Post on 11-Nov-2015
description
This e-book is a collection of articles originally published on http://www.utilizewindows.com. Check for the
latest version of this e-book: http://www.utilizewindows.com/e-books
This e-book is published under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported
License. To view a copy of this license: http://creativecommons.org/licenses/by-nc-sa/3.0
If you would like to contact us: http://www.utilizewindows.com/contact-us
If you would like to support us: http://www.utilizewindows.com/about-us
Disclaimer: While we at the Utilize Windows strive to make the information in this book as timely and accurate
as possible, we make no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the
contents of this book, and expressly disclaim liability for errors and omissions in the contents of this book.
Microsoft Windows 7 is registered trademark of Microsoft Corporation in the United States and/or other
countries.
Contents Basics ........................................................................................................................................................................................ 1
Introduction to Windows 7 .............................................................................................................................................. 1
Creating a Windows 7 USB Installation Source ........................................................................................................... 4
Upgrading to Windows 7 - Overview ............................................................................................................................ 9
Migrating to Windows 7 using WET ............................................................................................................................ 10
Migrating to Windows 7 using USMT ......................................................................................................................... 15
Networking ............................................................................................................................................................................ 21
Configuring IPv4 in Windows 7 .................................................................................................................................... 21
Configuring IPv6 in Windows 7 .................................................................................................................................... 25
Internet Connection Sharing (ICS) Configuration in Windows 7 ........................................................................... 28
Working With Wireless Network Connections in Windows 7 ................................................................................ 32
Working with Windows Firewall in Windows 7 ......................................................................................................... 38
Configuring Windows Firewall with Advanced Security in Windows 7 ................................................................. 43
Configuring BranchCache in Windows 7 .................................................................................................................... 51
Creating a VPN Connection in Windows 7 ................................................................................................................ 55
DirectAccess Feature in Windows 7 ............................................................................................................................. 59
Deployment ........................................................................................................................................................................... 62
Preparing for Windows 7 Image Capture .................................................................................................................... 62
Mounting and Unmounting Windows 7 Image Using ImageX and DISM ........................................................... 66
Creating WinPE Using WAIK for Windows 7 .......................................................................................................... 76
Windows 7 Image Capture Demonstration................................................................................................................. 80
Windows 7 Image Deployment Demonstration ........................................................................................................ 85
Managing Existing Windows 7 Images ........................................................................................................................ 91
Servicing Windows 7 Image Using DISM ................................................................................................................... 98
Applying Updates to Windows 7 Image Using DISM ............................................................................................ 105
Creating Virtual Hard Disk (VHD) using Disk Management in Windows 7 ...................................................... 108
Creating Virtual Hard Disk (VHD) using Diskpart in Windows 7 ....................................................................... 113
Management ........................................................................................................................................................................ 117
Advanced Driver Management in Windows 7 .......................................................................................................... 117
Staging a Driver in Windows 7 .................................................................................................................................... 125
Using Disk Management and Diskpart to Mange Disks in Windows 7 ............................................................... 128
Disk Quotas in Windows 7 .......................................................................................................................................... 136
Disk Defragmenter Tool in Windows 7 .................................................................................................................... 140
Removable Storage and System Security in Windows 7.......................................................................................... 142
Application Compatibility Issues in Windows 7 ....................................................................................................... 144
UAC Configuration in Windows 7 ............................................................................................................................. 148
Configuring Security Zones in Windows 7 ............................................................................................................... 151
Printer Configuration in Windows 7 .......................................................................................................................... 160
Configuring Power Options in Windows 7 ............................................................................................................... 165
Configuring Offline Files in Windows 7 .................................................................................................................... 172
Managing Services in Windows 7 ................................................................................................................................ 177
Using msconfig in Windows 7 ..................................................................................................................................... 183
Event Viewer in Windows 7 ........................................................................................................................................ 188
Monitoring Performance in Windows 7 .................................................................................................................... 196
Using WinRS and PowerShell for Remote Management in Windows 7 .............................................................. 207
Configuring and Using Remote Desktop in Windows 7 ........................................................................................ 212
Remote Assistance in Windows 7 ............................................................................................................................... 223
System Recovery in Windows 7 .................................................................................................................................. 231
Security ................................................................................................................................................................................. 239
Credential Manager in Windows 7 .............................................................................................................................. 239
Running Apps as Different Users with Run As in Windows 7 ............................................................................. 245
User Account Policies in Windows 7 ......................................................................................................................... 250
Editing NTFS Permissions in Windows 7 ................................................................................................................. 254
Advanced Sharing Settings in Windows 7 ................................................................................................................. 264
Working With Shared Folders in Windows 7 ........................................................................................................... 269
HomeGroups in Windows 7 ........................................................................................................................................ 276
Configuring Auditing in Windows 7 ........................................................................................................................... 280
Encrypting File System in Windows 7 ....................................................................................................................... 285
Configuring BitLocker in Windows 7 ........................................................................................................................ 294
Configuring BitLocker to Go in Windows 7 ............................................................................................................ 300
Windows Defender in Windows 7 .............................................................................................................................. 305
Optimization ........................................................................................................................................................................ 310
Monitoring Resources in Windows 7 ......................................................................................................................... 310
Using Reliability Monitor in Windows 7 .................................................................................................................... 321
Visual Effects and Paging File Options in Windows 7 ........................................................................................... 326
Configuring WSUS and Other Update Options in Windows 7 ............................................................................. 339
Setting Up Backup in Windows 7 ............................................................................................................................... 344
Restoring Data from Backup in Windows 7 ............................................................................................................. 354
www.utilizewindows.com Basics Introduction to Windows 7
1
Basics Introduction to Windows 7 Before you start
Objectives: learn about main features in each Windows 7 edition and what minimum hardware requirements
are
Prerequisites: no prerequisites.
Key terms: windows 7 editions, starter, home basic, home premium, professional, enterprise, ultimate,
hardware requirements, processor architecture.
Windows 7 Editions There are six different Windows 7 editions:
Starter Home Basic Home Premium Professional Enterprise Ultimate
Starter
Windows 7 Starter edition does not support DVD playback, Windows Aero user interface, IIS Web Server,
Internet connection sharing, or Windows Media Center. It also does not support advanced, new features like
AppLocker, Encrypting File System, DirectAccess, BitLocker, BranchCache, and Remote Desktop Host. It
supports only one physical processor.
Home Basic
Window 7 Home Basic does not support domains, Aero user interface, DVD playback, Windows Media
Center, or IIS Web Server. It also does not support enterprise features such as EFS, AppLocker, DirectAccess,
BitLocker, Remote Desktop Host, and BranchCache. It supports only one physical processor. The x86 version
supports a maximum of 4 GB of RAM, whereas the x64 version supports a maximum of 8 GB of RAM.
Home Premium
Windows 7 Home Premium supports the Windows Aero UI, DVD playback, Windows Media Center, Internet
connection sharing, and the IIS Web Server. It does not support domains and it does not support enterprise
features such as EFS, AppLocker, DirectAccess, BitLocker, Remote Desktop Host, and BranchCache. The x86
version of Windows 7 Home Premium supports a maximum of 4 GB of RAM, whereas the x64 version
supports a maximum of 16 GB of RAM. Windows 7 Home Premium supports up to two physical processors.
www.utilizewindows.com Basics Introduction to Windows 7
2
Professional
Windows 7 Professional supports all the features available in Windows Home Premium, and it also supports
domains. It supports EFS and Remote Desktop Host but does not support enterprise features such as
AppLocker, DirectAccess, BitLocker, and BranchCache.
Enterprise
Windows 7 Enterprise and Ultimate Editions support all the features available in all other Windows 7 editions
but also support all the enterprise features such as EFS, Remote Desktop Host, AppLocker, DirectAccess,
BitLocker, BranchCache, and Boot from VHD. Windows 7 Enterprise and Ultimate editions support up to
two physical processors. Windows 7 Enterprise is available only to Microsoft's volume licensing customers, and
Windows 7 Ultimate is available from retailers and on new computers installed by manufacturers.
Although some editions support only one physical processor, they do support an unlimited number of cores on
that processor. For example, all editions of Windows 7 support quad-core CPUs. We can use Remote Desktop
to initiate a connection from any edition of Windows 7, but we can connect to computers running Windows 7
Professional, Windows 7 Ultimate, or Windows 7 Enterprise. We can't use Remote Desktop Connection to
connect to computers running Windows 7 Starter, Windows 7 Home Basic, or Windows 7 Home Premium.
Hardware Requirements Windows 7 Starter and Windows 7 Home Basic have the following minimum hardware requirements:
1 GHz 32-bit (x86) or 64-bit (x64) processor 512 MB of system memory 20-GB (x64) or 16-GB (x86) hard disk drive, traditional or Solid State Disk (SSD), with at least 15 GB
of available space
Graphics adapter that supports DirectX 9 graphics and 32 MB of graphics memory
Windows 7 Home Premium, Professional, Ultimate, and Enterprise editions have the following minimum
hardware requirements:
1 GHz 32-bit (x86) or 64-bit (x64) processor 1 GB of system memory 40-GB hard disk drive (traditional or SSD) with at least 15 GB of available space Graphics adapter that supports DirectX 9 graphics, has a Windows Display Driver Model (WDDM)
driver, Pixel Shader 2.0 hardware, and 32 bits per pixel and a minimum of 128 MB graphics memory
32-bit versus 64-bit Windows 7 supports two different processor architectures: 32-bit (x86) version, and 64-bit (x64) version. The
main limitation of the x86 version of Windows 7 is that it does not support more than 4 GB of RAM. It is
possible to install the x86 version of Windows 7 on computers that have x64 processors, but the operating
www.utilizewindows.com Basics Introduction to Windows 7
3
system will be unable to utilize any RAM that the computer has beyond 4 GB. We can install the x64 version
of Windows 7 only on computers that have x64-compatible processors. The x64 versions of Windows 7
Professional, Enterprise, and Ultimate editions support up to 128 GB of RAM. The x64 version of Windows 7
Home Basic edition supports 8 GB and the x64 edition of Home Premium supports a maximum of 16 GB.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source
4
Creating a Windows 7 USB Installation Source Before you start
Objectives: learn how to create USB installation source by using tools available on your PC.
Prerequisites: you have to have a Windows 7 installation DVD and a USB storage device with at least 4 GB
of free space.
Key terms: command prompt, elevated mode, usb drive preparation, diskpart, diskpart commands, bootable
usb drive, windows 7 installation, source
Procedure Before we begin keep in mind that during this process USB flash drive will be completely erased, so we have to
make sure that we save any data that it contains. In our example we have a Windows 7 installation DVD
present in our D drive, and a USB flash drive available trough drive E, as shown on the picture.
Figure 1 - Computer Drives
1. Open Command Prompt (CMD)
We will be working with Command Prompt in elevated mode. You can find CMD in: Start menu > All
Programs > Accessories > Command Prompt. To open CMD in elevated mode, right-click on the
Command Prompt and select 'Run as administrator'. Click Yes to confirm.
Figure 2 - Run CMD as Administrator
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source
5
We know that we are running CMD in elevated mode because we have the 'Administrator' in the name of the
CMD window.
Figure 3 - Administrator: Command Prompt
2. Prepare USB drive
We will open the command line utility called diskpart, which is used to manage partitions and drives. To do
that we will simply enterdiskpart in CMD.
Figure 4 - Diskpart
Next, we will enter: list disk. With this command we can view all the available disks on our computer.
Figure 5 - List Disk
In our example, Disk 0 is the hard drive. We know that because the size of our internal hard disk is 40GB. The
size of our USB flash drive is 4 GB (3875 MB to be more precise). To work with USB drive we need to select
it. To do that, in our case, we have to type in: select disk 1.
Figure 6 - Select Disk 1
After the selection we will clean the USB drive. We have to wipe out any partition information and anything on
it. To do that we will type in: clean.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source
6
Figure 7 - Clean
After the cleaning, notice that, if we browse to the Computer, our USB drive now changed. There is no info
shown about the free space.
Figure 8 - USB drive in Windows Explorer
Now we need to create the partition on our USB drive. To do that, in Command Prompt we will enter: create
partition primary.
Figure 9 - Create Partition Primary
After that we will format our new partition with the FAT32 as our file system. To do that we will enter: format
fs=fat32 quick.
Figure 10 - Format
Now, we need to mark our new partition as active. To do that we will enter: active.
Figure 11 - Active
Now we have a USB drive with an active partition. To use it as the installation source we also have to make it
bootable. As we will see, we will run the bootsect command to copy the boot manager information that
Windows 7 requires to perform the install, to our USB drive. Then we will have to copy the entire content of
the Windows 7 DVD to the USB drive. To do all that, first we need to exit from Diskpart. In CMD enter: exit.
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source
7
Figure 12 - Exit
In our example, Windows 7 installation DVD is in the D drive. In the D drive, in the folder called 'Boot', there
is a program called 'bootsect'. We will run it with the '/NT60' parameter and we will also specify the drive
letter of our USB drive. This will copy the the boot manager files to our USB drive. The command, in our case,
looks like this: d:\boot\bootsect /NT60 e:.
Figure 13 - Bootsect
As we can see, our E drive was updated with all the necessary boot manager information that Windows 7 needs
to boot of the USB drive.
3. Copy DVD Content to USB Drive
The last step is to copy all files from the Windows 7 DVD to our USB drive.
Figure 14 - Copy Content from DVD to USB
www.utilizewindows.com Basics Creating a Windows 7 USB Installation Source
8
Once the copy is complete, our USB drive is ready for use. Of course, on the computer on which we want to
perform the installation, we have to go to the BIOS and make sure that the USB device is selected to boot
from. After that the installation will be the same as if we were installing from a DVD.
www.utilizewindows.com Basics Upgrading to Windows 7 - Overview
9
Upgrading to Windows 7 - Overview Before you start
Objectives: learn which Windows versions can be upgraded to Windows 7.
Prerequisites: you should know about different ways to install Windows.
Key terms: edition, version, upgrade, platform, hardware requirements
Different Editions Edition upgrades can only be performed from a lower edition to a higher edition. It can be performed using
installation media or using the Windows Anytime Upgrade. Windows Anytime Upgrade was introduced in
Windows Vista and it allows us to purchase an edition upgrade for the operating system over the Internet.
Keep in mind that we cannot upgrade 32-bit edition to 64-bit edition of Windows and vice-verca.
Different Platforms To change or migrate to a different platform (32-bit or 64-bit) we can use the Wipe-and-Load or Side-by-side
migration of Windows 7 or use multi boot. We will be required to migrate user data and application settings
between the two installations. This is not upgrade, but migration.
Previous Windows Versions Windows 7 only supports upgrades from computers running Windows Vista with Service Pack 1 installed.
Windows XP installations cannot be upgraded to Windows 7. If we want to upgrade from Windows XP, first
we need to upgrade to Windows Vista SP 1 and then to Windows 7.
Hardware Requirements Before upgrading we need to have at least 15 GB of free hard drive space. Windows Vista and Windows 7 in
general have the same hardware requirements. To check for hardware incompatibilities we can use Windows 7
Upgrade Advisor tool that will inform us of any device or software incompatibilities that our computer might
have. Before running Upgrade Advisor it is recommended to connect all devices to the computer, such as
printers, scanners, cameras and other devices that we will be using on Windows 7.
Recommendations It is recommended to perform full backup of existing installation in case the upgrade fails. Also we should
ensure that we have proper product keys available for Windows or any application or game that is installed on
existing installation.
The biggest benefit in upgrading from an existing installation to Windows 7 is that the users settings and
applications are preserved.
www.utilizewindows.com Basics Migrating to Windows 7 using WET
10
Migrating to Windows 7 using WET Before you start
Objectives: learn where to find WET, how to run it and which options to use in different situations.
Prerequisites: you have to be familiar with migration terms and utilities.
Key terms: wet, migwiz, migration, user profile, example, location, transfer, account
Running Windows Easy Transfer (WET) In Windows 7 we can run WET by going to Start > All programs > Accessories > Systems Tools >
Windows Easy Transfer. This will actually open migwiz.exe file which is located
in %windir%\system32\migwiz\ folder. We can also find migwiz.exe on every Windows 7 installation
DVD. Just browse to the [DVDdrive]\support\migwiz\ folder and search for migwiz.exe. That is our
Windows Easy Tranfer tool. We can copy migwiz folder to another location, for example, on a network share
to be easily accessible from all computers on the network.
The first thing we have to do is run WET on the source installation to gather all data. Although Vista already
has a migration tool built in, we have to use newer version of WET because we will migrate to a newer system,
which is Windows 7. The same thing is when migrating from XP. Because of that, we will use the Windows 7
installation DVD, which contains newer WET, on our Vista machine and run the migwiz.exe. We have to have
administrative rights to run WET. The following window will appear:
Figure 15 - WET Tool
www.utilizewindows.com Basics Migrating to Windows 7 using WET
11
As we can see on the picture, we can use WET utility to transfer user accounts, their documents, pictures,
movies, videos etc. Notice that we can not transfer applications. On the next screen we can choose where to
save our data.
Figure 16 - How to Transfer and Location
We can use a special "type A to type A" USB cable which is also called Easy Transfer Cable. It is used to
connect two computers together. We can also transfer data over network by establishing a TCP/IP connection.
The third option is to store data on a removable media, local hard disk, network share or a mapped drive. In
our example we will select third available option. On the next screen we have to select which computer we are
using.
Figure 17 - Computer Selection
This is our old computer. It is Vista computer so we only have one option. When we select it, the tool will scan
for all available user accounts on our machine.
www.utilizewindows.com Basics Migrating to Windows 7 using WET
12
Figure 18 - Available Accounts
Once the scan is complete we can see that it detected one profile (ivancic) and Shared Items. In our example
we will only select "ivancic" account and click Next. On the next screen we can set the password for the data
that will be exported.
Figure 19 - Password
In our example we will leave password empty and click Save. On the next screen we can choose where to save
our files.
www.utilizewindows.com Basics Migrating to Windows 7 using WET
13
Figure 20 - Migration Location
Remember that we could easily browse to a network location and save our migration data there. That way the
data would be available for every computer on the network. In our example we will save our data on a local
hard disk, to c:\migration folder.
Figure 21 - Saving Data
www.utilizewindows.com Basics Migrating to Windows 7 using WET
14
Our data will be exported with a MIG extension. Now we can copy it to a new Windows 7 computer and run it
by double clicking it or by running migwiz and then importing it.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
15
Migrating to Windows 7 using USMT Before you start
Objectives: learn where to find USMT and which commands you can use to gather user profiles from source
installation and then apply them to the destination installation. This is demo on how to use USMT to migrate user
profiles from old to new Windows installation (XP to 7 in this case). Although here you can see all steps required to do migration
completely, for more advanced usage of all USMT options you will have to read USMT documentation.
Prerequisites: you have to be familiar with migration concepts in general and with tools which you can use.
Key terms: usmt, user profile, scanstate, loadstate, command, account, cmd, syntax, source, destination
Running USMT on Source Computer USMT is a part of Windows AIK, but it can also be downloaded from Microsoft website as a standalone
application. The thing is, since we will migrate users from XP, we have to have USMT on XP machine. There
are two ways to put USMT on XP. First would be to download UMST from Microsoft site and install it.
During te installation you can choose the installation folder, which you have to remember. The second way
implies that you have Windows AIK installed on your Windows 7 machine. USMT will be located
in C:\Program Files\Windows AIK\Tools\USMT\x86 folder (if you have x64 system you have to use x64
version) which contains all the files needed for user migration. We can copy this folder to a network share to
make it always available. For this demonstration we will simply copy USMT folder to the C: drive of our
Windows XP machine. Tools that we are going to use (scanstate and loadstate) are command line tools, so
the first thing we need to do is run Command Prompt (CMD) on our XP machine. In CMD we have to go to
our newly created USMT folder, so we will enter the command: cd c:\usmt\x86
Figure 22 - USMT Folder in CMD
Now, we want to copy all users from Windows XP to Windows 7. To do that, first we need to
run scanstate tool on the Windows XP. To check which parameters must be provided to the scanstate tool
simply enter scanstate in CMD.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
16
Figure 23 - Scanstate Syntax
We can see that the syntax is: scanstate [Options]. In this demo we will save all data locally
in c:\usmt\users folder, so lets create a migration store by entering the following command: scanstate
c:\usmt\users. This command will gather information about all user accounts on this machine and save it in
the c:\usmt\users folder. It is possible to modify this command to select which account to include or exclude.
In our case it gathered information about 8 users.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
17
Figure 24 - Scanstate Success
Destination Computer Once the scanstate is complete we can switch to the destination computer which is Windows 7 in our case.
Now, we need to remember where we saved users from the source machine. The best thing would be to use a
network share so we can access those resources from any computer on the network. For the purpose of this
demonstration we have copied gathered user profiles which were exported to thec:\usmt\users folder on the
Windows XP machine, to the c:\usmt\users folder on the Windows 7 machine. Also, we have
copied x86folder which contains USMT, to the c:\usmt folder on Windows 7 machine. The first thing we
need to do on destination computer is to run elevated CMD. To do that, right-click CMD and select 'Run as
administrator'. Next, we need to get to the c:\usmt\x86 folder, so we will enter the command: cd
c:\usmt\x86. Next, to load users that we exported from Windows XP, we will use that loadstate tool. Let's
enterloadstate in CMD.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
18
Figure 25 - Loadstate Syntax
We can see that the syntax for the loadstate command is loadstate [options]. To load user
accounts we will enter the command: loadstate c:\usmt\users /lac. The /lac option means that we want to
create local accounts that do not exist on our destination computer. If accounts already existed we would not
have to use the /lac switch because the information would be migrated to existing accounts. Now, because we
did not provide passwords for accounts that were migrated, they will be created as disabled. Once all accounts
are created, the migration data is copied.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
19
Figure 26 - Loadstate Success
Some often used options for the scanstate and loadstate commands are:
/i - includes the specified XML-formatted configuration file to control the migration /ui - migrates specified users data /ue - excludes the specified users data from migration /lac - creates a user account if the user account is local and does not exist on the destination computer /lae - enables the user account created with the '/lac' option /p /nocompress - generates a space-estimate file called Usmtsize.txt
Once the migration is complete we can go to the Computer Management to verify new accounts.
www.utilizewindows.com Basics Migrating to Windows 7 using USMT
20
Figure 27 - New Accounts
As we can see, new accounts were created but they are disabled. Disabled accounts have an icon with an arrow
pointing down. To enable an account right-click it, go to Properties, in General tab uncheck the 'Account is
disabled' option and then click Apply.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7
21
Networking Configuring IPv4 in Windows 7 Before you start
Objectives: Learn how to configure IPv4 settings on Windows 7 machine by using GUI and how to
troubleshoot connectivity in command line.
Prerequisites: you should know all about IPv4 address and about different ways to apply network settings.
Key terms: IPv4, network, address, connection, IP, settings, case, center, ping
Network and Sharing Center To configure TCP/IP settings in Windows 7 we have to go to the Network and Sharing Center which is
located in Control Panel. The shorter way to get to the Network Center is to click the networking icon in the
Notification area and select the "Open Network and Sharing Center" option.
Figure 28 - Network Center Shortcut
The Network Center will show us many options, but the one section we are particularly interested in is "Active
networks". In our case we already our network connection configured, and we are connected to the "intranet"
at our workplace.
Figure 29 - Active Networks
To see the details about that connection we can simply click its name, which is "Local Area Connection" in our
case. To see the details about that specific connection we can click on the Details button.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7
22
Figure 30 - Connection Details
Notice that our connection currently uses DHCP to get the required information about the network
connection. We already have our IPv4 address, subnet mask, DNS server. Notice that we can also see the
"DHCP Enabled" option which is set to "Yes", and we can also see the IP address of the DHCP server. To
change network settings we can click the Properties button. The new window will open on which we have to
select which item we want to configure. In this case we will select the "Internet Protocol Version 4
(TCP/IPv4)" protocol, since we want to change IPv4 address.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7
23
Figure 31 - IPv4 Selected
When we click the Properties button again, we will be able to enter new IPv4 settings. Notice that currently we
have the "Obtain an IP address automatically" option selected.
Figure 32 - IPv4 Properties
This means that our computer will use DHCP to get the connection information. To enter the information
manually we can simply select the "Use the following IP address" option. In our case we want our computer to
always use the same IP address, so we will enter 192.168.1.145 as an IPv4 address, 255.255.255.0 as the subnet
mask, 192.168.1.1 as our default gateway, and we will use the 10.10.1.2 as our DNS server. Our configuration
now looks like this.
www.utilizewindows.com Networking Configuring IPv4 in Windows 7
24
Figure 33 - IPv4 Configured
To check if our connection works we should try to communicate with another host on the network. To do that
we can use the "ping" tool in command line. Let's try and communicate with the default gateway (192.168.1.1).
Figure 34 - Ping
In our case everything works fine. If we have trouble communicating with another host, we can try and ping
our own IP address, which is 192.168.1.145 in our case. If that does not work, we should try and ping the local
loopback address which is 127.0.0.1, which will check if the the IPv4 stack is properly installed. To check you
IP address and subnet mask we can use the "ipconfig /all" command. If everything seems OK, but the "ping"
action still does not work when we try to communicate with another host on the network, we should check our
firewall settings. In Windows Firewall with Advanced Security, in Inbound Rules section, we have to make
sure that "File and Printer Sharing (Echo Request - ICMPv4-In)" rule allows communication.
www.utilizewindows.com Networking Configuring IPv6 in Windows 7
25
Configuring IPv6 in Windows 7 Before you start
Objectives: Learn where and how to configure IPv6 properties in Windows 7.
Prerequisites: you should know what is IPv6 and about different types of IPv6.
Key terms: IPv6, address, network, configured, center, connection, link-local, bits, details, global-id
Network and Sharing Center To configure TCP/IP settings in Windows 7 we have to go to the Network and Sharing Center which is
located in Control Panel. The shorter way to get to the Network Center is to click the networking icon in the
Notification area and select the "Open Network and Sharing Center" option.
Figure 35 - Network Center Shortcut
The Network Center will show us many options, but the one section we are particularly interested in is "Active
networks". In our case we already our network connection configured, and we are connected to the "intranet"
at our workplace.
Figure 36 - Active Networks
To see the details about that connection we can simply click its name, which is "Local Area Connection" in our
case. To see the details about that specific connection we can click on the Details button.
www.utilizewindows.com Networking Configuring IPv6 in Windows 7
26
Figure 37 - Connection Details
Notice that we already have Link-local IPv6 Address configured. Link-Local address is similar to the APIPA
address in IPv4. Link-local IPv6 address always starts with "fe8". If we see a Link-local address configured on
our machine, that means that our computer was not able to contact the DHCPv6 server. To change our
network settings we can click the Properties button. The new window will open on which we have to select
which item we want to configure. In this case we will select the "Internet Protocol Version 6 (TCP/IPv6)"
protocol, since we want to change the IPv6 address.
Figure 38 - IPv6 Selected
www.utilizewindows.com Networking Configuring IPv6 in Windows 7
27
By default, our computer is configured to obtained the IPv6 address automatically. In this tutorial we will try to
assign a Unique-Local IPv6 address to our host. Unique-Local addresses are similar to private addresses in
IPv4. Unique-Local address always starts with "fc" or "fd" (first 8 bits). The next 40 bits represent the "global-
id", and the next 16 bits represent the "subnet-id". The remaining 64 bits represent a host. The "global-id" part
will represent our organization, while we can use the "subnet-id" to create multiple subnets. The "global-id"
part should be randomly generated, but in our case we will simply choose some random "global-id" and the
"subnet-id". So, our example Unique-Local address will be: FCAB:BEBC:ABAC:0100::1000. The default
subnet prefix length is 64.
Figure 39 - IPv6 Configured
Let's now go to the command line and check our settings by using the "ipconfig" command.
Figure 40 - ipconfig Command
Notice that now we have our IPv6 address configured, but the Link-local address also remained intact. That
means that our computer basically has two configured IPv6 addresses that can be used for communication.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7
28
Internet Connection Sharing (ICS) Configuration in Windows 7 Before you start
Objectives: Learn how to enable and configure ICS in Windows 7.
Prerequisites: you should already know what is ICS in general.
Key terms: network, computer, ICS, connection, Internet, private, enable, server, address, IP, port, settings,
Windows 7
How to Enable ICS The computer on which we want to enable ICS has to have two network connections. One network
connection has to be connected to the public network (Internet), and another connection has to be connected
to our private network (LAN). To manage network connections on Windows 7, we can go to Control Panel >
Network and Internet > Network Connections. In our case, on our computer we have two Network
Interface Cards which provide two network connections. One connection is called "Internet", and another is
called "Local Area Connection".
Figure 41 - Connections
So, we want to share our Internet connection from this computer with other computers which are located on
our LAN. Internet connection is typically connected to a cable modem, a DSL modem, etc. Local Area
Connection is typically connected to a Switch on our local (private) network. On that Switch we will typically
have other computers connected.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7
29
Figure 42 - Example Schema
To enable ICS, we will select our Internet connection, go to its properties, and select the Sharing tab. Here we
will select the "Allow other network users to connect trough this computer's Internet connection" option. This
will basically enable ICS on this computer. In our case we will uncheck the "Allow other network users to
control or disable the shared Internet connection" option.
Figure 43 - Sharing Tab
If we click the Settings button, we will be able to control some basic firewall settings. This way we can quickly
enable some basic services that we want to be accessible from the Internet trough our ICS computer. As you
can see, when we enable ICS, our computer starts to act as a router and a NAT device.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7
30
Figure 44 - Advanced Settings
For example, let's say that we have a web server on our private network and that we want to make it publicly
accessible. The host name of the web server is "web-server". To configure this, we will select "Web Server
(HTTP)" from the list of services and click the Edit button. We will enter the name of the computer "web-
server". We could also enter the IP address of the computer.
Figure 45 - Web Server Port Forwarding
Notice that other settings can't be changed (port is 80). Note that we can only do this for one computer on the
same port. This is considered port forwarding. We can add other or the same services, but they have to use
different ports. With this configured, when someone on the public network tries to access our public IP
address together with the port 80, that request fill be forwarded to the "web-server" computer on our private
network.
www.utilizewindows.com Networking Internet Connection Sharing (ICS) Configuration in Windows 7
31
When the ICS is enabled, our network connections will automatically be configured with some specific settings.
First, the Local Area Connection will be configured with the 192.168.137.1 IP address. With ICS, our computer
automatically becomes the gateway for computers on our private network, and the gateway address will be the
address of the LAN interface of the ICS computer. ICS computer will also start to hand out IP addresses and
other information to computers on our private network (it will become the DHCP server). This is why it is
important that the computers on the private network are DHCP enabled. We can use commands "ipconfig
/release" and "ipconfig /renew" to obtain new configuration from the ICS server. If we see an IP address
which starts with "169.254.", this means that the computer was not able to contact the DHCP server.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
32
Working With Wireless Network Connections in Windows 7 Before you start
Objectives: Learn how to create Ad Hoc wireless network and how to work with infrastructure wireless
networks in Windows 7.
Prerequisites: you should have a basic understanding of wireless networks.
Key terms: network, wireless, ad hoc, connect, security, connection, option, windows 7, SSID
Ad Hoc Networks To create an Ad Hoc wireless network we have to go to the Network and Sharing Center in Control Panel. In
the Network and Sharing Center we will click on the "Set up a new connection or network" option. On the
next window we have to select the "Set up a wireless ad hoc (computer-to-computer) network" option.
Figure 46 - Ad Hoc Network Option
The next thing we need to do is to specify the name of our network and choose the security type. For ad hoc
networks, the available security types are Open, WEP and WPA2-Personal. Remember that WPA2-Personal is
a lot more secure than WEP, so we should always use WPA2 if all devices support it. In our case we will
choose WPA2-Personal, so we also have to specify the security key.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
33
Figure 47 - Network Settings
The purpose of the ad hoc network is to provide temporary wireless network access for devices in close
proximity, without the need of wireless access point. On the next screen we will also be able to turn on Internet
connection sharing. This is because our computer is also connected to the wired network which has Internet
connection, so we can share that Internet connection with the clients on the ad hoc network if we want.
Figure 48 - Network Created
At this point other devices will be able to find and connect to our wireless ad hoc network. If we click on the
network icon in the System Tray, we can see that our ad hoc network is waiting for users.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
34
Figure 49 - Waiting for Users
Note that the icon used for ad hoc network has three computers connected in triangle, while the infrastructure
networks have bars as the icon. One other thing that we should remember about ad hoc networks is that they
will be removed once all users disconnect from it. Also, users who connect to the ad hoc network are not able
to save it in the list of wireless networks.
If we don't enable Internet connection sharing, users which connect to our ad hoc network will not get their IP
address automatically from the DHCP. If you have experience with IP addressing, you will know that in this
case the devices will automatically use some address from the APIPA range, and this will actually work. We can
also specify the IP address on every device manually (this also includes the computer on which we set up the ad
hoc network). However, if we enable Internet connection sharing in the first place, all devices will get their IP
address from the DHCP server on the computer on which we have created the ad hoc network.
Infrastructure Wireless Networks The process of connecting to wireless networks with access points is really simple in Windows 7. We simply
click on the network icon in the System Tray, select the available wireless network and click on the Connect
button.
Figure 50 - Available Wireless Networks
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
35
In our case we are connecting to a network which is using WPA2-Personal security standard, so we have to
provide the password to gain access to the wireless network.
Figure 51 - Network Security Key
So, when we enter the correct security key we will connect to the network, and that's it. Now, sometimes the
SSID of the wireless network is not being broadcasted. To connect to that kind of network we have to create
the wireless network profile manually. To do that we have to go to the Network and Sharing Center, and select
the "Set up a new connection or network" option. In the window we have to select the "Manually connect to a
wireless network" option.
Figure 52 - Manual Configuration
On the next screen we have to specify the SSID (network name), security type, encryption type and the security
key. We also have to select the "Connect even if the network is not broadcasting" option. This will ensure that
our computer will connect to the network which has SSID broadcasting disabled. Note that we have to know
all those settings before we start connecting.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
36
Figure 53 - Network Profile
Now, if we go to the Network and Sharing Center, and then select the "Manage wireless networks" option, we
will see our newly created network listed.
Figure 54 - Network Management
Here we will also see any other network that we have previously connected to. Here we can delete all those
wireless networks or modify them. Have in mind that we can't modify the SSID of the existing network here. If
the SSID is changed, we have to delete the old network and create a new one.
One other thing that we should have in mind is the Profile Type. If we click on the Profile Type button in the
"Manage wireless networks" window, we will be able to choose the type of profile to assign to new wireless
networks.
www.utilizewindows.com Networking Working With Wireless Network Connections in Windows 7
37
Figure 55 - Profile Type
Have in mind that by default all wireless networks created on the computer can be used by all users. However,
we can set up the per-user profile configuration. This way users can create connections that can only be
accessed and modified by them (per-user).
Troubleshooting The stronger wireless signal means the better wireless performance. There are several thing that we can do to
ensure proper wireless signal in our network. First, we have to ensure that all clients are in the range of our
wireless access point. To improve the range we can implement additional antennas or signal boosters in our
wireless network. Also, some physical object may cause obstructions and interference. Another option is to
install additional access points. This will increase the coverage of our wireless network.
Some devices will cause interference with our wireless network. Those devices are cordless phones,
microwaves, Bluetooth devices, or any other device with radio signal. We should move those devices away
from our AP. Also, we should always ensure that the wireless channel used in our network is not overlapping
with another channel.
Windows 7 includes many troubleshooting tools that can be used to troubleshoot wired and wireless networks.
For example, we can use a Network Diagnostics tool to diagnose the connection issues. When troubleshooting
wireless networks with this tool, the first thing we should do is try to connect to the AP, and then run the
Network Diagnostics tool.
The most common problem with wireless networks is the wrong configuration. So, the first thing we should do
is to ensure that we have configured the correct SSID and WEP/WPA keys.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7
38
Working with Windows Firewall in Windows 7 Before you start
Objectives: Learn where to find and how to work with Windows Firewall in Windows 7.
Prerequisites: you should know what firewall is in general.
Key terms: firewall, Windows, network, program, allowed, configure, feature, location, service
Firewall in Windows 7 Windows 7 comes with two firewalls that work together. One is the Windows Firewall, and the other
is Windows Firewall with Advanced Security (WFAS). The main difference between them is the complexity
of the rules configuration. Windows Firewall uses simple rules that directly relate to a program or a service. The
rules in WFAS can be configured based on protocols, ports, addresses and authentication. By default, both
firewalls come with predefined set of rules that allow us to utilize network resources. This includes things like
browsing the web, receiving e-mails, etc. Other standard firewall exceptions are File and Printer
Sharing, Network Discovery, Performance Logs and Alerts, Remote Administration, Windows Remote
Management, Remote Assistance, Remote Desktop, Windows Media Player, Windows Media Player Network
Sharing Service.
With firewall in Windows 7 we can configure inbound and outbound rules. By default, all outbound traffic is
allowed, and inbound responses to that traffic are also allowed. Inbound traffic initiated from external sources
is automatically blocked.
Sometimes we will see a notification about a blocked program which is trying to access network resources. In
that case we will be able to add an exception to our firewall in order to allow traffic from the program in the
future.
Windows 7 comes with some new features when it comes to firewall. For example, "full-stealth" feature blocks
other computers from performing operating system fingerprinting. OS fingerprinting is a malicious technique
used to determine the operating system running on the host machine. Another feature is "boot-time filtering".
This features ensures that the firewall is working at the same time when the network interface becomes active,
which was not the case in previous versions of Windows.
When we first connect to some network, we are prompted to select a network location. This feature is know as
Network Location Awareness (NLA). This features enables us to assign a network profile to the connection
based on the location. Different network profiles contain different collections of firewall rules. In Windows 7,
different network profiles can be configured on different interfaces. For example, our wired interface can have
different profile than our wireless interface. There are three different network profiles available:
Public
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7
39
Home/Work - private network Domain - used within a domain
We choose those locations when we connect to a network. We can always change the location in the Network
and Sharing Center, in Control Panel. The Domain profile can be automatically assigned by the NLA service
when we log on to an Active Directory domain. Note that we must have administrative rights in order to
configure firewall in Windows 7.
Configuring Windows Firewall To open Windows Firewall we can go to Start > Control Panel > Windows Firewall.
Figure 56 - Windows Firewall
By default, Windows Firewall is enabled for both private (home or work) and public networks. It is also
configured to block all connections to programs that are not on the list of allowed programs. To configure
exceptions we can go to the menu on the left and select "Allow a program or feature through Windows
Firewall" option.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7
40
Figure 57 - Exceptions
To change settings in this window we have to click the "Change settings" button. As you can see, here we have
a list of predefined programs and features that can be allowed to communicate on private or public networks.
For example, notice that the Core Networking feature is allowed on both private and public networks, while
the File and Printer Sharing is only allowed on private networks. We can also see the details of the items in the
list by selecting it and then clicking the Details button.
Figure 58 - Details
If we have a program on our computer that is not in this list, we can manually add it by clicking on the "Allow
another program" button.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7
41
Figure 59 - Add a Program
Here we have to browse to the executable of our program and then click the Add button. Notice that we can
also choose location types on which this program will be allowed to communicate by clicking on the "Network
location types" button.
Figure 60 - Network Locations
Many applications will automatically configure proper exceptions in Windows Firewall when we run them. For
example, if we enable streaming from Media Player, it will automatically configure firewall settings to allow
streaming. The same thing is if we enable Remote Desktop feature from the system properties window. By
enabling Remote Desktop feature we actually create an exception in Windows Firewall.
www.utilizewindows.com Networking Working with Windows Firewall in Windows 7
42
Windows Firewall can be turned off completely. To do that we can select the "Turn Windows Firewall on or
off" option from the menu on the left.
Figure 61 - Firewall Customization
Note that we can modify settings for each type of network location (private or public). Interesting thing here is
that we can block all incoming connections, including those in the list of allowed programs.
Windows Firewall is actually a Windows service. As you know, services can be stopped and started. If the
Windows Firewall service is stopped, the Windows Firewall will not work.
Figure 62 - Firewall Service
In our case the service is running. If we stop it, we will get a warning that we should turn on our Windows
Firewall.
Figure 63 - Warning
Remember that with Windows Firewall we can only configure basic firewall settings, and this is enough for
most day-to-day users. However, we can't configure exceptions based on ports in Windows Firewall any more.
For that we have to use Windows Firewall with Advanced Security, which will be covered in another article.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
43
Configuring Windows Firewall with Advanced Security in Windows 7 Before you start
Objectives: Learn how to create new rules in Windows Firewall with Advanced Security. We will create
outbound rule in this example, but the principle is the same for the inbound rules.
Prerequisites: you have to know what firewall is in general.
Key terms: rule, IP, address, firewall, port, remote, screen WFAS, example, access, option, outbound
Windows Firewall with Advanced Security (WFAS) As you should know, with WFAS we have more granular control when compared to ordinary Windows
Firewall which is also available in Windows 7. To open WFAS, simply start entering "windows firewall" in
search and select "Windows Firewall with Advanced Security" option.
Figure 64 - Open WFAS
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
44
Once we open WFAS we will see a list of rules. Rules are divided to the Inbound, Outbound and Connection
Security rules. Notice that there is a lot of predefined rules that we can use. Some of them are enabled, and
some of them are disabled. Each rule can be disabled/enabled for the different network profile (domain,
private, public). We can also see the application that the rule relates to, the action, the protocol that is used,
local and remote address, the local and remote port, allowed users and allowed computers.
Figure 65 - Rules
To restrict access to our computer we would edit the Inbound rules. To restrict users to access remote
resources, we would go to the Outbound rules section. This is what we will do in this example. For the purpose
of this demo we will block users on our local computer to access the www.utilizewindows.com site. So, to add
a new rule, we can right-click on the Outbound rules section, all click on the New Rule option from the menu
on the right side of the window.
Figure 66 - New Rule Option
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
45
On the first screen we can choose to create rules based on programs, ports or use a predefined rule. We can
also create a custom rule, which we will do in our example.
Figure 67 - Custom Rule Option
On the next screen we can specify if this rule applies to all programs or only to a specific program. For
example, here we could choose only specific Web Browsers. We could also apply this rule to specific services
only. For the purpose of this demo we will choose the "All programs" option and click Next.
Figure 68 - Programs
On the next screen we have to choose the right protocols and ports. For this, you have to know about different
networking protocols and their specific ports. For example, to access web sites our Web Browsers use HTTP
protocol. HTTP protocol uses TCP transport layer protocol, on port 80 by default. When configuring the
Outbound rule, it is more important to configure the Remote port. The local port is actually auto-generated
when the connection gets established, and it is used as a return path. Because of that, we don't have to enter it
here. The remote port is the port we are connecting to. For the remote port we will use the specific port 80.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
46
Figure 69 - Protocols
On the next screen we have to choose the IP addresses that this rule applies to. For the local IP address we can
choose the "Any IP address" option or choose to enter specific IP address. In this case this is not important
since this rule will only be applied to the local machine. However, if we were to configure this rule trough
Group Policy and push it down to our machines, we would then have to specify the specific IP addresses that
this rule should be applied to.
Figure 70 - IP Address
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
47
If we click on the Customize button we can also select which interfaces this rule applies to. By default it will be
applied to all interfaces, but we can choose to only apply it to wired or wireless interfaces, or to remote access
sessions.
Figure 71 - Interface Types
The important thing to configure is the remote IP addresses to which this rule applies to. So, we have to know
the IP address of the www.utilizewindows.com site. To get the IP address we will try and PING it in the
command line.
Figure 72 - Ping
We got the reply and now we know that the IP address is 192.232.223.73. Let's click on the Add button and
enter the IP address.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
48
Figure 73 - IP Address Specified
Notice that in this window we can also enter the whole subnet, the range of IP addresses, or some predefined
set of computers (WINS servers, DHCP servers, DNS servers, or local subnet computers. When we click OK,
our screen now looks like this.
Figure 74 - IP Address Entered
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
49
On the next screen we choose the action we want to be performed for this rule. In our case we will block the
connection.
Figure 75 - Action
On the next screen we have to choose the network profile that this rule applies to. The default is all profiles.
Figure 76 - Profile
On the next screen we enter the name of our rule and a brief description.
Figure 77 - Name
When we click Finish, we will see our new rule in the list.
www.utilizewindows.com Networking Configuring Windows Firewall with Advanced Security in Windows 7
50
Figure 78 - Rule Created
When we try to browse to the www.utilizewindows.com now, we will see something like this.
Figure 79 - Site Blocked
Bigger organizations often use multiple IP addresses assigned to multiple servers which all serve the same web
site. For example, facebook.com uses several ranges of IP addresses, and in order to block facebook.com we
have to enter all those IP addresses (or ranges) in our outbound firewall rule in order to block access to
Facebook, for example.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7
51
Configuring BranchCache in Windows 7 Before you start
Objectives: Learn how to enable and configure BranchCache using Group Policy or command line (netsh
command).
Prerequisites: you have to know what BranchCache is.
Key terms: BranchCache, Windows, Group Policy, command line, netsh
Prerequisites Remember, before we can use BranchCache feature on our local computer, we have to have a BranchCache
enabled server. This means that the BranchCache feature has to be installed on the server. This can be done by
using the Add Features Wizard.
Figure 80 - Add Feature Wizard in Windows Server 2008 R2
Also, we have to go to the properties of shared folder on the server, go to the Sharing tab, click on the
Advanced Sharing button, and then click on the Caching button. We will see a window like this.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7
52
Figure 81 - Offline Settings for Shared Folder
Note that the Enable BranchCache option is checked.
BranchCache Configuration in Group Policy To configure our Windows 7 machine for BranchCache, we have to run a set of commands. We can either use
Local Group Policy editor or the command line. To open Group Policy editor, we can enter gpedit.msc in
search. In Group Policy editor, we can configure policies related to BranchCache in Computer Configuration >
Administrative Tools > Network > BranchCache.
Figure 82 - BranchCache Policies
Keep in mind that if we configure BranchCache in Group Policy, we have to manually configure Windows
Firewall with Advanced Security settings. This includes Inbound and Outbound rules.
www.utilizewindows.com Networking Configuring BranchCache in Windows 7
53
Figure 83 - Inbound Firewall Rules
Figure 84 - Outbound Firewall Rules
If we configure BranchCache from the command line, firewall rules will be automatically enabled for us.
BranchCache Configuration in Command Line To configure BranchCache in command line (cmd), we will first run it as Administrator. For example, to enable
BranchCache in distributed mode we would enter the "netsh branchcache set service mode=distributed"
command.
Figure 85 - netsh branchcache Command
Notice that the firewall rules are enabled, and service start type is set to manual (which is the right type). To
check the status of BranchCache on computer we can enter the "netsh branchcache show status".
Figure 86 - BranchCache Status
We can also configure the cache size. For example, if we want to set the cache size to 10% of our disk space,
we would enter the command "netsh branchcache set cachesize size=10 percent=true".
Figure 87 - BranchCache Cache Size
www.utilizewindows.com Networking Configuring BranchCache in Windows 7
54
To see the local cache usage we can enter the "netsh branchcache show localcache".
Figure 88 - BranchCache Local Cache
Notice that here we can also see the location of the cache.
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7
55
Creating a VPN Connection in Windows 7 Before you start
Objectives: Learn how to create VPN connection in Windows 7.
Prerequisites: you have to know what is VPN in general.
Key terms: VPN, connection, Windows 7
Creating VPN Connection We can create a VPN connection in Network and Sharing Center in Control Panel. Here we can select the "Set
up a new connection or network option".
Figure 89 - Set up a Connection
On the next screen we have to select the "Connect to a workplace" option.
Figure 90 - Connect to a Workplace
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7
56
On the next screen we will select the "Use my Internet connection (VPN)".
Figure 91 - How to Connect
On the next screen we have to enter the IP address of the VPN server (or the host name which points to that
IP address). Here we can also choose the name of the connection, and if we want to use a smart cart to
authenticate, if we want to allow other people to use this connection.
Figure 92 - IP Address
On the next screen we have to enter our credentials.
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7
57
Figure 93 - Credentials
If everything was entered correctly, we should be able to connect to the VPN server now. When we do that, we
will be able to access resources on the remote network.
We can always change properties of our VPN connection. To do that, simply right click it and select the
Properties option.
Figure 94 - Properties
On the General tab we can change the host name or IP address.
Figure 95 - General Tab
www.utilizewindows.com Networking Creating a VPN Connection in Windows 7
58
On the Options tab we can set dialing options, as well as redialing options (rediail attempts, etc.). On the
Security tab we can select the type of VPN and data encryption options.
Figure 96 - Security Tab
If we use IKEv2, our system will have the ability to reconnect automatically. However, if we select the
Automatic type, the strongest available type of VPN will be used. On the Networking tab we can choose the
version of IP protocol that is to be used (IPv4 or IPv6), and if we'll allow file and printer sharing over the VPN
connection. On the Sharing tab we can specify if we want to allow other users to connect trough this
connection. So, we can use Internet Connection Sharing feature to share a VPN connection.
www.utilizewindows.com Networking DirectAccess Feature in Windows 7
59
DirectAccess Feature in Windows 7 Before you start
Objectives: Learn what is DirectAccess, why it is important, and what to consider when configuring clients to
use DirectAccess.
Prerequisites: you have to know what is VPN.
Key terms: DirectAccess, Windows 7, prerequisites
What is DirectAccess DirectAccess is an always on connection to our remote private network, regardless of where we are. Starting
from Windows 7 and Windows Server 2008 R2, we can use DirectAccess feature. DirectAccess in Windows 7
uses IPv6 with IPsec VPN connection which is always on. DirectAccess is different from a VPN protocol.
DirectAccess connection process doesn't require user intervention or logon (it is automatic) in contrast to a
VPN solution. It starts from the moment we connect to the Internet and allows authorized users to access
corporate network file server and intranet web sites.
Since DirectAccess is automatic, we will always have access to the remote (corporate) intranet, regardless of
where we are. DirectAccess is bidirectional, which means that servers on corporate network can access remote
clients in the same fashion as if they were connected to the local network. In many VPN solutions, the client
can access the server, but the server can't access the remote client.
DirectAccess provides administrators the ability to control resources that are available to remote users and
computers. Administrators can ensure that remote clients remain up to date with antivirus definitions and
software updates. They can also apply security policies to isolate servers and hosts. Remote DirectAccess
clients can still receive software and group policy updates from the sever on the corporate network, even if the
user hasn't logged on. This allows administrators to manage and maintain remote computers like never
before. DirectAccess reduces unnecessary traffic on the corporate network by not sending traffic that is headed
for the Internet to the DirectAccess server. Intranet communications are encrypted and sent to the
DirectAccess server, and then on to the intranet. Internet communications are sent directly to the Internet
hosts without encryption and without going through the DirectAccess server.
DirectAccess Connection Methods DirectAccess clients can connect to the internal resources by either using the Selected server access (modified
end-to-edge) or Full enterprise network access (end-to-edge) method. The connection method is configurable
using DirectAccess console or manually trough IPsec policies.
It is recommended to use IPv6 and IPsec throughout organization, upgrade our application servers to
Windows Server 2008 R2, and enable selected server access in order to provide the highest level of security. On
www.utilizewindows.com Networking DirectAccess Feature in Windows 7
60
the other hand, organizations can use full enterprise network access where the IPsec session is established
between a DirectAccess client and the server.
DirectAccess Connection Process DirectAccess client first detects if there is network connection available. Then it attempts to connect to the
intranet site that was specified in the DirectAccess configuration. Then the client connects to the DirectAccess
server using IPv6 and IPsec. In the case that a firewall or proxy server prevents the client computer from using
either 6to4 or Toredo from connecting to DirectAccess server, the client automatically attempts to connect
using the IP-HTTPS protocol, which uses an SSL (Secure Socket Layer connection) to ensure connectivity.
After that the client and server mutually authenticate using their certificates. Active Directory group
memberships are checked so that DirectAccess server can verify that the computer and user are authorized to
connect using DirectAccess. If Network Access Protection (NAP) is enabled and configured for health
validation, the DirectAccess client obtains a health certificate from a Health Registration Authority (HRA)
located on the intranet prior to connecting to the DirectAccess server. Once the client is clear to connect to the
network, the DirectAccess begins forwarding traffic from the client to the intranet.
DirectAccess Client Configuration If a client is connected to the network using a public IPv6 address, DirectAccess will also use a public IPv6 to
connect. If a client is using a public IPv4 address, DirectAccess will use the IPv6 6to4 method to connect to
the client. If the client is using private IPv4 address behind a NAT, DirectAccess will use the IPv6 Teredo
method to connect to the client. If the client can't connect to the intranet, because they are being blocked by a
firewall, but the client still has access to the Internet, DirectAccess will use IP-HTTPS method (the least secure
form) to connect to the client.
Computers running Windows 7 Enterprise and Ultimate, that have been joined to a domain can support
DirectAccess. We can't use DirectAccess with any other edition of Windows 7, or earlier versions of Windows
(Vista or XP). When configuring a client for DirectAccess we must add the clients domain computer account
to a special security group. We specify this security group when we are creating a DirectAccess server. Group
Policies are used to push down the DirectAccess client configuration in comparison to traditional VPN
connections where we have to manually set VPN configuration or distribute using connection manager
administration kit. Once we have added the computers account to that designated security group, we also need
to install the computer certificate to allow DirectAccess authentication. This can be done using Active
Directory Certificate Services which will enable automatic enrollment of the appropriate certificate.
When it comes to server, we have to have a DirectAccess server running on Windows Server 2008 R2 with two
network cards. Also, we have to have Active Directory environment with at least one Domain Controller (DC)
and a DNS server running Windows Server 2008 or 2008 R2. We also need to have a Public Key Infrastructure
(PKI) with Active Directory Certificate Services (ADCS). We also need IPsec policies configured and IPv6
Transition Technologies that are available for use on a DirectAccess server such as 6to4 and Teredo.
www.utilizewindows.com Networking DirectAccess Feature in Windows 7
61
When we first configure DirectAccess on a server, it creates a Group Policy Object (GPO) at the domain level
and filters it for us for that specified security group that we create during the installation process. Only clients
that are members of that group get DirectAccess policies and will be able to connect to the DirectAccess
server. Through this Group Policy we can configure settings such as 6-to-4 relay server name, the IP-HTTPS
server to connect to if all other connection methods fail, and weather the Teredo is used for DirectAccess and
the Teredo server address.
We can also configure the DirectAccess from the command line using the netsh command. Have in mind that
all configurations made manually with the netsh utility will be overwritten by corresponding Group Policy
settings.
To determine if the client has made a successful DirectAccess connection, we can connect on the network
connection icon in the system tray. This will open a status of our connection which will say "Internet and
Corporate" access. In that case we know that we have successfully connected to the DirectAccess server. If the
status is "Local and Internet", we know that there is no connection to the DirectAccess server.
As we know, DirectAccess clients use certificate for authentication. If a computer doesn't have a valid
computer certificate, which should be received from ADCS, it can't connect successfully. We can verify client
certificate using the certificate snap-in.
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture
62
Deployment Preparing for Windows 7 Image Capture Before you start
Objectives: learn what you have to do before you can capture and deploy Windows 7 images
Prerequisites: you have to understand what is automated Windows installation, what is Windows
SIM and what is Sysprep.
Key terms: image, winpe, waik, imagex, capture, reference, installation, deployment
Installing WAIK on Technician Computer WAIK contains all the tools we will need to prepare WinPE CD which we will use to capture Windows images.
The process of installing WAIK is really simple. Just download WAIK for Windows 7 from Microsoft web
pages (it is ISO image) and burn it to a DVD (or use virtual CD/DVD ROM to open ISO). After that simply
run the Windows AIK Setup.
Figure 97 - WAIK Main Menu
Note that you should not install WAIK on the reference computer. You should install WAIK on the
Technician computer (the one on which you work as an administrator). Reference computer should be
configured for end users. When the installation is complete we can run the Deployment Tools Command
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture
63
Prompt. To do that go to Start > All Programs > Microsoft Windows AIK > Deployment Tools
Command Prompt.
Figure 98 - Deployment Tools Command Prompt
Preparing the Reference Installation A reference computer has a customized installation of Windows that you plan to duplicate onto one or more
destination computers. You can create a reference installation by using the Windows installation DVD. You
can also create an answer file which you will use during Windows installation on your reference computer. The
answer file contains all of the settings that are required for an unattended installation. Answer file can be
created using Windows SIM, which is contained in WAIK.
Creating WinPE Now that we have WAIK installed and a reference computer prepared, we have to create a WinPE CD. WinPE
is contained in WAIK, but we have to create WinPE CD or DVD by running the 'copype' command within the
PETools folder. Once the WinPE files and folders are created we can use the 'oscdimg' utility, which is also
part of the WAIK, to create ISO image from the created WinPE files and folders. Then we can use that ISO
image to burn a bootable DVD and boot from it. Our WinPE has to contain ImageX tool which we will use to
capture and deploy Windows images. ImageX stores the image in the Windows Image file format (.wim
format). To see how to prepare WinPE read the article Create WinPE Using WAIK for Windows 7.
Capturing Windows Image To capture image using ImageX first we must boot our computer into a Windows PE environment. The
Windows PE environment (Windows Preinstallation Environment) is a thin version of Windows 7 with limited
services. We can boot our computer into Windows PE by either using WinPE CD, DVD or USB flash drive.
Also, network PXE booting through Windows Deployment Services (WDS) will load WinPE
automatically. Once we boot into WinPE and open a command prompt, we can run ImageX with the /capture
parameter. We can set ImageX to store the captured image to a network share. If we are capturing a Windows
7 Ultimate or Enterprise, we can set ImageX to store captured image into a VHD (Virtual Hard Disk) file and
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture
64
make that VHD bootable. To an example on how to capture Windows 7 installation read the article Windows 7
Image Capture Demonstration
Excluding Files We can also exclude certain files and folders from being captured. We can do that using configuration files. The
'Wimscript.ini' file is the configuration file that ImageX will use. Withing a 'Wimscript.ini' file we have three
sections of configuration. Those sections are:
ExclusionList ExclusionException CompressionExclusionList
The ExclusionList section allows us to define what files and folders are to be excluded from the capture. The
ExclusionException section allows us to override the default exclusion list during the capture process. The
CompressionExclusionList allows us to define files, folders and file types that we want to exclude during the
compression process. ImageX will look for the 'Wimscript.ini' within the same folder that stores the ImageX
tool. Example of Wimscript.ini:
[ExclusionList]
ntfs.log
hiberfil.sys
pagefile.sys
"System Volume Information"
RECYCLER
Windows\CSC
[CompressionExclusionList]
*.mp3
*.zip
*.cab
\WINDOWS\inf\*.pnf
As we see in our example, our wimscript.ini has ExclusionList section. In that section we defined what files and
folders are to be excluded during the ImageX process. We also defined what files, folders and types of files are
to be excluded from compression process. In addition to manually creating an image, ImageX can help us
modify an image without extracting it and also to deploy the captured image to a target computer.
www.utilizewindows.com Deployment Preparing for Windows 7 Image Capture
65
www.utilizewindows.com Deployment Mounting and Unmounting Windows 7 Image Using ImageX and DISM
66
Mounting and Unmounting Windows 7 Image Using ImageX and DISM Before you start
Objectives: learn how to mount images, make changes, and comit changes by using ImageX and DISM tool.
Prerequisites: you have to have WAIK for Win 7 installed.
Key terms: image, mount, dism, wim, imagex, unmount, commit
Image Location We have our DVD in our DVD drive, so let's find our image. We will browse to the [DVD
Drive]:\sources folder. There we can find 'install.wim' image.
Figure 99 - install.wim Image Location
Install.wim, which is a Windows image file, stores all five Windows 7 edition (we can see them below the
install.wim image). Because of Single Instance Storage, if some fi