Professional Documents
Culture Documents
Remote Access and Mobile Computing - 50292 PDF
Remote Access and Mobile Computing - 50292 PDF
Section Objectives
Section Overview
Windows 7 remote access technologies are valuable tools for the distributed workplace. These
tools help you connect remote workers to your branch office as well as connect to other
Windows 7 devices for helpdesk type duties. Microsoft also provided the RSAT for
Windows 7 RC. Using this suite of tools, administrators can use their Windows 7 workstations to
manage their remote servers with all of the necessary tools like the Active Directory Domain
Services utilities. This section explores the available remote access technologies that are present
and available with Windows 7 as well as some features that are brand new and only function
within a Windows Server 2008 R2 environment.
8-2
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
This topic defines the VPN features of the Windows 7 operating system and describes how to
configure a new VPN connection and how to set up an incoming VPN session.
What Is a VPN?
VPN is a method for securely gaining access to a private network. Once connected, the client
appears as if it has a local connection. Windows 7 supports the following VPN protocols:
8-4
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
The Windows 7 VPN wizards are available from the Network and Sharing Center, which you can
access from the Network and Internet category in Control Panel. This topic describes the steps to
establish a new VPN connection.
In the Network and Sharing Center, click the Set up a new connection or network link and select
the Connect to a workplace option. The wizard is very intuitive, provided that you know which
configurations you want to make. You will most likely use Group Policy to distribute this
connection information to those who need it, or you can create connections with the CMAK v1.3
utility, which works well with Windows 7. The bottom line is that you want to avoid manually
configuring hundreds of Windows 7 VPN clients, if at all possible. Giving detailed directions to
your users is also not the answer.
Select the Connect to a workplace option to establish a VPN connection to your corporate
network. If VPN connections are already available, the system prompts you to either use one of
the existing connections or create a new one.
The system prompts you to either connect to the VPN over the Internet or dial the private network
via a phone line. Next, you need to type the server name or IP address of the VPN server to which
you need to connect.
8-6
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Provide Credentials
The User name and Password text boxes follow standard Active Directory conventions for user
name entry. You may use the UPN (joe@hq.local) format, or use the domain\user (HQ\Joe)
format.
After configuring the VPN connection object with the user name and password, the system creates
the connection and displays it in the Network Connection window of Control Panel. The
connection is configured, but one main item is left out of the wizard process: the security
parameters for the VPN connection. You must go back and enter the properties of the VPN
connection object and configure the security.
If the security information is set up incorrectly, the client will not connect to the VPN server. Pay
attention to the designated error codes. They help you to troubleshoot problems. Some of the error
codes that you may encounter include the following:
732: Your computer and the remote computer could not agree on the PPP control
protocols.
718: The connection timed out waiting for a valid response from the remote computer.
734: The PPP link control protocol was terminated.
736: The remote computer terminated the control protocol.
919: The connection could not be established because the authentication protocol used
by the RAS/VPN server to verify your user name and password could not be matched
with the settings in your connection profile.
Note
Windows 7 does not support the MS-CHAPv1 authentication methods.
After the connection is created, you can use it at any time by opening the list of network
connections in the Network and Sharing Center or by clicking the Network icon in the
notification area.
This topic explains how to set up and view the status of an incoming VPN session on a Windows 7
device by creating a new incoming connection, modifying protocols and services settings, viewing
the connection status, and opening the new VPN connection.
8-8
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Creating a new incoming connection is not straightforward as creating an outbound VPN session.
There is no standard link for creating the inbound connection within the Network and Sharing
Center. To see the New Incoming Connection option, open the Network and Sharing Center and
click the Change Adapter Settings link. Press the ALT key to view the File menu. On the File
menu, select the New Incoming Connection option.
The first window prompts you for the names of the users that should be allowed to connect to the
VPN server.
You can modify the protocols and services available through the VPN server for greater security.
Typically, most connections need the IPv4 protocol and the File and Printer Sharing for Microsoft
Networks service.
After creating the connection, view the status of incoming sessions in the list of network
connections by opening the Network and Sharing Center and selecting the Change adapter
settings link. You can also disconnect the incoming connection from here.
8-10
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Windows 7 Remote Access and Mobile Computing
Windows 7 DirectAccess
Windows DirectAccess is a new technology that may make VPN technology obsolete. Windows
DirectAccess is a remote access tool that allows secure connections over the Internet without using
a VPN connection.
With VPN, just like DirectAccess, a remote user can to connect over the Internet and access
resources inside the corporate network, but the similarities end here. With VPN, the back-end
server must be set up and managed along with the connections. The VPN process is also a costly
process to manage. With VPN other issues exist as well. For example, many businesses have
visitors that need to connect to their own corporate offices to place orders or send e-mail. These
visitors try to establish a secure VPN connection, only to find out that firewalls block their
connection or they simply cannot connect.
With DirectAccess, the entire corporate network file shares, intranet Web sites, and any LOB
applications remain accessible wherever the user is if an available Internet connection exists.
This topic describes DirectAccess, the benefits of DirectAccess and its DirectAccess requirements
for servers, clients, and networks. It also describes the process of installing and configuring
DirectAccess.
DirectAccess Explained
8-12
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
DirectAccess Benefits
Works flawlessly with Terminal Services RemoteApp and the AppLocker features.
Provides enhanced network security. DirectAccess supports authentication at the
computer level and the user level.
Supports multifactor authentication with various technologies so you can easily deploy
smart card or thumbprint scanners as a second level of authentication before users are
allowed to connect to the DirectAccess mechanism in place.
DirectAccess technology secures the transmission by using IPv6 over IPSec. This mechanism
encrypts communications transmitted across the Internet, a volatile network. The communication
stream has real traffic-shaping mechanisms built in. This allows only traffic destined for the
corporate network to pass through to the Windows Server 2008 R2 DirectAccess server. With
advanced configurations, the administrator can choose to send all the communication through the
DirectAccess Windows Server 2008 R2 device, if necessary.
Helpful Hint
One of the other major benefits of the DirectAccess process is that you
can force updates down to the Windows 7 and Windows Vista devices
without waiting for them to connect to the VPN. Many companies pass
down updates as the client computers connect to the corporate VPN
server. The problem is that you cannot tell exactly when the client
computers will connect to the VPN server. Some client computers
connect daily and some connect once every two months. With
Windows DirectAccess, you can force updates anytime your client
computers connect to the Internet. The client computer negotiates and
connects even before the user logs on. You can configure a message
telling users that an update is being installed on their device from the
corporate office or the updates can happen behind the scenes.
DirectAccess Requirements
8-14
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Firewall exceptions are required on the Internet facing firewall on the DirectAccess server. The
following exceptions are necessary:
Installing DirectAccess
Configuring DirectAccess
Due to the variety of services and additional configuration that is necessary, the Windows
Server 2008 R2 DirectAccess technology is a complex technology to set up. However, after
performing the initial configuration, ongoing management is relatively easy, except for occasional
updates. You do not have any complex VPN connection objects to create or to manage. You need
some simple certificates and a client that is already embedded within the Windows 7 operating
system to complete the installation and configuration.
The Windows Server 2008 R2 provides the DirectAccess Management Console for managing the
DirectAccess processes and server-side configurations. From this console, you can see if issues
exist with the DirectAccess services and configurations or client connections.
8-16
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Remote Desktop
This topic describes the features and enhancements of Remote Desktop. Figure 253 lists the
subjects described in this topic.
Remote Desktop provides a user with the ability to remotely connect to his or her Windows 7
computer desktop. The connection is very fast and allows for an experience that is just like sitting
at the desktop of the physical computer.
Remote Desktop performs very well even over slower WAN connections. The Remote Desktop
service is highly optimized for displaying Windows content, and uses compression technology to
reduce bandwidth consumption.
Remote Desktop is not a true remote control type product. The desktop of the remote device will
go to a locked workstation console when a remote user is connected.
Helpdesk and other administrative users constantly connect to users devices to fix simple issues
and to make routine configurations. Windows 7 provides the latest RDP connection utility known
as RDPv7. The RDPv7 connection utility fully supports Windows 7 Aero, as well as, all Direct2D
and Direct3D 10.1 applications. You no longer have to use a single monitor. You can have your
workstation monitor that displays your helpdesk clients and an external monitor that shows the
desktop of the users device to which you are connected.
Behind the scenes, the RDP client is redesigned to give you better performance over a variety of
network connections as well as better multimedia performance with several key multimedia
enhancements. The enhancements include support for the following:
Streaming media
Media Foundation
DirectShow
Low latency audio playback
Bidirectional audio
8-18
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
RemoteFX is a new technology included with Windows Server 2008 R2 SP1 and Windows 7 SP1.
It is designed to enhance the visual capabilities of Remote Desktop clients connected to a
Windows 7 virtual device running on Hyper-V R2 SP1. RemoteFX allows for 3D graphics
capabilities, OpenGL, full motion video, and USB redirection support. The server requires a
DirectX 10.0 capable graphics card and supports two to four clients per GPU depending on
resolution. Microsoft based RemoteFX on technology it acquired with the purchase of Calista
Technologies.
Using RemoteFX USB redirection, USB devices can be installed and used in the remote VDI
session. Also with RemoteFX USB redirection, many devices like scanners, multifunction
printers, webcams, and others can be used in the virtual device via the RDP session.
For all of the RDPv7 connection features to work, you have to enable remote access to and from
your devices by navigating to Control Panel, System and Security, System, and clicking the
UAC-protected Remote tab.
The Remote tab displays options for two types of remote access: Remote Assistance and Remote
Desktop. Remote Assistance allows you to configure access for users accessing your devices using
the invitation framework provided by Windows 7. With Remote Desktop, you can select the types
of connections users can make. For example, you can allow connections with older versions of
RDP clients, or you can set up a more secure environment and let users connect only if they have
the newest RDP connection utility, which uses network level authentication.
Note
Users that connect must be members of the RDP users group or they
must be administrators who already have membership within the RDP
users group.
8-20
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
If your connection to the remote device fails, one of the first things you should check after you
check the remote settings is the firewall. If the firewall is blocking port 3389, the RDP cannot
establish a connection to a remote device. Depending on the type of firewall you are using, you
may have to create an incoming and outgoing rule allowing the passage of port 3389.
If you are using the Windows Firewall, you can simply create an exception for the RDP by
choosing the appropriate firewall exception for Remote Assistance or Remote Desktop and then
choosing the network category on which you need the protocol.
Note
Make sure that you understand the ramifications of opening firewall
ports. Also, close any and all ports that you will not be using. This
ensures that your network is as safe as possible.
The following topics explain how to create a connection to a Remote Desktop server.
Once you configure Remote Desktop Connection settings in Windows 7, you can launch the
RDPv7 Connection utility and create a connection to another device. To access the utility, you can
type remote or mstsc.exe in the Search box or click Start, All Programs, Accessories, and
Remote Desktop Connection.
The RDP Connection utility contains six tabs: General, Display, Local Resources, Programs,
Experience, and Advanced.
8-22
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
General Settings
Use the General tab to configure the connection-specific information, such as the computer name
and the user name that you use to connect to the device. The Computer field can contain an
FQDN, an IP address, or a NetBIOS name if you are using WINS. You can also save the
connection information you create to an RDP file, which can be used by other devices or used at a
later time.
Display Settings
Use the Display tab to begin the configuration for what Microsoft calls the Desktop Experience.
Using the Display tab, you can do the following:
Configure the display resolution of the connection. You can set the display resolution
to higher or lower by using the slider bar.
Select to use all of your monitors for the remote connection by selecting the Use all my
monitors for the remote session check box.
Configure the number of colors that are displayed over the connection.
Note
Higher resolutions and colors do require more resources. The rule is to
keep the configuration to a minimum to preserve the resources of the
connection.
8-24
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Windows 7 Remote Access and Mobile Computing
Use the Local Resources tab to configure which local resources are available during the remote
session to the remote device. For example, if you want to transmit sounds that are generated on the
remote device over the network to your device, click the Remote Audio Settings button and make
the correct selection. You can also choose to record remote audio from the remote device over the
network to your device.
In the Keyboard area, you can configure the behavior of your keyboard when you use multiple
key combinations such as CTRL+ALT+DELETE. You can configure the multi-keystroke to
toggle your local computer or the key combination to activate a process on the remote device.
In the Local devices and resources area, you can configure the devices and resources that are
available in your remote sessions, such as printers and the Windows keyboard. With the More
button, you can choose smart cards, ports, local drives, and other PnP devices.
Programs Settings
The Programs tab within the Remote Desktop Connection dialog box allows users to configure an
application that they want to start automatically after a remote desktop connection is established.
This option is often used within a call center environment. These clients connect to a terminal
server, and their call center application starts automatically after a successful log on.
8-26
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Experience Settings
Use the Experience tab to toggle on or off the items that can slow the desktop connection down
because of the rendering of excessive data over the connection. You can allow or disallow the
following options:
Desktop background
Font smoothing
Desktop composition
Show window contents while dragging
Menu and window animation
Visual styles
Persistent bitmap caching
You can also choose the connection speed of the network. The Choose your connection speed to
optimize performance drop-down list contains the following choices:
Advanced Settings
Use the Advanced tab to secure connections to authenticated servers with the server
authentication options. If a server authentication fails, the connection has three behavior options:
Warn me
Connect but dont warn me
Do not connect
You can also configure the connection behavior for devices that are connecting remotely outside
the network through a remote desktop or TS Gateway server. Use the Settings button to enter the
required connection information or tell Windows 7 to automatically discover the settings.
8-28
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Gateway Settings
Using the Remote Desktop Gateway feature, you can set up a server as a gateway to other Remote
Desktop hosts. The connection is very secure, operating over an SSL connection using port 443 by
default. You can use this in lieu of a VPN connection for accessing RDP servers on a private
network.
Windows 7 takes into account that laptops, notebooks, and other portable computers have a
completely different set of requirements than desktop computers. Windows 7 contains many new
features for the mobile computer users.
Previously, portable computers were treated as if they were desktop computers that folded up and
had batteries. Microsoft has changed its approach with Windows 7 and portable computers. This
new philosophy led to many changes such as faster boot and shutdown times and extended battery
preservation times. A major focus of Windows 7 is drivers.
With Windows Vista, faulty drivers do not allow a computer to efficiently go into sleep mode.
This causes a great amount of battery drainage on the system. With Windows Vista, computers
have problems moving from a suspended state to an awake state, connecting to projectors with 4:1
aspect ratios, switching between Wi-Fi networks in real time, and issues with power management.
Microsoft dealt with all of these issues with the Windows 7 operating system.
This topic describes the power management features of Windows 7, including power options,
power plan settings, custom power plans, the Windows 7 Mobility Center, and the battery meter.
8-30
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Power Options
To access the power options, navigate to Control Panel, Hardware and Sound, and click the
Power Options link. The Power Options window contains two power options, as opposed to
Windows Vista, which had three power plans. The two power plans are Balanced
(recommended) and Power saver. These plans toggle the power plan settings between a
performance and an energy savings power plan. Options to customize these plans are available
both manually and through the use of Group Policy from the Windows Server 2008 R2 server.
More advanced power management settings are available through Group Policy. You can
configure power management settings such as adaptive display brightness settings, reserve battery
notification level, and automatic sleep with open network files. Now administrators can decide
which settings to enforce and which to configure as default settings that users can later modify.
By default, Windows 7 is configured to turn off a computers display after 10 minutes and to put
the computer to sleep after 30 minutes. To change these settings, navigate to Control Panel,
Hardware and Sound, Power Options, and Edit Plan Settings. Figure 270 shows the Edit Plan
Settings window and the Advanced Settings tab in the Power Options dialog box.
8-32
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Use the following recommendations as guidelines for the Hybrid sleep settings.
Hard disk Turn off hard disk Set it to at least one minute before the computer is set
to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and the
display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to On.
Sleep Hibernate after Set it to at least one minute before the computer is set
to sleep and at least one minute after the Sleep after
setting.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is set
to sleep. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 271: Hybrid Sleep Settings
Hibernate Settings
Windows 7 provides hibernation as a power-saving state that saves your open documents and
programs to your hard drive and then turns your computer off. Use the following
recommendations as guidelines for the hibernate settings.
Hard disk Turn off hard disk after Set it to at least one minute before the computer is set to
sleep.
Sleep Sleep after Set it to Never.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to at least one minute after the hard disk and the
display are set to turn off.
Power buttons and lid Start menu power Set it to Hibernate.
button
Display Turn off display after Set it to at least one minute before the computer is set to
hibernate. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 272: Hibernate Settings
Display Settings
After a computer is inactive for 10 minutes, by default the monitor is set to turn off. To change the
default display settings, go to Control Panel, Hardware and Sound, Power Options, Edit Plan
Settings, and click the Turn off the display drop-down menu. Remember to pass these settings
down and lock them through the Group Policy.
Sleep Settings
You can also change the Sleep mode settings to protect your data. To access the settings, go to
Control Panel, Hardware and Sound, Power Options, Edit Plan Settings, and click the Put
the computer to sleep drop-down list.
Use the following recommendations as guidelines for the Sleep settings. You should pass these
settings down to your clients so that you have a consistent power management configuration
throughout the enterprise. Sleep mode protects any open documents and programs by committing
them to RAM. The sleep process then puts the computer into a low-power state. If you lose power
to the computer, you also lose the information stored in memory.
Hard disk Turn off hard disk Set it to at least one minute before the computer is
after set to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and
the display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to Never.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is
set to sleep. You should set the display the same as
the hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to
prevent the multimedia from waking up the computer.
Figure 273: Sleep Settings
8-34
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Certain conditions and hardware require a completely unique power profile. If that is the case,
you may have to create a completely new custom power plan. Follow these steps to create a new
power plan.
1. In Control Panel, click the Power Options link.
2. In the Power Options window, click the Create a power plan link. The Create a power
plan window appears.
3. Select one of the three options:
Balanced (recommended)
Power saver
High performance
4. Follow the prompts to configure the power plan.
5. Give the power plan a name and save it.
The plan is now available for you to use from the Power Options window. Also, the settings are
stored and protected in the registry.
The Windows Mobility Center utility is a one-stop location for configuration items that are
pertinent to notebooks, laptops, and tablet computers. The configuration items include:
Display
Audio for the speakers
Battery and power plan options
Wireless networking
External displays
Windows synchronization settings
Presentation settings
8-36
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Battery Meter
With previous desktop operating systems, the low battery user interface often showed the wrong
status. Windows 7 contains a new interface that provides more timely and accurate information
about the status of the battery.
When the battery is down to 7 percent power, a warning message displays. The message does not
go away until you take some action. The low battery threshold is also configurable.
In Windows 7, the notifications are more visible and occur more frequently than in previous
desktop operating systems. All of these low battery indications and settings are also configurable
using the Windows Server 2008 Group Policy.
Using the Offline Files and Folders technology, a user can access files on a server over the
network, yet have those files cached locally on his or her Windows 7 computer in the event he or
she disconnects from the network. With this features, server-based files become usable when the
person is traveling and network connectivity is not available.
Windows 7 carries over the Offline Files and Folders utility from older Windows versions. The
utility is available when you install Windows 7. You need to configure your servers to support
offline files and folders and you need to configure which files you want available offline on
the client.
8-38
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Use the Offline Files dialog box to make additional changes to the synchronization settings. You
can access the offline files settings by opening the Sync Center from Start, All Programs, and
Accessories.
Another way to access the offline settings you want to control and manage is by typing offline at
the Start menu Search box.
The Offline Files dialog box contains four tabs: General, Disk Usage, Encryption, and Network.
These tabs are used to:
You can set the offline process to check the network bandwidth at a pre-determined time interval.
The default is five (5) minutes. Once a slow network is detected, your device works offline as if
you are not connected to the network. This cuts down on unnecessary bandwidth usage. Once the
network speed has increased, you are automatically placed back in an online status and
synchronization updates the network location with any bit-level changes that may have happened
while you were working offline.
You can also force your device to work online if you are working offline by using the Windows
Explorer to navigate to the mapped drive and clicking the Work Online button. You are then put
in an online status and the clock resets to five (5) minutes before the offline process checks for a
slow network.
To make a file or folder available offline, right-click the file or folder in Windows Explorer and
select the Always available offline option. The data synchronizes with the local resource. When
users disconnect from the network, a second synchronization occurs and any bit-level changes are
copied to the computer that is disconnecting. Users are then free to disconnect and leave the office.
The cached data remains active on the laptop or other mobile computer and is available as needed,
even as the device disconnects from the network.
8-40
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
The Windows 7 Sync Center is a central location where you can view synchronization progress,
and resolve any synchronization conflicts or errors.
The Sync Center has been around since the introduction of Windows Vista. Use the Sync Center
for the following tasks:
Monitor and manage all types of synchronization between the Windows 7 operating
systems and devices.
Manage the synchronization between the mapped drives and the Windows 7 devices.
Manage the synchronization of e-contacts with a PDA.
Manage the synchronization of MP3 players and other audio devices that are used by
the Windows Media Player.
Drive the offline files mechanism and the configurations you make to the offline file
process.
To access the Sync Center, go to Control Panel and click the Sync Center link.
You can easily review the results of your synchronizations with your devices and your offline
files. To view the synchronization results, click the View sync results link in the Sync Center
window.
Acronyms
The following acronyms are used in this section:
2D two dimensional
3D three dimensional
AD CS Active Directory Certificate Services
CMAK Connection Manager Administrator Kit
CRL certificate revocation list
DNS Domain Name System
EAP-MSCHAP Microsoft Challenge-Handshake Authentication Protocol version 2)
FQDN fully qualified domain name
GPU graphics processing unit
HTTPS Hypertext Transfer Protocol Secure
ICMP Internet Control Message Protocol
IKEv2 Internet Key Exchange version 2
IP Internet Protocol
IPSec IP Security
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
ISATAP Intra-Site Automatic Tunnel Addressing Protocol
Kbps kilobyte per second
L2TP Layer 2 Tunneling Protocol
LAN local area network
LOB line of business
Mbps megabytes per second
MS-CHAP Microsoft Challenge Handshake Authentication Protocol
NAP Network Access Policy
NetBIOS Network Basic Input/Output System
PDA personal digital assistant
PKI public key infrastructure
PnP Plug and Play
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
RAM random access memory
RAS Remote Access Service
RC Release Candidate
RDP Remote Desktop Protocol
RSA Rivest, Shamir, and Adleman
8-42
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Section Review
Summary
Windows 7 supports the following VPN protocols:
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.
The DirectAccess benefits include the following:
Provides always-on connectivity
Provides seamless connectivity
Provides bidirectional access
Contains improved security
Provides an integrated solution
Works flawlessly with Terminal Services RemoteApp and AppLocker features
Provides enhanced network security; supports authentication at the computer level
and the user level
Supports multifactor authentication with various technologies
Secures the transmission by using IPv6 over IPSec
The features of the Remote Desktop version 7 utility include the following:
Windows 7 users can access the console of another Windows 7 or Windows
Server 2008 machine.
The remote desktop looks exactly like the local desktop.
Connection is incredibly fast on a LAN.
Performance is very good even on a WAN connection.
Provides seamless access to local devices and resources.
Takes Over the desktop session of the remote computer
To allow Remote Desktop to communicate through Windows Firewall, choose either
the Remote Assistance or Remote Desktop option and then choose the network type.
Windows 7 contains three standard power management plans::
Balanced (recommended): Balances the computer performance with energy
consumption
Power saver: Saves energy by reducing computer performance
High performance: Increase computer performance by consuming more energy.
With properly configured offline files and folders settings, you can access and work
with individual files or complete folders that are stored on the network when you are
not connected to the network or when the server is unavailable. To enable the offline
feature:
1. Right-click the item.
2. Select the Always available offline option.
8-44
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
You can configure the following offline settings in the Offline Files dialog box:
o General: View and disable offline files or automatically synchronize offline
files.
o Disk Usage: View and change the size of the offline file store.
o Encryption: Protect the files in the offline file store from unwanted users.
o Network: Adjust the synchronization behavior of offline files during slow
network times.
Knowledge Check
1. Does Windows 7 provide a VPN connection object within the Windows 7 Accessibility location in
Control Panel?
2. To allow Remote Desktop to communicate through the Windows 7 Firewall, you must create an
incoming and outgoing rule allowing the passage of port 3389.
a. True
b. False
3. For each power plan, write a brief description in the space provided.
Power saver:
Balanced:
5. Does Windows 7 RDP support the Aero initiative across TCP/IP networks?
7. When configuring the sleep mode settings for your laptop, what should you set the Start menu
power button to?
8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
8-46
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
Windows 7 Remote Access and Mobile Computing
8-48
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL
8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
The DirectAccess Management Console must be installed using the Server Manager.
10. List the VPN technologies that are supported by Windows 7.
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.
8-50
Administering
Adminnistering
and Maintaining Windows 7
Global
Gloobal Knowledge Training LLC L
LL