Utilize windows 7

Utilize windows 7
This e-book is a collection of articles originally published on http://www.utilizewindows.com. Check for the latest version of this e-book: http://www.utilizewindows.com/e-books This e-book is published under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license: http://creativecommons.org/licenses/by-nc-sa/3.0 If you would like to contact us: http://www.utilizewindows.com/contact-us If you would like to support us: http://www.utilizewindows.com/about-us Disclaimer: While we at the Utilize Windows strive to make the information in this book as timely and accurate as possible, we make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of this book, and expressly disclaim liability for errors and omissions in the contents of this book. Microsoft Windows® 7 is registered trademark of Microsoft Corporation in the United States and/or other countries.
Contents Basics ........................................................................................................................................................................................1 Introduction to Windows 7..............................................................................................................................................1 Creating a Windows 7 USB Installation Source ...........................................................................................................4 Upgrading to Windows 7 - Overview ............................................................................................................................9 Migrating to Windows 7 using WET............................................................................................................................10 Migrating to Windows 7 using USMT .........................................................................................................................15 Networking............................................................................................................................................................................21 Configuring IPv4 in Windows 7....................................................................................................................................21 Configuring IPv6 in Windows 7....................................................................................................................................25 Internet Connection Sharing (ICS) Configuration in Windows 7...........................................................................28 Working With Wireless Network Connections in Windows 7 ................................................................................32 Working with Windows Firewall in Windows 7.........................................................................................................38 Configuring Windows Firewall with Advanced Security in Windows 7.................................................................43 Configuring BranchCache in Windows 7 ....................................................................................................................51 Creating a VPN Connection in Windows 7................................................................................................................55 DirectAccess Feature in Windows 7.............................................................................................................................59 Deployment...........................................................................................................................................................................62 Preparing for Windows 7 Image Capture....................................................................................................................62 Mounting and Unmounting Windows 7 Image Using ImageX and DISM...........................................................66 Creating WinPE Using WAIK for Windows 7 ..........................................................................................................76 Windows 7 Image Capture Demonstration.................................................................................................................80 Windows 7 Image Deployment Demonstration ........................................................................................................85 Managing Existing Windows 7 Images........................................................................................................................91 Servicing Windows 7 Image Using DISM...................................................................................................................98 Applying Updates to Windows 7 Image Using DISM............................................................................................105 Creating Virtual Hard Disk (VHD) using Disk Management in Windows 7......................................................108 Creating Virtual Hard Disk (VHD) using Diskpart in Windows 7.......................................................................113 Management ........................................................................................................................................................................117
Advanced Driver Management in Windows 7..........................................................................................................117 Staging a Driver in Windows 7....................................................................................................................................125 Using Disk Management and Diskpart to Mange Disks in Windows 7...............................................................128 Disk Quotas in Windows 7..........................................................................................................................................136 Disk Defragmenter Tool in Windows 7 ....................................................................................................................140 Removable Storage and System Security in Windows 7..........................................................................................142 Application Compatibility Issues in Windows 7.......................................................................................................144 UAC Configuration in Windows 7 .............................................................................................................................148 Configuring Security Zones in Windows 7 ...............................................................................................................151 Printer Configuration in Windows 7 ..........................................................................................................................160 Configuring Power Options in Windows 7...............................................................................................................165 Configuring Offline Files in Windows 7....................................................................................................................172 Managing Services in Windows 7................................................................................................................................177 Using msconfig in Windows 7.....................................................................................................................................183 Event Viewer in Windows 7........................................................................................................................................188 Monitoring Performance in Windows 7 ....................................................................................................................196 Using WinRS and PowerShell for Remote Management in Windows 7..............................................................207 Configuring and Using Remote Desktop in Windows 7 ........................................................................................212 Remote Assistance in Windows 7...............................................................................................................................223 System Recovery in Windows 7 ..................................................................................................................................231 Security .................................................................................................................................................................................239 Credential Manager in Windows 7..............................................................................................................................239 Running Apps as Different Users with Run As in Windows 7 .............................................................................245 User Account Policies in Windows 7.........................................................................................................................250 Editing NTFS Permissions in Windows 7.................................................................................................................254 Advanced Sharing Settings in Windows 7.................................................................................................................264 Working With Shared Folders in Windows 7 ...........................................................................................................269 HomeGroups in Windows 7........................................................................................................................................276 Configuring Auditing in Windows 7...........................................................................................................................280
Encrypting File System in Windows 7 .......................................................................................................................285 Configuring BitLocker in Windows 7 ........................................................................................................................294 Configuring BitLocker to Go in Windows 7 ............................................................................................................300 Windows Defender in Windows 7..............................................................................................................................305 Optimization........................................................................................................................................................................310 Monitoring Resources in Windows 7.........................................................................................................................310 Using Reliability Monitor in Windows 7....................................................................................................................321 Visual Effects and Paging File Options in Windows 7 ...........................................................................................326 Configuring WSUS and Other Update Options in Windows 7.............................................................................339 Setting Up Backup in Windows 7...............................................................................................................................344 Restoring Data from Backup in Windows 7.............................................................................................................354
www.utilizewindows.com Basics Introduction to Windows 7 1 Basics Introduction to Windows 7 Before you start Objectives: learn about main features in each Windows 7 edition and what minimum hardware requirements are Prerequisites: no prerequisites. Key terms: windows 7 editions, starter, home basic, home premium, professional, enterprise, ultimate, hardware requirements, processor architecture. Windows 7 Editions There are six different Windows 7 editions:  Starter  Home Basic  Home Premium  Professional  Enterprise  Ultimate Starter Windows 7 Starter edition does not support DVD playback, Windows Aero user interface, IIS Web Server, Internet connection sharing, or Windows Media Center. It also does not support advanced, new features like AppLocker, Encrypting File System, DirectAccess, BitLocker, BranchCache, and Remote Desktop Host. It supports only one physical processor. Home Basic Window 7 Home Basic does not support domains, Aero user interface, DVD playback, Windows Media Center, or IIS Web Server. It also does not support enterprise features such as EFS, AppLocker, DirectAccess, BitLocker, Remote Desktop Host, and BranchCache. It supports only one physical processor. The x86 version supports a maximum of 4 GB of RAM, whereas the x64 version supports a maximum of 8 GB of RAM. Home Premium Windows 7 Home Premium supports the Windows Aero UI, DVD playback, Windows Media Center, Internet connection sharing, and the IIS Web Server. It does not support domains and it does not support enterprise features such as EFS, AppLocker, DirectAccess, BitLocker, Remote Desktop Host, and BranchCache. The x86 version of Windows 7 Home Premium supports a maximum of 4 GB of RAM, whereas the x64 version supports a maximum of 16 GB of RAM. Windows 7 Home Premium supports up to two physical processors.
www.utilizewindows.com Basics Introduction to Windows 7 2 Professional Windows 7 Professional supports all the features available in Windows Home Premium, and it also supports domains. It supports EFS and Remote Desktop Host but does not support enterprise features such as AppLocker, DirectAccess, BitLocker, and BranchCache. Enterprise Windows 7 Enterprise and Ultimate Editions support all the features available in all other Windows 7 editions but also support all the enterprise features such as EFS, Remote Desktop Host, AppLocker, DirectAccess, BitLocker, BranchCache, and Boot from VHD. Windows 7 Enterprise and Ultimate editions support up to two physical processors. Windows 7 Enterprise is available only to Microsoft's volume licensing customers, and Windows 7 Ultimate is available from retailers and on new computers installed by manufacturers. Although some editions support only one physical processor, they do support an unlimited number of cores on that processor. For example, all editions of Windows 7 support quad-core CPUs. We can use Remote Desktop to initiate a connection from any edition of Windows 7, but we can connect to computers running Windows 7 Professional, Windows 7 Ultimate, or Windows 7 Enterprise. We can't use Remote Desktop Connection to connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium. Hardware Requirements Windows 7 Starter and Windows 7 Home Basic have the following minimum hardware requirements:  1 GHz 32-bit (x86) or 64-bit (x64) processor  512 MB of system memory  20-GB (x64) or 16-GB (x86) hard disk drive, traditional or Solid State Disk (SSD), with at least 15 GB of available space  Graphics adapter that supports DirectX 9 graphics and 32 MB of graphics memory Windows 7 Home Premium, Professional, Ultimate, and Enterprise editions have the following minimum hardware requirements:  1 GHz 32-bit (x86) or 64-bit (x64) processor  1 GB of system memory  40-GB hard disk drive (traditional or SSD) with at least 15 GB of available space  Graphics adapter that supports DirectX 9 graphics, has a Windows Display Driver Model (WDDM) driver, Pixel Shader 2.0 hardware, and 32 bits per pixel and a minimum of 128 MB graphics memory 32-bit versus 64-bit Windows 7 supports two different processor architectures: 32-bit (x86) version, and 64-bit (x64) version. The main limitation of the x86 version of Windows 7 is that it does not support more than 4 GB of RAM. It is possible to install the x86 version of Windows 7 on computers that have x64 processors, but the operating
www.utilizewindows.com Basics Introduction to Windows 7 3 system will be unable to utilize any RAM that the computer has beyond 4 GB. We can install the x64 version of Windows 7 only on computers that have x64-compatible processors. The x64 versions of Windows 7 Professional, Enterprise, and Ultimate editions support up to 128 GB of RAM. The x64 version of Windows 7 Home Basic edition supports 8 GB and the x64 edition of Home Premium supports a maximum of 16 GB.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source 4 Creating a Windows 7 USB Installation Source Before you start Objectives: learn how to create USB installation source by using tools available on your PC. Prerequisites: you have to have a Windows 7 installation DVD and a USB storage device with at least 4 GB of free space. Key terms: command prompt, elevated mode, usb drive preparation, diskpart, diskpart commands, bootable usb drive, windows 7 installation, source Procedure Before we begin keep in mind that during this process USB flash drive will be completely erased, so we have to make sure that we save any data that it contains. In our example we have a Windows 7 installation DVD present in our D drive, and a USB flash drive available trough drive E, as shown on the picture. Figure 1 - Computer Drives 1. Open Command Prompt (CMD) We will be working with Command Prompt in elevated mode. You can find CMD in: Start menu > All Programs > Accessories > Command Prompt. To open CMD in elevated mode, right-click on the Command Prompt and select 'Run as administrator'. Click Yes to confirm. Figure 2 - Run CMD as Administrator
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source 5 We know that we are running CMD in elevated mode because we have the 'Administrator' in the name of the CMD window. Figure 3 - Administrator: Command Prompt 2. Prepare USB drive We will open the command line utility called diskpart, which is used to manage partitions and drives. To do that we will simply enterdiskpart in CMD. Figure 4 - Diskpart Next, we will enter: list disk. With this command we can view all the available disks on our computer. Figure 5 - List Disk In our example, Disk 0 is the hard drive. We know that because the size of our internal hard disk is 40GB. The size of our USB flash drive is 4 GB (3875 MB to be more precise). To work with USB drive we need to select it. To do that, in our case, we have to type in: select disk 1. Figure 6 - Select Disk 1 After the selection we will clean the USB drive. We have to wipe out any partition information and anything on it. To do that we will type in: clean.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source 6 Figure 7 - Clean After the cleaning, notice that, if we browse to the Computer, our USB drive now changed. There is no info shown about the free space. Figure 8 - USB drive in Windows Explorer Now we need to create the partition on our USB drive. To do that, in Command Prompt we will enter: create partition primary. Figure 9 - Create Partition Primary After that we will format our new partition with the FAT32 as our file system. To do that we will enter: format fs=fat32 quick. Figure 10 - Format Now, we need to mark our new partition as active. To do that we will enter: active. Figure 11 - Active Now we have a USB drive with an active partition. To use it as the installation source we also have to make it bootable. As we will see, we will run the bootsect command to copy the boot manager information that Windows 7 requires to perform the install, to our USB drive. Then we will have to copy the entire content of the Windows 7 DVD to the USB drive. To do all that, first we need to exit from Diskpart. In CMD enter: exit.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source 7 Figure 12 - Exit In our example, Windows 7 installation DVD is in the D drive. In the D drive, in the folder called 'Boot', there is a program called 'bootsect'. We will run it with the '/NT60' parameter and we will also specify the drive letter of our USB drive. This will copy the the boot manager files to our USB drive. The command, in our case, looks like this: d:bootbootsect /NT60 e:. Figure 13 - Bootsect As we can see, our E drive was updated with all the necessary boot manager information that Windows 7 needs to boot of the USB drive. 3. Copy DVD Content to USB Drive The last step is to copy all files from the Windows 7 DVD to our USB drive. Figure 14 - Copy Content from DVD to USB
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source 8 Once the copy is complete, our USB drive is ready for use. Of course, on the computer on which we want to perform the installation, we have to go to the BIOS and make sure that the USB device is selected to boot from. After that the installation will be the same as if we were installing from a DVD.
www.utilizewindows.com Basics Upgrading to Windows 7 - Overview 9 Upgrading to Windows 7 - Overview Before you start Objectives: learn which Windows versions can be upgraded to Windows 7. Prerequisites: you should know about different ways to install Windows. Key terms: edition, version, upgrade, platform, hardware requirements Different Editions Edition upgrades can only be performed from a lower edition to a higher edition. It can be performed using installation media or using the Windows Anytime Upgrade. Windows Anytime Upgrade was introduced in Windows Vista and it allows us to purchase an edition upgrade for the operating system over the Internet. Keep in mind that we cannot upgrade 32-bit edition to 64-bit edition of Windows and vice-verca. Different Platforms To change or migrate to a different platform (32-bit or 64-bit) we can use the Wipe-and-Load or Side-by-side migration of Windows 7 or use multi boot. We will be required to migrate user data and application settings between the two installations. This is not upgrade, but migration. Previous Windows Versions Windows 7 only supports upgrades from computers running Windows Vista with Service Pack 1 installed. Windows XP installations cannot be upgraded to Windows 7. If we want to upgrade from Windows XP, first we need to upgrade to Windows Vista SP 1 and then to Windows 7. Hardware Requirements Before upgrading we need to have at least 15 GB of free hard drive space. Windows Vista and Windows 7 in general have the same hardware requirements. To check for hardware incompatibilities we can use Windows 7 Upgrade Advisor tool that will inform us of any device or software incompatibilities that our computer might have. Before running Upgrade Advisor it is recommended to connect all devices to the computer, such as printers, scanners, cameras and other devices that we will be using on Windows 7. Recommendations It is recommended to perform full backup of existing installation in case the upgrade fails. Also we should ensure that we have proper product keys available for Windows or any application or game that is installed on existing installation. The biggest benefit in upgrading from an existing installation to Windows 7 is that the users settings and applications are preserved.
www.utilizewindows.com Basics Migrating to Windows 7 using WET 10 Migrating to Windows 7 using WET Before you start Objectives: learn where to find WET, how to run it and which options to use in different situations. Prerequisites: you have to be familiar with migration terms and utilities. Key terms: wet, migwiz, migration, user profile, example, location, transfer, account Running Windows Easy Transfer (WET) In Windows 7 we can run WET by going to Start > All programs > Accessories > Systems Tools > Windows Easy Transfer. This will actually open migwiz.exe file which is located in %windir%system32migwiz folder. We can also find migwiz.exe on every Windows 7 installation DVD. Just browse to the [DVDdrive]supportmigwiz folder and search for migwiz.exe. That is our Windows Easy Tranfer tool. We can copy migwiz folder to another location, for example, on a network share to be easily accessible from all computers on the network. The first thing we have to do is run WET on the source installation to gather all data. Although Vista already has a migration tool built in, we have to use newer version of WET because we will migrate to a newer system, which is Windows 7. The same thing is when migrating from XP. Because of that, we will use the Windows 7 installation DVD, which contains newer WET, on our Vista machine and run the migwiz.exe. We have to have administrative rights to run WET. The following window will appear: Figure 15 - WET Tool
www.utilizewindows.com Basics Migrating to Windows 7 using WET 11 As we can see on the picture, we can use WET utility to transfer user accounts, their documents, pictures, movies, videos etc. Notice that we can not transfer applications. On the next screen we can choose where to save our data. Figure 16 - How to Transfer and Location We can use a special "type A to type A" USB cable which is also called Easy Transfer Cable. It is used to connect two computers together. We can also transfer data over network by establishing a TCP/IP connection. The third option is to store data on a removable media, local hard disk, network share or a mapped drive. In our example we will select third available option. On the next screen we have to select which computer we are using. Figure 17 - Computer Selection This is our old computer. It is Vista computer so we only have one option. When we select it, the tool will scan for all available user accounts on our machine.
www.utilizewindows.com Basics Migrating to Windows 7 using WET 12 Figure 18 - Available Accounts Once the scan is complete we can see that it detected one profile (ivancic) and Shared Items. In our example we will only select "ivancic" account and click Next. On the next screen we can set the password for the data that will be exported. Figure 19 - Password In our example we will leave password empty and click Save. On the next screen we can choose where to save our files.
www.utilizewindows.com Basics Migrating to Windows 7 using WET 13 Figure 20 - Migration Location Remember that we could easily browse to a network location and save our migration data there. That way the data would be available for every computer on the network. In our example we will save our data on a local hard disk, to c:migration folder. Figure 21 - Saving Data
www.utilizewindows.com Basics Migrating to Windows 7 using WET 14 Our data will be exported with a MIG extension. Now we can copy it to a new Windows 7 computer and run it by double clicking it or by running migwiz and then importing it.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 15 Migrating to Windows 7 using USMT Before you start Objectives: learn where to find USMT and which commands you can use to gather user profiles from source installation and then apply them to the destination installation. This is demo on how to use USMT to migrate user profiles from old to new Windows installation (XP to 7 in this case). Although here you can see all steps required to do migration completely, for more advanced usage of all USMT options you will have to read USMT documentation. Prerequisites: you have to be familiar with migration concepts in general and with tools which you can use. Key terms: usmt, user profile, scanstate, loadstate, command, account, cmd, syntax, source, destination Running USMT on Source Computer USMT is a part of Windows AIK, but it can also be downloaded from Microsoft website as a standalone application. The thing is, since we will migrate users from XP, we have to have USMT on XP machine. There are two ways to put USMT on XP. First would be to download UMST from Microsoft site and install it. During te installation you can choose the installation folder, which you have to remember. The second way implies that you have Windows AIK installed on your Windows 7 machine. USMT will be located in C:Program FilesWindows AIKToolsUSMTx86 folder (if you have x64 system you have to use x64 version) which contains all the files needed for user migration. We can copy this folder to a network share to make it always available. For this demonstration we will simply copy USMT folder to the C: drive of our Windows XP machine. Tools that we are going to use (scanstate and loadstate) are command line tools, so the first thing we need to do is run Command Prompt (CMD) on our XP machine. In CMD we have to go to our newly created USMT folder, so we will enter the command: cd c:usmtx86 Figure 22 - USMT Folder in CMD Now, we want to copy all users from Windows XP to Windows 7. To do that, first we need to run scanstate tool on the Windows XP. To check which parameters must be provided to the scanstate tool simply enter scanstate in CMD.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 16 Figure 23 - Scanstate Syntax We can see that the syntax is: scanstate <StorePath> [Options]. In this demo we will save all data locally in c:usmtusers folder, so lets create a migration store by entering the following command: scanstate c:usmtusers. This command will gather information about all user accounts on this machine and save it in the c:usmtusers folder. It is possible to modify this command to select which account to include or exclude. In our case it gathered information about 8 users.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 17 Figure 24 - Scanstate Success Destination Computer Once the scanstate is complete we can switch to the destination computer which is Windows 7 in our case. Now, we need to remember where we saved users from the source machine. The best thing would be to use a network share so we can access those resources from any computer on the network. For the purpose of this demonstration we have copied gathered user profiles which were exported to thec:usmtusers folder on the Windows XP machine, to the c:usmtusers folder on the Windows 7 machine. Also, we have copied x86folder which contains USMT, to the c:usmt folder on Windows 7 machine. The first thing we need to do on destination computer is to run elevated CMD. To do that, right-click CMD and select 'Run as administrator'. Next, we need to get to the c:usmtx86 folder, so we will enter the command: cd c:usmtx86. Next, to load users that we exported from Windows XP, we will use that loadstate tool. Let's enterloadstate in CMD.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 18 Figure 25 - Loadstate Syntax We can see that the syntax for the loadstate command is loadstate <StorePath> [options]. To load user accounts we will enter the command: loadstate c:usmtusers /lac. The /lac option means that we want to create local accounts that do not exist on our destination computer. If accounts already existed we would not have to use the /lac switch because the information would be migrated to existing accounts. Now, because we did not provide passwords for accounts that were migrated, they will be created as disabled. Once all accounts are created, the migration data is copied.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 19 Figure 26 - Loadstate Success Some often used options for the scanstate and loadstate commands are:  /i - includes the specified XML-formatted configuration file to control the migration  /ui - migrates specified users data  /ue - excludes the specified users data from migration  /lac - creates a user account if the user account is local and does not exist on the destination computer  /lae - enables the user account created with the '/lac' option  /p /nocompress - generates a space-estimate file called Usmtsize.txt Once the migration is complete we can go to the Computer Management to verify new accounts.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT 20 Figure 27 - New Accounts As we can see, new accounts were created but they are disabled. Disabled accounts have an icon with an arrow pointing down. To enable an account right-click it, go to Properties, in General tab uncheck the 'Account is disabled' option and then click Apply.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7 21 Networking Configuring IPv4 in Windows 7 Before you start Objectives: Learn how to configure IPv4 settings on Windows 7 machine by using GUI and how to troubleshoot connectivity in command line. Prerequisites: you should know all about IPv4 address and about different ways to apply network settings. Key terms: IPv4, network, address, connection, IP, settings, case, center, ping Network and Sharing Center To configure TCP/IP settings in Windows 7 we have to go to the Network and Sharing Center which is located in Control Panel. The shorter way to get to the Network Center is to click the networking icon in the Notification area and select the "Open Network and Sharing Center" option. Figure 28 - Network Center Shortcut The Network Center will show us many options, but the one section we are particularly interested in is "Active networks". In our case we already our network connection configured, and we are connected to the "intranet" at our workplace. Figure 29 - Active Networks To see the details about that connection we can simply click its name, which is "Local Area Connection" in our case. To see the details about that specific connection we can click on the Details button.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7 22 Figure 30 - Connection Details Notice that our connection currently uses DHCP to get the required information about the network connection. We already have our IPv4 address, subnet mask, DNS server. Notice that we can also see the "DHCP Enabled" option which is set to "Yes", and we can also see the IP address of the DHCP server. To change network settings we can click the Properties button. The new window will open on which we have to select which item we want to configure. In this case we will select the "Internet Protocol Version 4 (TCP/IPv4)" protocol, since we want to change IPv4 address.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7 23 Figure 31 - IPv4 Selected When we click the Properties button again, we will be able to enter new IPv4 settings. Notice that currently we have the "Obtain an IP address automatically" option selected. Figure 32 - IPv4 Properties This means that our computer will use DHCP to get the connection information. To enter the information manually we can simply select the "Use the following IP address" option. In our case we want our computer to always use the same IP address, so we will enter 192.168.1.145 as an IPv4 address, 255.255.255.0 as the subnet mask, 192.168.1.1 as our default gateway, and we will use the 10.10.1.2 as our DNS server. Our configuration now looks like this.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7 24 Figure 33 - IPv4 Configured To check if our connection works we should try to communicate with another host on the network. To do that we can use the "ping" tool in command line. Let's try and communicate with the default gateway (192.168.1.1). Figure 34 - Ping In our case everything works fine. If we have trouble communicating with another host, we can try and ping our own IP address, which is 192.168.1.145 in our case. If that does not work, we should try and ping the local loopback address which is 127.0.0.1, which will check if the the IPv4 stack is properly installed. To check you IP address and subnet mask we can use the "ipconfig /all" command. If everything seems OK, but the "ping" action still does not work when we try to communicate with another host on the network, we should check our firewall settings. In Windows Firewall with Advanced Security, in Inbound Rules section, we have to make sure that "File and Printer Sharing (Echo Request - ICMPv4-In)" rule allows communication.
www.utilizewindows.com Networking Configuring IPv6 in Windows 7 25 Configuring IPv6 in Windows 7 Before you start Objectives: Learn where and how to configure IPv6 properties in Windows 7. Prerequisites: you should know what is IPv6 and about different types of IPv6. Key terms: IPv6, address, network, configured, center, connection, link-local, bits, details, global-id Network and Sharing Center To configure TCP/IP settings in Windows 7 we have to go to the Network and Sharing Center which is located in Control Panel. The shorter way to get to the Network Center is to click the networking icon in the Notification area and select the "Open Network and Sharing Center" option. Figure 35 - Network Center Shortcut The Network Center will show us many options, but the one section we are particularly interested in is "Active networks". In our case we already our network connection configured, and we are connected to the "intranet" at our workplace. Figure 36 - Active Networks To see the details about that connection we can simply click its name, which is "Local Area Connection" in our case. To see the details about that specific connection we can click on the Details button.
www.utilizewindows.com Networking Configuring IPv6 in Windows 7 26 Figure 37 - Connection Details Notice that we already have Link-local IPv6 Address configured. Link-Local address is similar to the APIPA address in IPv4. Link-local IPv6 address always starts with "fe8". If we see a Link-local address configured on our machine, that means that our computer was not able to contact the DHCPv6 server. To change our network settings we can click the Properties button. The new window will open on which we have to select which item we want to configure. In this case we will select the "Internet Protocol Version 6 (TCP/IPv6)" protocol, since we want to change the IPv6 address. Figure 38 - IPv6 Selected
www.utilizewindows.com Networking Configuring IPv6 in Windows 7 27 By default, our computer is configured to obtained the IPv6 address automatically. In this tutorial we will try to assign a Unique-Local IPv6 address to our host. Unique-Local addresses are similar to private addresses in IPv4. Unique-Local address always starts with "fc" or "fd" (first 8 bits). The next 40 bits represent the "global- id", and the next 16 bits represent the "subnet-id". The remaining 64 bits represent a host. The "global-id" part will represent our organization, while we can use the "subnet-id" to create multiple subnets. The "global-id" part should be randomly generated, but in our case we will simply choose some random "global-id" and the "subnet-id". So, our example Unique-Local address will be: FCAB:BEBC:ABAC:0100::1000. The default subnet prefix length is 64. Figure 39 - IPv6 Configured Let's now go to the command line and check our settings by using the "ipconfig" command. Figure 40 - ipconfig Command Notice that now we have our IPv6 address configured, but the Link-local address also remained intact. That means that our computer basically has two configured IPv6 addresses that can be used for communication.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7 28 Internet Connection Sharing (ICS) Configuration in Windows 7 Before you start Objectives: Learn how to enable and configure ICS in Windows 7. Prerequisites: you should already know what is ICS in general. Key terms: network, computer, ICS, connection, Internet, private, enable, server, address, IP, port, settings, Windows 7 How to Enable ICS The computer on which we want to enable ICS has to have two network connections. One network connection has to be connected to the public network (Internet), and another connection has to be connected to our private network (LAN). To manage network connections on Windows 7, we can go to Control Panel > Network and Internet > Network Connections. In our case, on our computer we have two Network Interface Cards which provide two network connections. One connection is called "Internet", and another is called "Local Area Connection". Figure 41 - Connections So, we want to share our Internet connection from this computer with other computers which are located on our LAN. Internet connection is typically connected to a cable modem, a DSL modem, etc. Local Area Connection is typically connected to a Switch on our local (private) network. On that Switch we will typically have other computers connected.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7 29 Figure 42 - Example Schema To enable ICS, we will select our Internet connection, go to its properties, and select the Sharing tab. Here we will select the "Allow other network users to connect trough this computer's Internet connection" option. This will basically enable ICS on this computer. In our case we will uncheck the "Allow other network users to control or disable the shared Internet connection" option. Figure 43 - Sharing Tab If we click the Settings button, we will be able to control some basic firewall settings. This way we can quickly enable some basic services that we want to be accessible from the Internet trough our ICS computer. As you can see, when we enable ICS, our computer starts to act as a router and a NAT device.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7 30 Figure 44 - Advanced Settings For example, let's say that we have a web server on our private network and that we want to make it publicly accessible. The host name of the web server is "web-server". To configure this, we will select "Web Server (HTTP)" from the list of services and click the Edit button. We will enter the name of the computer "web- server". We could also enter the IP address of the computer. Figure 45 - Web Server Port Forwarding Notice that other settings can't be changed (port is 80). Note that we can only do this for one computer on the same port. This is considered port forwarding. We can add other or the same services, but they have to use different ports. With this configured, when someone on the public network tries to access our public IP address together with the port 80, that request fill be forwarded to the "web-server" computer on our private network.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7 31 When the ICS is enabled, our network connections will automatically be configured with some specific settings. First, the Local Area Connection will be configured with the 192.168.137.1 IP address. With ICS, our computer automatically becomes the gateway for computers on our private network, and the gateway address will be the address of the LAN interface of the ICS computer. ICS computer will also start to hand out IP addresses and other information to computers on our private network (it will become the DHCP server). This is why it is important that the computers on the private network are DHCP enabled. We can use commands "ipconfig /release" and "ipconfig /renew" to obtain new configuration from the ICS server. If we see an IP address which starts with "169.254.", this means that the computer was not able to contact the DHCP server.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 32 Working With Wireless Network Connections in Windows 7 Before you start Objectives: Learn how to create Ad Hoc wireless network and how to work with infrastructure wireless networks in Windows 7. Prerequisites: you should have a basic understanding of wireless networks. Key terms: network, wireless, ad hoc, connect, security, connection, option, windows 7, SSID Ad Hoc Networks To create an Ad Hoc wireless network we have to go to the Network and Sharing Center in Control Panel. In the Network and Sharing Center we will click on the "Set up a new connection or network" option. On the next window we have to select the "Set up a wireless ad hoc (computer-to-computer) network" option. Figure 46 - Ad Hoc Network Option The next thing we need to do is to specify the name of our network and choose the security type. For ad hoc networks, the available security types are Open, WEP and WPA2-Personal. Remember that WPA2-Personal is a lot more secure than WEP, so we should always use WPA2 if all devices support it. In our case we will choose WPA2-Personal, so we also have to specify the security key.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 33 Figure 47 - Network Settings The purpose of the ad hoc network is to provide temporary wireless network access for devices in close proximity, without the need of wireless access point. On the next screen we will also be able to turn on Internet connection sharing. This is because our computer is also connected to the wired network which has Internet connection, so we can share that Internet connection with the clients on the ad hoc network if we want. Figure 48 - Network Created At this point other devices will be able to find and connect to our wireless ad hoc network. If we click on the network icon in the System Tray, we can see that our ad hoc network is waiting for users.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 34 Figure 49 - Waiting for Users Note that the icon used for ad hoc network has three computers connected in triangle, while the infrastructure networks have bars as the icon. One other thing that we should remember about ad hoc networks is that they will be removed once all users disconnect from it. Also, users who connect to the ad hoc network are not able to save it in the list of wireless networks. If we don't enable Internet connection sharing, users which connect to our ad hoc network will not get their IP address automatically from the DHCP. If you have experience with IP addressing, you will know that in this case the devices will automatically use some address from the APIPA range, and this will actually work. We can also specify the IP address on every device manually (this also includes the computer on which we set up the ad hoc network). However, if we enable Internet connection sharing in the first place, all devices will get their IP address from the DHCP server on the computer on which we have created the ad hoc network. Infrastructure Wireless Networks The process of connecting to wireless networks with access points is really simple in Windows 7. We simply click on the network icon in the System Tray, select the available wireless network and click on the Connect button. Figure 50 - Available Wireless Networks
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 35 In our case we are connecting to a network which is using WPA2-Personal security standard, so we have to provide the password to gain access to the wireless network. Figure 51 - Network Security Key So, when we enter the correct security key we will connect to the network, and that's it. Now, sometimes the SSID of the wireless network is not being broadcasted. To connect to that kind of network we have to create the wireless network profile manually. To do that we have to go to the Network and Sharing Center, and select the "Set up a new connection or network" option. In the window we have to select the "Manually connect to a wireless network" option. Figure 52 - Manual Configuration On the next screen we have to specify the SSID (network name), security type, encryption type and the security key. We also have to select the "Connect even if the network is not broadcasting" option. This will ensure that our computer will connect to the network which has SSID broadcasting disabled. Note that we have to know all those settings before we start connecting.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 36 Figure 53 - Network Profile Now, if we go to the Network and Sharing Center, and then select the "Manage wireless networks" option, we will see our newly created network listed. Figure 54 - Network Management Here we will also see any other network that we have previously connected to. Here we can delete all those wireless networks or modify them. Have in mind that we can't modify the SSID of the existing network here. If the SSID is changed, we have to delete the old network and create a new one. One other thing that we should have in mind is the Profile Type. If we click on the Profile Type button in the "Manage wireless networks" window, we will be able to choose the type of profile to assign to new wireless networks.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7 37 Figure 55 - Profile Type Have in mind that by default all wireless networks created on the computer can be used by all users. However, we can set up the per-user profile configuration. This way users can create connections that can only be accessed and modified by them (per-user). Troubleshooting The stronger wireless signal means the better wireless performance. There are several thing that we can do to ensure proper wireless signal in our network. First, we have to ensure that all clients are in the range of our wireless access point. To improve the range we can implement additional antennas or signal boosters in our wireless network. Also, some physical object may cause obstructions and interference. Another option is to install additional access points. This will increase the coverage of our wireless network. Some devices will cause interference with our wireless network. Those devices are cordless phones, microwaves, Bluetooth devices, or any other device with radio signal. We should move those devices away from our AP. Also, we should always ensure that the wireless channel used in our network is not overlapping with another channel. Windows 7 includes many troubleshooting tools that can be used to troubleshoot wired and wireless networks. For example, we can use a Network Diagnostics tool to diagnose the connection issues. When troubleshooting wireless networks with this tool, the first thing we should do is try to connect to the AP, and then run the Network Diagnostics tool. The most common problem with wireless networks is the wrong configuration. So, the first thing we should do is to ensure that we have configured the correct SSID and WEP/WPA keys.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7 38 Working with Windows Firewall in Windows 7 Before you start Objectives: Learn where to find and how to work with Windows Firewall in Windows 7. Prerequisites: you should know what firewall is in general. Key terms: firewall, Windows, network, program, allowed, configure, feature, location, service Firewall in Windows 7 Windows 7 comes with two firewalls that work together. One is the Windows Firewall, and the other is Windows Firewall with Advanced Security (WFAS). The main difference between them is the complexity of the rules configuration. Windows Firewall uses simple rules that directly relate to a program or a service. The rules in WFAS can be configured based on protocols, ports, addresses and authentication. By default, both firewalls come with predefined set of rules that allow us to utilize network resources. This includes things like browsing the web, receiving e-mails, etc. Other standard firewall exceptions are File and Printer Sharing, Network Discovery, Performance Logs and Alerts, Remote Administration, Windows Remote Management, Remote Assistance, Remote Desktop, Windows Media Player, Windows Media Player Network Sharing Service. With firewall in Windows 7 we can configure inbound and outbound rules. By default, all outbound traffic is allowed, and inbound responses to that traffic are also allowed. Inbound traffic initiated from external sources is automatically blocked. Sometimes we will see a notification about a blocked program which is trying to access network resources. In that case we will be able to add an exception to our firewall in order to allow traffic from the program in the future. Windows 7 comes with some new features when it comes to firewall. For example, "full-stealth" feature blocks other computers from performing operating system fingerprinting. OS fingerprinting is a malicious technique used to determine the operating system running on the host machine. Another feature is "boot-time filtering". This features ensures that the firewall is working at the same time when the network interface becomes active, which was not the case in previous versions of Windows. When we first connect to some network, we are prompted to select a network location. This feature is know as Network Location Awareness (NLA). This features enables us to assign a network profile to the connection based on the location. Different network profiles contain different collections of firewall rules. In Windows 7, different network profiles can be configured on different interfaces. For example, our wired interface can have different profile than our wireless interface. There are three different network profiles available:  Public
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7 39  Home/Work - private network  Domain - used within a domain We choose those locations when we connect to a network. We can always change the location in the Network and Sharing Center, in Control Panel. The Domain profile can be automatically assigned by the NLA service when we log on to an Active Directory domain. Note that we must have administrative rights in order to configure firewall in Windows 7. Configuring Windows Firewall To open Windows Firewall we can go to Start > Control Panel > Windows Firewall. Figure 56 - Windows Firewall By default, Windows Firewall is enabled for both private (home or work) and public networks. It is also configured to block all connections to programs that are not on the list of allowed programs. To configure exceptions we can go to the menu on the left and select "Allow a program or feature through Windows Firewall" option.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7 40 Figure 57 - Exceptions To change settings in this window we have to click the "Change settings" button. As you can see, here we have a list of predefined programs and features that can be allowed to communicate on private or public networks. For example, notice that the Core Networking feature is allowed on both private and public networks, while the File and Printer Sharing is only allowed on private networks. We can also see the details of the items in the list by selecting it and then clicking the Details button. Figure 58 - Details If we have a program on our computer that is not in this list, we can manually add it by clicking on the "Allow another program" button.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7 41 Figure 59 - Add a Program Here we have to browse to the executable of our program and then click the Add button. Notice that we can also choose location types on which this program will be allowed to communicate by clicking on the "Network location types" button. Figure 60 - Network Locations Many applications will automatically configure proper exceptions in Windows Firewall when we run them. For example, if we enable streaming from Media Player, it will automatically configure firewall settings to allow streaming. The same thing is if we enable Remote Desktop feature from the system properties window. By enabling Remote Desktop feature we actually create an exception in Windows Firewall.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7 42 Windows Firewall can be turned off completely. To do that we can select the "Turn Windows Firewall on or off" option from the menu on the left. Figure 61 - Firewall Customization Note that we can modify settings for each type of network location (private or public). Interesting thing here is that we can block all incoming connections, including those in the list of allowed programs. Windows Firewall is actually a Windows service. As you know, services can be stopped and started. If the Windows Firewall service is stopped, the Windows Firewall will not work. Figure 62 - Firewall Service In our case the service is running. If we stop it, we will get a warning that we should turn on our Windows Firewall. Figure 63 - Warning Remember that with Windows Firewall we can only configure basic firewall settings, and this is enough for most day-to-day users. However, we can't configure exceptions based on ports in Windows Firewall any more. For that we have to use Windows Firewall with Advanced Security, which will be covered in another article.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 43 Configuring Windows Firewall with Advanced Security in Windows 7 Before you start Objectives: Learn how to create new rules in Windows Firewall with Advanced Security. We will create outbound rule in this example, but the principle is the same for the inbound rules. Prerequisites: you have to know what firewall is in general. Key terms: rule, IP, address, firewall, port, remote, screen WFAS, example, access, option, outbound Windows Firewall with Advanced Security (WFAS) As you should know, with WFAS we have more granular control when compared to ordinary Windows Firewall which is also available in Windows 7. To open WFAS, simply start entering "windows firewall" in search and select "Windows Firewall with Advanced Security" option. Figure 64 - Open WFAS
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 44 Once we open WFAS we will see a list of rules. Rules are divided to the Inbound, Outbound and Connection Security rules. Notice that there is a lot of predefined rules that we can use. Some of them are enabled, and some of them are disabled. Each rule can be disabled/enabled for the different network profile (domain, private, public). We can also see the application that the rule relates to, the action, the protocol that is used, local and remote address, the local and remote port, allowed users and allowed computers. Figure 65 - Rules To restrict access to our computer we would edit the Inbound rules. To restrict users to access remote resources, we would go to the Outbound rules section. This is what we will do in this example. For the purpose of this demo we will block users on our local computer to access the www.utilizewindows.com site. So, to add a new rule, we can right-click on the Outbound rules section, all click on the New Rule option from the menu on the right side of the window. Figure 66 - New Rule Option
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 45 On the first screen we can choose to create rules based on programs, ports or use a predefined rule. We can also create a custom rule, which we will do in our example. Figure 67 - Custom Rule Option On the next screen we can specify if this rule applies to all programs or only to a specific program. For example, here we could choose only specific Web Browsers. We could also apply this rule to specific services only. For the purpose of this demo we will choose the "All programs" option and click Next. Figure 68 - Programs On the next screen we have to choose the right protocols and ports. For this, you have to know about different networking protocols and their specific ports. For example, to access web sites our Web Browsers use HTTP protocol. HTTP protocol uses TCP transport layer protocol, on port 80 by default. When configuring the Outbound rule, it is more important to configure the Remote port. The local port is actually auto-generated when the connection gets established, and it is used as a return path. Because of that, we don't have to enter it here. The remote port is the port we are connecting to. For the remote port we will use the specific port 80.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 46 Figure 69 - Protocols On the next screen we have to choose the IP addresses that this rule applies to. For the local IP address we can choose the "Any IP address" option or choose to enter specific IP address. In this case this is not important since this rule will only be applied to the local machine. However, if we were to configure this rule trough Group Policy and push it down to our machines, we would then have to specify the specific IP addresses that this rule should be applied to. Figure 70 - IP Address
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 47 If we click on the Customize button we can also select which interfaces this rule applies to. By default it will be applied to all interfaces, but we can choose to only apply it to wired or wireless interfaces, or to remote access sessions. Figure 71 - Interface Types The important thing to configure is the remote IP addresses to which this rule applies to. So, we have to know the IP address of the www.utilizewindows.com site. To get the IP address we will try and PING it in the command line. Figure 72 - Ping We got the reply and now we know that the IP address is 192.232.223.73. Let's click on the Add button and enter the IP address.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 48 Figure 73 - IP Address Specified Notice that in this window we can also enter the whole subnet, the range of IP addresses, or some predefined set of computers (WINS servers, DHCP servers, DNS servers, or local subnet computers. When we click OK, our screen now looks like this. Figure 74 - IP Address Entered
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 49 On the next screen we choose the action we want to be performed for this rule. In our case we will block the connection. Figure 75 - Action On the next screen we have to choose the network profile that this rule applies to. The default is all profiles. Figure 76 - Profile On the next screen we enter the name of our rule and a brief description. Figure 77 - Name When we click Finish, we will see our new rule in the list.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7 50 Figure 78 - Rule Created When we try to browse to the www.utilizewindows.com now, we will see something like this. Figure 79 - Site Blocked Bigger organizations often use multiple IP addresses assigned to multiple servers which all serve the same web site. For example, facebook.com uses several ranges of IP addresses, and in order to block facebook.com we have to enter all those IP addresses (or ranges) in our outbound firewall rule in order to block access to Facebook, for example.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7 51 Configuring BranchCache in Windows 7 Before you start Objectives: Learn how to enable and configure BranchCache using Group Policy or command line (netsh command). Prerequisites: you have to know what BranchCache is. Key terms: BranchCache, Windows, Group Policy, command line, netsh Prerequisites Remember, before we can use BranchCache feature on our local computer, we have to have a BranchCache enabled server. This means that the BranchCache feature has to be installed on the server. This can be done by using the Add Features Wizard. Figure 80 - Add Feature Wizard in Windows Server 2008 R2 Also, we have to go to the properties of shared folder on the server, go to the Sharing tab, click on the Advanced Sharing button, and then click on the Caching button. We will see a window like this.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7 52 Figure 81 - Offline Settings for Shared Folder Note that the Enable BranchCache option is checked. BranchCache Configuration in Group Policy To configure our Windows 7 machine for BranchCache, we have to run a set of commands. We can either use Local Group Policy editor or the command line. To open Group Policy editor, we can enter gpedit.msc in search. In Group Policy editor, we can configure policies related to BranchCache in Computer Configuration > Administrative Tools > Network > BranchCache. Figure 82 - BranchCache Policies Keep in mind that if we configure BranchCache in Group Policy, we have to manually configure Windows Firewall with Advanced Security settings. This includes Inbound and Outbound rules.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7 53 Figure 83 - Inbound Firewall Rules Figure 84 - Outbound Firewall Rules If we configure BranchCache from the command line, firewall rules will be automatically enabled for us. BranchCache Configuration in Command Line To configure BranchCache in command line (cmd), we will first run it as Administrator. For example, to enable BranchCache in distributed mode we would enter the "netsh branchcache set service mode=distributed" command. Figure 85 - netsh branchcache Command Notice that the firewall rules are enabled, and service start type is set to manual (which is the right type). To check the status of BranchCache on computer we can enter the "netsh branchcache show status". Figure 86 - BranchCache Status We can also configure the cache size. For example, if we want to set the cache size to 10% of our disk space, we would enter the command "netsh branchcache set cachesize size=10 percent=true". Figure 87 - BranchCache Cache Size
www.utilizewindows.com Networking Configuring BranchCache in Windows 7 54 To see the local cache usage we can enter the "netsh branchcache show localcache". Figure 88 - BranchCache Local Cache Notice that here we can also see the location of the cache.
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7 55 Creating a VPN Connection in Windows 7 Before you start Objectives: Learn how to create VPN connection in Windows 7. Prerequisites: you have to know what is VPN in general. Key terms: VPN, connection, Windows 7 Creating VPN Connection We can create a VPN connection in Network and Sharing Center in Control Panel. Here we can select the "Set up a new connection or network option". Figure 89 - Set up a Connection On the next screen we have to select the "Connect to a workplace" option. Figure 90 - Connect to a Workplace
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7 56 On the next screen we will select the "Use my Internet connection (VPN)". Figure 91 - How to Connect On the next screen we have to enter the IP address of the VPN server (or the host name which points to that IP address). Here we can also choose the name of the connection, and if we want to use a smart cart to authenticate, if we want to allow other people to use this connection. Figure 92 - IP Address On the next screen we have to enter our credentials.
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7 57 Figure 93 - Credentials If everything was entered correctly, we should be able to connect to the VPN server now. When we do that, we will be able to access resources on the remote network. We can always change properties of our VPN connection. To do that, simply right click it and select the Properties option. Figure 94 - Properties On the General tab we can change the host name or IP address. Figure 95 - General Tab
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7 58 On the Options tab we can set dialing options, as well as redialing options (rediail attempts, etc.). On the Security tab we can select the type of VPN and data encryption options. Figure 96 - Security Tab If we use IKEv2, our system will have the ability to reconnect automatically. However, if we select the Automatic type, the strongest available type of VPN will be used. On the Networking tab we can choose the version of IP protocol that is to be used (IPv4 or IPv6), and if we'll allow file and printer sharing over the VPN connection. On the Sharing tab we can specify if we want to allow other users to connect trough this connection. So, we can use Internet Connection Sharing feature to share a VPN connection.
www.utilizewindows.com Networking DirectAccess Feature in Windows 7 59 DirectAccess Feature in Windows 7 Before you start Objectives: Learn what is DirectAccess, why it is important, and what to consider when configuring clients to use DirectAccess. Prerequisites: you have to know what is VPN. Key terms: DirectAccess, Windows 7, prerequisites What is DirectAccess DirectAccess is an always on connection to our remote private network, regardless of where we are. Starting from Windows 7 and Windows Server 2008 R2, we can use DirectAccess feature. DirectAccess in Windows 7 uses IPv6 with IPsec VPN connection which is always on. DirectAccess is different from a VPN protocol. DirectAccess connection process doesn't require user intervention or logon (it is automatic) in contrast to a VPN solution. It starts from the moment we connect to the Internet and allows authorized users to access corporate network file server and intranet web sites. Since DirectAccess is automatic, we will always have access to the remote (corporate) intranet, regardless of where we are. DirectAccess is bidirectional, which means that servers on corporate network can access remote clients in the same fashion as if they were connected to the local network. In many VPN solutions, the client can access the server, but the server can't access the remote client. DirectAccess provides administrators the ability to control resources that are available to remote users and computers. Administrators can ensure that remote clients remain up to date with antivirus definitions and software updates. They can also apply security policies to isolate servers and hosts. Remote DirectAccess clients can still receive software and group policy updates from the sever on the corporate network, even if the user hasn't logged on. This allows administrators to manage and maintain remote computers like never before. DirectAccess reduces unnecessary traffic on the corporate network by not sending traffic that is headed for the Internet to the DirectAccess server. Intranet communications are encrypted and sent to the DirectAccess server, and then on to the intranet. Internet communications are sent directly to the Internet hosts without encryption and without going through the DirectAccess server. DirectAccess Connection Methods DirectAccess clients can connect to the internal resources by either using the Selected server access (modified end-to-edge) or Full enterprise network access (end-to-edge) method. The connection method is configurable using DirectAccess console or manually trough IPsec policies. It is recommended to use IPv6 and IPsec throughout organization, upgrade our application servers to Windows Server 2008 R2, and enable selected server access in order to provide the highest level of security. On
www.utilizewindows.com Networking DirectAccess Feature in Windows 7 60 the other hand, organizations can use full enterprise network access where the IPsec session is established between a DirectAccess client and the server. DirectAccess Connection Process DirectAccess client first detects if there is network connection available. Then it attempts to connect to the intranet site that was specified in the DirectAccess configuration. Then the client connects to the DirectAccess server using IPv6 and IPsec. In the case that a firewall or proxy server prevents the client computer from using either 6to4 or Toredo from connecting to DirectAccess server, the client automatically attempts to connect using the IP-HTTPS protocol, which uses an SSL (Secure Socket Layer connection) to ensure connectivity. After that the client and server mutually authenticate using their certificates. Active Directory group memberships are checked so that DirectAccess server can verify that the computer and user are authorized to connect using DirectAccess. If Network Access Protection (NAP) is enabled and configured for health validation, the DirectAccess client obtains a health certificate from a Health Registration Authority (HRA) located on the intranet prior to connecting to the DirectAccess server. Once the client is clear to connect to the network, the DirectAccess begins forwarding traffic from the client to the intranet. DirectAccess Client Configuration If a client is connected to the network using a public IPv6 address, DirectAccess will also use a public IPv6 to connect. If a client is using a public IPv4 address, DirectAccess will use the IPv6 6to4 method to connect to the client. If the client is using private IPv4 address behind a NAT, DirectAccess will use the IPv6 Teredo method to connect to the client. If the client can't connect to the intranet, because they are being blocked by a firewall, but the client still has access to the Internet, DirectAccess will use IP-HTTPS method (the least secure form) to connect to the client. Computers running Windows 7 Enterprise and Ultimate, that have been joined to a domain can support DirectAccess. We can't use DirectAccess with any other edition of Windows 7, or earlier versions of Windows (Vista or XP). When configuring a client for DirectAccess we must add the client’s domain computer account to a special security group. We specify this security group when we are creating a DirectAccess server. Group Policies are used to push down the DirectAccess client configuration in comparison to traditional VPN connections where we have to manually set VPN configuration or distribute using connection manager administration kit. Once we have added the computers account to that designated security group, we also need to install the computer certificate to allow DirectAccess authentication. This can be done using Active Directory Certificate Services which will enable automatic enrollment of the appropriate certificate. When it comes to server, we have to have a DirectAccess server running on Windows Server 2008 R2 with two network cards. Also, we have to have Active Directory environment with at least one Domain Controller (DC) and a DNS server running Windows Server 2008 or 2008 R2. We also need to have a Public Key Infrastructure (PKI) with Active Directory Certificate Services (ADCS). We also need IPsec policies configured and IPv6 Transition Technologies that are available for use on a DirectAccess server such as 6to4 and Teredo.
www.utilizewindows.com Networking DirectAccess Feature in Windows 7 61 When we first configure DirectAccess on a server, it creates a Group Policy Object (GPO) at the domain level and filters it for us for that specified security group that we create during the installation process. Only clients that are members of that group get DirectAccess policies and will be able to connect to the DirectAccess server. Through this Group Policy we can configure settings such as 6-to-4 relay server name, the IP-HTTPS server to connect to if all other connection methods fail, and weather the Teredo is used for DirectAccess and the Teredo server address. We can also configure the DirectAccess from the command line using the netsh command. Have in mind that all configurations made manually with the netsh utility will be overwritten by corresponding Group Policy settings. To determine if the client has made a successful DirectAccess connection, we can connect on the network connection icon in the system tray. This will open a status of our connection which will say "Internet and Corporate" access. In that case we know that we have successfully connected to the DirectAccess server. If the status is "Local and Internet", we know that there is no connection to the DirectAccess server. As we know, DirectAccess clients use certificate for authentication. If a computer doesn't have a valid computer certificate, which should be received from ADCS, it can't connect successfully. We can verify client certificate using the certificate snap-in.
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture 62 Deployment Preparing for Windows 7 Image Capture Before you start Objectives: learn what you have to do before you can capture and deploy Windows 7 images Prerequisites: you have to understand what is automated Windows installation, what is Windows SIM and what is Sysprep. Key terms: image, winpe, waik, imagex, capture, reference, installation, deployment Installing WAIK on Technician Computer WAIK contains all the tools we will need to prepare WinPE CD which we will use to capture Windows images. The process of installing WAIK is really simple. Just download WAIK for Windows 7 from Microsoft web pages (it is ISO image) and burn it to a DVD (or use virtual CD/DVD ROM to open ISO). After that simply run the Windows AIK Setup. Figure 97 - WAIK Main Menu Note that you should not install WAIK on the reference computer. You should install WAIK on the Technician computer (the one on which you work as an administrator). Reference computer should be configured for end users. When the installation is complete we can run the Deployment Tools Command
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture 63 Prompt. To do that go to Start > All Programs > Microsoft Windows AIK > Deployment Tools Command Prompt. Figure 98 - Deployment Tools Command Prompt Preparing the Reference Installation A reference computer has a customized installation of Windows that you plan to duplicate onto one or more destination computers. You can create a reference installation by using the Windows installation DVD. You can also create an answer file which you will use during Windows installation on your reference computer. The answer file contains all of the settings that are required for an unattended installation. Answer file can be created using Windows SIM, which is contained in WAIK. Creating WinPE Now that we have WAIK installed and a reference computer prepared, we have to create a WinPE CD. WinPE is contained in WAIK, but we have to create WinPE CD or DVD by running the 'copype' command within the PETools folder. Once the WinPE files and folders are created we can use the 'oscdimg' utility, which is also part of the WAIK, to create ISO image from the created WinPE files and folders. Then we can use that ISO image to burn a bootable DVD and boot from it. Our WinPE has to contain ImageX tool which we will use to capture and deploy Windows images. ImageX stores the image in the Windows Image file format (.wim format). To see how to prepare WinPE read the article Create WinPE Using WAIK for Windows 7. Capturing Windows Image To capture image using ImageX first we must boot our computer into a Windows PE environment. The Windows PE environment (Windows Preinstallation Environment) is a thin version of Windows 7 with limited services. We can boot our computer into Windows PE by either using WinPE CD, DVD or USB flash drive. Also, network PXE booting through Windows Deployment Services (WDS) will load WinPE automatically. Once we boot into WinPE and open a command prompt, we can run ImageX with the /capture parameter. We can set ImageX to store the captured image to a network share. If we are capturing a Windows 7 Ultimate or Enterprise, we can set ImageX to store captured image into a VHD (Virtual Hard Disk) file and
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture 64 make that VHD bootable. To an example on how to capture Windows 7 installation read the article Windows 7 Image Capture Demonstration Excluding Files We can also exclude certain files and folders from being captured. We can do that using configuration files. The 'Wimscript.ini' file is the configuration file that ImageX will use. Withing a 'Wimscript.ini' file we have three sections of configuration. Those sections are:  ExclusionList  ExclusionException  CompressionExclusionList The ExclusionList section allows us to define what files and folders are to be excluded from the capture. The ExclusionException section allows us to override the default exclusion list during the capture process. The CompressionExclusionList allows us to define files, folders and file types that we want to exclude during the compression process. ImageX will look for the 'Wimscript.ini' within the same folder that stores the ImageX tool. Example of Wimscript.ini: [ExclusionList] ntfs.log hiberfil.sys pagefile.sys "System Volume Information" RECYCLER WindowsCSC [CompressionExclusionList] *.mp3 *.zip *.cab WINDOWSinf*.pnf As we see in our example, our wimscript.ini has ExclusionList section. In that section we defined what files and folders are to be excluded during the ImageX process. We also defined what files, folders and types of files are to be excluded from compression process. In addition to manually creating an image, ImageX can help us modify an image without extracting it and also to deploy the captured image to a target computer.
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture 65
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 66 Mounting and Unmounting Windows 7 Image Using ImageX and DISM Before you start Objectives: learn how to mount images, make changes, and comit changes by using ImageX and DISM tool. Prerequisites: you have to have WAIK for Win 7 installed. Key terms: image, mount, dism, wim, imagex, unmount, commit Image Location We have our DVD in our DVD drive, so let's find our image. We will browse to the [DVD Drive]:sources folder. There we can find 'install.wim' image. Figure 99 - install.wim Image Location Install.wim, which is a Windows image file, stores all five Windows 7 edition (we can see them below the install.wim image). Because of Single Instance Storage, if some file is common between all five of those editions, the wim file will only store one copy of that file. That's why our image is only 2,1 GB in size for all editions of Windows 7. Now, we will copy install.wim image from the DVD to our hard drive, to the C:images folder in our case. We will also create new folder inside of C:images folder, which we will use to mount our image. We will call it 'mount'. The content of C:images folder now looks like this:
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 67 Figure 100 - images Folder Content Remember, in order to use ImageX and DISM we have to have Windows 7 Automated Installation Kit (WAIK) installed on our computer. Next, what we need to do is run the Deployment Tools Command Prompt from the Start Menu > Microsoft Windows AIK. We will make sure to open it with elevated privileges (right-click, Run as administrator). Mounting Image Using ImageX To mount our image we can use ImageX or DISM tool. In this case we will use ImageX. First, we will gather information about our image. To do that we will enter the following command: imagex /info c:imagesinstall.wim (imagex /info 'image source'). Figure 101 - Gathered Information As we can see, we get a report in xml format. At the top we can see image GUID, number of images, compression, etc. Below we can see Available Image Choices. This portion is important because here we see which index number belongs to which edition of Windows. So, for example in our case, we see that Image
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 68 Index '5' belongs to the Windows 7 Ultimate edition. Another example is Home Premium which has index number 3. Figure 102 - Ultimate Edition Figure 103 - Home Premium Edition When we mount an image, we have to designate which image edition we want to mount. We will do that using particular Index Number. Let's try that now. We will mount our image using the /mountrw parameter. We use /mountrw so we can read as well as write to that image (mount rw, read-write). If we only want to read the image, we would use the /mount parameter. So, the whole command is: imagex /mountrw c:imagesinstall.wim 5 c:imagesmount.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 69 Figure 104 - Mounting in Progress The c:imagesinstall.wim is the image we are mounting. Number 5 is the index number and it determines that we want to mount the Windows 7 Ultimate edition. C:imagesmount is the folder which we use to mount our image. Remember, we don't have to use the image from the DVD. We could also use some image that we prepared ourselves. Now, when we mount our image, the content from the wim image (install.wim in our case) is extracted and copied to our mount folder (C:imagesmount in our case). When the mount is complete, we can go to that folder and browse for files. Figure 105 - Content of mount Folder Remember, wim image stores files inside the image trough a file-based mechanism instead of sector based mechanism. That means that we can easily access the content of the wim file once it is extracted using ImageX or DISM, and also work with it as we like. We can copy files from it, add new files, install new drivers, enable or disable features and language packs. All files that we see in the mount folder will be copied to our hard drive when the actual installation happens. Let's see the Users folder.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 70 Figure 106 - Users Folder We can add new folders and files to that image. Just for demonstration we will add new folder named 'info' and a text file named 'Read me' inside of the mount folder. We can create our text file somewhere else on our computer and copy it to the mount folder. We have to have administrative privileges to copy our text file to the mount folder. Figure 107 - info Folder and Read me file Added So, we are actually making changes to our image as if we are sitting on the machine with the loaded Windows 7 Ultimate. We have access to all files. Unmounting After we have made all changes we will unmount our image. When we unmount our image with ImageX, we have a choice of either committing the changes (saving the changes that we made in the wim image), or discarding all changes. If we run the unmount command without the /commit parameter, the changes we made will not be saved.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 71 To unmount our image and save all changes we will enter the following command: imagex /unmount c:imagesmount /commit. Also, we should exit the mount folder in Explorer before we unmount our image. Figure 108 - Unmounting Successful In our command we use the /unmount parameter to unmount our image. We had to specify the location of our mounted image, which is in our case C:imagesmount folder. Also we use the /commit parameter to save all changes that we made to our image. Also notice that we got an error but we don't actually have to worry about that in this case. This error happened because we had our mount folder opened in Explorer when we were unmounting our image. Mounting Image Using DISM Now we will use DISM to mount the same image again. The command to mount image using DISM is: dism /mount-wim /wimfile:C:imagesinstall.wim /index:5 /mountdir:C:imagesmount. The /mount- wim parameter tells DISM that we want to mount existing image. With /wimfile parameter we specify which image we want to mount. With /index parameter we specify which edition we want to mount. With /mountdir parameter we specify where we want to mount our image.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 72 Figure 109 - Mounting Error Notice that we got an error. The specified image is already mounted for read/write access. This means that the image somehow is still mounted. We can try and unmount our image again using ImageX tool, but this time without the /commit parameter. If we used DISM to mount our image we should try and unmount our image, without committing changes. Also, to recover from this error we can try and use the imagex /cleanup command to delete all resources associated with mounted wim image that has been abandoned. If that doesn't work we can also try and run dism /cleanup-wim command. If that doesn't work, we can try and restart our machine. If that doesn't work we can try and use another mount folder. If that does not work, we have to clear all our temporary directories, and also in Registry browse to "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWIMMountMounted Images" and delete any keys below this. Errors can occur because of various reasons, like corrupt drivers, viruses, etc. We should always have a backup of our image, because our images could get corrupt when we are working with it. Figure 110 - ImageX Cleanup Command Now let's try to mount our image using DISM again. This time everything works as expected.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 73 Figure 111 - Mounting Completed Successfully Once the mounting is complete let's verify that the changes we made are still there. Let's browse to our mount folder. Figure 112 - Mount Folder As we can see on the picture, our 'info' folder and 'Read me' text file are there. Now, DISM gives us a bit more options. We can use DISM with the /get-mountedwiminfo parameter to see all mounted images. Figure 113 - Mounted Wim Info
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 74 If we had more than one image mounted we would see them all. We can also use DISM to check the edition of the mounted image. To do that we would enter the command: dism /image:c:imagesmount /get- currentedition. The /image parameter specifies the mounted image we want to check, and /get- currentedition is used to check mounted edition. Figure 114 - Check Mounted Edition Notice that the current edition is Ultimate. We can also use the /get-drivers parameter to see any installed third-party drivers in the mounted image. Figure 115 - Get Drivers In our case there is only one third-party driver in the driver store. Using DISM we can add drivers or even remove drivers from the image. Next, we can also use the /get-features parameter.
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM 75 Figure 116 - Get Features Using /get-features parameter we can view all available features on the edition of Windows that has been mounted. We can see the feature name and the status (enabled or disabled). Unmounting Once we are done working with the image, we can unmount our image using the /unmount-wim parameter. We have to specify the mount directory with the /mountdir: parameter. Also, we can use either the /commit parameter (which will save the changes that we made to our image), or use the /discard parameter if we don't want to save our changes. In our case we will not save any changes. The command is: dism /unmount-wim /mountdir:c:imagesmount /discard. We should exit the mount folder before we unmount it. Figure 117 - Unmounting Completed Successfully Image was unmounted, changes were discarded and files were closed.
www.utilizewindows.com Deployment Creating WinPE Using WAIK for Windows 7 76 Creating WinPE Using WAIK for Windows 7 Before you start Objectives: learn how to create WinPE CD which includes ImageX, by using WAIK for Windows 7, so you can capture and deploy Windows 7 images. Prerequisites: you have to have WAIK tools installed on your system. You also have to know how to mount and unmount images using ImageX. Key terms: image, winpe, iso, imagex, mount, deployment, cmd, oscdimg Running Deployment Tools CMD As you already know, we have to have WAIK installed on our system. WAIK contains Deployment Tools CMD which we will use to create our WinPE ISO. To run Deployment Tools CMD go to Start > All Programs > Microsoft Windows AIK > Deployment Tools Command Prompt. Creating WinPE ISO Deployment Tools Command Prompt will automatically take us to the PETools folder. Here we will run 'copype' command, and specify 32bit system (with x86), and specify a folder where our WinPE will be saved (in our case C:wpe). The command looks like this: 'copype x86 c:wpe'. Figure 118 - copype Finished Successfully
www.utilizewindows.com Deployment Creating WinPE Using WAIK for Windows 7 77 Once the files are copied we are automatically transferred to the c:wpe folder. Let's see the content of that folder using the 'dir' command. Figure 119 - wpe Folder Content In our C:wpe folder we see that we have ISO folder, which is the folder that we will burn to an image. Also we have default winpe.wimfile, and we have etfsboot.com file (which is boot manager). The next step is to open wimpe.wim image file and copy files that we want into that image. The main thing that we want to copy to winpe.wim is the ImageX tool. To do that we will open second command prompt with elevated privileges (right-click CMD, then select 'Run as administrator'). In that second CMD we will go to the 'c:program fileswindows aiktools' folder. Use the 'dir' command to check the content of that folder. What we need to do next is use the ImageX command to mount the c:wpe folder. Before we do that we have to create a folder to mount it to. In our case we will create c:wpem folder. Figure 120 - wpem Folder Created ImageX for 32bit systems is located in the 'x86' folder, so we will open it. Next, we will use ImageX command with /mountrw switch. /mountrw will make our mount readable and writable. We will also choose our winpe.wim file, boot the first installation in it (option 1), and choose our output folder (c:wpem). The final command looks like this: 'imagex /mountrw c:wpewinpe.wim 1 c:wpem'.
www.utilizewindows.com Deployment Creating WinPE Using WAIK for Windows 7 78 Figure 121 - Mounting Process The content from the c:wpe folder was mounted to the c:wpem folder. When the mount is complete we can browse to the c:wpem folder and see the content of the image. Figure 122 - wpem Folder Now we have to copy ImageX from the 'C:Program FilesWindows AIKToolsx86' folder to our 'c:wpem' folder. Figure 123 - ImageX Copied Now we can unmount the image and commit changes. Remember that we can also copy other data, tools, drivers or anything else that we want to have available once we boot up with that WinPE image. To unmount the image let's go to the command prompt and run the following command: 'imagex /unmount /commit c:wpem'.
www.utilizewindows.com Deployment Creating WinPE Using WAIK for Windows 7 79 Figure 124 - Committing Changes and Unmounting What really happened is that the content of the c:wpem folder (mount) was saved to the windows image. Image was then unmounted and saved to the winpe.wim file. Next, we are going to copy c:wpewinpe.wim file to the c:wpeISOsources folder and change the name to boot.wim. We can do this using Windows Explorer. The 'sources' folder of every Windows 7 installation contains two important files: install.wim and boot.wim. The boot.wim is for booting the DVD and starting the installation. Install.wim stores the actuall installation files. At this poing we can create ISO image from our prepared folder. The WAIK has a tool called oscdimg (Operating System CD Image) creator which we can use to create ISO images from data on our hard drive. Let's go back to Deployment Tools Command Prompt and run the oscdimg command. We will specify -n for long file names, specify the source folder, specify destination file, and also specify the boot files which will be included in the boot sector (-b), so that our image will be bootable. The whole command is: 'oscdimg -n c:wpeiso c:wpewinpe.iso - b"c:wpeetfsboot.com'. Figure 125 - oscdimg Complete Once the ISO image is complete we can burn it to a CD or DVD, which we can then use to boot our computer from.
www.utilizewindows.com Deployment Windows 7 Image Capture Demonstration 80 Windows 7 Image Capture Demonstration Before you start Objectives: learn how to capture Windows 7 image using ImageX tool. Prerequisites: we have to have WinPE media prepared, which includes ImageX tool which we will use to capture Windows image. Our reference computer should already be installed and ready to be captured. Key terms: image, sysprep, capture, partition, imagex, winpe, diskpart, reference Preparing the Reference System (Sysprep) Before we capture our reference computer image, we should run Sysprep tool on it. Sysprep.exe prepares the Windows image for capture by cleaning up various user and computer specific settings, as well as log files. Let's say that in our case the reference installation is complete and ready to be imaged. Now we will use the sysprep command with the /generalize option to remove hardware-specific information from the Windows installation, and the /oobe option to configure the computer to boot to Windows Welcome upon the next restart. You can run the Sysprep tool from a command prompt by typing: 'c:windowssystem32sysprepsysprep.exe /oobe /generalize /shutdownIn'. Alternatively, if we run the Sysprep GUI in audit mode, we can use these options:  Enter System Out Of Box Experience (OOBE) (from the System Cleanup Action list)  Check the Generalize option  Shutdown (from the Shutdown Options list)  Click OK Runnin WinPE Our referenced computer is now prepared and turned off. Now we need to boot that computer using WInPE CD which we created earlier. WinPE runs from the command line. It boots the system with a limited version of Windows 7, which provides disk access and limited networking support. It has two different architectures: a 32-bit version and a 64-bit version. The version must match the intended installation version of Windows 7. Once we enter WinPE we can go to the root folder so that we can run ImageX which we copied earlier.

Utilize windows 7

Recommended

More Related Content

Slideshows for you(15)

Similar to Utilize windows 7(20)

Recently uploaded(20)

Utilize windows 7