Remote Access and Mobile Computing - 50292 PDF

8
Windows 7 Remote Access and

Mobile Computing
Section Topics
Windows 7 Virtual Private Networking
Windows 7 DirectAccess
Remote Desktop
Power Management Options
Offline Files and Folders
Administering and Maintaining W Windows

indows 7
8-1

Global Knowledge Training

LLC
L

Windows 7 Remote Access and Mobile Computing
Section Objectives
After completing this section, you will be able to:
Describe the Windows 7 VPN technologies

Describe the benefits of Windows 7 DirectAccess
Describe the features of the RDP version 7 client
Explain how to configure the Windows 7 Firewall to support the RDP
client connections
Describe the Windows 7 power management plans
Explain the purpose of offline files and folders
Section Overview
Windows 7 remote access technologies are valuable tools for the distributed workplace. These
tools help you connect remote workers to your branch office as well as connect to other
Windows 7 devices for helpdesk type duties. Microsoft also provided the RSAT for
Windows 7 RC. Using this suite of tools, administrators can use their Windows 7 workstations to
manage their remote servers with all of the necessary tools like the Active Directory Domain
Services utilities. This section explores the available remote access technologies that are present
and available with Windows 7 as well as some features that are brand new and only function
within a Windows Server 2008 R2 environment.
8-2
Administering
Adminnistering
and Maintaining Windows 7

Global
Gloobal Knowledge Training LLC L
LL

Windows 7 Virtual Private Networking
Figure 234: Windows 7 Virtual Private Networking
This topic defines the VPN features of the Windows 7 operating system and describes how to
configure a new VPN connection and how to set up an incoming VPN session.
Administering and Maintaining Windows Windows

7
8-3

Global Knowledge Training L

LLC

What Is a VPN?
Figure 235: What Is a VPN?
VPN is a method for securely gaining access to a private network. Once connected, the client
appears as if it has a local connection. Windows 7 supports the following VPN protocols:
PPTP: Point-to-Point Tunneling Protocol is a Microsoft VPN technology that provides

ease of setup, but is slower and less secure than other VPN options.
L2TP: Layer Two Tunneling Protocol is an industry standard VPN protocol that
requires more effort to configure, but provides better speed and security than PPTP.
SSTP: Secure Sockets Tunneling Protocol is a new VPN technology being embraced
by Microsoft. It provides for a very secure VPN connection, yet with less setup
involved than L2TP.
VPN connections have long been the standard for remote workers to safely connect to their
corporate networks over the volatile Internet. Windows 7 still uses this technology.
Windows 7 can easily perform a simple VPN connection or an IPSec VPN connection with its
new responsive VPN client. The Windows 7 workstations that use the IPSec technology need only
an X.509 certificate from a trusted certificate authority. If the VPN is configured correctly with
X.509 certificates, you can eliminate the possibility of man-in-the-middle type attacks. This is
because the Windows Server 2008 R2 gateway always authenticates itself to the Windows 7
device and vice versa using the X.509 certificates, which use a strong RSA signature. Once a
secure communications channel has been set up by the IKEv2 protocol, the Windows 7
workstations authenticate themselves to the network using the EAP-MSCHAPv2 protocol with
user name and password.
8-4
Administering
Adminnistering

Global
LL

Configuring a VPN Connection
Figure 236: Configuring a VPN Connection
The Windows 7 VPN wizards are available from the Network and Sharing Center, which you can
access from the Network and Internet category in Control Panel. This topic describes the steps to
establish a new VPN connection.
Set Up a New Connection or Network
Figure 237: Set Up a New Connection or Network
In the Network and Sharing Center, click the Set up a new connection or network link and select
the Connect to a workplace option. The wizard is very intuitive, provided that you know which
configurations you want to make. You will most likely use Group Policy to distribute this
connection information to those who need it, or you can create connections with the CMAK v1.3
utility, which works well with Windows 7. The bottom line is that you want to avoid manually
configuring hundreds of Windows 7 VPN clients, if at all possible. Giving detailed directions to
your users is also not the answer.

7
8-5


LLC

Choose the Connection Type
Figure 238: Choose the Connection Type
Select the Connect to a workplace option to establish a VPN connection to your corporate
network. If VPN connections are already available, the system prompts you to either use one of
the existing connections or create a new one.
Specify the Server Name
Figure 239: Specify the Server Name
The system prompts you to either connect to the VPN over the Internet or dial the private network
via a phone line. Next, you need to type the server name or IP address of the VPN server to which
you need to connect.
8-6
Administering
Adminnistering

Global
LL

Provide Credentials
Figure 240: Provide Credentials
The User name and Password text boxes follow standard Active Directory conventions for user
name entry. You may use the UPN (joe@hq.local) format, or use the domain\user (HQ\Joe)
format.
After configuring the VPN connection object with the user name and password, the system creates
the connection and displays it in the Network Connection window of Control Panel. The
connection is configured, but one main item is left out of the wizard process: the security
parameters for the VPN connection. You must go back and enter the properties of the VPN
connection object and configure the security.
If the security information is set up incorrectly, the client will not connect to the VPN server. Pay
attention to the designated error codes. They help you to troubleshoot problems. Some of the error
codes that you may encounter include the following:
732: Your computer and the remote computer could not agree on the PPP control
protocols.
718: The connection timed out waiting for a valid response from the remote computer.
734: The PPP link control protocol was terminated.
736: The remote computer terminated the control protocol.
919: The connection could not be established because the authentication protocol used
by the RAS/VPN server to verify your user name and password could not be matched
with the settings in your connection profile.
Note
Windows 7 does not support the MS-CHAPv1 authentication methods.

7
8-7


LLC

Establish the Connection
Figure 241: Establish the Connection
After the connection is created, you can use it at any time by opening the list of network
connections in the Network and Sharing Center or by clicking the Network icon in the
notification area.
Using Windows 7 as a VPN Server
Figure 242: Using Windows 7 as a VPN Server
This topic explains how to set up and view the status of an incoming VPN session on a Windows 7
device by creating a new incoming connection, modifying protocols and services settings, viewing
the connection status, and opening the new VPN connection.
8-8
Administering
Adminnistering

Global
LL

Create an Incoming Connection
Figure 243: Create an Incoming Connection
Creating a new incoming connection is not straightforward as creating an outbound VPN session.
There is no standard link for creating the inbound connection within the Network and Sharing
Center. To see the New Incoming Connection option, open the Network and Sharing Center and
click the Change Adapter Settings link. Press the ALT key to view the File menu. On the File
menu, select the New Incoming Connection option.
The first window prompts you for the names of the users that should be allowed to connect to the
VPN server.

7
8-9


LLC

Choose Protocols and Services
Figure 244: Choose Protocols and Services
You can modify the protocols and services available through the VPN server for greater security.
Typically, most connections need the IPv4 protocol and the File and Printer Sharing for Microsoft
Networks service.
View Connection Status
Figure 245: View Connection Status
After creating the connection, view the status of incoming sessions in the list of network
connections by opening the Network and Sharing Center and selecting the Change adapter
settings link. You can also disconnect the incoming connection from here.
8-10
Administering
Adminnistering

Global
LL

Windows 7 DirectAccess
Figure 246: Windows 7 DirectAccess
Windows DirectAccess is a new technology that may make VPN technology obsolete. Windows
DirectAccess is a remote access tool that allows secure connections over the Internet without using
a VPN connection.
With VPN, just like DirectAccess, a remote user can to connect over the Internet and access
resources inside the corporate network, but the similarities end here. With VPN, the back-end
server must be set up and managed along with the connections. The VPN process is also a costly
process to manage. With VPN other issues exist as well. For example, many businesses have
visitors that need to connect to their own corporate offices to place orders or send e-mail. These
visitors try to establish a secure VPN connection, only to find out that firewalls block their
connection or they simply cannot connect.
With DirectAccess, the entire corporate network file shares, intranet Web sites, and any LOB
applications remain accessible wherever the user is if an available Internet connection exists.
This topic describes DirectAccess, the benefits of DirectAccess and its DirectAccess requirements
for servers, clients, and networks. It also describes the process of installing and configuring
DirectAccess.

7
8-11


LLC

DirectAccess Explained
Figure 247: DirectAccess Explained
DirectAccess is an enhancement to the mobile technologies of the past. DirectAccess requires

Windows Server 2008 R2 for functionality.
With DirectAccess, a user establishes a bidirectional secure connection with the DirectAccess
server in the users enterprise network every time the user connects his or her Windows 7 device
to the Internet. This happens even before the user logs on to his or her Windows 7 laptop or device
at home. This process involves several technologies. The Windows 7 laptop connects to the
DirectAccess server in the users enterprise network by establishing an IPSec tunnel, which allows
the IPv6 traffic to cross the tunnel to the DirectAccess server. The DirectAccess server acts as a
gateway to the intranet. The advantage of this entire mechanism is that the clients can connect to
the DirectAccess server even if they are behind a firewall.
Using DirectAccess technologies, IT administrators can manage remote devices much more
efficiently. With traditional networking technologies, IT administrators must wait until the users
connected to the network via VPN before administrators could make any changes or
administrators must physically come into the office to work on or update the user devices.
Predicting when a user will be on a VPN connection is very difficult, especially when critical
updates must be sent out as soon as possible. With DirectAccess, IT administrators can update
devices whenever the DirectAccess clients are on the Internet, regardless of whether they are
directly connected to the corporate environment. This proves invaluable to IT administrators who
need to roll out software through Group Policy or just perform simple upgrades to devices.
8-12
Administering
Adminnistering

Global
LL

DirectAccess Benefits
Figure 248: DirectAccess Benefits
Some of the benefits of DirectAccess include the following:
Works flawlessly with Terminal Services RemoteApp and the AppLocker features.
Provides enhanced network security. DirectAccess supports authentication at the
computer level and the user level.
Supports multifactor authentication with various technologies so you can easily deploy
smart card or thumbprint scanners as a second level of authentication before users are
allowed to connect to the DirectAccess mechanism in place.
DirectAccess technology secures the transmission by using IPv6 over IPSec. This mechanism
encrypts communications transmitted across the Internet, a volatile network. The communication
stream has real traffic-shaping mechanisms built in. This allows only traffic destined for the
corporate network to pass through to the Windows Server 2008 R2 DirectAccess server. With
advanced configurations, the administrator can choose to send all the communication through the
DirectAccess Windows Server 2008 R2 device, if necessary.
Helpful Hint
One of the other major benefits of the DirectAccess process is that you
can force updates down to the Windows 7 and Windows Vista devices
without waiting for them to connect to the VPN. Many companies pass
down updates as the client computers connect to the corporate VPN
server. The problem is that you cannot tell exactly when the client
computers will connect to the VPN server. Some client computers
connect daily and some connect once every two months. With
Windows DirectAccess, you can force updates anytime your client
computers connect to the Internet. The client computer negotiates and
connects even before the user logs on. You can configure a message
telling users that an update is being installed on their device from the
corporate office or the updates can happen behind the scenes.

7
8-13


LLC

DirectAccess Requirements
Figure 249: DirectAccess Requirements
Figure 250 shows the requirements for DirectAccess.
Server, Client, Network Requirements

Windows Server 2008 R2 Active Directory domain membership
Windows Server 2008 R2
Two or more physical network adapters
At least two consecutive, publicly addressable, static IPv4 addresses that
are externally resolvable through the Internet DNS architecture
Client Windows Server 2008 R2 domain membership
Windows 7
Network Group Policy: Polices required to pass down the DirectAccess
configurations and optionally the IPSec policies.
PKI: An AD CS is required to issue the necessary certificates that support
authentication and health policies known as NAPs, which are optional.
SSL: Certificates must have access to a publicly accessible CRL.
IPSec policies: IPSec drives the entire DirectAccess encryption
mechanism. These policies must be configured with the Windows Firewall
with Advanced Security option. Consider passing these policies down
using Windows Server 2008 R2 Group Policy for ease and consistent
configurations.
IPv6 and the necessary translation technologies must be available: To
tunnel IPv6 over an IPv4 network, you need the following technologies:
ISATAP, Teredo, and 6to4 conversions.
Figure 250: DirectAccess Requirements for Servers, Clients, and Networks
8-14
Administering
Adminnistering

Global
LL

Firewall exceptions are required on the Internet facing firewall on the DirectAccess server. The
following exceptions are necessary:
UDP 3544 for Teredo

Protocol 41 for 6to4 conversions
TCP 443 IP-HTTPS or SSL
ICMPv6 for Windows 7 Native IPv6
Protocol 50 for Windows 7 Native IPv6
Installing DirectAccess
Figure 251: Installing DirectAccess
DirectAccess must be installed on a Windows Server 2008 R2 device. To install DirectAccess,

open the Server Manager and select the Features container. Click the Add Features link and
select the DirectAccess Management Console check box, and then click Next.

7
8-15


LLC

Configuring DirectAccess
Figure 252: Configuring DirectAccess
Due to the variety of services and additional configuration that is necessary, the Windows
Server 2008 R2 DirectAccess technology is a complex technology to set up. However, after
performing the initial configuration, ongoing management is relatively easy, except for occasional
updates. You do not have any complex VPN connection objects to create or to manage. You need
some simple certificates and a client that is already embedded within the Windows 7 operating
system to complete the installation and configuration.
The Windows Server 2008 R2 provides the DirectAccess Management Console for managing the
DirectAccess processes and server-side configurations. From this console, you can see if issues
exist with the DirectAccess services and configurations or client connections.
8-16
Administering
Adminnistering

Global
LL

Remote Desktop
Figure 253: Remote Desktop
This topic describes the features and enhancements of Remote Desktop. Figure 253 lists the
subjects described in this topic.
Remote Desktop Features
Figure 254: Remote Desktop Features
Remote Desktop provides a user with the ability to remotely connect to his or her Windows 7
computer desktop. The connection is very fast and allows for an experience that is just like sitting
at the desktop of the physical computer.
Remote Desktop performs very well even over slower WAN connections. The Remote Desktop
service is highly optimized for displaying Windows content, and uses compression technology to
reduce bandwidth consumption.
Remote Desktop is not a true remote control type product. The desktop of the remote device will
go to a locked workstation console when a remote user is connected.

7
8-17


LLC

Remote Desktop Connection 7.0 Enhancements
Figure 255: Remote Desktop Connection 7.0 Enhancements
Helpdesk and other administrative users constantly connect to users devices to fix simple issues
and to make routine configurations. Windows 7 provides the latest RDP connection utility known
as RDPv7. The RDPv7 connection utility fully supports Windows 7 Aero, as well as, all Direct2D
and Direct3D 10.1 applications. You no longer have to use a single monitor. You can have your
workstation monitor that displays your helpdesk clients and an external monitor that shows the
desktop of the users device to which you are connected.
Behind the scenes, the RDP client is redesigned to give you better performance over a variety of
network connections as well as better multimedia performance with several key multimedia
enhancements. The enhancements include support for the following:
Streaming media
Media Foundation
DirectShow
Low latency audio playback
Bidirectional audio
8-18
Administering
Adminnistering

Global
LL

Windows 7 SP1 and Remote Desktop
Figure 256: Windows 7 SP1 and Remote Desktop
RemoteFX is a new technology included with Windows Server 2008 R2 SP1 and Windows 7 SP1.
It is designed to enhance the visual capabilities of Remote Desktop clients connected to a
Windows 7 virtual device running on Hyper-V R2 SP1. RemoteFX allows for 3D graphics
capabilities, OpenGL, full motion video, and USB redirection support. The server requires a
DirectX 10.0 capable graphics card and supports two to four clients per GPU depending on
resolution. Microsoft based RemoteFX on technology it acquired with the purchase of Calista
Technologies.
Using RemoteFX USB redirection, USB devices can be installed and used in the remote VDI
session. Also with RemoteFX USB redirection, many devices like scanners, multifunction
printers, webcams, and others can be used in the virtual device via the RDP session.

7
8-19


LLC

Configuring the Remote Desktop Server
Figure 257: Configuring the Remote Desktop Server
For all of the RDPv7 connection features to work, you have to enable remote access to and from
your devices by navigating to Control Panel, System and Security, System, and clicking the
UAC-protected Remote tab.
The Remote tab displays options for two types of remote access: Remote Assistance and Remote
Desktop. Remote Assistance allows you to configure access for users accessing your devices using
the invitation framework provided by Windows 7. With Remote Desktop, you can select the types
of connections users can make. For example, you can allow connections with older versions of
RDP clients, or you can set up a more secure environment and let users connect only if they have
the newest RDP connection utility, which uses network level authentication.
Note
Users that connect must be members of the RDP users group or they
must be administrators who already have membership within the RDP
users group.
8-20
Administering
Adminnistering

Global
LL

Remote Desktop and the Windows 7 Firewall
Figure 258: Remote Desktop and the Windows 7 Firewall
If your connection to the remote device fails, one of the first things you should check after you
check the remote settings is the firewall. If the firewall is blocking port 3389, the RDP cannot
establish a connection to a remote device. Depending on the type of firewall you are using, you
may have to create an incoming and outgoing rule allowing the passage of port 3389.
If you are using the Windows Firewall, you can simply create an exception for the RDP by
choosing the appropriate firewall exception for Remote Assistance or Remote Desktop and then
choosing the network category on which you need the protocol.
Note
Make sure that you understand the ramifications of opening firewall
ports. Also, close any and all ports that you will not be using. This
ensures that your network is as safe as possible.

7
8-21


LLC

Connecting to Remote Desktop
Figure 259: Connecting to Remote Desktop
The following topics explain how to create a connection to a Remote Desktop server.
Launching the Remote Desktop Connection
Figure 260: Launching the Remote Desktop Connection
Once you configure Remote Desktop Connection settings in Windows 7, you can launch the
RDPv7 Connection utility and create a connection to another device. To access the utility, you can
type remote or mstsc.exe in the Search box or click Start, All Programs, Accessories, and
Remote Desktop Connection.
The RDP Connection utility contains six tabs: General, Display, Local Resources, Programs,
Experience, and Advanced.
8-22
Administering
Adminnistering

Global
LL

General Settings
Figure 261: General Settings
Use the General tab to configure the connection-specific information, such as the computer name
and the user name that you use to connect to the device. The Computer field can contain an
FQDN, an IP address, or a NetBIOS name if you are using WINS. You can also save the
connection information you create to an RDP file, which can be used by other devices or used at a
later time.

7
8-23


LLC

Display Settings
Figure 262: Display Settings
Use the Display tab to begin the configuration for what Microsoft calls the Desktop Experience.
Using the Display tab, you can do the following:
Configure the display resolution of the connection. You can set the display resolution
to higher or lower by using the slider bar.
Select to use all of your monitors for the remote connection by selecting the Use all my
monitors for the remote session check box.
Configure the number of colors that are displayed over the connection.
Note
Higher resolutions and colors do require more resources. The rule is to
keep the configuration to a minimum to preserve the resources of the
connection.
8-24
Administering
Adminnistering

Global
LL

Local Resources Settings
Figure 263: Local Resources Settings
Use the Local Resources tab to configure which local resources are available during the remote
session to the remote device. For example, if you want to transmit sounds that are generated on the
remote device over the network to your device, click the Remote Audio Settings button and make
the correct selection. You can also choose to record remote audio from the remote device over the
network to your device.
In the Keyboard area, you can configure the behavior of your keyboard when you use multiple
key combinations such as CTRL+ALT+DELETE. You can configure the multi-keystroke to
toggle your local computer or the key combination to activate a process on the remote device.
In the Local devices and resources area, you can configure the devices and resources that are
available in your remote sessions, such as printers and the Windows keyboard. With the More
button, you can choose smart cards, ports, local drives, and other PnP devices.

7
8-25


LLC

Programs Settings
Figure 264: Programs Settings
The Programs tab within the Remote Desktop Connection dialog box allows users to configure an
application that they want to start automatically after a remote desktop connection is established.
This option is often used within a call center environment. These clients connect to a terminal
server, and their call center application starts automatically after a successful log on.
8-26
Administering
Adminnistering

Global
LL

Experience Settings
Figure 265: Experience Settings
Use the Experience tab to toggle on or off the items that can slow the desktop connection down
because of the rendering of excessive data over the connection. You can allow or disallow the
following options:
Desktop background
Font smoothing
Desktop composition
Show window contents while dragging
Menu and window animation
Visual styles
Persistent bitmap caching
You can also choose the connection speed of the network. The Choose your connection speed to
optimize performance drop-down list contains the following choices:
Modem (56 Kbps)

Low-speed broadband (256 Kbps 2 Mbps)
Satellite (2 Mbps 16 Mbps with high latency)
High-speed broadband (2 Mbps 10 Mbps)
WAN (Wide Area Network) (10 Mbps or higher with high latency)
LAN (Local Area Network) (10 Mbps or higher)

7
8-27


LLC

Advanced Settings
Figure 266: Advanced Settings
Use the Advanced tab to secure connections to authenticated servers with the server
authentication options. If a server authentication fails, the connection has three behavior options:
Warn me
Connect but dont warn me
Do not connect
You can also configure the connection behavior for devices that are connecting remotely outside
the network through a remote desktop or TS Gateway server. Use the Settings button to enter the
required connection information or tell Windows 7 to automatically discover the settings.
8-28
Administering
Adminnistering

Global
LL

Gateway Settings
Figure 267: Gateway Settings
Using the Remote Desktop Gateway feature, you can set up a server as a gateway to other Remote
Desktop hosts. The connection is very secure, operating over an SSL connection using port 443 by
default. You can use this in lieu of a VPN connection for accessing RDP servers on a private
network.

7
8-29


LLC

Power Management Options
Figure 268: Power Management Options
Windows 7 takes into account that laptops, notebooks, and other portable computers have a
completely different set of requirements than desktop computers. Windows 7 contains many new
features for the mobile computer users.
Previously, portable computers were treated as if they were desktop computers that folded up and
had batteries. Microsoft has changed its approach with Windows 7 and portable computers. This
new philosophy led to many changes such as faster boot and shutdown times and extended battery
preservation times. A major focus of Windows 7 is drivers.
With Windows Vista, faulty drivers do not allow a computer to efficiently go into sleep mode.
This causes a great amount of battery drainage on the system. With Windows Vista, computers
have problems moving from a suspended state to an awake state, connecting to projectors with 4:1
aspect ratios, switching between Wi-Fi networks in real time, and issues with power management.
Microsoft dealt with all of these issues with the Windows 7 operating system.
This topic describes the power management features of Windows 7, including power options,
power plan settings, custom power plans, the Windows 7 Mobility Center, and the battery meter.
8-30
Administering
Adminnistering

Global
LL

Power Options
Figure 269: Power Options
To access the power options, navigate to Control Panel, Hardware and Sound, and click the
Power Options link. The Power Options window contains two power options, as opposed to
Windows Vista, which had three power plans. The two power plans are Balanced
(recommended) and Power saver. These plans toggle the power plan settings between a
performance and an energy savings power plan. Options to customize these plans are available
both manually and through the use of Group Policy from the Windows Server 2008 R2 server.
More advanced power management settings are available through Group Policy. You can
configure power management settings such as adaptive display brightness settings, reserve battery
notification level, and automatic sleep with open network files. Now administrators can decide
which settings to enforce and which to configure as default settings that users can later modify.

7
8-31


LLC

Basic and Advanced Power Plan Settings
Figure 270: Basic and Advanced Power Plan Settings
By default, Windows 7 is configured to turn off a computers display after 10 minutes and to put
the computer to sleep after 30 minutes. To change these settings, navigate to Control Panel,
Hardware and Sound, Power Options, and Edit Plan Settings. Figure 270 shows the Edit Plan
Settings window and the Advanced Settings tab in the Power Options dialog box.
Hybrid Sleep Settings

Hybrid sleep protects open documents and programs by saving them to memory and to the hard
drive. The Windows 7 Hybrid sleep feature puts the computer into a low-power state. After you
select the Hibernate after time setting, Windows 7 will put the computer into hibernation.
8-32
Administering
Adminnistering

Global
LL

Use the following recommendations as guidelines for the Hybrid sleep settings.
Category Setting Recommended Setting
Hard disk Turn off hard disk Set it to at least one minute before the computer is set
to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and the
display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to On.
Sleep Hibernate after Set it to at least one minute before the computer is set
to sleep and at least one minute after the Sleep after
setting.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is set
to sleep. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 271: Hybrid Sleep Settings
Hibernate Settings
Windows 7 provides hibernation as a power-saving state that saves your open documents and
programs to your hard drive and then turns your computer off. Use the following
recommendations as guidelines for the hibernate settings.
Hard disk Turn off hard disk after Set it to at least one minute before the computer is set to
sleep.
Sleep Sleep after Set it to Never.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to at least one minute after the hard disk and the
display are set to turn off.
Power buttons and lid Start menu power Set it to Hibernate.
button
Display Turn off display after Set it to at least one minute before the computer is set to
hibernate. You should set the display the same as the
hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to prevent
the multimedia from waking up the computer.
Figure 272: Hibernate Settings

indows 7
8-33


LLC
L

Display Settings
After a computer is inactive for 10 minutes, by default the monitor is set to turn off. To change the
default display settings, go to Control Panel, Hardware and Sound, Power Options, Edit Plan
Settings, and click the Turn off the display drop-down menu. Remember to pass these settings
down and lock them through the Group Policy.
Sleep Settings
You can also change the Sleep mode settings to protect your data. To access the settings, go to
Control Panel, Hardware and Sound, Power Options, Edit Plan Settings, and click the Put
the computer to sleep drop-down list.
Use the following recommendations as guidelines for the Sleep settings. You should pass these
settings down to your clients so that you have a consistent power management configuration
throughout the enterprise. Sleep mode protects any open documents and programs by committing
them to RAM. The sleep process then puts the computer into a low-power state. If you lose power
to the computer, you also lose the information stored in memory.
Hard disk Turn off hard disk Set it to at least one minute before the computer is
after set to sleep.
Sleep Sleep after Set it to at least one minute after the hard disk and
the display are set to turn off. This setting is for the
computer.
Sleep Allow hybrid sleep Set it to Off.
Sleep Hibernate after Set it to Never.
Power buttons and lid Start menu power Set it to Sleep.
button
Display Turn off display after Set it to at least one minute before the computer is
set to sleep. You should set the display the same as
the hard disk time.
Multimedia settings When sharing media Set the Allow the computer to sleep setting to
prevent the multimedia from waking up the computer.
Figure 273: Sleep Settings
Resume with Password Setting

Another feature of Windows 7 is the option to lock your desktop after a predetermined amount of
time. This is no longer only a function of the screen saver, although you can also use it with the
screen saver. This feature puts the desktop into a locked-down state. To access the desktop again,
press the usual CTRL+ALT+DELETE key combination and type your network or local password.
8-34
Administering
Adminnistering

Global
LL

Creating a Custom Power Plan
Figure 274: Creating a Custom Power Plan
Certain conditions and hardware require a completely unique power profile. If that is the case,
you may have to create a completely new custom power plan. Follow these steps to create a new
power plan.
1. In Control Panel, click the Power Options link.
2. In the Power Options window, click the Create a power plan link. The Create a power
plan window appears.
3. Select one of the three options:
Balanced (recommended)
Power saver
High performance
4. Follow the prompts to configure the power plan.
5. Give the power plan a name and save it.
The plan is now available for you to use from the Power Options window. Also, the settings are
stored and protected in the registry.

7
8-35


LLC

Windows 7 Mobility Center
Figure 275: Windows 7 Mobility Center
The Windows Mobility Center utility is a one-stop location for configuration items that are
pertinent to notebooks, laptops, and tablet computers. The configuration items include:
Display
Audio for the speakers
Battery and power plan options
Wireless networking
External displays
Windows synchronization settings
Presentation settings
8-36
Administering
Adminnistering

Global
LL

Battery Meter
Figure 276: Battery Meter
With previous desktop operating systems, the low battery user interface often showed the wrong
status. Windows 7 contains a new interface that provides more timely and accurate information
about the status of the battery.
When the battery is down to 7 percent power, a warning message displays. The message does not
go away until you take some action. The low battery threshold is also configurable.
In Windows 7, the notifications are more visible and occur more frequently than in previous
desktop operating systems. All of these low battery indications and settings are also configurable
using the Windows Server 2008 Group Policy.

7
8-37


LLC

Offline Files and Folders
Figure 277: Offline Files and Folders
Using the Offline Files and Folders technology, a user can access files on a server over the
network, yet have those files cached locally on his or her Windows 7 computer in the event he or
she disconnects from the network. With this features, server-based files become usable when the
person is traveling and network connectivity is not available.
Windows 7 carries over the Offline Files and Folders utility from older Windows versions. The
utility is available when you install Windows 7. You need to configure your servers to support
offline files and folders and you need to configure which files you want available offline on
the client.
8-38
Administering
Adminnistering

Global
LL

Configuring Offline Files and Folders Settings
Figure 278: Configuring Offline Files and Folders Settings
Use the Offline Files dialog box to make additional changes to the synchronization settings. You
can access the offline files settings by opening the Sync Center from Start, All Programs, and
Accessories.
Another way to access the offline settings you want to control and manage is by typing offline at
the Start menu Search box.
The Offline Files dialog box contains four tabs: General, Disk Usage, Encryption, and Network.
These tabs are used to:
Disable offline files.

Configure offline availability.
Synchronize the offline resource cache with the actual data on the server to ensure that
you have the latest copy of the data in your offline cache.
Manage your offline files by manipulating the files themselves by viewing them from
the Windows 7 Sync Center, which drives the offline synchronization process.
On the General tab, use the View your offline files button to view which folders and files take
part in the synchronization process. It shows all of the locations, mapped drives, and the folders
and files.
The Disk Usage tab contains features to configure your offline file store. It shows the size of the
offline file cache, the temporary file usage, and the data storage space. Use the Change Limits
button to change the size of your offline file store.
To protect the offline files from unwanted users, encrypt the contents of the offline file store by
clicking the Encryption tab and then the Encrypt button.
Use the Network tab to adjust the synchronization behavior of offline files when you encounter a
slow network. You do not want caching to use up any unnecessary bandwidth.

7
8-39


LLC

You can set the offline process to check the network bandwidth at a pre-determined time interval.
The default is five (5) minutes. Once a slow network is detected, your device works offline as if
you are not connected to the network. This cuts down on unnecessary bandwidth usage. Once the
network speed has increased, you are automatically placed back in an online status and
synchronization updates the network location with any bit-level changes that may have happened
while you were working offline.
You can also force your device to work online if you are working offline by using the Windows
Explorer to navigate to the mapped drive and clicking the Work Online button. You are then put
in an online status and the clock resets to five (5) minutes before the offline process checks for a
slow network.
Making Files Available Offline
Figure 279: Making Files Available Offline
To make a file or folder available offline, right-click the file or folder in Windows Explorer and
select the Always available offline option. The data synchronizes with the local resource. When
users disconnect from the network, a second synchronization occurs and any bit-level changes are
copied to the computer that is disconnecting. Users are then free to disconnect and leave the office.
The cached data remains active on the laptop or other mobile computer and is available as needed,
even as the device disconnects from the network.
8-40
Administering
Adminnistering

Global
LL

Windows 7 Sync Center
Figure 280: Windows 7 Sync Center
The Windows 7 Sync Center is a central location where you can view synchronization progress,
and resolve any synchronization conflicts or errors.
The Sync Center has been around since the introduction of Windows Vista. Use the Sync Center
for the following tasks:
Monitor and manage all types of synchronization between the Windows 7 operating
systems and devices.
Manage the synchronization between the mapped drives and the Windows 7 devices.
Manage the synchronization of e-contacts with a PDA.
Manage the synchronization of MP3 players and other audio devices that are used by
the Windows Media Player.
Drive the offline files mechanism and the configurations you make to the offline file
process.
To access the Sync Center, go to Control Panel and click the Sync Center link.
You can easily review the results of your synchronizations with your devices and your offline
files. To view the synchronization results, click the View sync results link in the Sync Center
window.

7
8-41


LLC

Acronyms
The following acronyms are used in this section:
2D two dimensional
3D three dimensional
AD CS Active Directory Certificate Services
CMAK Connection Manager Administrator Kit
CRL certificate revocation list
DNS Domain Name System
EAP-MSCHAP Microsoft Challenge-Handshake Authentication Protocol version 2)
FQDN fully qualified domain name
GPU graphics processing unit
HTTPS Hypertext Transfer Protocol Secure
ICMP Internet Control Message Protocol
IKEv2 Internet Key Exchange version 2
IP Internet Protocol
IPSec IP Security
IPv4 Internet Protocol version 4
IPv6 Internet Protocol version 6
ISATAP Intra-Site Automatic Tunnel Addressing Protocol
Kbps kilobyte per second
L2TP Layer 2 Tunneling Protocol
LAN local area network
LOB line of business
Mbps megabytes per second
MS-CHAP Microsoft Challenge Handshake Authentication Protocol
NAP Network Access Policy
NetBIOS Network Basic Input/Output System
PDA personal digital assistant
PKI public key infrastructure
PnP Plug and Play
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
RAM random access memory
RAS Remote Access Service
RC Release Candidate
RDP Remote Desktop Protocol
RSA Rivest, Shamir, and Adleman
8-42
Administering
Adminnistering

Global
LL

RSAT Remote Server Administration Tools

SP1 Service Pack 1
SSL Secure Sockets Layer
SSTP Secure Socket Tunneling Protocol
TCP Transmission Control Protocol
TS Terminal Services
UAC User Account Control
UDP User Datagram Protocol
UPN user principal name
USB Universal Serial Bus
VDI Virtual Desktop Infrastructure
VPN virtual private network
WAN wide area network
WINS Windows Internet Naming Service

indows 7
8-43


LLC
L

Section Review
Summary
Windows 7 supports the following VPN protocols:
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.
The DirectAccess benefits include the following:
Provides always-on connectivity
Provides seamless connectivity
Provides bidirectional access
Contains improved security
Provides an integrated solution
Works flawlessly with Terminal Services RemoteApp and AppLocker features
Provides enhanced network security; supports authentication at the computer level
and the user level
Supports multifactor authentication with various technologies
Secures the transmission by using IPv6 over IPSec
The features of the Remote Desktop version 7 utility include the following:
Windows 7 users can access the console of another Windows 7 or Windows
Server 2008 machine.
The remote desktop looks exactly like the local desktop.
Connection is incredibly fast on a LAN.
Performance is very good even on a WAN connection.
Provides seamless access to local devices and resources.
Takes Over the desktop session of the remote computer
To allow Remote Desktop to communicate through Windows Firewall, choose either
the Remote Assistance or Remote Desktop option and then choose the network type.
Windows 7 contains three standard power management plans::
Balanced (recommended): Balances the computer performance with energy
consumption
Power saver: Saves energy by reducing computer performance
High performance: Increase computer performance by consuming more energy.
With properly configured offline files and folders settings, you can access and work
with individual files or complete folders that are stored on the network when you are
not connected to the network or when the server is unavailable. To enable the offline
feature:
1. Right-click the item.
2. Select the Always available offline option.
8-44
Administering
Adminnistering

Global
LL

You can configure the following offline settings in the Offline Files dialog box:
o General: View and disable offline files or automatically synchronize offline
files.
o Disk Usage: View and change the size of the offline file store.
o Encryption: Protect the files in the offline file store from unwanted users.
o Network: Adjust the synchronization behavior of offline files during slow
network times.
Knowledge Check
1. Does Windows 7 provide a VPN connection object within the Windows 7 Accessibility location in
Control Panel?
2. To allow Remote Desktop to communicate through the Windows 7 Firewall, you must create an
incoming and outgoing rule allowing the passage of port 3389.
a. True
b. False
3. For each power plan, write a brief description in the space provided.
Power saver:
Balanced:
4. Which of the following is a DirectAccess requirement? (Choose all that apply.)

a. AD CS
b. Windows Firewall Services
c. VPN Modulation Services
d. CRL Distribution Points

indows 7
8-45


LLC
L

5. Does Windows 7 RDP support the Aero initiative across TCP/IP networks?
6. List four benefits of DirectAccess.
7. When configuring the sleep mode settings for your laptop, what should you set the Start menu
power button to?
8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
8-46
Administering
Adminnistering

Global
LL

10. List the VPN technologies that are supported by Windows 7.

indows 7
8-47


LLC
L

Knowledge Check Answer Key

The correct answers to the Knowledge Check questions are bolded.
1. Does Windows 7 provide a VPN connection object within the Windows 7 Accessibility location in
Control Panel location?
No, the VPN wizard is located within the Network and Sharing Center.
2. To allow Remote Desktop to communicate through the Windows 7 Firewall, you must create an
incoming and outgoing rule allowing the passage of port 3389.
a. True
b. False
You must add the Remote Desktop or Remote Assistance program to the allow programs list
in the Windows Firewall settings.
3. For each power plan, write a brief description in the space provided.
Power saver: Saves energy by reducing computer performance
Balanced: Balances the computer performance with energy consumption
4. Which of the following is a DirectAccess requirement? (Choose all that apply.)
a. AD CS
b. Windows Firewall Services
c. VPN Modulation Services
d. CRL Distribution Points
5. Does Windows 7 RDP support the Aero initiative across TCP/IP networks?
Yes, the newest version of RDP does support Aero across the network connection, provided
it is configured to allow for Aero propagation.
6. List four benefits of DirectAccess.
Provides always-on connectivity
Provides seamless connectivity
Provides bidirectional access
Contains improved security
Provides an integrated solution
Works flawlessly with Terminal Services RemoteApp and AppLocker features
Provides enhanced network security; supports authentication at the computer
level and the user level
Supports multifactor authentication with various technologies
Secures the transmission by using IPv6 over IPSec
7. When configuring the sleep mode settings for your laptop, what should you set the Start menu
power button to?
The Start menu power button options should be set to Sleep.
8-48
Administering
Adminnistering

Global
LL

8. Which of the following settings can you configure when connecting to a remote computer using
Remote Desktop? (Choose all that apply.)
a. Display settings
b. Experience settings
c. IPSec policies
d. Gateway Server Settings
9. The DirectAccess Management Console can be installed from the Group Policy Management
Editor.
a. True
b. False
The DirectAccess Management Console must be installed using the Server Manager.
10. List the VPN technologies that are supported by Windows 7.
PPTP: Provides ease of setup, but is slower and less secure than other VPN
options.
L2TP: Provides better speed and security than PPTP, but requires more effort to
configure.
SSTP: Provides for a very secure VPN connection, while needing less setup
involved than L2TP.

indows 7
8-49


LLC
L

8-50
Administering
Adminnistering

Global
LL

Remote Access and Mobile Computing - 50292 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Remote Access and Mobile Computing - 50292 PDF

Загружено:

Авторское право:

Доступные форматы

8

Windows 7 Remote Access and

Administering and Maintaining W Windows

Global Knowledge Training

Windows 7 Remote Access and Mobile Computing

After completing this section, you will be able to:

Describe the Windows 7 VPN technologies

Windows 7 Remote Access and Mobile Computing

Windows 7 Virtual Private Networking

Figure 234: Windows 7 Virtual Private Networking

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Figure 235: What Is a VPN?

PPTP: Point-to-Point Tunneling Protocol is a Microsoft VPN technology that provides

Windows 7 Remote Access and Mobile Computing

Configuring a VPN Connection

Figure 236: Configuring a VPN Connection

Set Up a New Connection or Network

Figure 237: Set Up a New Connection or Network

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Choose the Connection Type

Figure 238: Choose the Connection Type

Specify the Server Name

Figure 239: Specify the Server Name

Windows 7 Remote Access and Mobile Computing

Figure 240: Provide Credentials

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Establish the Connection

Figure 241: Establish the Connection

Using Windows 7 as a VPN Server

Figure 242: Using Windows 7 as a VPN Server

Windows 7 Remote Access and Mobile Computing

Create an Incoming Connection

Figure 243: Create an Incoming Connection

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Choose Protocols and Services

Figure 244: Choose Protocols and Services

View Connection Status

Figure 245: View Connection Status

Figure 246: Windows 7 DirectAccess

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Figure 247: DirectAccess Explained

DirectAccess is an enhancement to the mobile technologies of the past. DirectAccess requires

Windows 7 Remote Access and Mobile Computing

Figure 248: DirectAccess Benefits

Some of the benefits of DirectAccess include the following:

Administering and Maintaining Windows Windows

Global Knowledge Training L

Windows 7 Remote Access and Mobile Computing

Figure 249: DirectAccess Requirements

Figure 250 shows the requirements for DirectAccess.

Server, Client, Network Requirements

Windows 7 Remote Access and Mobile Computing

UDP 3544 for Teredo