03-Installing and Configuring Windows 7 Client

3/11/2014
Installing and Configuring

Windows 7 Client
Welcome!
Thank you for taking our training. Weve worked together with our Microsoft
Certified Partners for Learning Solutions and Microsoft IT Academies to bring
you a world-class learning experience, including:
Microsoft Certified Trainers + Instructors. Your instructor is a premier
technical and instructional expert who meets ongoing certification
requirements.
Customer Satisfaction Guarantee. Our Certified Partners for Learning
Solutions offer a satisfaction guarantee and we hold them accountable for it.
At the end of class, please complete an evaluation of todays experience. We
value your feedback!
Certification Exam Benefits. After training, consider taking a Microsoft
Certification exam. Independent research by IDC concluded that 75% of
managers believe certifications are important to team performance*. Ask your
instructor about available exam promotions and discounts.
We wish you a great learning experience and ongoing career success!
* IDC, Value of Certification: Team Certification and Organizational Performance, November 2006
3/11/2014
Introduction
Name
Company affiliation
Title/function
Job responsibility
Operating system, networking, security experience
Windows experience
Your expectations for the course
Course Material
Course Companion CD
Course Handbook
A succinct classroom learning guide
that provides critical technical
information to optimize your
in-class learning experience.
Searchable, easy-to-navigate digital

content with integrated premium
on-line resources designed to
supplement the Course Handbook.
Online Resources
Student Course Files
Lessons
Labs
Module Reviews and Takeaways
Lab Answers
http://www.microsoft.com/learning/
3/11/2014
How to Use the Course Material

Course Handbook
Course Companion CD
Use the handbook content as the

primary resource for reference during
the class.
During the class, refer to the

Companion CD while performing labs
or as suggested by the instructor.
Use the troubleshooting tips and best
Use the CD as your extended learning
practices in the Module Reviews and

Takeaways section as on-the-job
references.
resource on the job.
Facilities
Class hours
Building hours
Parking
Restrooms
Meals
Phones
Messages
Smoking
Recycling
3/11/2014
Microsoft Learning
6292: Installing and Configuring Windows 7

Client
6293: Supporting Windows 7 Clients in the
Enterprise
6294: Planning and Managing Windows 7
Desktop Deployments and Environments
Microsoft Certification Program
Exam number
and title
Core exam for the

following track
70-680: TS: Windows

MCTS
7, Configuring
Elective exam for

the following track
MCITP
3/11/2014
About This Course

Audience
Course Prerequisites
Course Objectives
Course Outline
Module 1: Installing, Upgrading, and Migrating to Windows 7
Module 2: Configuring Disks and Device Drivers
Module 3: Configuring File Access and Printers on Windows
7 Clients
Module 4: Configuring Network Connectivity
Module 5: Configuring Wireless Network Connections
Module 6: Securing Windows 7 Desktops
Module 7: Optimizing and Maintaining Windows 7 Client
Computers
Module 8: Configuring Mobile Computing and Remote Access
in Windows 7
3/11/2014
Virtual Machine Environment
Base09F-VistaOffice07SP2HV.vhd
Base10D-W7Base09COffice07-HV.vhd
RC.vhd
6292A-LON-CL3.vhd
Parent
Parent
Stand Alone
6292A-LON-CL1ALLFILES.vhd
Parent
Win7-OFC.vhd
WS08R2-LONDC1.vhd
Differencing
Parent
Differencing
Parent
6292A-LON-VS1.vhd
Differencing
Base10A-WS08R2HV.vhd
6292A-LON-CL1.vhd
6292A-LON-CL2.vhd
6292A-LON-DC1.vhd
Differencing
Differencing
Differencing
6292A-LON-CL1Disk1.vhd
6292A-LON-CL1Disk2.vhd
Virtual Machine Environment

Virtual machine
Used as:
6292A-LON-DC1
Domain controller in the Contoso.com domain
6292A-LON-CL1
Windows 7 computer in the Contoso.com domain
6292A-LON-CL2
Windows 7 computer in the Contoso.com domain
6292A-LON-CL3
Virtual machine with no operating system installed
6292A-LON-VS1
Windows Vista computer in the Contoso.com domain
3/11/2014
Demonstration: Using Hyper-V Manager

In this demonstration, you will learn how to:
Open Hyper-V Manager
Navigate the various sections/panes within Hyper-V Manager
Virtual Machines, Snapshots, and Actions: Server specific
and Virtual Machine specific
Identify the virtual machines (VMs) used in the labs for this
course
Take a Snapshot and Apply a Snapshot
Connect to a VM
Start and log on to a VM
Switch between the full screen and window modes
Revert to the previous Snapshot
Shut down a VM
Understand the difference between Shut Down and Turn off
Close Hyper-V Manager
Module 1
Installing, Upgrading, and
Migrating to Windows 7
3/11/2014
Module Overview
Preparing to Install Windows 7
Performing a Clean Installation of Windows 7
Upgrading and Migrating to Windows 7
Performing Image-Based Installation of Windows 7
Configuring Application Compatibility
Lesson 1: Preparing to Install Windows 7

Key Features of Windows 7
Editions of Windows 7
Hardware Requirements for Installing Windows 7
Advantages of Using 64-Bit Editions of Windows 7
Options for Installing Windows 7
3/11/2014
Key Features of Windows 7
Manageability
Deployment
The
key features
of Windows 7
Reliability
and performance
Productivity
Greater
Enhanced
Improved
reliability
Enhanced
user
and
Usability
security
productivity
are
categorized
as performance
follows:
Usability
Security
Multi-tiered
data
Multi-tiered
data protection
protection
Automation
Flexibility

Reduce
(WIM)help
format and
image Windows
Usability Imaging
desk
calls
based
deployment
Data
protection
at
document,
file,
directory,

Application
recovery
and
error
reporting
user
and
accessibility
Improvements
Reliable
Built
on ways
a
and
fundamentally
consistent
to
the user
performance
secure
interface
platform

Clearer
tointerface
organize,
search
for, using
and

Improved
Fundamentally
secured
platform
Improved
data
protection
at
document,

Security
computer
and
network
levels
Clearer
ways
toWindows
organize,
search
for,
and
Microsoft
AppLockerTM
features
new
based
hardware
on
Windows
features
Vista
foundation
Modularization
view
information
file,
directory
and
computer
levels
Accessibility
features
view
information
Detection
and
recovery
from hard
disk and
Windows
Troubleshooting
Rights
Multi-tiered
data
protection

to
Improvements
Management
Services
(RMS)
New
features
and
improvements
protect

New
features
and
improvements
to
protect
Improved
application
recovery
and
error
Windows
Search
PowerShell
2.0
Packs

memory
failures
TM, DirectAccess,
New
communication,
mobility,
and
Network
deployment
by
using
Windows
Rights
Management
Services
(RMS)
in
auditing
BranchCache
and
VPN
against
worms,
viruses,
and
malware
New
communication,
mobility,
and
against
worms,
viruses,
and
malware
reporting
Reliability
and
performance
Encrypting
File
System
(EFS)
networking
features
Group
Policy Virtual
Problem
Steps
Deployment
Services
with
Multicast
Windows
Reconnect
PC and
Windows
XPwith
Mode
Group
policy
TM Drive
features
Windows
BitLocker
Encryption
networking
Auto-tuning
network
stack
for
more
efficient
Scripting
Recorder
multiple
stream
transfer
and
Dynamic
driver

Administrators
Detection
and
recovery
work
at
user
from
privilege
some
hard
level
preferences

TM

Deployment
work at user
privilege
level
TM
Administrators
Windows
BitLocker
Drive
Encryption
and
and Windows
BitLocker
To Go
utilization
TM
bandwidth
,Improvements
provisioning
BranchCache
DirectAccess,
disk
and
memory
failures
TM to and VPN
Windows
BitLocker
To
Go
Streamlined
User
Account
Control (UAC)
System
Restore(IPsec)
Manageability
Streamlined
Reconnect
Internet Protocol
Security

User
Account
Control
(UAC)

Defragmentation
runs
in
the
background
The
Auto-tuning
new
Deployment
network
Image
stack
for
Servicing
more
and
Tool
and
Internet Protocol Security (IPsec)
Management
Productivity
Reliability
Monitor
efficient bandwidth
(DISM)
utilization
and
improvements in
User State Migration Tool (USMT) 4.0
Notes Page Over-flow Slide. Do Not Print Slide.

See Notes pane.
3/11/2014

See Notes pane.
Editions of Windows 7
Consumers
Windows 7
Windows
Ultimate 7
Home
Windows 7
Premium
Enterprise
Windows 7
Professional
Standard
consumer
edition
Windows
7
Home
Does not
Premium
include
business
Windows 7
features
Home Basic
Windows 7
Starter
Businesses
Specialized
Ultimate
Enterprise
Professional
Windows
7
Home
Premium
Windows 7 Starter
Home Enthusiasts
Basic
Enterprises
Windows 7
Targeted
for value
technical
enthusiasts
who
want
Business-focused
edition,
edition
for
targeted
small
and
for
managed
lower
midThe
standard
edition
for
customer.
It
provides
full
Targeted
specifically
for
PCs
for
insmall
emerging
form
factor
markets,
PCsall
meant
in
Professional
Windows
7
Windows
7all
Windows
7
features,
without
a
Volume
License
environments,
market
companies
mainly
and
large
users
enterprises
who
have
networking,
functionality
on
the
latest
hardware,
easy
ways to
for accessing the internet
markets
and running basic
Ultimate
Enterprise
agreement
backup,
and
security
needs
and
connect,
andfeatures
a visually
rich environment
applications
productivity
Includes
all
available
in multiple
WindowsPCs
7 or
Only
32-bit
servers
the
sameAll
features
asWindows
the Business-focused
Windows
7
Professional
edition
Includes
all
features
available
in
7
features of
Includes
all
features
available
in
Windows
7 Home
Starter
Business Features
include:
Enterprise
Includes
all
features
available
in Windows
7 for
Home
Windows
features
edition
large
Basic
edition
edition
focused
Additionally,
it includes:
Premium
edition
Improved
edition
Windows Taskbar and Jump Listsenterprises
for
Not
licensed
forincludes:
VDI
scenarios
Additionally,
it
Additionally,
BitLocker
and
it
includes:
BitLocker
To Go
small
and
Windows Search
Additionally,
it includes:
lower
Windows
Aero
Glass,
advanced
windows
mid-on number of programs
AppLocker
No
limit
younavigation
can run and Aero
Ability
to join a
HomeGroup
background
market
Core
business
features,
such as Domain Join and Group
Emerging
Markets
Entry
Level PCs
DirectAccess
Live
Thumbnail
previews
and
enhanced
visual
Policy
Action
Center,
Stage,
Fax
and Scan support)
Windows
Touch Device
(Multi-touch
and
handwriting
experiences
Include
BranchCache
Data
protection with advanced
network
backup
and
Windows
7
Windows
7
Ability to create
a HomeGroup,
which ease
sharing
Enhanced
media
streaming, including
Play
To across all
Encrypted
File
System
business
PCs and devices
Advanced
networking
support
(ad-hoc wireless
Home
Basic
All worldwide
interface
languages
features
Broad
applications
and
device
compatibility Starter
and
internet
connection
sharing)
Ability
to print
to
theand
right
printer at home
or work with
networks
DVD
Video
playback
authoring
No
Enterprise
Search
limitation
onPrinting
howScopes
many
applications
can run
Entry-level
edition
Value
edition
in
Location
Aware
simultaneously
Windows Media Center, Snipping Tool, Sticky Notes, Windows
in all markets
emerging
Journal
Virtual
Desktop
Infrastructure
(VDI) enhancements
Windows
Sideshow
Remoteand
Desktop
host
and
Offline folders
markets
Secured,
reliable
and
supported
and ability
to boot
from
a VHDoperating system
Windows Virtual PC and Windows XP Mode.
10
3/11/2014
Hardware Requirements for Installing Windows 7
Hardware
Minimum Requirements
CPU
1 GHz or faster
RAM
1 GB for 32-bit or 2 GB for 64-bit
GPU
Aero Capable
Video RAM
128 MB
HDD Free
16 GB for 32-bit or 20 GB for 64-bit
Optical Drive
DVD
Advantages of Using 64-Bit Editions of

Windows 7
Take advantage of 64-bit processors:
Improved performance
More memory
Improved device support
Improved security
Limitation:
Does not support the 16-bit Windows on
Windows (WOW) environment
11
3/11/2014
Options for Installing Windows 7

Clean installation
Install Windows 7 on a new partition
Replace an existing operating system on a partition
Upgrade installation
Replace an existing version of Windows with Windows 7
All users applications, files, and settings are retained
Migration
Move files and settings from an old operating system to
Windows 7
Side-by-side or wipe and load
Lesson 2: Performing a Clean Installation of

Windows 7
Discussion: Considerations for a Clean Installation
Methods for Performing Clean Installation
Discussion: Common Installation Errors
Demonstration: Configuring the Computer Name and
Domain/Word Group Settings
12
3/11/2014
Discussion: Considerations for a Clean

Installation
When do you typically
perform a clean installation
of Windows?
5 min
Methods for Performing Clean Installation
Running setup.exe
Running
Install
bysetup.exe
using an
from
DVD
from afrom
network
image
DVD share
Insert
the
Start
Createthe
a
Start the
theto
Start
Connect
product
computer
WIM
file setup.exe a
Running
computer
computer
network
DVD
by
from
aanetwork share
from
by using
using
by
using
share
the
reference
Windows
Windows
containing
product
computer
PE
PE
Windows
DVD
7 files
Installing by using an
image
Complete
Apply the
Run
the
WIMwizard
file to
setup.exe
the
target
from the
computer
network
share and
complete
the wizard
ImageX, Windows Deployment Service,

Microsoft Deployment Toolkit
13
3/11/2014
Discussion: Common Installation Errors
What potential issues might

you encounter when installing
Windows?
5 min
Demonstration: Configuring the Computer Name

and Domain/Workgroup Settings
In this demonstration, you will see how
to configure domain and workgroup
settings.
5 min
14
3/11/2014
Lesson 3: Upgrading and Migrating to Windows 7

Considerations for Upgrading and Migrating to Windows 7
Identifying the Valid Upgrade Paths
Determining the Feasibility of an Upgrade Using Windows
Upgrade Advisor
Process for Upgrading to Windows 7
Tools for Migrating User Data and Settings
Process for Migrating to Windows 7
Migrating User Settings and Data by Using WET
Considerations for Upgrading and Migrating to

Windows 7
Upgrade:
Does not require the
reinstallation of
applications
Does not require
additional storage
space
Does not require
replacing existing
computer hardware
Is the recommended
solution in home or
small offices scenarios
Migrate:
Requires a reinstallation
of applications
Typically, requires more
storage space
Typically, requires
replacing existing
computer hardware
Is the recommended
solution to achieve a
standardized
environment in a large
enterprise scenario
15
3/11/2014

See Notes pane.
Identifying the Valid Upgrade Paths

Windows
Windows
Windows
Windows
Windows
95
98
ME
NT4
2000
Windows XP
Windows Vista RTM
Only clean install
Clean install
Migration
In-place upgrade
Clean install
Migration
Windows Vista SP1, SP2
Windows 7
Windows Anytime Upgrade enables you to

upgrade to a higher edition of Windows 7
16
3/11/2014
Determining the Feasibility of an Upgrade Using

Windows Upgrade Advisor
Windows Upgrade Advisor is a downloadable application
that helps Windows users identify which edition of
Windows 7 meets their needs
Use Windows Upgrade Advisor to:
Provide suggestions about necessary hardware updates to
install and run the appropriate edition and features of

Windows 7
Provide upgrade guidance to Windows 7
Requirements
.NET 2.0
Administrator privileges
MSXML 6
Internet connection
20 MB free HDD
Process for Upgrading to Windows 7

Evaluate
Update
Update
Verify
Evaluate
Upgrade
Back
up
Evaluate whether your computer meets

the necessary requirements to run
Windows
7:
Keep
operating
system Back
up toUp
date to
After
the
upgrade:
Protect
against
data loss, backup data
Hardware
requirements
protect
against
any
security
threats:7,

To
perform
an
upgrade
to
Windows
and settings by using appropriate
Log
on to the
computer
1
run
setup.exe
from:
compatibility
Determine
any
relevant updates

backup
media:
1 Application
Verify
all
applications
and hardware
2
Apply all disc
relevant
updates

2 CD/DVD
Windows
7 product
DVD to the
function
correctly
Usedevices
the
following
tools:
computershare
Network
Upgrade
AdvisorAdvisor

Follow Windows
Upgrade
3 Windows
Update
can
also
be
done
Any
other
backup
media

recommendations
if any during
Compatibility
Toolkit
Application
upgrade
(Dynamic
Update)
Standard User Analyzer Tool
Microsoft Assessment and Planning
Toolkit
Verify
Upgrade
17
3/11/2014
Tools for Migrating User Data and Settings

What to migrate
Identify which components are to be migrated

User StatetoMigration
the new operating system
Tool (USMT) 4.0
Use one of the following migration tools:
User
Preferences
Windows Easy Transfer
(WET)
User State Migration Tool (USMT) 4.0

Windows 7
User Data
Earlier
Version of
Windows
Application
Settings
Windows Easy
Transfer (WET)
Process for Migrating to Windows 7

Back Up
Back up user state, including:

Install
Restore
Install
Install
Restore
Update
Back
up
Applications
Windows 7
Windows 7
settings
User
Keep
your
computer
secure by keeping
Run
the
Windows
7 installation
After
installing
Windows
applications,
restore all
up
current
updates: 7, reinstall
Application
settings
with
(setup.exe)
from:
applications:
user
state by using:
Selectdata
check for updates during
User
product
DVD
Windows
Install
the
Easy
compatible
Transferversion of the

installation
applications
Use
one
of
the
following
migration
share

User State
Migration
Toolinstallation
Network
Check
for updates
after

tools:
Windows Easy Transfer

User State Migration Tool
Install Applications
Update
18
3/11/2014
Migrating User Settings and Data by Using WET

Prepare
for the migration
the destination
WET
is the recommended
tool foron
scenarios
in which you
Transfer
files
and
settings
by
using
a network
computer
have a small number of computers to migrate
On 1destination computer:
To migrate
by using
WET:
Start WET
on the
source computer
1 Close all active programs

2 Store
Click the
Next
Windows 7 WET files to be Used on
12 Start Windows Easy Transfer
Source
Computer
3 the
Click
A Network
Destination
Source
3 Click Next
Computer
Computer
Files
and
Settings
from
the
Source
4 Migrate
24 Click This is my old computer
Select transfer
method
Computer
to the Destination
Computer by
5 WET creates WET key
using:
5 Click This is my new computer
6 On
the destination
computer,
enter WET
Windows
Easy Transfer
cable
6 Click
I
need
to
install
now
(if
source
key and then click Next
computer
Network does not have WET)
7 Click Transfer and proceed with the
Removable
media ormedia
a network
share WETDestination
7 Select
destination
and save
files
wizard
Computer
Lesson 4: Performing an Image-Based

Installation of Windows 7
What Is Windows Imaging File Format?
Tools for Performing an Image-Based Installation
Image-Based Installation Process
Demonstration: Building an Answer File by Using Windows
SIM
Building a Reference Installation by Using SysPrep
Demonstration: Creating Bootable Windows PE Media
Capturing and Applying the Installation Image by Using
ImageX
Demonstration: Modifying Images by Using DISM
Migrating User Data and Settings by Using USMT 4.0
Configuring VHDs
19
3/11/2014
What Is Windows Imaging File Format?

A file-based image technology used to install
the Windows operating system
Provides the following benefits:
One image for many hardware configurations

Multiple images in one file
Compression and single instancing
Offline servicing of the image file
Installation on partitions of any size
Modification of image files using APIs
Nondestructive deployments
Bootable image support for Windows PE
Tools for Performing Image-Based Installation

Windows Setup (setup.exe)
Answer File
Catalog
Windows Automated Installation Kit (Windows AIK)
Windows System Image Manager (Windows SIM)
Windows Preinstallation Environment (Windows PE)
ImageX
User State Migration Tool (USMT)
Deployment Image Servicing and Management (DISM)
Sysprep
Diskpart
Windows Deployment Services (WDS)
Virtual Hard Disk (VHD)
20
3/11/2014
Image-Based Installation Process
Build an Answer File
2 Build a reference installation

3 Create a bootable Windows PE Media
4 Capture the installation image
5 Deploy the installation image
Demonstration: Building an Answer File by Using

Windows SIM
In this demonstration, you will learn how
to create an answer file by using
Windows SIM.
10 min
21
3/11/2014

See Notes pane.
Building a Reference Installation by Using

SysPrep
Prepares an installation of Windows for
duplication, auditing, and delivery
Use Sysprep to:
Remove system-specific data from the Windows operating
system
Configure Windows to start in audit mode
Configure the Windows operating system to start
the Windows Welcome phase

Reset Windows Product Activation
Sysprep.exe [/quiet] [/generalize] [/audit | oobe]

[/reboot | /shutdown | /quit] [/unattend:answerfile]
22
3/11/2014
Demonstration: Creating Bootable Windows PE

Media
to create bootable Windows PE media
that can be used for imaging computers.
5 min
Capturing and Applying the Installation Image by

Using ImageX
A command-line tool that is used to capture,
modify, and apply file-based WIM images
Use ImageX to:
View the contents of a WIM file
Capture and apply images
Mount images for offline image editing
Store multiple images in a single file
Compress the image files
Implement scripts for image creation
ImageX [/flags EditionID] [{/dir | /info | /capture |

/apply | /append | /delete | /export | /mount |
/mountrw | /unmount | /split} [Parameters]
23
3/11/2014
Demonstration: Modifying Images by Using DISM

to modify an image by using DISM.
5 min
Migrating User Settings and Data by Using

USMT 4.0
A scriptable command-line tool that provides a
highly-customizable user-profile migration
experience for IT professionals
USMT components:
ScanState and LoadState
Config.xml and Migration .xml files
Component manifests for Windows Vista, Windows 7, and
down-level manifests for Windows XP

USMT internal files
Scanstate [StorePath] [/i:[path\]FileName] [Options]

Loadstate [StorePath] [/i:[path\]FileName] [Options]
24
3/11/2014
Configuring VHDs
A native-boot VHD is a VHD that can
be used as the running operating
system on a computer without a
parent operating system
Deploy VHD
Create VHD
Prepare VHD
DiskPart Tool
Install Windows
7 to the VHD
Disk Management
MMC
Attach VHD to the
host computer
Copy VHD to
computer to run in
VM
Copy VHD to
computer to run in
Native Boot
Add a Native Boot
VHD to the Boot
Menu
Use WDS to deploy
VHD images for
native boot
Lesson 5: Configuring Application Compatibility

Common Application Compatibility Problems
Common Mitigation Methods
Updating Shims
25
3/11/2014
Common Application Compatibility Problems

Common Application Compatibility problems
may relate to the following areas:
Setup and installation of applications
User Account Control
Windows Resource Protection (WRP)
Internet Explorer Protected Mode
64-bit architecture
Windows Filtering Platform (WFP)
Operating system version changes
Kernel-mode drivers
Deprecated components

See Notes pane.
26
3/11/2014
Common Mitigation Methods

Common mitigation methods include:
Modifying the application configuration
Applying updates or service packs
Upgrading the application
Modifying the security configuration
Running the application in a virtualized environment
Using application compatibility features built into
the operating system

Selecting another application
Updating Shims
A shim is software, added to an existing application
or other program, to provide some form of

enhancement or stability
In the application compatibility context, a shim
refers to a compatibility fix

Use the Compatibility Administrator Tool to:
Search for a compatibility fix for an existing application
Create a new compatibility fix
To deploy a compatibility fix:

Store the compatibility fix database locally or in a network
location
Use the Sdbinst.exe command-line tool to install the
compatibility fix
27
3/11/2014
Lab: Installing and Configuring Windows 7

Exercise 1: Migrating Settings by Using Windows Easy
Transfer
Exercise 2: Configuring a Reference Image
Exercise 3: Deploying a Windows 7 Image
Logon information
Virtual machines
6292A-LON-DC1
6292A-LON-CL1
6292A-LON-VS1
User name
Contoso\Administrator
Password
Pa$$w0rd
Estimated time: 90 minutes
Lab Scenario
The first batch of Windows 7 computers has arrived. As
part of the deployment process, you need to migrate user

settings from existing Windows XP computers to the new
Windows 7 computers.
You are rolling out Windows 7 to the computers in your
organization. To do this you are creating a reference

image of Windows 7 that can be applied to other
computers. The image is generalized by using Sysprep.
You are performing a manual test of the deployment
process for new images. Eventually, this process will be

automated. In this test run, you are ensuring that you
have the correct syntax for all of the commands used to
start the capture of user settings from the old computer,
apply the reference image to the new computer, and then
apply user settings to the new computer.
28
3/11/2014
Lab Review
Why do you use Sysprep before capturing an image?
Why is Windows PE required as part of the imaging
process?
Module Review and Takeaways

Review Questions
Common Issues and Troubleshooting Tips
Best Practices
Tools
29
3/11/2014

See Notes pane.
Module 2
Configuring Disks and
Device Drivers
30
3/11/2014
Module Overview
Partitioning Disks in Windows 7
Managing Disk Volumes
Maintaining Disks in Windows 7
Installing and Configuring Device Drivers
Lesson 1: Partitioning Disks in Windows 7

What Is an MBR Disk?
What Is a GPT Disk?
Disk Management Tools
Demonstration: Converting an MBR Partition to a GPT
Partition
31
3/11/2014
What Is an MBR Disk?

Master Boot Record (MBR) Disk
The MBR contains the partition table for the disk and a small
amount of executable code called the master boot code.
Is created when the disk is partitioned
Contains a four partition entry table
Is on the first sector of the hard disk
Limits the number & size of partitions
What Is a GPT Disk?

GUID Partition Table(GPT)
Contains an array of partition entries describing
the start and end LBA of each partition on disk
Supports more partitions
Supports larger partitions
Enhances reliability
Supports boot disks on 64-bit Windows
operating systems, UEFI systems
32
3/11/2014

Use diskpart.exe
to convertSnap-in
partition styles
Disk Management
Diskpart.exe
Graphical user
interface
Scriptable
command
line utility
Manage
disks
and
volumes,
both basic and
Graphical userinterface
Create scripts to automate disk-related
tasks
Disk Management Snap-in
MBR
dynamic,
Manage disks and volumes,
bothlocally
basic andor
orAlways
locally
dynamic, locally
on remoteruns
computers
GPT
on remote computers
Simple partition creation
Use diskpart.exe to convert partition styles
Diskpart.exe
MBR
GPT
Scriptable command line utility

tasks
Always runs locally
Disk Management Snap-in

Graphical user interface
Manage disks and volumes, both basic and
dynamic, locally or on remote computers

Use diskpart.exe to convert partition styles
Diskpart.exe
MBR
GPT
Scriptable command line utility

tasks
Always runs locally
33
3/11/2014
Demonstration: Converting an MBR Partition to a

GPT Partition
In this demonstration, you will see how to:
Convert a Disk to GPT by using Diskpart.exe
Convert Disk 3 to GPT by using Disk

Management
Verify the Disk Type
10 min
Lesson 2: Managing Disk Volumes

What Is a Simple Volume?
Demonstration: Creating a Simple Volume
What Are Spanned and Striped Volumes?
Demonstration: Creating Spanned and Striped Volumes
Purpose of Resizing a Volume
Demonstration: Resizing a Volume
34
3/11/2014
What Is a Simple Volume?

Simple Volume
Dynamic volume that encompasses available
free-space from a single, dynamic, hard disk drive
Can be extended on same disk

Not fault tolerant
Volume I/O performance the same as Disk
I/O performance
Can be extended across disks creating a
spanned volume
Demonstration: Creating a Simple Volume

to create a simple volume by using Disk
Management and Diskpart.exe.
10 min
35
3/11/2014

Spanned
Striped
Requires dynamic disks
Requires multiple dynamic disks
Spanned
Space allocated from multiple
Allocated space from each disk must
Up to 32 disks can be combined
Up to 32 disks can be combined into
dynamic
disks
A spanned
be of
identical
volume joins areas
unallocated space
disks into a single logical disk.
into single spanned volume

No fault tolerance
single striped volume

No fault tolerance
Striped
Well
suited forof
isolating
A striped volume maps
stripes
datathe paging
file
cyclically across the disks.
No performance improvement
compared to simple volumes

Can shrink or extend
Provides for faster throughput

Spanned
Striped
Requires dynamic disks
Requires multiple dynamic disks
Space allocated from multiple
Allocated space from each disk must
dynamic disks
Up to 32 disks can be combined
into single spanned volume
be identical
Up to 32 disks can be combined into
single striped volume
No fault tolerance
No fault tolerance
No performance improvement
Well suited for isolating the paging
compared to simple volumes

Can shrink or extend
file
Provides for faster throughput
36
3/11/2014
Demonstration: Creating Spanned and Striped

Volumes
Create a spanned volume
Create a striped volume
10 min
Purpose of Resizing a Volume

Resize a volume to create additional, unallocated
space to use for data or programs on a new volume.
Shrink simple and spanned dynamic disks to:

Extend the simple volume on the same disk
Extend a simple volume to include unallocated space
on other disks on the same computer

Before shrinking:
Defragment the disk
Reduce shadow copy disk space consumption
Ensure that no page files are stored on the volume to
be shrunk
37
3/11/2014
Demonstration: Resizing a Volume

Shrink a volume by using Diskpart.exe
Extend a volume by Disk Management
5 min
Lesson 3: Maintaining Disks in Windows 7

What Is Disk Fragmentation?
Defragmenting a Disk
What Are Disk Quotas?
Demonstration: Configuring Disk Quotas (Optional)
38
3/11/2014
What Is Disk Fragmentation?

Disk fragmentation is the non-contiguous
storage of data on a volume
Disk fragmentation can:
Consist of both fragmented files and fragmented free space
Lead to poor performance of the disk subsystem
Defragmenting a Disk
Rearrange data and reunite fragmented files
Scheduled to run automatically by default
C:>
Can be run from the command-line
39
3/11/2014
What Are Disk Quotas?

A disk quota is a way for you to limit use of disk space on a
volume for each user to conserve disk space.
Disk quotas help you:

Track and restrict disk
consumption
Proactively monitor
available space
Determine who is
consuming available
space
Plan for storage capacity
increases
Demonstration: Configuring Disk Quotas

(Optional)
Create quotas in a Volume
Test a quota
Review quota alerts and event-log messages
12 min
40
3/11/2014

See Notes pane.

See Notes pane.
41
3/11/2014
Lesson 4: Installing and Configuring Device

Drivers
Overview of Device Drivers in Windows 7
Installing Devices and Drivers
Device Driver Management Tools
Options for Updating Drivers
Managing Signed Drivers
Discussion: Options for Recovering from a Driver Problem
Demonstration: Managing Drivers
Overview of Device Drivers in Windows 7

A driver is a small software program that allows a
hardware device to communicate with a computer.
Drivers developed for the 32-bit versions do not work with
the 64-bit versions, and vice versa.

Device drivers that ship with Windows 7 have a Microsoft
digital signature.
The driver store is the driver repository.
Device metadata packages contain device experience XML
documents that represent:

The properties of the device
The device functions
Applications and services that support the device.
42
3/11/2014
Installing Devices and Drivers

Improve end-user device driver installation by:
Staging driver packages in the protected driver store
Add to the Driver Store by using the Plug-andPlay utility (Pnputil.exe) at a Command Prompt
client computers to automatically search

Configuring
a specified list of folders
Search folders specified by the DevicePath registry entry

Devices
and
Printers
Device
Stage
Device
Manager
Device Manager
Devices and Printers
Device Stage
Provides
a place
to with
Provides
users
Helps
install
and a way
manage
devices
to access
devices
update
drivers and
for
advanced
options
for
hardware
devices,
managing
them
change
the hardware
Devices
that display
in
settings
for
those
this location
are
usually
Devices
in use
are
shown
devices,
and
external
devices
that
on the
taskbar
with a
troubleshoot
problems
you connect
or
photo-realistic
icon
disconnect
from
the
Use Device Manager
computer
to through
manage adevices
port or network
only on a local
connection
computer
43
3/11/2014

Device Manager
Devices and Printers
Device Stage
Options for Updating Drivers

Dynamic Update
Works with Windows Update to download critical fixes
and device drivers required for the setup process

Windows Update
Delivers software updates and drivers, and provides
automatic updating options
Manufacturers media or Web site
Use the media or browse to the device manufacturers
Web site to obtain an updated driver

Device Manager
Updates the driver software for the device manually
Compatibility Report
Use this report to load a new or updated driver during
an upgrade
44
3/11/2014
Managing Signed Drivers

Benefits of signing and staging driver packages
Improved security
Reduced support costs
Better user experience
Maintaining signed drivers

Use Sigverif.exe to check for unsigned device drivers
Use a Command Prompt to run the driverquery
command with the /si switch to obtain a basic list of

signed and unsigned device drivers
Use Group Policy to deploy certificates to client
computers
Discussion: Options for Recovering from a Driver

Problem
1. How often have new devices and their associated
drivers introduced reliability problems on
computers that you manage?
2. What are possible ways of recovering from a
driver problem? Describe a situation in which
you might use each recovery method to resolve
a driver problem.
15 min
45
3/11/2014
Demonstration: Managing Drivers

Update a device driver
Roll back a device driver
Install a driver into the driver store
12 min

See Notes pane.
46
3/11/2014
Lab: Configuring Disks and Device Drivers

Exercise 1: Configuring Disks
Exercise 2: Configuring Disk Quotas (Optional)
Exercise 3: Updating a Device Driver
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
Lab Scenario
A Windows 7 computer is used for rendering large
engineering drawings. It requires expanded disk space and

fast disks. Initially a simple volume is requested, but then an
application requires a separate drive letter and the simple
volume must be shrunk. Then, more disk space is required,
so a spanned volume is created. Finally, a striped volume is
created to enhance performance.
Some of the employees at the engineering company work on
a shift basis. Disk quotas need to be created for people who

share computers on a shift basis and to see which user is
using how much disk space allocated.
As the volume of work increases, some of the devices are not
functioning as required. Your task is to perform an update of

the drivers for those devices.
47
3/11/2014
Lab Review
1. In Exercise 1, you used the assign command in diskpart
to assign a drive letter to a newly created volume.

Instead of assigning a drive letter, what else can you
do?
2. In Exercise 2, you used local disk quotas to manage disk
consumption. Although this is a useful local

management tool, in an enterprise network based on
Windows Server 2008, what other disk space
management tools can you use?
3. In Exercise 3, you used driver roll back to reverse a
driver update you made. If your computer will not start

properly, how can you address a driver-related problem?

Review Questions
Common Issues
Best Practices
Tools
48
3/11/2014

See Notes pane.

See Notes pane.
49
3/11/2014

See Notes pane.

See Notes pane.
50
3/11/2014

See Notes pane.
Module 3
Configuring File Access and
Printers on Windows 7
Clients
51
3/11/2014
Module Overview
Overview of Authentication and Authorization
Managing File Access in Windows 7
Managing Shared Folders
Configuring File Compression
Managing Printing
Lesson 1: Overview of Authentication and Authorization

What Are Authentication and Authorization?
Authentication and Authorization Process
New Authentication Features in Windows 7
52
3/11/2014
What Are Authentication and Authorization?

Are you on the list?
Who are you?
Authentication: Verifying
the identity of something
or someone
Authorization: Determining
whether something or someone has
permission to access a resource
User
Resource
What does the list say you can do?
Access: Determining what actions
something or someone can perform on
the resource based on permission levels
Authentication and Authorization Process

Windows authentication methods include:
Windows
Authentication
Method
Description
Kerberos version 5
protocol
Used by Windows 7 clients and servers running

Microsoft Windows Server 2000 or later
NTLM
Used for backward compatibility with computers

running pre-Windows 2000 operating systems and
some applications
Certificate mapping Certificates are used as authentication credentials
53
3/11/2014

Biometrics
Smart Cards
Online
Identity Integration
Windows Biometric Framework (WBF) provides

A new card-related
group
policy Plug
setting
available
controls
support
for fingerprint
biometric
devicesthat
through
a
Smart
andis Play
the set
ability
of online IDs to authenticate to a computer
new
of components

AKerberos
common support
API facilitates
development
of applications
Smart
card logon
Online IDs
can befor
used
to identify
individuals within a
using biometrics
network
Encrypt removable media using BitLocker and using
Through
a new Control
Panel
item,the
users
can control
the
Smart
option
to unlock
drive
Users
mustcard
link
their
userdevices
account
to an
the
availability
and
useWindows
of biometric
online ID to facilitate authentication

Document and e-mail signing

Device Manager support for managing drivers for
biometric
devicesoccurs through the use of certificates
Authentication
Used with line-of-business applications to enable
certificate
with no
middleware
Group
Policyuse
settings
to additional
enable, disable,
or limit the
Does not affect domain accounts or local user
use of biometric data for a local computer or domain
accounts from logging on to the computer

Notes Over-flow Slide

General information
If you have too much Notes text associated with one slide
to fit in one Notes Page, use the hidden Notes Over-flow

Slide as page two of the Notes Page.
The red line indicates that this slide must not be printed.
In an actual module, do not add content to this slide or

modify it in any other way. Only add content to the Notes
Page.
Printing Hidden Slides
Ensure that you print hidden slides when / if printing the
Notes Pages. In the print dialog box, select Print hidden

slides
Ensure that you do not print hidden slides when / if
printing the actual Slides. In the print dialog box, de-select

Print hidden slides
54
3/11/2014

New
Authentication
Features
Description
Several new authentication features are available
for use with Smart cards, including:
Smart cards
Kerberos support for Smart card logon

Encrypt removable media using BitLocker and
using the Smart card option to unlock the drive

Document and e-mail signing
Biometrics
Windows Biometric Framework (WBF) provides

support for fingerprint biometric devices through a
new set of components
Online Identity
Integration
A new group policy setting is available that

controls the ability of online IDs to authenticate to
a computer
Lesson 2: Managing File Access in Windows 7

What Are NTFS Permissions?
What Is Permission Inheritance?
Demonstration: Configuring NTFS Permissions for Files and
Folders
Impact of Copying and Moving Files and Folders on Set
Permissions
What Are Effective Permissions?
Discussion: Determining Effective Permissions
55
3/11/2014
What Are NTFS Permissions?

NTFS file and folder permissions
Define the type of access granted to a user,
group, or computer for a file or folder

When
PermissionUser
Inheritance
is blocked
Explicit
Permission:
creates a file
or folder and
assigns permissions
Allow Read;
Deny Write
Perform one of the following:

Copy existing group or user permissions to the
Inherited Permission: File or folder permissions for a
child file or folder
child object default from its parent
Start with blank permissions on the child file
or folder and configure a unique set of
Allow Read;
permissions
Allow Write
56
3/11/2014

Explicit Permission: User creates a file or folder and
assigns permissions
Allow Read;
Deny Write
Inherited Permission: File or folder permissions for a

child object default from its parent
Allow Read;
Allow Write
Demonstration: Configuring NTFS Permissions for

Files and Folders
Create a folder and a document file
Grant selected users Write access to the file
Deny selected users Write access to the file
Verify the Deny permissions on the file
10 min
57
3/11/2014

General information


Page.

slides

Print hidden slides
Impact of Copying and Moving Files and Folders

on Set Permissions
Allow Read
NTFS Partition C:\
Deny Write
NTFS Partition C:\Full Control
Allow Read
Deny Write
NTFS Partition E:\
Copy or Move
Copy or
Move
Allow Read
Deny you
Write copy or
When
move a file or folder
within an NTFS
partition
When you copy or move a file or folder to a

different NTFS partition
Thefile
fileororfolder
folderinherits
inheritspermissions
permissionsfrom
fromthe
the new
The
parent folder
destination folder
When moving a file or folder that has explicitly assigned

permissions, those permissions are retained in addition
to the newly inherited permissions
58
3/11/2014
Impact of Copying and Moving Files and Folders

on Set Permissions
When you copy or move a file or folder to a
different NTFS partition
The file or folder inherits permissions from the
destination folder
When you copy or move a file or folder within an

NTFS partition
The file or folder inherits permissions from the new
parent folder
When moving a file or folder that has explicitly
assigned permissions, those permissions are retained
in addition to the newly inherited permissions
What Are Effective Permissions?

Effective permissions are a file or folders final, combined
permission set that is determined by Windows 7 when a file or
folder contains both user and group permissions.
When determining effective permissions:
User and group permissions are combined
Deny permissions override allow permissions
The Effective Permissions feature:

Calculates and displays the permissions granted to a user or
group
Determines all domain and local groups in which the user is a
member
Takes into account permissions inherited from the parent object
59
3/11/2014
Discussion: Determining Effective Permissions
Users group has

Write for Folder1
Sales group has
Read for Folder1
Users group has

Read for Folder1
Sales group has
Write for Folder2
NTFS Partition
Users
Group
Folder1
User1
File1
Folder2
Users group has

Modify for Folder1
File2 must only be
available to Sales
group with Read
permission
File2
Sales Group
Lesson 3: Managing Shared Folders

What Are Shared Folders?
Methods of Sharing Folders
Discussion: Combining NTFS and Share Permissions
The Network and Sharing Center
60
3/11/2014
What Are Shared Folders?
Shared folders are folders that allow network access to

their content
You can share folders, but you cannot share individual files
The default shared folders permission is Full Control for the user
that shared the folder
Folders can be shared:
In the MMC console using the Shares snap-in
In Windows Explorer
Through the command line using the Net Share command
Through Computer Management

Advanced
Sharing
BasicFolder
Sharing
Public
Sharing

simultaneous
connections
Allows
youPublic
to share
folders
quickly
Configure
Multiple
default
folders
for each
computer
Basic
Sharing

share
name
Advanced
Sharing
You
configure
permissions
Files
shared
with
same
computer
Choose
Public
Folder Sharing

permissions
Configure
Files shared
with same network
caching

Access controlled
by permissions
Configure
61
3/11/2014

Basic Sharing
Allows you to share folders quickly
You configure permissions

Advanced Sharing
Configure permissions, simultaneous connections, and caching
Choose share name
Public Sharing
Multiple default Public folders for each computer
Files shared with same computer and with same network
Access controlled by permissions

1. If ayou
usercreate
is assigned
Full Control
NTFS
a file but is partition,
accessing
When
a shared
folder
onpermission
an NTFStoformatted
fileshared
through folder
a share permissions
with Read permission,
what
will be
the
effective
boththe
the
and the
NTFS
file
system
permissionare
the user
will haveto
onsecure
the file?file resources.
permissions
combined
2. If you want a user to view all files in a shared folder but you can modify only
certain
By files
default,
in thethe
folder,
Everyone
what permissions
group is granted
would you
the
give?
shared folder
permission Read
3. Identify a scenario at your organization in which you may have to combine

NTFS
and Share
What is the NTFS
reasonpermissions
for combiningfor
permissions?
Users
mustpermissions.
have the appropriate
each
file and subfolder in a shared folder and the appropriate shared

folder permissions to access those resources
The share permissions on a folder apply to that folder, to all

files in that folder, to sub folders, and to all files in those
subfolders
When NTFS and shared folder permissions are combined, the

resulting effective permission is the most restrictive one of
the two permission sets
10 min
62
3/11/2014

1. If a user is assigned Full Control NTFS permission to a file but is accessing
the file through a share with Read permission, what will be the effective
permission the user will have on the file?
2. If you want a user to view all files in a shared folder but you can modify only
certain files in the folder, what permissions will you give?
3. Identify a scenario at your organization in which you may have to combine
NTFS and Share permissions. What is the reason for combining permissions?
10 min

The Network and Sharing Center provides services to view,
configure, and troubleshoot your network access and sharing
capabilities
Provides centralized control of network features
Network Map
Network Location private, public, domain
Network Discovery
Controls sharing capabilities related to various network resources:

File sharing
Public folder sharing
Printer sharing
Media sharing
63
3/11/2014

General information


Page.

slides

Print hidden slides

The Network and Sharing Center provides services to view,
configure, and troubleshoot your network access and sharing
capabilities
Provides centralized control of network features
Network Map
Network Location private, public, domain
Network Discovery
Controls sharing capabilities related to various network resources:

File sharing
Public folder sharing
Printer sharing
Media sharing
64
3/11/2014
Lesson 4: Configuring File Compression

What Is NTFS File Compression?
Impact of Moving and Copying Compressed Files and Folders
What Are Compressed (Zipped) Folders?
Demonstration: Compressing Files and Folders

NTFS file compression is the method used by the NTFS file
system to compress files, folders, and volumes

Uses compression to save disk space
Does not use compression
File prior to
compression
for system files and folders

Compression is configured as
an NTFS attribute
NTFS calculates disk space
based on uncompressed
file size
Applications that open a
compressed file only see the

uncompressed data
File after
compression
65
3/11/2014

NTFS file compression is the method used by the NTFS file
system to compress files, folders, and volumes

Uses compression to save disk space
File prior to
compression
Does not use compression
for system files and folders

Compression is configured as
an NTFS attribute
NTFS calculates disk space
based on uncompressed
file size
Applications that open a
compressed file only see the

uncompressed data
File after
compression
Discussion: Impact of Moving and Copying

Compressed Files and Folders
A Within an NTFS Partition
B Within an NTFS Partition
Copy
Move
Retains its original
compression state
Inherits compression
state of the target folder
From NTFS Partitions
To NTFS Partitions
Copy
Move
From NTFS Partition
Inherits compression
state of the target folder
To FAT Partition
Copy
Move
No Compression
66
3/11/2014
Discussion: Impact of Moving and Copying

Compressed Files and Folders
A Within an NTFS Partition
B Within an NTFS Partition
Copy
Move
From NTFS Partitions
To NTFS Partitions
Copy
Move
From NTFS Partition
To FAT Partition
Copy
Move
What Are Compressed (zipped) Folders?

Compressed folders can contain multiple files and folders that are
compressed to reduce the overall storage space for the content
A compressed folder with a .zip

extension is created. Note the reduced
file size.
67
3/11/2014
What Are Compressed (zipped) Folders?

Compressed folders can contain multiple files and folders that are
compressed to reduce the overall storage space for the content
A compressed folder with a .zip

extension is created. Note the reduced
file size.
Demonstration: Compressing Files and Folders

Compress a folder
Copy files into the compressed folder
Move compressed files into an uncompressed
folder
Copy compressed files into an uncompressed
folder
Compress a folder by using the Compressed
(zipped) Folder feature
10 min
68
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
69
3/11/2014
Lesson 5: Managing Printing

Printing Components in Windows 7
XPS and GDI-Based Printing
Demonstration: Installing and Sharing a Printer
Managing Client-Side Printing
Configuring Location-Aware Printing
70
3/11/2014
XPS and GDI-Based Printing

XPS-based printing
XPS is a new document description language

Requires an XPS printer driver
Is used only by WPF applications
Generates a spool file in XPS format
GDI-based printing
Is used by legacy applications in pre-Vista versions of Windows
Uses enhanced metafile format (EMF) as the spool file format
Requires a printer driver unique to each printer model
Interoperability of XPS and GDI-based printing

XPS-based printing can print to an older GDI-based printer by
converting print jobs from XPS to EMF format
GDI-based printing can print to a new XPS-based printer by converting
print jobs from EMF to XPS format
71
3/11/2014
Demonstration: Installing and Sharing a Printer

Create and share a local printer
Set permissions on the printer
10 min

General information


Page.

slides

Print hidden slides
72
3/11/2014

Print Management
Tasks
Devices
and Printers

Print Management Tasks
73
3/11/2014
74
3/11/2014
Lab: Configuring File Access and Printers on

Windows 7 Client Computers
Exercise 1: Create and Configure a Shared Folder for All
Users
Exercise 2: Configuring Shared Access to Files for Specific
Users
Exercise 3: Create and Share a Local Printer
Logon information:
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
6292A-LON-CL2
User name
Administrator
Password
Pa$$w0rd
Lab Scenario
A group of engineering users need to share files on the Windows 7
computers. All computers are in a domain. The most powerful

Windows 7 computer has many files that other users need to
access. Most files can be shared among all users; however, the
more sensitive files can only be accessed by selected users. The
Windows 7 computer has a printer attached to it that other users
want to access from their own computers.
As the IT professional assigned to this account, you have outlined
the following tasks that must be performed to satisfy these

requirements:
Create a public share for the files that all users must be able to access
Create a new share for some specific files that only selected users can
access
Share a printer on the workstation that can be accessed by other users
75
3/11/2014
Lab Review
You created the shared folder for all users.
How can you simplify the process for users to access the
folder from their computers?
You need to ensure that only specific users can access a
shared folder across the network when they are logged on

the computer with the shared folder.
How do you configure the permissions?
You need to ensure that users can manage only the print
jobs that they have sent to a shared printer. Members of

the HelpDesk group must be able to delete all print jobs.
How do you configure the printer permissions?

Review questions
Best Practices
Tools
76
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
77
3/11/2014
Module 4
Configuring Network
Connectivity
Module Overview
Configuring IPv4 Network Connectivity
Configuring IPv6 Network Connectivity
Implementing Automatic IP Address Allocation
Overview of Name Resolution
Troubleshooting Network Issues
78
3/11/2014
Lesson 1: Configuring IPv4 Network Connectivity

What Is an IPv4 Address?
What Is a Subnet Mask?
What Is a Default Gateway?
What Are Public and Private IPv4 Addresses?
Demonstration: Configuring an IPv4 Address
1 to other
An IPv4
address identifiesSubnet
a computer
IP Address
192.168.2.180
computers on a network.
IP Address
192.168.2.181
IP Address
192.168.2.182
IP Address
192.168.1.200
Dotted decimal representation

IP Address
of the 192.168.1.201
address
Subnet 2
IP Address
192.168.1.202
79
3/11/2014

An IPv4 address identifies a computer to other
computers on a network.
IP Address
192.168.2.180
Subnet 1
IP Address
192.168.2.181
IP Address
192.168.2.182
IP Address
192.168.1.200
IP Address
192.168.1.201
IP Address
192.168.1.202
Subnet 2

A This
subnet
This
isis
amask
the
simple
network
specifies
Class ID
Cwhich
type
for this
IPv4
part
number.
of
number.
an IPv4
This is the host ID in the fourth octet.
address
There
This
is
the
network
are
network
3
octets
ID
is
ID
for
shared
and
the
which
network
by
all
part
the
IDof the
Note: This host ID is 200 of 254 hosts on this specific subnet.
IPv4
and
hosts
1address
octet
on the
for
is
same
the
the host
host
subnet
ID.
ID.
IP address
192
w
Subnet mask
255
w
Network ID
192
w
168
x
255
x
168
x
200
y
255
z
0
y
1
y
z
0
z
80
3/11/2014

A subnet mask specifies which part of an IPv4
address is the network ID and which part of the
IPv4 address is the host ID.
IP address
192
w
Subnet mask
255
w
Network ID
192
w
168
x
255
y
255
x
168
200
z
0
y
1
z
0
z

A default gateway is a device, usually a router, on
Use a default
gateway
the internal
routing to
a TCP/IP
internet
thatwhen
forwards
IP packets
table on the other
host has
no
information
about
subnets.
the destination subnet.
Windows 7 clients
Windows 7 clients
Default gateway
Subnet 1
Subnet 2
Router
81
3/11/2014

A default gateway is a device, usually a router, on
a TCP/IP internet that forwards IP packets to
other subnets.
Windows 7 clients
Windows 7 clients
Default gateway
Subnet 1
Subnet 2
Router
What Are Public and Private IPv4 Addresses?

Public
Private
Required by devices
and hosts that

connect directly to the
Internet
Must be unique
Routable on the
Internet
Must be assigned by
Non-routable on the
Internet
Can be locally
assigned by
organization
Must be translated to
access the Internet
IANA
82
3/11/2014

See Notes pane.

to configure a Windows 7 computer with:
An IPv4 address
A subnet mask
A default gateway
10 min
83
3/11/2014
Lesson 2: Configuring IPv6 Network Connectivity

Benefits of Using IPv6
Windows 7 Support for IPv6
What Is the IPv6 Address Space?
IPv6 Address Types
Benefits of Using IPv6

Benefits of using IPv6 compared to IPv4
Larger address space
More efficient routing
Simpler host configuration
Built-in security
Better prioritized delivery support
Redesigned headers
84
3/11/2014
Windows 7 Support for IPv6
IPv6 is Enabled by Default

Windows 7 uses IPv6 by default to support security needs and
additional features
Windows 7 Dual Stack

Windows 7 facilitates the dual stack to use IPv4 and IPv6
simultaneously
Direct Access requires IPv6

Windows 7 clients can use Direct Access which facilitates client
computers connecting to the enterprise domain
IPv6 uses Remote Desktop

IPv6 supports Windows 7 File Sharing Security and Echo System
features such as Remote Access and Direct Access

See Notes pane.
85
3/11/2014

The IPv6 address space:
Uses 128 bits as compared to 32-bits that the IPv4 address
space uses
Allocates 64-bits for the network ID and 64-bits for the host ID
Uses a prefix to define the network ID
IPv6 uses hexidecimal notation

2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A/64
Shorten
Each digit represents four bits
2001:DB8:0:0:2AA:FF:FE28:9C5A/64
Shorten
Shorten the address by dropping
2001:DB8::2AA:FF:FE28:9C5A/64
leading zeros and using zero compression
Continue shortening the address by
The prefix is a forward slashdropping
followed contiguous
by
groups of zeros
the number of bits in the network ID

The IPv6 address space:
Uses 128 bits as compared to 32-bits that the IPv4 address
space uses
Allocates 64-bits for the network ID and 64-bits for the host ID
Uses a prefix to define the network ID
IPv6 uses hexidecimal notation

2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A/64
Shorten
2001:DB8:0:0:2AA:FF:FE28:9C5A/64
Shorten
2001:DB8::2AA:FF:FE28:9C5A/64
86
3/11/2014

See Notes pane.

See Notes pane.
87
3/11/2014
IPv6 Address Types

IPv6 Address Types
Unicast use for one-to-one communication between hosts
Multicast use for one-to-many communication between
computers that are defined as using the same multicast address

Anycast use for locating services or the nearest router
IPv6 Unicast Address Types

Global Unicast globally routable and reachable on the IPv6
portion of the Internet

Link-Local use when communicating with neighboring hosts
on the same link

Unique Local Unicast equivalent to IPv4 private address
spaces, such as 10.0.0.0/8, and have the prefix FD00::/8

See Notes pane.
88
3/11/2014

See Notes pane.

Manually configure a Windows 7 computer with

an IPv6 address
Verify the IP configuration
10 min
89
3/11/2014
Lesson 3: Implementing Automatic IP Address

Allocation
Automatic IPv4 Configuration Process
Demonstration: Configuring a Computer to Obtain an IPv4
Address Dynamically
Troubleshooting Client-Side DHCP Issues
IPv4 Static Configuration
IPv4 Client
Automatic private IP addressing (APIPA):
Is used if a DHCP server cannot be contacted
Assigns IP addresses on the 169.254.0.0/16

network
Cannot be used with:

Active Directory
Internet connectivity
DHCP Server with

IPv4 Scope and
IPv4 Site
Local Scope
Multiple subnets
DNS
IPv4Client
IPv4 Router
or WINS servers
90
3/11/2014
Automatic private IP addressing (APIPA):
Is used if a DHCP server cannot be contacted
Assigns IP addresses on the 169.254.0.0/16

network
Cannot be used with:

Active Directory
Internet connectivity
Multiple subnets
DNS or WINS servers

See Notes pane.
91
3/11/2014
Static Configuration
IPv6 Client

DHCP V6 Server assigns Automatic IPv6
Configuration information to the client.

IP V6 Clients uses DHCP assigned IP Configuration to
access network resources

IP V6 Static Client does not get automatic
DHCP v6 Server with
configuration from the DHCPv6 Server
IPv6 Scope and

IPv6 Site
Local Scope
IP V6 Router provides a Gateway to the internet or
another Subnet.
IPv6 Client
IPv6 Router

DHCP V6 Server assigns Automatic IPv6
Configuration information to the client

IP V6 Clients uses DHCP assigned IP Configuration to
access network resources

IP V6 Static Client does not get automatic
configuration from the DHCPv6 Server

IP V6 Router provides a Gateway to the internet or
another Subnet
92
3/11/2014

See Notes pane.
Demonstration: Configuring a Computer to

Obtain an IPv4 Address Dynamically
Automatically configure a Windows 7 computer

with an IPv4 address
Verify the IP configuration
10 min
93
3/11/2014
Troubleshooting Client-Side DHCP Issues
IPConfig is used to display IP configuration

information and to release and renew addresses
Option
/all
Description
Displays all IP address configuration information
/release
Releases a dynamic IPv4 address lease
/renew
Renews a dynamic IPv4 address lease

See Notes pane.
94
3/11/2014

See Notes pane.

See Notes pane.
95
3/11/2014
Lesson 4: Overview of Name Resolution

Types of Computer Names
Methods for Resolving Computer Names
Types of Computer Names

Name
Description
Up to 255 characters in length
Can contain alphabetic and
numeric characters, periods, and

hyphens
Host name
Part of FQDN
Represent a single computer or
group of computers
15 characters used for the name
16th character identifies service
NetBIOS name
Flat namespace
96
3/11/2014
Methods for Resolving Computer Names
Local Host Name
LMHOSTS File
DNS Resolver Cache
DNS Server
Broadcast
WINS Server
NetBIOS Name Cache
Lesson 5: Troubleshooting Network Issues

Tools for Troubleshooting Networks
Process for Troubleshooting Networks
Demonstration: Troubleshooting Common Network-
Related Problems
97
3/11/2014
Tools for Troubleshooting Networks

Tool
Purpose
Event Viewer
Enables you to view errors relating to network activity
Windows Network
Diagnostics
Helps to diagnose and resolve network problems
IPCONFIG
Displays IP configuration information and controls the

DNS resolver cache
PING and PathPING
Verifies basic IP connectivity
TRACERT
Verifies a routing path
NSLOOKUP
Enables testing of name resolution
Process for Troubleshooting Networks
Event Viewer
Windows Network
Diagnostics
NSlookup
IPConfig
Tracert
Ping
98
3/11/2014
Demonstration: How to Troubleshoot NetworkRelated Problems

to use the TCP/IP troubleshooting tools to
help resolve common connectivity
problems.
10 min
Lab: Configuring Network Connectivity

Exercise 1: Configuring IPv4 Addressing
Exercise 2: Configuring IPv6 Addressing
Exercise 3: Troubleshooting Network Connectivity
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
99
3/11/2014
Lab Scenario
Laptop computers are being introduced for some of the
managers in Contoso Corporation. You need to test how

the IPv4 configuration will behave when they are out of
the office and a DHCP server is unavailable.
Contoso Corporation is considering the implementation of
IPv6 in the internal network. However, none in the

organization has much experience with IPv6. You are
performing some configuration tests with DHCPv6 to see
how it behaves.
A work experience student has been unsuccessful in
attempting to resolve an network connectivity problem on

a Windows 7 computer. The changes made to the
computer have not been documented. You need to restore
network connectivity for the computer.
Lab Review
How are APIPA addresses for IPv4 similar to link-local
addresses in IPv6?
How can you update a Windows 7 computer to use the
correct information after a host record is updated in DNS,

but the Windows 7 computer is still resolving the name to
the previous IP address?
100
3/11/2014

Review Questions
Common Issues
Tools

See Notes pane.
101
3/11/2014
Module 5
Configuring Wireless
Network Connections
Module Overview
Overview of Wireless Networks
Configuring a Wireless Network
102
3/11/2014
Lesson 1: Overview of Wireless Networks

What Is a Wireless Network?
Wireless Network Technologies
Security Protocols for a Wireless Network
What Is a Wireless Network?

A wireless network:
Interconnected devices connected by
radio waves instead of wires or cables
Two modes:
Ad hoc
Advantages
Extends or replaces wired
infrastructure (wire-free)
Increases productivity for mobile
employees
Provides access to internet in
public places
Infrastructure
Disadvantages
Possible interference
Potential security risk
Additional management
103
3/11/2014
Wireless Network Technologies

Wireless
Broadband:
Maximum
Standard
Range of frequencies
Usage
bit rate
Provides
high-speed wireless internet and data network

access
802.11a
54 Mbps
C-Band ISM (5.725 to 5.875 GHz)
Not widely used
Comparable
to
wired broadband, such
as ADSL or cable
11 Mbps
S-Band ISM (2.4 to 2.5 GHz)
Widely used
modem
802.11b

802.11g
54 Mbps
S-Band ISM
Gaining popularity
Used to have constant connectivity to internet and
corporate network
802.11n
600 Mbps
C-Band and S-Band ISM
Gaining popularity, not yet finalized
Windows 7 supports for Wireless Broadband:
Windows 7 provides built-in support for all

standards,
butmodel
also for
depends
on:
Driver-based
mobile broadband
devices
The wireless network adapter
Used the same user interface regardless of the provider
The wireless network adapter driver
Security Protocols for a Wireless Network

Security
standard
Authentication Encryption
methods
methods
Remarks
IEEE 802.11
Open system and

shared key
WEP
Weak authentication and encryption. Use is highly

discouraged
IEEE 802.1X
EAP authentication
WEP
methods
Strong EAP methods provide strong authentication
WPA-Enterprise
802.1X
TKIP / AES
WPA-Personal
PSK
TKIP / AES
WPA2-Enterprise
802.1X
TKIP / AES
WPA2-Personal
PSK
TKIP / AES
Strong authentication (with strong EAP method)

and strong (TKIP) or very strong (AES) encryption
Used for medium and large organizations
Strong authentication (with strong PSK) and strong
(TKIP) or very strong (AES) encryption
Used for home networks or small offices
Strong authentication (with strong EAP method)
and strong (TKIP) or very strong (AES) encryption
Used for medium and large organizations
Strong authentication (with strong PSK) and strong
(TKIP) or very strong (AES) encryption.
Used for home networks or small offices
104
3/11/2014
Lesson 2: Configuring a Wireless Network

Configuring Hardware for Connecting to a Wireless
Network
Wireless Network Settings
Demonstration: Connecting to a Wireless Network
Improving the Wireless Signal Strength
Process for Troubleshooting a Wireless Network
Connection
Configuring Hardware for Connecting to a

Wireless Network
Connect and configure a Wireless Access Point

Configure a wireless network adapter in the client

computer
Configuring Client Computers

Connect to a Network dialog box
Command line: netsh wlan
Group policy
105
3/11/2014
Wireless Network Settings

RightPanel
click any network
Control
Type tab
Security
profileSecurity
Network and
Properties
Internet
Encryption Type
Network
General Settings
Security Types
and
Sharing
Center
Connection Settings
Manage
Wireless
Networks
Demonstration: Connecting to a Wireless

Network
Connect to the administrative webpage of a

wireless AP
Configure the security settings of the wireless AP
Configure an unlisted wireless network
Connect to that network
Connect to a public and open wireless network

10 min
106
3/11/2014

See Notes pane.

See Notes pane.
107
3/11/2014
Improving the Wireless Signal Strength

To improve the signal strength:
Ensure close proximity to the

wireless AP
Consider installing an external

antenna
Check for physical obstructions

Add wireless APs
Check for devices that may cause
interference
Consider changing the wireless
channel
Process for Troubleshooting a Wireless Network

Connection
Review the
Diagnose
the connection by using Windows
Attempt
Attempt
totoconnect
connect
to to
a wireless
a wireless
network
network
1
2
diagnostic
3 Network
Diagnostics tool
information
Diagnose
the connection by using Windows
from:
2 Accessed
Accessed
from:
Network
Diagnostics tool
Identify
the
Right click
from
problem
Network icon
and
network
on
Sharing
Center
the
listTray
ofthe diagnostic information
4 Review
System
3
problems
System

Click Tray
found
Troubleshoot
Identify
the problem from the list of
4 problems
problems found
Resolve the
5 Resolve
problem that
the problem that was identified
5
was identified
108
3/11/2014
Lab: Configuring Wireless Network Connections

Exercise 1: Determine the Appropriate Configuration for a
Wireless Network
Exercise 2: Troubleshooting Wireless Connectivity
Lab Scenario
The Contoso Corporation is implementing Windows 7
desktops throughout their organization. You are a helpdesk technician in the Contoso Corporation.
Amy Rusko is the Production manager for Contoso in the
UK. She visits every manufacturing plant to ensure that

the plant is functioning optimally. Amy has decided that
providing wireless access for users in the plants will
increase productivity.
Amy has requested help to determine what she needs to
buy for each plant and needs your input to be able to price
the project.
Each plant has a different office area with varying numbers
of office workers. You have established that the largest

plant area is 50 meters by 50 meters and has around 180
plant workers.
109
3/11/2014
Lab Review
1. In the lab, you were tasked with making the wireless
network as secure as possible. Is this appropriate in

situations where you want to make the wireless network
accessible to anyone, for example, in a coffee shop?
How will you go about configuring the wireless
infrastructure to support access in this way?
2. Is it advisable to connect this less-restricted wireless
network to your corporate network?

3. Can you think of a way in which legitimate users from
your organization can connect wirelessly to your

infrastructure from the same coffee shop area, while not
providing the same access to anonymous users?

Common Issues and Troubleshooting Tips
Real-World Issues and Scenarios
Tools
110
3/11/2014
Module 6
Securing Windows 7
Desktops
Module Overview
Overview of Security Management in Windows 7
Securing a Windows 7 Client Computer by Using Local Group
Policy Settings
Securing Data by Using EFS and BitLocker
Configuring Application Restrictions
Configuring User Account Control
Configuring Windows Firewall
Configuring Security Settings in Internet Explorer 8
Configuring Windows Defender
111
3/11/2014
Lesson 1: Overview of Security Management in

Windows 7
Key Security Features in Windows 7
What Is Action Center?
Demonstration: Configuring Action Center Settings
Key Security Features in Windows 7

Windows 7 Action Center
Encrypting File System (EFS)
Windows BitLocker and BitLocker To Go
Windows AppLocker
User Account Control
Windows Firewall with Advanced Security
Windows Defender
112
3/11/2014

Action Center is a central location for viewing messages about
Select the items that you want checked for user alerts
your system and the starting point for diagnosing and solving
issues with your system

Action Center is a central location for viewing messages about
your system and the starting point for diagnosing and solving
issues with your system
113
3/11/2014

General information


Page.

slides

Print hidden slides
Demonstration: Configuring Action Center Settings

Change Action Center Settings
Change User Control Settings
View Archived Messages
10 min
114
3/11/2014
Lesson 2: Securing a Windows 7 Client Computer by

Using Local Security Policy Settings
What Is Group Policy?
How Are Group Policy Objects Applied?
How Multiple Local Group Policies Work
Demonstration: Creating Multiple Local Group Policies
Demonstration: Configuring Local Security Policy Settings
What Is Group Policy?

Group Policy enables IT administrators to
automate one-to-several management
of users and computers
Use Group Policy to:
Apply standard configurations
Deploy software
Enforce security settings
Enforce a consistent desktop environment
Local Group Policy is always in effect for

local and domain users, and local
computer settings
115
3/11/2014

Computer settings are applied at startup and
then at regular intervals, while user settings
are applied at logon and then at regular
intervals.
Group Policy Processing Order:
4. OU GPOs
1. Local GPOs3. Domain GPOs
2. Site-level GPOs

Computer settings are applied at startup and
then at regular intervals, while user settings
are applied at logon and then at regular
intervals
Group Policy Processing Order:
4. OU GPOs
3. Domain GPOs
2. Site-level GPOs
1. Local GPOs
116
3/11/2014
How Multiple Local Group Policies Work

Multiple Local Group Policy allows an administrator to
apply different levels of Local Group Policy to local users
on a stand-alone computer.
There are three layers of Local Group Policy Objects, which

are applied in the following order:
1.Local Group Policy object that may contain both computer and user
settings.
2.Administrators and Non-Administrators Local Group Policy objects are
applied next and contain only user settings.
3.User-specific Local Group Policy is applied last, contains only user
settings, and applies to one specific user on the local computer.
Demonstration: Creating Multiple Local Group Policies

Create a custom management console
Configure the Local Computer Policy
Configure the Local Computer
Administrators Policy
Configure the Local Computer Non-
Administrators Policy
Test multiple local group policies
10 min
117
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
118
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
119
3/11/2014
Demonstration: Configuring Local Security Policy

Settings
In this demonstration, you will see how to
review the local security group policy settings
10 min
Lesson 3: Securing Data by Using EFS and BitLocker

What Is EFS?
Demonstration: Encrypting and Decrypting Files and
Folders by Using EFS

What Is BitLocker?
BitLocker Requirements
BitLocker Modes
Group Policy Settings for BitLocker
Configuring BitLocker
Configuring BitLocker to Go
Recovering BitLocker Encrypted Drives
120
3/11/2014
What Is EFS?
Encrypting File
System
(EFS) is the
built-in file7encryption
New
EFS Features
in Windows
tool for Windows file systems.
Enables transparent file encryption and decryption

Encrypting File System Rekeying wizard
Requires the appropriate cryptographic (symmetric) key to read the
encrypted data
Group
Policy
settings
Eachuser New
mustEFS
have
a public
and
private key pair that is used to
protect the symmetric key
A users public
and private
of the keys:
system page file
Encryption
Can either be self-generated or issued from a Certificate Authority
Are protected by the users password
Per-user encryption of offline files
Allows files to be shared with other user certificates
Support for storing private keys on Smart Cards
Support for AIS 256-bit encryption
What Is EFS?
Encrypting File System (EFS) is the built-in file encryption
tool for Windows file systems.
Enables transparent file encryption and decryption
Requires the appropriate cryptographic (symmetric) key to read the

encrypted data
Each user must have a public and private key pair that is used to
protect the symmetric key
A users public and private keys:
Can either be self-generated or issued from a Certificate Authority
Are protected by the users password
Allows files to be shared with other user certificates
121
3/11/2014
Demonstration: Encrypting and Decrypting Files and

Folders by Using EFS
Encrypt files and folders
Confirm the files and folders have been
encrypted
Decrypt files and folders
Confirm the files and folders have been
decrypted
10 min

General information


Page.

slides

Print hidden slides
122
3/11/2014
What Is BitLocker?
Windows BitLocker Drive Encryption encrypts the

computer operating system and data stored on the
operating system volume
Provides offline data protection
Protects all other applications installed on the

encrypted volume
Includes system integrity verification
Verifies integrity of early boot components and boot

configuration data
Ensures the integrity of the startup process
BitLocker Requirements
Encryption and decryption key:

BitLocker encryption requires either:
A computer with Trusted Platform Module (TPM) v1.2 or later
A removable USB memory device
Hardware Requirements:
Have enough available hard drive space for BitLocker to
create two partitions
Have a BIOS that is compatible with TPM and supports
USB devices during computer startup
123
3/11/2014
BitLocker Modes
Windows 7 supports two modes of
operation:
TPM mode
Non-TPM mode
Non-TPM mode
TPM mode
Uses
Policyboot
to allow
BitLocker
to work
a TPM
LocksGroup
the normal
process
until the
user without
optionally
supplies a
personal
and/or
inserts
a USB
drive
containing
a BitLocker
BitLocker startup
startup
Locks
thePIN
boot
process
similar
to TPM
mode,
but the
key must be stored on a USB drive
key
The encrypted
disk must
located
in the
computer
The computers
BIOSbemust
be able
to original
read from
a USB drive
Performs system integrity
verification
on boot components
Provides
limited authentication
If any items
changed
unexpectedly,
the
drive ischecks
locked to
and
Unable
to perform
BitLockers
system
integrity
verify
prevented
from being accessed
or decrypted
that
boot components
did not change
BitLocker Modes
Windows 7 supports two modes of BitLocker
operation: TPM mode and Non-TPM mode
TPM mode
Locks the normal boot process until the user optionally supplies a
personal PIN and/or inserts a USB drive containing a BitLocker startup
key
Performs system integrity verification on boot components
Non-TPM mode
Uses Group Policy to allow BitLocker to work without a TPM
Locks the boot process similar to TPM mode, but the BitLocker startup
key must be stored on a USB drive
Provides limited authentication
124
3/11/2014

Local Group Policy Settings for
Settings
forOperating
Removable
Data
Drives
Group
Policy
provides
theData
following
settings
Settings
for
Fixed
Drives
Settings
for
System
Drives
BitLocker
Drive Encryption
for BitLocker:
Turn on BitLocker backup to Active Directory

Domain Services
Configure the recovery folder on Control Panel

Setup
Enable advanced startup options on Control Panel

Setup
Configure the encryption method
Prevent memory overwrite on restart
Configure TPM validation method used to seal

BitLocker keys

Group Policy provides the following
settings for BitLocker:
Turn on BitLocker backup to Active Directory

Domain Services
Configure the recovery folder on Control Panel

Setup
Enable advanced startup options on Control Panel

Setup
Configure the encryption method
Prevent memory overwrite on restart
Configure TPM validation method used to seal

BitLocker keys
125
3/11/2014
Three methods to enable BitLocker:
InitiatingBitLocker
BitLockerthrough
throughWindows
the Control
Panel
Initiating
Explorer
From System and Settings in Control Panel
Right-click the volume to be encrypted in Windows Explorer and

select the Turn on BitLocker menu option
Use the command-line tool titled manage-bde.wsf
Enabling BitLocker initiates a start-up wizard:

Validates system requirements
Creates the second partition if it does not already exist
Allows you to configure how to access an encrypted drive:
USB
User function keys to enter the Passphrase
No key
Three methods to enable BitLocker:
From System and Settings in Control Panel
Right-click the volume to be encrypted in Windows Explorer and
select the Turn on BitLocker menu option
Use the command-line tool titled manage-bde.wsf
Enabling BitLocker initiates a start-up wizard:

Validates system requirements
Creates the second partition if it does not already exist
Allows you to configure how to access an encrypted drive:
USB
User function keys to enter the Passphrase
No key
126
3/11/2014
Configuring BitLocker To Go
Select
how
toDrive
unlock
the
drive
through
a
Enable
BitLocker
To
Go
Encryption
byrecovery
right-clicking
the portable
Select
how
to
store
your
key
Encrypt
the
Drive
Manage
Encrypted
by
BitLocker
To
Manage
Drive
Encrypted
BitLocker
ToGo
Go
device
(such
asaaaDrive
USB
drive)
andusing
then clicking
Turn On BitLocker
password
or
by
aby
Smartcard
Select one of the following settings to unlock a drive encrypted with
BitLocker To Go:
Unlock with a Recovery Password or passphrase
Unlock with a Smart Card
Always auto-unlock this device on this PC
Configuring BitLocker To Go
Enable BitLocker To Go Drive Encryption by right-clicking the portable
device (such as a USB drive) and then clicking Turn On BitLocker
Select one of the following settings to unlock a drive encrypted with
BitLocker To Go:
Unlock with a Recovery Password or passphrase
Unlock with a Smart Card
Always auto-unlock this device on this PC
127
3/11/2014
Recovering BitLocker Encrypted Drives

When a BitLocker-enabled computer starts:
BitLocker checks the operating system for conditions indicating a
security risk
If a condition is detected:
BitLocker enters recovery mode and keeps the system drive locked
The user must enter the correct Recovery Password to continue
The BitLocker Recovery Password is:

A 48-digit password used to unlock a system in recovery mode
Unique to a particular BitLocker encryption
Can be stored in Active Directory
If stored in Active Directory, search for it by using either the drive label
or the computers password
Lesson 4: Configuring Application Restrictions

What Is AppLocker?
AppLocker Rules
Demonstration: Configuring AppLocker Rules
Demonstration: Enforcing AppLocker Rules
What Are Software Restriction Policies?
128
3/11/2014
What Is AppLocker?
AppLocker is a new Windows 7 security feature that
enables IT professionals to specify exactly what is
allowed to run on user desktops
Benefits of AppLocker
Controls how users can access and run all types of

applications
Ensures that user desktops are running only approved,

licensed software
AppLocker Rules
Create
defaultCustom
AppLocker
rules first, before manually
Creating
Rules
creating new rules or automatically generating rules for
an AppLocker wizard found in the Local Security
a specificUse
folder
Policy Console to automatically generate rules
Default You
rules
enable
the Executable
following:rules, Windows Installer
can
configure
rules, and Script rules
All users to run files in the default Program Files directory
You can specify a folder that contains the .exe files for
the applications that apply to the rule
All users to run all files signed by the Windows operating
system
You can create exceptions for .exe files
Members of the built-in Administrators group to run all files

You can create rules based on the digital signature of
an application
You can manually create a custom rule for a given

executable
129
3/11/2014
AppLocker Rules
Create default AppLocker rules first, before manually
creating new rules or automatically generating rules for a
specific folder
Default rules enable the following:
All users to run files in the default Program Files directory
All users to run all files signed by the Windows operating
system
Members of the built-in Administrators group to run all files
Create custom rules and automatically generate rules

using an AppLocker wizard found in the Local Security
Policy Console
Demonstration: Configuring AppLocker Rules

Create
new executable rule
Create
new Windows Installer rule
Automatically
generate Script rules
10 min
130
3/11/2014

General information


Page.

slides

Print hidden slides
Demonstration: Enforcing AppLocker Rules

Enforce
AppLocker Rules
Confirm
the executable rule enforcement
Confirm
the Windows Installer rule

enforcement
10 min
131
3/11/2014

General information


Page.

slides

Print hidden slides

Comparing
SRP and
AppLocker
Software Restriction
Policies (SRP)
allow
administrators to identify
which
software
is
allowed
toPolicies
run (SRP)
AppLocker replaces the Software Restriction
feature from prior Windows versions
SRP was added in Windows XP and Windows Server 2003

SRP snap-in and SRP rules are included in Windows 7 for
SRP
was compatibility
designed to purposes
help organizations control not just hostile code, but
any unknown code - malicious or otherwise
AppLocker rules are completely separate from SRP rules
AppLocker group policies are separate from SRP group policies
If AppLocker rules have been defined in a GPO, only those rules

are applied
SRP consists of a default security level and all the rules that apply to a
Group Policy Object (GPO)
Definedoes
AppLocker
rules in a separate
GPO to AppLocker?
ensure
How
SRP compare
to Windows
interoperability between SRP and AppLocker policies
132
3/11/2014

Software Restriction Policies (SRP) allow administrators to identify
which software is allowed to run
SRP was added in Windows XP and Windows Server 2003
SRP was designed to help organizations control not just hostile code, but
any unknown code - malicious or otherwise
SRP consists of a default security level and all the rules that apply to a
Group Policy Object (GPO)
Comparing SRP and AppLocker
AppLocker replaces the SRP feature from prior Windows versions
SRP snap-in and SRP rules are included in Windows 7 for compatibility
purposes
AppLocker rules and GPOs are completely separate from SRP
If AppLocker rules are defined, only those rules are applied and any
existing SRP rules are ignored
Lesson 5: Configuring User Account Control

What Is UAC?
How UAC Works
Demonstration: Configuring Group Policy Settings for UAC
Configuring UAC Notification Settings
133
3/11/2014
What Is UAC?
User Account Control (UAC) is a security feature that
simplifies the ability of users to run as standard users and
perform all necessary daily tasks
UAC prompts the user for an administrative users credentials if the task
requires administrative permissions

Windows 7 increases user control of the prompting experience
How UAC Works

In Windows 7, what happens when a user performs
a task requiring administrative privileges?
Standard
Users
UAC prompts the
user for the
credentials of a
user with
administrative
privileges
Administrative
Users
UAC prompts the
user for permission
to complete the
task
134
3/11/2014
Demonstration: Configuring Group Policy Settings

for UAC
Open
the User Accounts window
Review
View
user groups
the Credential Prompt
Change
User Account Settings and View

the Consent Prompt
10 min

General information


Page.

slides

Print hidden slides
135
3/11/2014
Configuring UAC Notification Settings

UAC elevation prompt settings include the following:
Always notify me
Notify me only when programs try to make changes to my computer
Notify me only when programs try to make changes to my computer (do not
dim my desktop)
Never notify
Lab A: Configuring UAC, Local Security Policies, EFS,

and AppLocker
Exercise 1: Configuring virus protection and User Account Control
(UAC) notification settings in Action Center

Exercise 2: Configuring Multiple Local Group Policies to manage
the appearance of selected program icons

Exercise 3: Configuring and testing encryption of files and folders
Exercise 4: Configuring and testing AppLocker rules to control
what programs can be executed
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
136
3/11/2014
Lab A Scenario
Your company is implementing Windows 7 computers for all
corporate users. As an administrator at your organization, you
are responsible for configuring the new Windows 7 computers
to support various corporate requirements.
You have been asked to:
Turn off virus protection notifications
Verify the User Account Control (UAC) settings are set to Always
notify but not dim the desktop
Configure multiple local group policies to control which of the default

program icons appear on users and administrators computers
Encrypt all sensitive data on computers using EFS
Use AppLocker rules to prevent corporate users from running

Windows Media Player and installing unauthorized applications
Lab A Review
Where can you turn on and off security messages related
to virus protection? What are some of the other security

messages that can be configured in Windows 7?
How can the notifications about changes to the computer
be suppressed?
Can multiple local group policies be created and applied to
different users?
What are some of the ways of protecting sensitive data in
Windows 7?
How can Windows 7 users be prevented from running
applications, such as Windows Media Player?
137
3/11/2014
Lesson 6: Configuring Windows Firewall

Discussion: What Is a Firewall?
Configuring the Basic Firewall Settings
Windows Firewall with Advanced Security Settings
Well-Known Ports Used by Applications
Demonstration: Configuring Inbound, Outbound, and
Connection Security Rules
Discussion: What Is a Firewall?

1. What type of firewall does your
organization currently use?
2. What are the reasons that it was selected?
10 min
138
3/11/2014
Configure network locations

Turn Windows Firewall on or off and customize
network location settings
Add, change, or remove allowed programs
Set up or modify multiple active profile settings
Configure Windows Firewall notifications

See Notes pane.
139
3/11/2014
Configure network locations

Turn Windows Firewall on or off and customize
network location settings
Add, change, or remove allowed programs and ports
Set up or modify multiple active profile settings
Configure Windows Firewall notifications

Windows
Firewall with
Security
filtersfirewall
incoming and
The Properties
pageAdvanced
is used to
configure
outgoing
based on
its public
configuration
properties
forconnections
domain, private,
and
network
profiles, and to configure IPsec settings.

Inbound rules explicitly allow or explicitly block traffic
that matches criteria in the rule.
Outbound rules explicitly allow or explicitly deny
traffic originating from the computer that matches the
criteria in the rule.
Connection security rules secure traffic by using IPsec
while it crosses the network.
The monitoring interface displays information about
current firewall rules, connection security rules, and
security associations.
140
3/11/2014

The Properties page is used to configure firewall properties
for domain, private, and public network profiles, and to
configure IPsec settings.
Inbound rules explicitly allow or explicitly block traffic that
matches criteria in the rule.
Outbound rules explicitly allow or explicitly deny traffic
originating from the computer that matches the criteria in
the rule.
Connection security rules secure traffic by using IPsec while
it crosses the network.
The monitoring interface displays information about current
firewall rules, connection security rules, and security
associations.
Well-Known Ports Used by Applications

When an application wants to establish
communications with an application on a remote
host, it creates a TCP or UDP socket.
TCP
ARP
SNMP
POP3
DNS
SMTP
FTP
HTTPS
HTTP
TCP/IP Protocol Suite
UDP
IGMP
IPv4
ICMP
IPv6
Ethernet
141
3/11/2014
Demonstration: Configuring Inbound, Outbound,

and Connection Security Rules
Configure an Inbound Rule
Configure an Outbound Rule
Test the Outbound Rule
Create a Connection Security Rule
Review Monitoring Settings in Windows Firewall
15 min

See Notes pane.
142
3/11/2014

See Notes pane.
Lesson 7: Configuring Security Settings in

Internet Explorer 8
Discussion: Compatibility Feature in Internet Explorer 8
Enhanced Privacy Features in Internet Explorer 8
The SmartScreen Feature in Internet Explorer 8
Other Security Features in Internet Explorer 8
Demonstration: Configuring Security in Internet Explorer 8
143
3/11/2014
Discussion: Compatibility Features in Internet

Explorer 8
What compatibility issues do you think

you may encounter when updating
Internet Explorer?
10 min
Enhanced Privacy Features in Internet Explorer 8
InPrivate Browsing - inherently more secure than using

Delete Browsing History to maintain privacy because there are
no logs kept or tracks made during browsing
InPrivate Filtering - helps monitor the frequency of all thirdparty content as it appears across all Web sites visited by the
user
Enhanced Delete Browsing History - enables users and

organizations to selectively delete browsing history
144
3/11/2014
The SmartScreen Feature in Internet Explorer 8

Use this link to
navigate away
from an unsafe
Web site and
start browsing
from a trusted
location
Use this link to
ignore the
warning; the
address bar
remains red as
a persistent
warning that
the site is
unsafe
Other Security Features in Internet Explorer 8

Per-user ActiveX - makes it possible for standard users to

install ActiveX controls in their own user profile, without
requiring administrative privileges
Per-site ActiveX - IT professionals use Group Policy to preset

allowed controls and their related domains
XSS Filter - identifies and neutralizes a cross-site scripting

attack if it is replayed in the servers response
DEP/NX protection - helps thwart attacks by preventing

code from running in memory that is marked non-executable
145
3/11/2014
Demonstration: Configuring Security in Internet

Explorer 8
Enable Compatibility View for All Web Sites
Delete Browsing History
Configure InPrivate Browsing
Configure InPrivate Filtering
View Add-on Management Interface
10 min

See Notes pane.
146
3/11/2014
Lesson 8: Configuring Windows Defender

What Is Malicious Software?
What Is Windows Defender?
Scanning Options in Windows Defender
Demonstration: Configuring Windows Defender Settings
What Is Malicious Software?

Malicious software is software that is designed to
deliberately harm a computer.
Malicious software
includes:
Viruses
Worms
Trojan horses
Spyware
Adware
Malicious software leads to:
Poor performance
Loss of data
Compromise of private
information
Reduction in end user

efficiency
Unapproved computer
configuration changes
147
3/11/2014
What Is Windows Defender?

Windows Defender is software that helps protect the
computer against security threats by detecting and
removing known spyware from the computer.
Schedules scans to occur on a regular basis

Provides configurable responses to severe, high,
medium, and low alert levels
Works with Windows Update to automatically
install new spyware definitions
Provides customizable options to exclude files,
folders, and file types

You define when to scan
When a scan is complete, results display on the Home page.

Scan Type
Description
Quick scan
Scan the areas of the computer that is most likely to infect

be infected
Full scan
Scan all areas of the computer
Custom scan
Scan specific areas of the computer only
You define what to scan

Option
Scan archive files
Description
May increase scanning time, but spyware likes to hide
in these locations
Scan e-mail
Scan e-mail messages and attachments
Scan removable drives
Scan removable drives such as USB flash drives
Use heuristics
Alert you to potentially harmful behavior if it is not

included in a definition file
Create a restore point
If detected items are automatically removed, this

restores system settings if you want to use software
you did not intend to remove
148
3/11/2014

You define when to scan
Scan Type
Description
Quick scan
Scan the areas of the computer that is most likely to infect

be infected
Full scan
Scan all areas of the computer
Custom scan
Scan specific areas of the computer only
You define what to scan

Option
Description
Scan archive files
May increase scanning time, but spyware likes to hide

in these locations
Scan e-mail
Scan e-mail messages and attachments
Scan removable drives
Scan removable drives such as USB flash drives
Use heuristics
Alert you to potentially harmful behavior if it is not

included in a definition file
Create a restore point
If detected items are automatically removed, this

restores system settings if you want to use software
you did not intend to remove
Demonstration: Configuring Windows Defender

Settings
Set Windows Defender Options
View Quarantine Items
View Allowed Items
Microsoft SpyNet
Windows Defender Website
10 min
149
3/11/2014

See Notes pane.
Lab B: Configuring Windows Firewall, Internet Explorer

8.0 Security Settings, and Windows Defender
Exercise 1: Configuring and Testing Inbound and
Outbound Rules in Windows Firewall

Exercise 2: Configuring and Testing Security Settings in
Internet Explorer 8
Exercise 3: Configuring Scan Settings and Default Actions
in Windows Defender
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
150
3/11/2014
Lab B Scenario
Your company has recently implemented Windows 7
computers for all corporate users. Some of the users have
been connecting to and from other desktops through RDP.
You need to prevent them from doing so with the use of
Windows Firewall.
As an administrator at your organization, you are
responsible for configuring and testing various security
settings:
In Internet Explorer 8, including InPrivate Browsing, InPrivate

Filtering, and the compatibility view for all Web sites.
To prevent malware from infecting computers you need to

configure Windows Defender scan settings, schedule scans to
run on Sundays at 10:00 PM and set severe alert items to
quarantine.
You also need to review what items have been allowed on

computers.
Lab B Review
What are the types of rules you can configure in Windows
Firewall?
What are some of the new security settings in Internet
Explorer 8?
Will the default Windows Defender settings allow to check
for new definitions, regularly scan for spyware and other

potentially unwanted software?
What are some of the types of scans Windows Defender
can perform to detect malicious and unwanted software?
151
3/11/2014

Review questions
Real-World Issues and Scenarios
Common Issues
Best Practices

General information


Page.

slides

Print hidden slides
152
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
153
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
154
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
155
3/11/2014

General information


Page.

slides

Print hidden slides

General information


Page.

slides

Print hidden slides
156
3/11/2014
Module 7
Optimizing and
Maintaining Windows 7
Client Computers
Module Overview
Maintaining Performance by Using the Windows 7
Performance Tools
Maintaining Reliability by Using the Windows 7 Diagnostic
Tools
Backing Up and Restoring Data by Using Windows Backup
Restoring a Windows 7 System by Using System Restore
Points
Configuring Windows Update
157
3/11/2014
Lesson 1: Maintaining Performance by the Using

Windows 7 Performance Tools
Discussion: What Are Performance and Reliability
Problems?
Performance Information and Tools
Performance Monitor and Data Collector Sets
Demonstration: Using the Resource Monitor
Demonstration: Analyzing System Performance by Using
Data Collector Sets and Performance Monitor

Considerations for Monitoring System Performance in
Windows 7
Discussion: What Are Performance and Reliability

Problems?
Performance
Measures how quickly
the computer
completes a task
How can you identify

whether a problem
relates to Performance
or Reliability?
Reliability
Is the measure of how
a system conforms to
expected behavior
10 min
158
3/11/2014
Performance Information and Tools

Performance Information and Tools provides access to:
Windows Experience Index
Performance-Related tools
Windows Experience Index
Determines the computers
overall hardware capability
by calculating its WEI base
score
Performance-related tools
Performance-related
events in Event log

Performance Monitor
Reliability Monitor
Access the Performance Information and Tools from the

Control Panel

See Notes pane.
159
3/11/2014
Performance Monitor and Data Collector Sets

Monitoring Tools
Performance Monitor:
Provides a graphical view of the
Data Collector Sets

Reports
Monitoring
Tools
computers
performance.
System Counters
Add
Performance
Counters to the
Diagnostics
Computer
performance
Performance
Monitor
measure the
Performance
reports
created
fromtothe
system
state
or
activity
Data
Collector
Sets
Performance Counters in
Event
Trace Sessions
Data
Collector
Sets:
Performance Counters can be
User
Defined Reports
added
Systemby:
Configuration
Reports
System
Data Reports
Dragging
and dropping the
counters
Creating a custom data
set
To access the Performance Monitor visual

display, select Performance Monitor in the
Performance Monitor page
collector
To access
Dataselect
Collector
Sets,inselect
Data Collector
Sets
To access
Reports,
Reports
the Performance
Monitor
pagein the Performance Monitor page
Access the Performance Monitor, from the Performance
information and Tools > Advanced Tools

See Notes pane.
160
3/11/2014
Demonstration: Using the Resource Monitor

In this demonstration, you will see how to
use Resource Monitor.
10 min

See Notes pane.
161
3/11/2014
Demonstration: Analyzing System Performance by

Using Data Collector Sets and Performance Monitor
to analyze system performance by
using data collector sets and
performance monitor.
10 min

See Notes pane.
162
3/11/2014
Considerations for Monitoring System Performance

in Windows 7
Use the Resource Monitor to get a visual data

view for all the resources
Set a performance baseline to compare the

usage on the computer
Plan monitoring carefully so that system

performance is not affected
Lesson 2: Maintaining Reliability by the Using

Windows 7 Diagnostic Tools
Problems That Windows Diagnostic Tools Can Help Solve
Windows Memory Diagnostics Tool
Windows Network Diagnostics Tool
Reliability Monitor and Problems Reports and Solutions
Tool
Windows Startup and Recovery
Demonstration: Resolving Startup Related Problems
163
3/11/2014
Problems That Windows Diagnostic Tools Can

Help Solve
Memory
Application failures
Operating system faults
Stop errors
Network
Interfaces not configured properly
Incorrect IP addresses
Hardware failures
Host of other problems
Startup
Malfunctioning memory
Incompatible design
Corrupted device drivers
Missing or corrupt startup files
Corrupt disk data
Windows Memory Diagnostics Tool

Checks for symptoms of defective computer memory
Runs automatically or can be started from Administrative Tools in

Control Panel
Notifies the user on Memory problems and logs the details
Presents the solution on the problem when the computer restarts
Access the Windows Memory Diagnostics

Tool from the Control Panel > System and
Security > Administrative Tools
164
3/11/2014
Windows Network Diagnostics Tool

Provides assistance in resolving network-related issues
Diagnoses network problems

Repairs issues automatically
Directs the user to perform simple steps to correct the problem without calling for support
Access the Windows Network Diagnostic

Tool from the Network and Sharing Center
> Troubleshoot problems > Fix a Network
Problem
Reliability Monitor and Problems Reports and

Solutions Tool
Reliability Monitor:
Provides a timeline of system changes and reliability
Provides a System Stability Chart
Reports on software installations and software and

hardware failures
Problem Reports and Solutions Tool:
Use after the Windows Memory Diagnostics Tool

or the Windows Network Diagnostics Tool
View a history of attempts to diagnose a problem
Rerun a check for a problem
See the problem report details
165
3/11/2014

See Notes pane.
Windows Startup and Recovery

Boot options for troubleshooting startup
problems:
Repair your computer

Safe Mode
Boot logging
Last known good configuration
Disable auto restart on system failure
Disable driver signature enforcement
The Startup Repair tool fixes problems that

are preventing Windows from starting
Incompatible drivers
Missing or corrupted startup-configuration settings
Corrupted disk metadata
Access Startup and Recovery from

System Properties > Advanced tab
After the Startup Repair tool repairs the operating

system, Windows 7:
Notifies you of the repairs
Provides a detailed log of the steps
performed by the tool
166
3/11/2014

See Notes pane.
Demonstration: Resolving Startup Related

Problems
to resolve startup related problems.
10 min
167
3/11/2014
Lesson 3: Backing Up and Restoring Data by

Using Windows Backup
Discussion: Need for Backing Up data
Backup and Restore Tool
Demonstration: Performing a Backup
Demonstration: Restoring Data
Discussion: Need for Backing Up Data

1. Why do you need to back up data?
2. How can you restore data that is
lost?
10 min
168
3/11/2014
Backup and Restore Tool

Create a backup
Make copies of data files
Restore a backup
Restore a backup of lost,
damaged, or changed
data files
Create a system
image
Create a system
repair disc
A copy of the all drives

required for Windows to
run
A backup of the System

Image when restoring the
entire computer
Access the Backup and Restore Tool from the Control Panel > System and Security > Backup and Restore
Demonstration: Perform a Backup

to perform a backup.
10 min
169
3/11/2014

See Notes pane.
Demonstration: Restoring Data

to restore data from a backup.
10 min
170
3/11/2014
Lesson 4: Restoring a Windows 7 System by

Using System Restore Points
How System Restore Works
What Are Previous Versions of Files?
Configuring System Protection Settings
Demonstration: Restoring a System
How System Restore Works

A Windows 7 feature that helps restore your
computer's system files to an earlier version
System Restore Points:
Restores system files back to the version captured at the prior

system restore point
Restores system changes without affecting any personal files
System Restore backs up the following components:
Registry
Dllcache folder
User profile
COM+ and WMI information
IIS metabase
Certain monitored system files
Access the System Restore Tool from the Control Panel > All Control Panel Items > Recovery
171
3/11/2014

See Notes pane.
What Are Previous Versions of Files?

Recovers data files to an earlier version
Previous versions are either:
Shadow Copy is created:
Copies of files and folders created
When a restore point is
by Windows Backup
Copies of files and folders that
Windows automatically saves as

part of a restore point
Restore files and folders that are:
Accidentally modified
Accidentally deleted
Damaged
taken
On a scheduled basis
When files change
Shadow Copy provides

files for:
System Consistency
Application Consistency
Access Previous versions of files by clicking Control Panel > System and Security > System Properties >
System Restore
172
3/11/2014
Configuring System Protection Settings
Access System Protection Settings by clicking Control Panel > System and Security > System > System
Protection > System Protection tab > Configure
Demonstration: Restoring a System

to restore a system by using a restore
point.
15 min
173
3/11/2014

See Notes pane.
Lesson 5: Configuring Windows Update

What Is Windows Update?
Configuring Windows Update Settings
Windows Update Group Policy Settings
174
3/11/2014
What Is Windows Update?

Windows Update is a service that
automatically installs updates for Windows
Improve security and reliability
Improve how the computer works
Help enhance computing experience
Configuring Windows Update Settings

Windows
Update
Change
Settings
Update
History
Lists
important
Choose
how
Windows
can
Lists
all updates
thatand
were
optional
updates
install updates
previously
installed
Restore Hidden Updates
Restore an update
Install the update again
Install updates options

Windows Update Options:
Install updates
Change
Settings:
automatically
Allows
you to configure the
way(recommended)
you install the updates
Download updates but
View
Update History:
let me
Allows
youchoose
to viewwhether
a list of
to
install
them
all previous updates
Check for updates but
Restore
Hidden Updates:
let me
whether
Allows
youchoose
to reinstall
an
to
download
and
install
update
them
Access Windows Update by clicking Control Panel > System and Security > Windows Update
175
3/11/2014
Windows Update Group Policy Settings

Windows Update Group Policy is an administrative
tool for managing user settings and computer settings
across a network
Access Group Policy Settings by clicking Control Panel > System and Security > Administrative Tools > Edit
Group Policy

See Notes pane.
176
3/11/2014
Lab: Optimizing and Maintaining Windows 7

Client Computers
Exercise 1: Monitoring System Performance
Exercise 2: Backing Up and Restoring Data
Exercise 3: Configuring System Restore Points
Exercise 4: Configuring Windows Update
Logon information
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
Lab Scenario
A user is experiencing a performance problem on a new
computer running Windows 7. You need to determine the

source of the problem by using Resource Monitor and
creating a data collector set.
Several laptop users store some data locally rather than
on a network share. Users will perform the backup of this

data to an external hard drive. However, you must
configure and test the backup job for them.
System restore points have been disabled on a Windows 7
computer during previous troubleshooting. Now, you need

to enable system restore points on this computer and
verify that they are working. Testing includes restoring the
previous version of a file.
Automatic updates were disabled by a technician during
troubleshooting. You need to enable automatic updates for

the new Windows 7 computers by using a group policy and
verify that the new settings have been applied.
177
3/11/2014
Lab Review
What are the benefits of creating a data collector set?
Under what circumstances might you choose to disable system
restore points on all Windows 7 computers in your environment?

Review Questions
Tools
178
3/11/2014
Module 8
Configuring Mobile
Computing and Remote
Access in Windows 7
Module Overview
Configuring Mobile Computer and Device Settings
Configuring Remote Desktop and Remote Assistance for
Remote Access
Configuring DirectAccess for Remote Access
Configuring BranchCache for Remote Access
179
3/11/2014
Lesson 1: Configuring Mobile Computer and

Device Settings
Discussion: Types of Mobile Computers and Devices
Tools for Configuring Mobile Computer and Device Settings
What Are Mobile Device Sync Partnerships?
Demonstration: Creating a Sync Partnership
Power Plans and Power-Saving Options in Windows 7
Demonstration: Configuring Power Plans
Discussion: Types of Mobile Computers and

Devices
1. How do mobile computers differ
from desktops?
2. What are key end-user needs that
mobile computers help resolve?
10 min
180
3/11/2014
Tools for Configuring Mobile Computer and

Device Settings
Tool
Presentation Settings
Features
Windows Mobility
Center
Power Options
Windows Mobile
Updated Battery Meter

Power Plans
Key system settings collected in one place
Display brightness, power plan, volume, wireless networking,
external display settings, display orientation, and
synchronization status
Successor to Active Sync

Synchronizes various content including music, video, contacts,
calendar events, web browser favorites, and other files
between Windows Mobile devices and Windows 7
Device center
Sync data between desktop computers, network servers, and

mobile devices
Sync Center
Presentation
Settings
Shows current status of all sync partnerships

Reconfigure your computer for a presentation
One click changes multiple settings
Tools for Configuring Mobile Computer and

Device Settings
Tool
Features
Windows Mobility
Center
Power Options
Windows Mobile
Device center
Updated Battery Meter

Power Plans
Key system settings collected in one place
Display brightness, power plan, volume, wireless networking,
external display settings, display orientation, and
synchronization status
Successor to Active Sync

Synchronizes various content including music, video, contacts,
calendar events, web browser favorites, and other files
between Windows Mobile devices and Windows 7
Sync data between desktop computers, network servers, and
Sync Center
Presentation
Settings
mobile devices
Shows current status of all sync partnerships

Reconfigure your computer for a presentation
One click changes multiple settings
181
3/11/2014

Mobile Device Sync Partnerships update
information about
the mobile device
Files sent
and the host
computer.
to Desktop
Desktop
Mobile
Device
Files sent to
Mobile Device

Mobile Device Sync Partnerships update information
about the mobile device and the host computer.
Files sent
to Desktop
Desktop
Mobile
Device
Files sent to
Mobile Device
182
3/11/2014
Demonstration: Creating a Sync Partnership

Configure Windows Mobile Device Center
Synchronize a Windows Mobile device
10 min

See Notes pane.
183
3/11/2014
Power Plans and Power-Saving Options in

Windows 7
Method for turning a
computer
on or off
Power Plan
Sleep or Standby
Data Storage
State
Power Needs
Description
System State
Saved to Memory
Low
This plan saves power on a mobile computer by

System State
reducing
system performance.
Its primary purpose is
None
Saved to Disk
to maximize battery life.
All Data Saved to
Shut Down
This
plan provides theNone
highest level of performance
Disk
on a mobile computer by adapting processor speed
High performance
to your work or activity and by maximizing system
performance.
This plan balances energy consumption and system
Balanced
performance by adapting the computers processor
speed to your activity.
Power Saver
Hibernate
Power Plans and Power-Saving Options in

Windows 7
Power Plan
Power Saver
High performance
Balanced
Method for turning a

computer on or off
Description
This plan saves power on a mobile computer by reducing system
performance. Its primary purpose is to maximize battery life.
This plan provides the highest level of performance on a mobile
computer by adapting processor speed to your work or activity and by
maximizing system performance.
This plan balances energy consumption and system performance by
adapting the computers processor speed to your activity.
Data Storage State
Power
Needs
Sleep or Standby
System State Saved to Memory
Low
Hibernate
System State Saved to Disk
None
Shut Down
All Data Saved to Disk
None
184
3/11/2014
Demonstration: Configuring Power Plans

to configure a power plan.
5 min
Lesson 2: Configuring Remote Desktop and

Remote Assistance for Remote Access
What Are Remote Desktop and Remote Assistance?
Configuring Remote Desktop
Demonstration: Configuring Remote Assistance
185
3/11/2014
What Are Remote Desktop and Remote

Assistance?
Remote Desktop
Remote Assistance
A Windows 7 feature
A Windows 7 feature
Enables
Optionally allows for
that enables support

staff to connect to a
remote desktop
computer
that enables users to

connect to their
desktop computer
from another device
remote control of
that computer
administrators to
connect to multiple
remote servers for
administrative
purposes
Assistance can be
sought or offered

Configuring Remote Desktop includes
setting it up on the remote computer
and the host computer.
Host Computer
Remote Computer
Launch the Remote Desktop
Open the System Window
Connection
Choose Options to see the Remote
Desktop configuration settings

On the General Tab, enter the remote
computers name and your

authentication credentials
Select Remote Settings

In the System Properties Window
select Allow Remote Assistance

Under Remote Desktop select or add
the users who can connect to this

computer.
Save your Connection Settings

Select preferences on the remaining
Options tabs
186
3/11/2014

Configuring Remote Desktop includes
setting it up on the remote computer
and the host computer.
Host Computer
Remote Computer
Launch the Remote Desktop
Open the System Window
Connection
Select Remote Settings
Choose Options to see the Remote
Desktop configuration settings

On the General Tab, enter the remote
computers name and your

authentication credentials
In the System Properties Window
select Allow Remote Assistance

Under Remote Desktop select or add
the users who can connect to this

computer.
Save your Connection Settings

Select preferences on the remaining
Options tabs
Demonstration: Configuring Remote Assistance

Request Remote Assistance
Configure Windows Firewall to Enable Remote

Administration
Provide Remote Assistance
12 min
187
3/11/2014

See Notes pane.
Lesson 3: Configuring DirectAccess for Remote

Access
What Is VPN Connection?
Creating a VPN
What Is DirectAccess?
How DirectAccess Works
DirectAccess Requirements
188
3/11/2014
What Is a VPN Connection?

VPNs are point-to-point connections across a private or public
network. A VPN client uses special protocols, called tunneling
protocols, to make a virtual call to a virtual port on a VPN server
VPN connections use either Point-to-Point Tunneling
Protocol (PPTP), Layer Two Tunneling Protocol/Internet
Protocol security (L2TP/IPsec), or Secure Socket
Tunneling Protocol (SSTP)
PPTP uses Point-to-Point Protocol (PPP) for user-level
authentication and Microsoft Point-to-Point Encryption
(MPPE) for encryption
L2TP uses PPP authentication and IPsec encryption
SSTP uses PPP framing on top of Secure Sockets Layer

(SSL)
Creating a VPN Connection
Creating a VPN connection in the Windows 7 system

environment requires authenticated access to a Windows
a VPN Server
From the Network and Sharing Center- choose to the Setup a new
connection wizard or type VPN at the Windows 7 search bar
Choose Connect to a workplace Set up a dial-up or VPN connection

Create a new connection
Select your VPN server after choosing Use my Internet

Connection (VPN)
189
3/11/2014
Creating a VPN Connection
Creating a VPN connection in the Windows 7 system

environment requires authenticated access to a Windows
a VPN Server
From the Network and Sharing Center- choose to the Setup a new
connection wizard or type VPN at the Windows 7 search bar
Choose Connect to a workplace Set up a dial-up or VPN connection

Create a new connection
Select your VPN server after choosing Use my Internet

Connection (VPN)
What Is DirectAccess?
Features
Provides users transparent access to internal network
resources whenever they are connected to the Internet

Enables IT Professionals to manage remote computers
outside of the office

Establishes a bi-directional connection that enables the
client computer to remain current with company policies

and to receive software updates
Does not require a VPN connection
Supports multifactor authentication methods
Configurable to restrict which servers, users, and
individual applications are accessible
190
3/11/2014
How DirectAccess Works
Configured using DirectAccess console or IPsec policies
Selected Server
IPsec session is established between
the DirectAccess client and server

IPsec is not used for communications
across the internal network

Enterprise internal security is
unchanged
Closely resembles VPN and can be
more straightforward to deploy
Full Enterprise Network

Deploy IPv6 and IPsec in the
organization
Upgrade application servers
Windows Server 2008 R2

Enable selected server access
Allows end-to-end authentication and
encryption from the DirectAccess

client to internal resources
Flexible configuration meets organizational security requirements
DirectAccess Requirements
Requirements
Windows Server 2008 R2 with two network adapters

One domain controller and DNS server running Windows Server 2008 or
Windows Server 2008 R2
Public Key Infrastructure (PKI)

IPsec policies
IPv6 transition technologies
Windows 7 Enterprise on the client computers
Optionally, a NAT-PT device to provide IPv4 access
Deployment
IPv6-over-IPsec to encrypt communications

Scalability determined number of Direct Access servers
Multiple ways to install Direct Access
191
3/11/2014
Lesson 4: Configuring BranchCache for Remote

Access
What Is BranchCache?
How BranchCache Works
BranchCache Requirements
Demonstration: Configuring BranchCache on a Windows 7
Client Computer
What Is BranchCache?
BranchCache caches content from remote and Web servers in
the branch location so users can quickly access the content.
Cache can be hosted centrally in the branch location or
distributed across user PCs.
Key benefits for IT professionals
Helps reduce WAN link utilization
Optimizes traffic flow between clients and servers
Supports commonly used network protocols
Supports end-to-end encryption between clients and servers
Provides compatibility with end-to-end security protocols
Remains transparent to the user
192
3/11/2014

Hosted
Cache
ModeMode
Distributed
Cache
Distributed
Hosted
Cache
Cache
a server across
at the branch
office
Cache is
is on
distributed
client computers
Client
computers
retrieve content
from
the branch
office
Additional
client computers
retrieve
content
from the
first
server
requesting client computer
Get
Get offices
Beneficial
Beneficial for
for larger
branchbranch
offices
that dothat
nothave
havehardware
a local server
Data
resources
for aServer
local server
with Windows Server 2008 R2
with Windows
2008 R2
Main Office
IDs
Get
Get
Get
Data
Put
Client computers are

configured to use
only one caching
mode at a time.
Data
Get
Data
Data
Data
Branch
Office
Branch
Office

Hosted Cache Mode
Cache is on a server at the branch office
Client computers retrieve content from the branch office

server
Beneficial for larger branch offices that have hardware

resources for a local server with Windows Server 2008 R2
Distributed Cache Mode

Cache is distributed across client computers
Additional client computers retrieve content from the first

requesting client computer
Beneficial for branch offices that do not have a local server

with Windows Server 2008 R2
Client computers are configured to use

only one caching mode at a time.
193
3/11/2014
BranchCache Requirements
Windows Server 2008 R2 - required either in the main

server location or at the branch office
Windows 7 Enterprise - required on the client PCs

Client Configuration
Off by default
Enable and configure manually or by
Server Configuration
Not installed by default
Enable and configure manually or by
Group Policy
Group Policy
Caching mode to cooperative or
hosted
Host name of hosted cache server
Set client cache size
Set cache location on disk
Firewall rules required
Enable for all file shares or on a file
share by file share basis

If enabled on a Web server, must be
enabled for all Web sites
Hosted cache equipped with a certificate
trusted by client computers suitable for
TLS
Demonstration: Configuring BranchCache on a

Windows 7 Client Computer
Configure BranchCache client-side Group Policy

settings
Enable BranchCache on a shared folder
Configure Windows 7 client BranchCache settings
Verify BranchCache configuration
20 min
194
3/11/2014

See Notes pane.

See Notes pane.
195
3/11/2014
Lab: Configuring Mobile Computing and Remote

Access in Windows 7
Exercise 1: Creating a Sync Partnership
Exercise 2: Configuring Power Options
Exercise 3: Enabling Remote Desktop
Exercise 4: Enabling BranchCache
Logon information:
Virtual machine
6292A-LON-DC1
6292A-LON-CL1
User name
Password
Pa$$w0rd
Lab Scenario
The Contoso Corporation is implementing Windows 7 desktops
throughout their organization. You are a help-desk technician

in the Contoso Corporation. Don is the Production manager
for Contoso in the UK.
Don is about to visit all the manufacturing plants in the UK.
Before he leaves, Don wants you to enable and configure a

sync partnership with his Windows Mobile device.
He also wants you to configure a power plan on his laptop
computer.
In addition, he wants you to enable Remote Desktop on his
office computer so he can connect to it while hes travelling.

Finally, users in the Slough production plant require timely
access to corporate HQ files during Dons visit. Slough does

not have a file server at present, and so you must enable
BranchCache in Distributed Cache mode.
196
3/11/2014
Lab Review
1. In exercise 2, you enabled the Remote Desktop feature
through the firewall by editing the local firewall settings.
Is there an alternative way in which you can make this
change?
2. If you attempted to connect to Dons computer from a
computer out on the Internet somewhere, what
additional settings must you consider?
3. In exercise 3, you established the necessary settings to
support BranchCache in Distributed cache mode. If the
Slough plant installed a file server, what other way can
you implement BranchCache?

Review Questions
Common Issues
197
3/11/2014

See Notes pane.

See Notes pane.
198
3/11/2014

See Notes pane.
Course Evaluation
199

03-Installing and Configuring Windows 7 Client

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

03-Installing and Configuring Windows 7 Client

Caricato da

Copyright:

Formati disponibili

3/11/2014

Installing and Configuring

Searchable, easy-to-navigate digital

How to Use the Course Material

Use the handbook content as the

During the class, refer to the

Use the troubleshooting tips and best

Use the CD as your extended learning

practices in the Module Reviews and

resource on the job.

6292: Installing and Configuring Windows 7

Microsoft Certification Program

Core exam for the

70-680: TS: Windows

Elective exam for

About This Course

Virtual Machine Environment

Virtual Machine Environment

Domain controller in the Contoso.com domain

Windows 7 computer in the Contoso.com domain

Windows 7 computer in the Contoso.com domain

Virtual machine with no operating system installed

Windows Vista computer in the Contoso.com domain

Demonstration: Using Hyper-V Manager

Lesson 1: Preparing to Install Windows 7

Key Features of Windows 7

Notes Page Over-flow Slide. Do Not Print Slide.

Notes Page Over-flow Slide. Do Not Print Slide.

Hardware Requirements for Installing Windows 7

1 GB for 32-bit or 2 GB for 64-bit

16 GB for 32-bit or 20 GB for 64-bit

Advantages of Using 64-Bit Editions of

Options for Installing Windows 7

Lesson 2: Performing a Clean Installation of

Domain/Word Group Settings

Discussion: Considerations for a Clean

Methods for Performing Clean Installation

ImageX, Windows Deployment Service,

Discussion: Common Installation Errors

What potential issues might

Demonstration: Configuring the Computer Name

Lesson 3: Upgrading and Migrating to Windows 7

Considerations for Upgrading and Migrating to

Notes Page Over-flow Slide. Do Not Print Slide.

Identifying the Valid Upgrade Paths

Only clean install

Windows Vista SP1, SP2

Windows Anytime Upgrade enables you to

Determining the Feasibility of an Upgrade Using

install and run the appropriate edition and features of

Process for Upgrading to Windows 7

Evaluate whether your computer meets

Tools for Migrating User Data and Settings

Identify which components are to be migrated

User State Migration Tool (USMT) 4.0

Process for Migrating to Windows 7

Back up user state, including:

Windows Easy Transfer

Migrating User Settings and Data by Using WET

1 Close all active programs

Lesson 4: Performing an Image-Based

What Is Windows Imaging File Format?

One image for many hardware configurations

Tools for Performing Image-Based Installation