
Meals
Phones
Messages
Smoking
Recycling
3/11/2014
Microsoft Learning
http://www.microsoft.com/learning/
Exam number
and title
http://www.microsoft.com/learning/
3/11/2014
Course Outline
Module 1: Installing, Upgrading, and Migrating to Windows 7
Module 2: Configuring Disks and Device Drivers
Module 3: Configuring File Access and Printers on Windows
7 Clients
Module 4: Configuring Network Connectivity
Module 5: Configuring Wireless Network Connections
Module 6: Securing Windows 7 Desktops
Module 7: Optimizing and Maintaining Windows 7 Client
Computers
Module 8: Configuring Mobile Computing and Remote Access
in Windows 7
3/11/2014
Base09F-VistaOffice07SP2HV.vhd
Base10D-W7Base09COffice07-HV.vhd
RC.vhd
6292A-LON-CL3.vhd
Parent
Parent
Stand Alone
6292A-LON-CL1ALLFILES.vhd
Parent
Win7-OFC.vhd
WS08R2-LONDC1.vhd
Differencing
Parent
Differencing
Parent
6292A-LON-VS1.vhd
Differencing
Base10A-WS08R2HV.vhd
6292A-LON-CL1.vhd
6292A-LON-CL2.vhd
6292A-LON-DC1.vhd
Differencing
Differencing
Differencing
6292A-LON-CL1Disk1.vhd
6292A-LON-CL1Disk2.vhd
Used as:
6292A-LON-DC1
6292A-LON-CL1
6292A-LON-CL2
6292A-LON-CL3
6292A-LON-VS1
3/11/2014
Module 1
Installing, Upgrading, and
Migrating to Windows 7
3/11/2014
Module Overview
Preparing to Install Windows 7
Performing a Clean Installation of Windows 7
Upgrading and Migrating to Windows 7
Performing Image-Based Installation of Windows 7
Configuring Application Compatibility
3/11/2014
Manageability
Deployment
The
key features
of Windows 7
Reliability
and performance
Productivity
Greater
Enhanced
Improved
reliability
Enhanced
user
and
Usability
security
productivity
are
categorized
as performance
follows:
Usability
Security
Multi-tiered
data
Multi-tiered
data protection
protection
Automation
Flexibility
Reduce
(WIM)help
format and
image Windows
Usability Imaging
desk
calls
based
deployment
Data
protection
at
document,
file,
directory,
Application
recovery
and
error
reporting
user
and
accessibility
Improvements
Reliable
Built
on ways
a
and
fundamentally
consistent
to
the user
performance
secure
interface
platform
Clearer
tointerface
organize,
search
for, using
and
Improved
Fundamentally
secured
platform
Improved
data
protection
at
document,
Security
computer
and
network
levels
Clearer
ways
toWindows
organize,
search
for,
and
Microsoft
AppLockerTM
features
new
based
hardware
on
Windows
features
Vista
foundation
Modularization
view
information
file,
directory
and
computer
levels
Accessibility
features
view
information
Detection
and
recovery
from hard
disk and
Windows
Troubleshooting
Rights
Multi-tiered
data
protection
to
Improvements
Management
Services
(RMS)
New
features
and
improvements
protect
New
features
and
improvements
to
protect
Improved
application
recovery
and
error
Windows
Search
PowerShell
2.0
Packs
memory
failures
TM, DirectAccess,
New
communication,
mobility,
and
Network
deployment
by
using
Windows
Rights
Management
Services
(RMS)
in
auditing
BranchCache
and
VPN
against
worms,
viruses,
and
malware
New
communication,
mobility,
and
against
worms,
viruses,
and
malware
reporting
Reliability
and
performance
Encrypting
File
System
(EFS)
networking
features
Group
Policy Virtual
Problem
Steps
Deployment
Services
with
Multicast
Windows
Reconnect
PC and
Windows
XPwith
Mode
Group
policy
TM Drive
features
Windows
BitLocker
Encryption
networking
Auto-tuning
network
stack
for
more
efficient
Scripting
Recorder
multiple
stream
transfer
and
Dynamic
driver
Administrators
Detection
and
recovery
work
at
user
from
privilege
some
hard
level
preferences
TM
Deployment
work at user
privilege
level
TM
Administrators
Windows
BitLocker
Drive
Encryption
and
and Windows
BitLocker
To Go
utilization
TM
bandwidth
,Improvements
provisioning
BranchCache
DirectAccess,
disk
and
memory
failures
TM to and VPN
Windows
BitLocker
To
Go
Streamlined
User
Account
Control (UAC)
System
Restore(IPsec)
Manageability
Streamlined
Reconnect
Internet Protocol
Security
User
Account
Control
(UAC)
Defragmentation
runs
in
the
background
The
Auto-tuning
new
Deployment
network
Image
stack
for
Servicing
more
and
Tool
and
Internet Protocol Security (IPsec)
Management
Productivity
Reliability
Monitor
efficient bandwidth
(DISM)
utilization
and
improvements in
User State Migration Tool (USMT) 4.0
3/11/2014
Editions of Windows 7
Consumers
Windows 7
Windows
Ultimate 7
Home
Windows 7
Premium
Enterprise
Windows 7
Professional
Standard
consumer
edition
Windows
7
Home
Does not
Premium
include
business
Windows 7
features
Home Basic
Windows 7
Starter
Businesses
Specialized
Ultimate
Enterprise
Professional
Windows
7
Home
Premium
Windows 7 Starter
Home Enthusiasts
Basic
Enterprises
Windows 7
Targeted
for value
technical
enthusiasts
who
want
Business-focused
edition,
edition
for
targeted
small
and
for
managed
lower
midThe
standard
edition
for
customer.
It
provides
full
Targeted
specifically
for
PCs
for
insmall
emerging
form
factor
markets,
PCsall
meant
in
Professional
Windows
7
Windows
7all
Windows
7
features,
without
a
Volume
License
environments,
market
companies
mainly
and
large
users
enterprises
who
have
networking,
functionality
on
the
latest
hardware,
easy
ways to
for accessing the internet
markets
and running basic
Ultimate
Enterprise
agreement
backup,
and
security
needs
and
connect,
andfeatures
a visually
rich environment
applications
productivity
Includes
all
available
in multiple
WindowsPCs
7 or
Only
32-bit
servers
the
sameAll
features
asWindows
the Business-focused
Windows
7
Professional
edition
Includes
all
features
available
in
7
features of
Includes
all
features
available
in
Windows
7 Home
Starter
Business Features
include:
Enterprise
Includes
all
features
available
in Windows
7 for
Home
Windows
features
edition
large
Basic
edition
edition
focused
Additionally,
it includes:
Premium
edition
Improved
edition
Windows Taskbar and Jump Listsenterprises
for
Not
licensed
forincludes:
VDI
scenarios
Additionally,
it
Additionally,
BitLocker
and
it
includes:
BitLocker
To Go
small
and
Windows Search
Additionally,
it includes:
lower
Windows
Aero
Glass,
advanced
windows
mid-on number of programs
AppLocker
No
limit
younavigation
can run and Aero
Ability
to join a
HomeGroup
background
market
Core
business
features,
such as Domain Join and Group
Emerging
Markets
Entry
Level PCs
DirectAccess
Live
Thumbnail
previews
and
enhanced
visual
Policy
Action
Center,
Stage,
Fax
and Scan support)
Windows
Touch Device
(Multi-touch
and
handwriting
experiences
Include
BranchCache
Data
protection with advanced
network
backup
and
Windows
7
Windows
7
Ability to create
a HomeGroup,
which ease
sharing
Enhanced
media
streaming, including
Play
To across all
Encrypted
File
System
business
PCs and devices
Advanced
networking
support
(ad-hoc wireless
Home
Basic
All worldwide
interface
languages
features
Broad
applications
and
device
compatibility Starter
and
internet
connection
sharing)
Ability
to print
to
theand
right
printer at home
or work with
networks
DVD
Video
playback
authoring
No
Enterprise
Search
limitation
onPrinting
howScopes
many
applications
can run
Entry-level
edition
Value
edition
in
Location
Aware
simultaneously
Windows Media Center, Snipping Tool, Sticky Notes, Windows
in all markets
emerging
Journal
Virtual
Desktop
Infrastructure
(VDI) enhancements
Windows
Sideshow
Remoteand
Desktop
host
and
Offline folders
markets
Secured,
reliable
and
supported
and ability
to boot
from
a VHDoperating system
Windows Virtual PC and Windows XP Mode.
10
3/11/2014
Hardware
Minimum Requirements
CPU
1 GHz or faster
RAM
GPU
Aero Capable
Video RAM
128 MB
HDD Free
Optical Drive
DVD
11
3/11/2014
Upgrade installation
Replace an existing version of Windows with Windows 7
All users applications, files, and settings are retained
Migration
Move files and settings from an old operating system to
Windows 7
Side-by-side or wipe and load
12
3/11/2014
5 min
Running setup.exe
Running
Install
bysetup.exe
using an
from
DVD
from afrom
network
image
DVD share
Insert
the
Start
Createthe
a
Start the
theto
Start
Connect
product
computer
WIM
file setup.exe a
Running
computer
computer
network
DVD
by
from
aanetwork share
from
by using
using
by
using
share
the
reference
Windows
Windows
containing
product
computer
PE
PE
Windows
DVD
7 files
Installing by using an
image
Complete
Apply the
Run
the
WIMwizard
file to
setup.exe
the
target
from the
computer
network
share and
complete
the wizard
13
3/11/2014
5 min
5 min
14
3/11/2014
Upgrade Advisor
Process for Upgrading to Windows 7
Tools for Migrating User Data and Settings
Process for Migrating to Windows 7
Migrating User Settings and Data by Using WET
reinstallation of
applications
Does not require
additional storage
space
Does not require
replacing existing
computer hardware
Is the recommended
solution in home or
small offices scenarios
Migrate:
Requires a reinstallation
of applications
Typically, requires more
storage space
Typically, requires
replacing existing
computer hardware
Is the recommended
solution to achieve a
standardized
environment in a large
enterprise scenario
15
3/11/2014
95
98
ME
NT4
2000
Windows XP
Windows Vista RTM
Clean install
Migration
In-place upgrade
Clean install
Migration
Windows 7
16
3/11/2014
Requirements
.NET 2.0
Administrator privileges
MSXML 6
Internet connection
20 MB free HDD
Update
Update
Verify
Evaluate
Upgrade
Back
up
Upgrade
17
3/11/2014
Preferences
Windows Easy Transfer
(WET)
Earlier
Version of
Windows
Application
Settings
Windows Easy
Transfer (WET)
Install
Install
Restore
Update
Back
up
Applications
Windows 7
Windows 7
settings
User
Keep
your
computer
secure by keeping
Run
the
Windows
7 installation
After
installing
Windows
applications,
restore all
up
current
updates: 7, reinstall
Application
settings
with
(setup.exe)
from:
applications:
user
state by using:
Selectdata
check for updates during
User
product
DVD
Windows
Install
the
Easy
compatible
Transferversion of the
installation
applications
Use
one
of
the
following
migration
share
User State
Migration
Toolinstallation
Network
Check
for updates
after
tools:
Install Applications
Update
18
3/11/2014
wizard
Computer
SIM
Building a Reference Installation by Using SysPrep
Demonstration: Creating Bootable Windows PE Media
Capturing and Applying the Installation Image by Using
ImageX
Demonstration: Modifying Images by Using DISM
Migrating User Data and Settings by Using USMT 4.0
Configuring VHDs
19
3/11/2014
20
3/11/2014
10 min
21
3/11/2014
system
Configure Windows to start in audit mode
Configure the Windows operating system to start
22
3/11/2014
5 min
23
3/11/2014
5 min
24
3/11/2014
Configuring VHDs
A native-boot VHD is a VHD that can
be used as the running operating
system on a computer without a
parent operating system
Deploy VHD
Create VHD
Prepare VHD
DiskPart Tool
Install Windows
7 to the VHD
Disk Management
MMC
Attach VHD to the
host computer
Copy VHD to
computer to run in
VM
Copy VHD to
computer to run in
Native Boot
Add a Native Boot
VHD to the Boot
Menu
Use WDS to deploy
VHD images for
native boot
25
3/11/2014
26
3/11/2014
Updating Shims
A shim is software, added to an existing application
location
Use the Sdbinst.exe command-line tool to install the
compatibility fix
27
3/11/2014
Transfer
Exercise 2: Configuring a Reference Image
Exercise 3: Deploying a Windows 7 Image
Logon information
Virtual machines
6292A-LON-DC1
6292A-LON-CL1
6292A-LON-VS1
User name
Contoso\Administrator
Password
Pa$$w0rd
Lab Scenario
The first batch of Windows 7 computers has arrived. As
28
3/11/2014
Lab Review
Why do you use Sysprep before capturing an image?
Why is Windows PE required as part of the imaging
process?
29
3/11/2014
Module 2
Configuring Disks and
Device Drivers
30
3/11/2014
Module Overview
Partitioning Disks in Windows 7
Managing Disk Volumes
Maintaining Disks in Windows 7
Installing and Configuring Device Drivers
Partition
31
3/11/2014
Enhances reliability
Supports boot disks on 64-bit Windows
32
3/11/2014
Manage
disks
and
volumes,
both basic and
Graphical userinterface
Create scripts to automate disk-related
tasks
Disk Management Snap-in
MBR
dynamic,
Manage disks and volumes,
bothlocally
basic andor
orAlways
locally
dynamic, locally
on remoteruns
computers
GPT
on remote computers
Diskpart.exe
MBR
GPT
tasks
Always runs locally
Diskpart.exe
MBR
GPT
tasks
Always runs locally
33
3/11/2014
10 min
34
3/11/2014
10 min
35
3/11/2014
Striped
Spanned
Space allocated from multiple
dynamic
disks
A spanned
be of
identical
volume joins areas
unallocated space
disks into a single logical disk.
Striped
Well
suited forof
isolating
A striped volume maps
stripes
datathe paging
file
cyclically across the disks.
No performance improvement
Striped
dynamic disks
Up to 32 disks can be combined
be identical
Up to 32 disks can be combined into
No fault tolerance
No fault tolerance
No performance improvement
file
Provides for faster throughput
36
3/11/2014
10 min
be shrunk
37
3/11/2014
5 min
38
3/11/2014
Defragmenting a Disk
Rearrange data and reunite fragmented files
C:>
39
3/11/2014
consumption
Proactively monitor
available space
Determine who is
consuming available
space
Plan for storage capacity
increases
Test a quota
12 min
40
3/11/2014
41
3/11/2014
digital signature.
The driver store is the driver repository.
Device metadata packages contain device experience XML
42
3/11/2014
Add to the Driver Store by using the Plug-andPlay utility (Pnputil.exe) at a Command Prompt
Device Stage
Provides
a place
to with
Provides
users
Helps
install
and a way
manage
devices
to access
devices
update
drivers and
for
advanced
options
for
hardware
devices,
managing
them
change
the hardware
Devices
that display
in
settings
for
those
this location
are
usually
Devices
in use
are
shown
devices,
and
external
devices
that
on the
taskbar
with a
troubleshoot
problems
you connect
or
photo-realistic
icon
disconnect
from
the
Use Device Manager
computer
to through
manage adevices
port or network
only on a local
connection
computer
43
3/11/2014
Device Stage
Compatibility Report
Use this report to load a new or updated driver during
an upgrade
44
3/11/2014
computers
15 min
45
3/11/2014
12 min
46
3/11/2014
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
Lab Scenario
A Windows 7 computer is used for rendering large
47
3/11/2014
Lab Review
1. In Exercise 1, you used the assign command in diskpart
48
3/11/2014
49
3/11/2014
50
3/11/2014
Module 3
Configuring File Access and
Printers on Windows 7
Clients
51
3/11/2014
Module Overview
Overview of Authentication and Authorization
Managing File Access in Windows 7
Managing Shared Folders
Configuring File Compression
Managing Printing
52
3/11/2014
Authorization: Determining
whether something or someone has
permission to access a resource
User
Resource
What does the list say you can do?
Access: Determining what actions
something or someone can perform on
the resource based on permission levels
Description
Kerberos version 5
protocol
NTLM
53
3/11/2014
AKerberos
common support
API facilitates
development
of applications
Smart
card logon
Online IDs
can befor
used
to identify
individuals within a
using biometrics
network
Encrypt removable media using BitLocker and using
Through
a new Control
Panel
item,the
users
can control
the
Smart
option
to unlock
drive
Users
mustcard
link
their
userdevices
account
to an
the
availability
and
useWindows
of biometric
online ID to facilitate authentication
54
3/11/2014
Description
Several new authentication features are available
for use with Smart cards, including:
Smart cards
Biometrics
Online Identity
Integration
Folders
Impact of Copying and Moving Files and Folders on Set
Permissions
What Are Effective Permissions?
Discussion: Determining Effective Permissions
55
3/11/2014
Allow Read;
Deny Write
56
3/11/2014
Allow Read;
Deny Write
Allow Read;
Allow Write
10 min
57
3/11/2014
Allow Read
Deny Write
Copy or Move
Copy or
Move
Allow Read
Deny you
Write copy or
When
move a file or folder
within an NTFS
partition
58
3/11/2014
group
Determines all domain and local groups in which the user is a
member
Takes into account permissions inherited from the parent object
59
3/11/2014
NTFS Partition
Users
Group
Folder1
User1
File1
Folder2
File2
Sales Group
60
3/11/2014
In Windows Explorer
simultaneous
connections
Allows
youPublic
to share
folders
quickly
Configure
Multiple
default
folders
for each
computer
Basic
Sharing
share
name
Advanced
Sharing
You
configure
permissions
Files
shared
with
same
computer
Choose
Public
Folder Sharing
permissions
Configure
Files shared
with same network
caching
Access controlled
by permissions
Configure
61
3/11/2014
permission Read
10 min
62
3/11/2014
10 min
63
3/11/2014
64
3/11/2014
File prior to
compression
an NTFS attribute
NTFS calculates disk space
based on uncompressed
file size
Applications that open a
File after
compression
65
3/11/2014
an NTFS attribute
NTFS calculates disk space
based on uncompressed
file size
Applications that open a
File after
compression
Copy
Move
Retains its original
compression state
Inherits compression
state of the target folder
To NTFS Partitions
Copy
Move
Inherits compression
state of the target folder
To FAT Partition
Copy
Move
No Compression
66
3/11/2014
Copy
Move
To NTFS Partitions
Copy
Move
To FAT Partition
Copy
Move
67
3/11/2014
folder
Copy compressed files into an uncompressed
folder
Compress a folder by using the Compressed
10 min
68
3/11/2014
69
3/11/2014
70
3/11/2014
GDI-based printing
Is used by legacy applications in pre-Vista versions of Windows
Uses enhanced metafile format (EMF) as the spool file format
Requires a printer driver unique to each printer model
71
3/11/2014
10 min
72
3/11/2014
73
3/11/2014
74
3/11/2014
Users
Exercise 2: Configuring Shared Access to Files for Specific
Users
Exercise 3: Create and Share a Local Printer
Logon information:
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
6292A-LON-CL2
User name
Administrator
Password
Pa$$w0rd
Lab Scenario
A group of engineering users need to share files on the Windows 7
Create a public share for the files that all users must be able to access
Create a new share for some specific files that only selected users can
access
75
3/11/2014
Lab Review
You created the shared folder for all users.
How can you simplify the process for users to access the
folder from their computers?
You need to ensure that only specific users can access a
76
3/11/2014
77
3/11/2014
Module 4
Configuring Network
Connectivity
Module Overview
Configuring IPv4 Network Connectivity
Configuring IPv6 Network Connectivity
Implementing Automatic IP Address Allocation
Overview of Name Resolution
Troubleshooting Network Issues
78
3/11/2014
1 to other
An IPv4
address identifiesSubnet
a computer
IP Address
192.168.2.180
computers on a network.
IP Address
192.168.2.181
IP Address
192.168.2.182
IP Address
192.168.1.200
Subnet 2
IP Address
192.168.1.202
79
3/11/2014
Subnet 1
IP Address
192.168.2.181
IP Address
192.168.2.182
IP Address
192.168.1.200
IP Address
192.168.1.201
IP Address
192.168.1.202
Subnet 2
IP address
192
w
Subnet mask
255
w
Network ID
192
w
168
x
255
x
168
x
200
y
255
z
0
y
1
y
z
0
z
80
3/11/2014
IP address
192
w
Subnet mask
255
w
Network ID
192
w
168
x
255
y
255
x
168
200
z
0
y
1
z
0
z
Windows 7 clients
Windows 7 clients
Default gateway
Subnet 1
Subnet 2
Router
81
3/11/2014
Windows 7 clients
Windows 7 clients
Default gateway
Subnet 1
Subnet 2
Router
Private
Required by devices
Internet
Must be assigned by
Non-routable on the
Internet
Can be locally
assigned by
organization
Must be translated to
IANA
82
3/11/2014
10 min
83
3/11/2014
Built-in security
Redesigned headers
84
3/11/2014
85
3/11/2014
space uses
Allocates 64-bits for the network ID and 64-bits for the host ID
Uses a prefix to define the network ID
2001:DB8:0:0:2AA:FF:FE28:9C5A/64
Shorten
2001:DB8::2AA:FF:FE28:9C5A/64
leading zeros and using zero compression
Continue shortening the address by
The prefix is a forward slashdropping
followed contiguous
by
groups of zeros
the number of bits in the network ID
space uses
Allocates 64-bits for the network ID and 64-bits for the host ID
Uses a prefix to define the network ID
2001:DB8:0:0:2AA:FF:FE28:9C5A/64
Shorten
2001:DB8::2AA:FF:FE28:9C5A/64
86
3/11/2014
87
3/11/2014
88
3/11/2014
10 min
89
3/11/2014
Address Dynamically
Troubleshooting Client-Side DHCP Issues
IPv4 Client
Multiple subnets
DNS
IPv4Client
IPv4 Router
or WINS servers
90
3/11/2014
91
3/11/2014
Static Configuration
IPv6 Client
another Subnet.
IPv6 Client
IPv6 Router
another Subnet
92
3/11/2014
10 min
93
3/11/2014
Option
/all
Description
Displays all IP address configuration information
/release
/renew
94
3/11/2014
95
3/11/2014
Description
Up to 255 characters in length
Can contain alphabetic and
Part of FQDN
Represent a single computer or
group of computers
15 characters used for the name
16th character identifies service
NetBIOS name
Flat namespace
96
3/11/2014
LMHOSTS File
DNS Server
Broadcast
WINS Server
Related Problems
97
3/11/2014
Purpose
Event Viewer
Windows Network
Diagnostics
IPCONFIG
TRACERT
NSLOOKUP
Event Viewer
Windows Network
Diagnostics
NSlookup
IPConfig
Tracert
Ping
98
3/11/2014
10 min
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
99
3/11/2014
Lab Scenario
Laptop computers are being introduced for some of the
Lab Review
How are APIPA addresses for IPv4 similar to link-local
addresses in IPv6?
How can you update a Windows 7 computer to use the
100
3/11/2014
101
3/11/2014
Module 5
Configuring Wireless
Network Connections
Module Overview
Overview of Wireless Networks
Configuring a Wireless Network
102
3/11/2014
Ad hoc
Advantages
Extends or replaces wired
infrastructure (wire-free)
Increases productivity for mobile
employees
Provides access to internet in
public places
Infrastructure
Disadvantages
Possible interference
Potential security risk
Additional management
103
3/11/2014
Range of frequencies
Usage
bit rate
Provides
high-speed wireless internet and data network
access
802.11a
54 Mbps
C-Band ISM (5.725 to 5.875 GHz)
Not widely used
Comparable
to
wired broadband, such
as ADSL or cable
11 Mbps
S-Band ISM (2.4 to 2.5 GHz)
Widely used
modem
802.11b
802.11g
54 Mbps
S-Band ISM
Gaining popularity
Used to have constant connectivity to internet and
corporate network
802.11n
600 Mbps
Authentication Encryption
methods
methods
Remarks
IEEE 802.11
WEP
IEEE 802.1X
EAP authentication
WEP
methods
WPA-Enterprise
802.1X
TKIP / AES
WPA-Personal
PSK
TKIP / AES
WPA2-Enterprise
802.1X
TKIP / AES
WPA2-Personal
PSK
TKIP / AES
104
3/11/2014
Network
Wireless Network Settings
Demonstration: Connecting to a Wireless Network
Improving the Wireless Signal Strength
Process for Troubleshooting a Wireless Network
Connection
105
3/11/2014
Encryption Type
Network
General Settings
Security Types
and
Sharing
Center
Connection Settings
Manage
Wireless
Networks
106
3/11/2014
107
3/11/2014
108
3/11/2014
Wireless Network
Exercise 2: Troubleshooting Wireless Connectivity
Lab Scenario
The Contoso Corporation is implementing Windows 7
desktops throughout their organization. You are a helpdesk technician in the Contoso Corporation.
Amy Rusko is the Production manager for Contoso in the
buy for each plant and needs your input to be able to price
the project.
Each plant has a different office area with varying numbers
109
3/11/2014
Lab Review
1. In the lab, you were tasked with making the wireless
110
3/11/2014
Module 6
Securing Windows 7
Desktops
Module Overview
Overview of Security Management in Windows 7
Securing a Windows 7 Client Computer by Using Local Group
Policy Settings
Securing Data by Using EFS and BitLocker
Configuring Application Restrictions
Configuring User Account Control
Configuring Windows Firewall
Configuring Security Settings in Internet Explorer 8
Configuring Windows Defender
111
3/11/2014
Windows AppLocker
Windows Defender
112
3/11/2014
113
3/11/2014
10 min
114
3/11/2014
Deploy software
115
3/11/2014
4. OU GPOs
1. Local GPOs3. Domain GPOs
2. Site-level GPOs
4. OU GPOs
3. Domain GPOs
2. Site-level GPOs
1. Local GPOs
116
3/11/2014
Administrators Policy
Configure the Local Computer Non-
Administrators Policy
Test multiple local group policies
10 min
117
3/11/2014
118
3/11/2014
119
3/11/2014
10 min
120
3/11/2014
What Is EFS?
Encrypting File
System
(EFS) is the
built-in file7encryption
New
EFS Features
in Windows
tool for Windows file systems.
What Is EFS?
Encrypting File System (EFS) is the built-in file encryption
tool for Windows file systems.
Each user must have a public and private key pair that is used to
protect the symmetric key
121
3/11/2014
encrypted
Decrypt files and folders
Confirm the files and folders have been
decrypted
10 min
122
3/11/2014
What Is BitLocker?
BitLocker Requirements
Hardware Requirements:
Have enough available hard drive space for BitLocker to
create two partitions
Have a BIOS that is compatible with TPM and supports
USB devices during computer startup
123
3/11/2014
BitLocker Modes
Windows 7 supports two modes of
operation:
TPM mode
Non-TPM mode
Non-TPM mode
TPM mode
Uses
Policyboot
to allow
BitLocker
to work
a TPM
LocksGroup
the normal
process
until the
user without
optionally
supplies a
personal
and/or
inserts
a USB
drive
containing
a BitLocker
BitLocker startup
startup
Locks
thePIN
boot
process
similar
to TPM
mode,
but the
key must be stored on a USB drive
key
The encrypted
disk must
located
in the
computer
The computers
BIOSbemust
be able
to original
read from
a USB drive
Performs system integrity
verification
on boot components
Provides
limited authentication
If any items
changed
unexpectedly,
the
drive ischecks
locked to
and
Unable
to perform
BitLockers
system
integrity
verify
prevented
from being accessed
or decrypted
that
boot components
did not change
BitLocker Modes
Windows 7 supports two modes of BitLocker
operation: TPM mode and Non-TPM mode
TPM mode
Locks the normal boot process until the user optionally supplies a
personal PIN and/or inserts a USB drive containing a BitLocker startup
key
Performs system integrity verification on boot components
Non-TPM mode
Uses Group Policy to allow BitLocker to work without a TPM
Locks the boot process similar to TPM mode, but the BitLocker startup
key must be stored on a USB drive
Provides limited authentication
124
3/11/2014
Settings
forOperating
Removable
Data
Drives
Group
Policy
provides
theData
following
settings
Settings
for
Fixed
Drives
Settings
for
System
Drives
BitLocker
Drive Encryption
for BitLocker:
125
3/11/2014
Configuring BitLocker
Three methods to enable BitLocker:
InitiatingBitLocker
BitLockerthrough
throughWindows
the Control
Panel
Initiating
Explorer
From System and Settings in Control Panel
Configuring BitLocker
Three methods to enable BitLocker:
From System and Settings in Control Panel
Right-click the volume to be encrypted in Windows Explorer and
select the Turn on BitLocker menu option
Use the command-line tool titled manage-bde.wsf
126
3/11/2014
Configuring BitLocker To Go
Select
how
toDrive
unlock
the
drive
through
a
Enable
BitLocker
To
Go
Encryption
byrecovery
right-clicking
the portable
Select
how
to
store
your
key
Encrypt
the
Drive
Manage
Encrypted
by
BitLocker
To
Manage
Drive
Encrypted
BitLocker
ToGo
Go
device
(such
asaaaDrive
USB
drive)
andusing
then clicking
Turn On BitLocker
password
or
by
aby
Smartcard
Select one of the following settings to unlock a drive encrypted with
BitLocker To Go:
Unlock with a Recovery Password or passphrase
Unlock with a Smart Card
Always auto-unlock this device on this PC
Configuring BitLocker To Go
Enable BitLocker To Go Drive Encryption by right-clicking the portable
device (such as a USB drive) and then clicking Turn On BitLocker
Select one of the following settings to unlock a drive encrypted with
BitLocker To Go:
Unlock with a Recovery Password or passphrase
Unlock with a Smart Card
Always auto-unlock this device on this PC
127
3/11/2014
128
3/11/2014
What Is AppLocker?
AppLocker is a new Windows 7 security feature that
enables IT professionals to specify exactly what is
allowed to run on user desktops
Benefits of AppLocker
AppLocker Rules
Create
defaultCustom
AppLocker
rules first, before manually
Creating
Rules
creating new rules or automatically generating rules for
an AppLocker wizard found in the Local Security
a specificUse
folder
Default You
rules
enable
the Executable
following:rules, Windows Installer
can
configure
rules, and Script rules
All users to run files in the default Program Files directory
You can specify a folder that contains the .exe files for
the applications that apply to the rule
All users to run all files signed by the Windows operating
system
You can create exceptions for .exe files
129
3/11/2014
AppLocker Rules
Create default AppLocker rules first, before manually
creating new rules or automatically generating rules for a
specific folder
Default rules enable the following:
All users to run files in the default Program Files directory
All users to run all files signed by the Windows operating
system
Members of the built-in Administrators group to run all files
Create
Automatically
10 min
130
3/11/2014
AppLocker Rules
Confirm
Confirm
10 min
131
3/11/2014
SRP
was compatibility
designed to purposes
help organizations control not just hostile code, but
any unknown code - malicious or otherwise
SRP consists of a default security level and all the rules that apply to a
Group Policy Object (GPO)
Definedoes
AppLocker
rules in a separate
GPO to AppLocker?
ensure
How
SRP compare
to Windows
interoperability between SRP and AppLocker policies
132
3/11/2014
133
3/11/2014
What Is UAC?
User Account Control (UAC) is a security feature that
simplifies the ability of users to run as standard users and
perform all necessary daily tasks
UAC prompts the user for an administrative users credentials if the task
Administrative
Users
UAC prompts the
user for permission
to complete the
task
134
3/11/2014
Review
View
user groups
Change
10 min
135
3/11/2014
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
136
3/11/2014
Lab A Scenario
Your company is implementing Windows 7 computers for all
corporate users. As an administrator at your organization, you
are responsible for configuring the new Windows 7 computers
to support various corporate requirements.
You have been asked to:
Verify the User Account Control (UAC) settings are set to Always
notify but not dim the desktop
Lab A Review
Where can you turn on and off security messages related
be suppressed?
Can multiple local group policies be created and applied to
different users?
What are some of the ways of protecting sensitive data in
Windows 7?
How can Windows 7 users be prevented from running
137
3/11/2014
10 min
138
3/11/2014
139
3/11/2014
140
3/11/2014
TCP
ARP
SNMP
POP3
DNS
SMTP
FTP
HTTPS
HTTP
UDP
IGMP
IPv4
ICMP
IPv6
Ethernet
141
3/11/2014
15 min
142
3/11/2014
143
3/11/2014
10 min
InPrivate Filtering - helps monitor the frequency of all thirdparty content as it appears across all Web sites visited by the
user
144
3/11/2014
145
3/11/2014
10 min
146
3/11/2014
Viruses
Worms
Trojan horses
Spyware
Adware
Poor performance
Loss of data
Compromise of private
information
Unapproved computer
configuration changes
147
3/11/2014
Description
Quick scan
Full scan
Custom scan
Description
May increase scanning time, but spyware likes to hide
in these locations
Scan e-mail
Use heuristics
148
3/11/2014
Description
Quick scan
Full scan
Custom scan
Description
Scan e-mail
Use heuristics
Microsoft SpyNet
10 min
149
3/11/2014
Internet Explorer 8
Exercise 3: Configuring Scan Settings and Default Actions
in Windows Defender
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
150
3/11/2014
Lab B Scenario
Your company has recently implemented Windows 7
computers for all corporate users. Some of the users have
been connecting to and from other desktops through RDP.
You need to prevent them from doing so with the use of
Windows Firewall.
As an administrator at your organization, you are
responsible for configuring and testing various security
settings:
Lab B Review
What are the types of rules you can configure in Windows
Firewall?
What are some of the new security settings in Internet
Explorer 8?
Will the default Windows Defender settings allow to check
151
3/11/2014
152
3/11/2014
153
3/11/2014
154
3/11/2014
155
3/11/2014
156
3/11/2014
Module 7
Optimizing and
Maintaining Windows 7
Client Computers
Module Overview
Maintaining Performance by Using the Windows 7
Performance Tools
Maintaining Reliability by Using the Windows 7 Diagnostic
Tools
Backing Up and Restoring Data by Using Windows Backup
Restoring a Windows 7 System by Using System Restore
Points
Configuring Windows Update
157
3/11/2014
Problems?
Performance Information and Tools
Performance Monitor and Data Collector Sets
Demonstration: Using the Resource Monitor
Demonstration: Analyzing System Performance by Using
Windows 7
Reliability
Is the measure of how
a system conforms to
expected behavior
10 min
158
3/11/2014
159
3/11/2014
Add
Performance
Counters to the
Diagnostics
Computer
performance
Performance
Monitor
measure the
Performance
reports
created
fromtothe
system
state
or
activity
Data
Collector
Sets
Performance Counters in
Event
Trace Sessions
Data
Collector
Sets:
Performance Counters can be
User
Defined Reports
added
Systemby:
Configuration
Reports
System
Data Reports
Dragging
and dropping the
counters
Creating a custom data
set
160
3/11/2014
10 min
161
3/11/2014
10 min
162
3/11/2014
Tool
Windows Startup and Recovery
Demonstration: Resolving Startup Related Problems
163
3/11/2014
Application failures
Stop errors
Network
Incorrect IP addresses
Hardware failures
Startup
Malfunctioning memory
Incompatible design
164
3/11/2014
165
3/11/2014
166
3/11/2014
10 min
167
3/11/2014
10 min
168
3/11/2014
Restore a backup
Restore a backup of lost,
damaged, or changed
data files
Create a system
image
Create a system
repair disc
Access the Backup and Restore Tool from the Control Panel > System and Security > Backup and Restore
10 min
169
3/11/2014
10 min
170
3/11/2014
Registry
Dllcache folder
User profile
IIS metabase
Access the System Restore Tool from the Control Panel > All Control Panel Items > Recovery
171
3/11/2014
by Windows Backup
Copies of files and folders that
taken
On a scheduled basis
When files change
Access Previous versions of files by clicking Control Panel > System and Security > System Properties >
System Restore
172
3/11/2014
Access System Protection Settings by clicking Control Panel > System and Security > System > System
Protection > System Protection tab > Configure
15 min
173
3/11/2014
174
3/11/2014
Restore an update
Access Windows Update by clicking Control Panel > System and Security > Windows Update
175
3/11/2014
Access Group Policy Settings by clicking Control Panel > System and Security > Administrative Tools > Edit
Group Policy
176
3/11/2014
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
Lab Scenario
A user is experiencing a performance problem on a new
177
3/11/2014
Lab Review
What are the benefits of creating a data collector set?
Under what circumstances might you choose to disable system
178
3/11/2014
Module 8
Configuring Mobile
Computing and Remote
Access in Windows 7
Module Overview
Configuring Mobile Computer and Device Settings
Configuring Remote Desktop and Remote Assistance for
Remote Access
Configuring DirectAccess for Remote Access
Configuring BranchCache for Remote Access
179
3/11/2014
10 min
180
3/11/2014
Presentation Settings
Features
Windows Mobility
Center
Power Options
Windows Mobile
Device center
Sync Center
Presentation
Settings
Features
Windows Mobility
Center
Power Options
Windows Mobile
Device center
Sync Center
Presentation
Settings
mobile devices
181
3/11/2014
Desktop
Mobile
Device
Files sent to
Mobile Device
Desktop
Mobile
Device
Files sent to
Mobile Device
182
3/11/2014
10 min
183
3/11/2014
Data Storage
State
Power Needs
Description
System State
Saved to Memory
Low
Description
This plan saves power on a mobile computer by reducing system
performance. Its primary purpose is to maximize battery life.
This plan provides the highest level of performance on a mobile
computer by adapting processor speed to your work or activity and by
maximizing system performance.
This plan balances energy consumption and system performance by
adapting the computers processor speed to your activity.
Power
Needs
Sleep or Standby
Low
Hibernate
None
Shut Down
None
184
3/11/2014
5 min
185
3/11/2014
Remote Assistance
A Windows 7 feature
A Windows 7 feature
Enables
remote control of
that computer
administrators to
connect to multiple
remote servers for
administrative
purposes
Assistance can be
sought or offered
Remote Computer
Connection
Choose Options to see the Remote
Options tabs
186
3/11/2014
Remote Computer
Connection
Options tabs
12 min
187
3/11/2014
188
3/11/2014
From the Network and Sharing Center- choose to the Setup a new
connection wizard or type VPN at the Windows 7 search bar
189
3/11/2014
From the Network and Sharing Center- choose to the Setup a new
connection wizard or type VPN at the Windows 7 search bar
What Is DirectAccess?
Features
Provides users transparent access to internal network
190
3/11/2014
Selected Server
IPsec session is established between
unchanged
Closely resembles VPN and can be
organization
Upgrade application servers
DirectAccess Requirements
Requirements
Deployment
191
3/11/2014
Client Computer
What Is BranchCache?
BranchCache caches content from remote and Web servers in
the branch location so users can quickly access the content.
Cache can be hosted centrally in the branch location or
distributed across user PCs.
Key benefits for IT professionals
192
3/11/2014
Cache
Cache
a server across
at the branch
office
Cache is
is on
distributed
client computers
Client
computers
retrieve content
from
the branch
office
Additional
client computers
retrieve
content
from the
first
server
requesting client computer
Get
Get offices
Beneficial
Beneficial for
for larger
branchbranch
offices
that dothat
nothave
havehardware
a local server
Data
resources
for aServer
local server
with Windows Server 2008 R2
with Windows
2008 R2
Main Office
IDs
Get
Get
Get
Data
Put
Data
Get
Data
Data
Data
Branch
Office
Branch
Office
193
3/11/2014
BranchCache Requirements
Server Configuration
Not installed by default
Enable and configure manually or by
Group Policy
Group Policy
hosted
Host name of hosted cache server
Set client cache size
Set cache location on disk
Firewall rules required
20 min
194
3/11/2014
195
3/11/2014
Logon information:
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Contoso\Administrator
Password
Pa$$w0rd
Lab Scenario
The Contoso Corporation is implementing Windows 7 desktops
computer.
In addition, he wants you to enable Remote Desktop on his
196
3/11/2014
Lab Review
1. In exercise 2, you enabled the Remote Desktop feature
through the firewall by editing the local firewall settings.
Is there an alternative way in which you can make this
change?
2. If you attempted to connect to Dons computer from a
computer out on the Internet somewhere, what
additional settings must you consider?
3. In exercise 3, you established the necessary settings to
support BranchCache in Distributed cache mode. If the
Slough plant installed a file server, what other way can
you implement BranchCache?
197
3/11/2014
198
3/11/2014
Course Evaluation
199