After investigation, you have found that application Alpha does not run on computers running Windows 7 Enterprise but that it does run without problems on computers that have Windows XP
Trang 1Chapter review
To further practice and reinforce the skills you learned in this chapter, you can perform the
following tasks:
n Review the chapter summary
n Review the list of key terms introduced in this chapter
n Complete the case scenarios These scenarios set up real-world situations involving the
topics of this chapter and ask you to create a solution
n Complete the suggested practices
n Take a practice test
Chapter Summary
n You can use built-in compatibility modes to allow applications designed for previous
versions of Windows to run on Windows 7 If one of the existing compatibility modes
does not resolve the compatibility issues, you can use the ACT to search a large
database of existing application specific fixes and modes
n Windows XP Mode is a fully virtualized instance of Windows XP that can be run on
a client running Windows 7 Professional, Ultimate, or Enterprise edition as a way of
resolving compatibility problems that you are unable to solve using compatibility
modes or the ACT
n Software Restriction Policies can be used on all versions of Windows and allow you
to create rules based on a file hash, software path, publisher certificate, or network
zone Software Restriction Policies are applied from the most specific rules to the least
specific Rules that are more specific override rules that are less specific
n AppLocker policies can only be used on computers running Windows 7 Enterprise and
Ultimate editions AppLocker policies can be applied on the basis of publisher identity,
file hash, or software path AppLocker includes wizards that automatically generate
rules AppLocker block rules override all other AppLocker rules
Key terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book
n appLocker policy
n compatibility fix
n compatibility mode
n hash rule
Trang 2294 CHAPTER 5 Managing Applications
n path rule
n publisher rule
n Software restriction policy
Case Scenarios
In the following case scenarios, you apply what you’ve learned about subjects of this chapter You can find answers to these questions in the “Answers” section at the end of this book
Case Scenario 1: Configuring Application
Compatibility at Fabrikam
You are in the process of planning a migration of your organization’s desktop computers from Windows XP to Windows 7 At the moment, you are investigating application compatibility issues You are primarily concerned with three applications named Alpha, Beta, and Gamma After investigation, you have found that application Alpha does not run on computers running Windows 7 Enterprise but that it does run without problems on computers that have Windows XP Professional SP3 installed Application Beta runs only on computers with Windows 7 installed when you right-click the desktop shortcut for it and then click Run As Administrator Application Gamma was created when your organization had a small team of developers The application does not function under the existing Windows 7 compatibility modes, and your organization now lacks the expertise to revise the original source code so that the application functions properly when installed on computers running Windows 7 With these facts in mind, answer the following questions
Questions
1 What steps should you take to get application Alpha to execute?
2 What steps should you take to enable the execution of application Beta by just clicking
on its shortcut?
3 What tool can you use to configure custom compatibility options for application Gamma?
Case Scenario 2: Restricting Applications at Contoso
You are responsible for configuring computers running Windows 7 Enterprise at Contoso’s Antarctic Research facility In-house developers created a data collection and analysis
application used at the facility This application communicates with instruments that measure temperature variations in the ice fields that surround the Contoso outpost The in-house developers did not digitally sign this application As the application interacts with delicate scientific instruments, only members of the Scientists group should be able to execute the
Trang 3data collection application You want to create a single rule to manage the execution of this
application With this information in mind, answer the following questions
Questions
1 What type of rule would you create for the data collection application?
2 How can you ensure that only members of the Scientists group can execute the data
collection application and other users cannot?
3 What steps would the in-house developers need to take to allow you to create
a publisher rule for this application?
Suggested practices
To help you master the exam objectives presented in this chapter, complete the following
tasks
Configure Application Compatibility
In this set of practices, you configure application compatibility Use your favorite search
engine to locate and download an evaluation version of an application that works on
a previous version of Windows, such as Windows XP, but which does not work when running
Windows 7
n practice 1 Edit the properties of an application and configure the Windows 7
compatibility modes to get the application to function when running Windows 7
n practice 2 Edit the properties on an application and configure the Windows 7
compatibility modes to disable the Aero UI when the application is executing
Configure Application Restrictions
In this set of practices, you configure application restrictions It requires that you have
downloaded the Process Explorer application to the desktop of your computer running
Windows 7 You can obtain this application from the Web site at http://technet.microsoft
.com/en-us/sysinternals/bb896653.aspx You need to enable the Application Identity service
temporarily to complete these practices Remember to disable the service when you complete
these exercises, or else you may experience problems executing other applications in later
chapters
n practice 1 Use the Local Group Policy Editor to configure an AppLocker path rule
to block the execution of the Process Explorer application that you downloaded for
the exercises at the end of Lesson 1 After rebooting the computer, verify that the
application is blocked by the path rule When you have done this, create a copy of
the executable file in another location Attempt to execute the application in its new
location
Trang 4296 CHAPTER 5 Managing Applications
n practice 2 Use the Local Group Policy Editor to create a publisher rule to block the execution of the Process Explorer application After rebooting the computer, verify that the Process Explorer application does not execute Copy the application file to another location Verify that the Process Explorer application does not execute in the new location
take a practice test
The practice tests on this book’s companion DVD offer many options For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-680 certification exam content You can set up the test so that it closely simulates the experience
of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question
More Info praCtICe teStS
For details about all the practice test options available, see the section entitled “How to Use the Practice Tests,” in the Introduction to this book.
Trang 5C h a p t e r 6
Network Settings
This chapter discusses networks and how you locate computers and other devices within networks It looks at Internet Protocol version 4 (IPv4), a robust, reliable protocol that
has implemented routing and delivered packets to hosts on subnets for many years It also discusses the various types of IPv4 address and the services on which IPv4 relies
Internet Protocol version 6 (IPv6) is the successor to IPv4, and the chapter explains why IPv4 might no longer be adequate to cope with modern intranetworks, in particular the
Internet It describes the various types of IPv6 addresses and their functions, as well as
address types that implement the transition from IPv4 to IPv6
Traditionally, most networks used wired connections, but wireless networking is now
much more common, particularly with the increase in mobile communication and working from home The chapter looks at how you set up both wired and wireless networks and
troubleshoot connectivity problems
Finally, the chapter considers the new Windows 7 feature of location-aware printing that enables mobile users to move between networks without needing to re-specify their default printer
Exam objectives in this chapter:
n Configure IPv4 network settings
n Configure IPv6 network settings
n Configure networking settings
Lessons in this chapter:
n Lesson 1: Configuring IPv4 300
n Lesson 2: Configuring IPv6 328
n Lesson 3: Network Configuration 348
Trang 6298 CHAPTER 6 Network Settings
Before You Begin
To complete the exercises in the practices in this chapter, you need to have done the following:
n Installed the Windows 7 operating system on a stand-alone client PC as described in Chapter 1, “Install, Migrate, or Upgrade to Windows 7 ” You need Internet access to complete the exercises
n Installed Windows 7 on a second PC The procedure is the same as for installing the first PC, and the user name and password are the same (Kim_Akers and P@ssw0rd) The computer name is Aberdeen As with the installation of the Canberra computer, accept the installation defaults (unless you are not U S -based, in which case select the appropriate keyboard and time zone) It is highly recommended that you create the Aberdeen computer as a virtual machine (VM) You can do this by using Hyper-V or
by downloading Microsoft Virtual PC 2007 at http://www.microsoft.com/downloadS/
details.aspx?FamilyID=04d26402-3199-48a3-afa2-2dc0b40a73b6&displaylang=en.
n If you have two physical computers that are not connected to the same network by any other method, you need to connect their Ethernet ports with a crossover cable or
by using an Ethernet switch
n You will need a wireless connection on the Canberra computer and a wireless access point (WAP) connected via a cable modem to the Internet to complete the optional exercise in Lesson 1 You need a wireless adapter on each computer to complete the exercise in Lesson 3, “Network Configuration,” later in this chapter
real World
Ian McLean
I’ve just read it in a Microsoft magazine, so it must be correct—we’re running out
of IPv4 addresses.
As one of those who was crying wolf very loudly indeed in 1999, I can’t say I’m surprised; in fact I am surprised it has taken so long The use of Network Address Translation (NAT) and private addressing, of Classless Inter-Domain Routing (CIDR), and Variable-Length Subnet Mask (VLSM), and the claw-back of allocated but unused addresses were at best a temporary fix They were never a solution We were using up a limited resource We could slow the process, but we could not halt it So what’s the solution?
In a word (or to be pedantic an acronym): IPv6.
There’s a huge amount of money invested in the IPv4 Internet and it’s not about to
go away As a professional, you need to know about IPv4 and how to configure and work with it, and you will for some time yet However, where there are now islands
of IPv6 Internet among seas of IPv4 Internet, IPv6 is growing, and eventually IPv4 will become the islands, and they’ll get smaller all the time.
Trang 7So don’t ignore IPv4, but the time has come to add IPv6 to your skills base After
all, it’s hardly new The IPv6 Internet has been around since the last millennium You
don’t need to subnet or supernet it, and a device can have several IPv6 addresses
for different functions There is quite an incredible (literally) number of available
addresses I’m told the resource is almost infinite Forgive me, but wasn’t that what
they said about IPv4 address space in 1985?
So learn IPv6 If I were you, I’d do so quickly The human race is never more
ingenious than when it sets its mind to using up a seemingly infinite resource I may
be getting on a bit, but I have bets with several of my colleagues that IPv8 will be
around before I’m finally laid to rest
What hasn’t occurred to them is—how are they going to collect their winnings?
Trang 8300 CHAPTER 6 Network Settings
Lesson 1: Configuring Ipv4
As an IT professional with at least one year’s experience, you will have come across IPv4 addresses, subnet masks, and default gateways You know that in the enterprise environment, Dynamic Host Configuration Protocol (DHCP) servers configure IPv4 settings automatically and Domain Name System (DNS) servers resolve computer names to IPv4 addresses
You might have configured a small test network with static IPv4 addresses, although even the smallest of modern networks tend to obtain configuration from a cable modem or
a WAP, which in turn is configured by an Internet service provider (ISP) You might have set
up Internet Connection Sharing in which client computers access the Internet through, and obtain their configuration from, another client computer
You have probably come across Automatic Private Internet Protocol (APIPA) addresses that start with 168 254 when debugging connectivity because computers that fail to get their IPv4 configuration addresses from DHCP typically configure themselves using APIPA instead—so
an APIPA address can be a symptom of DHCP failure or loss of connectivity, although it is also a valid way of configuring isolated networks that do not communicate with any other network, including the Internet
However, you might not have been involved in network design or have subnetted
a network Subnetting is not as common these days, when private networks and NAT give you a large number of addresses you can use It was much more common in the days when all addresses were public and administrators had to use very limited allocations Nevertheless, subnetting remains a useful skill and subnet masks are likely to be tested in the 70-680 examination
In this lesson, you look at the tools available for manipulating IPv4 addresses and subnet masks and implementing IPv4 network connectivity The lesson considers the Network And Sharing Center, the Netstat and Netsh command-line tools, Windows Network Diagnostics, how you connecting a computer to a network, how you configure name resolution, the function of APIPA, how you set up a connection for a network, how you set up network locations, and how you resolve connectivity issues
Before you look at all the tools for manipulating and configuring IPv4, you first need
to understand what the addresses and subnet masks mean You will learn the significance
of addresses such as 10 0 0 21, 207 46 197 32, and 169 254 22 10 You will learn why
255 255 255 128, 255 255 225 0, 225 255 254 0, and 255 255 252 0 are valid subnet masks, whereas 255 255 253 0 is not You will learn what effect changing the value of the subnet mask has on the potential size of your network and why APIPA addresses do not have default gateways
This chapter starts with an introduction to IPv4, in particular IPv4 addresses, subnet masks, and default gateways It continues with the practical aspects of configuring and managing
a network
Trang 9After this lesson, you will be able to:
n Explain the functions of an IPv4 address, a subnet mask, and a default gateway,
and interpret the dotted decimal format
n Connect workstations to a wired network and set up Internet Connection
Sharing (ICS) on that network
n Manage connections for wired networks
Estimated lesson time: 50 minutes
Introduction to IPv4 Addressing
IPv4 controls packet sorting and delivery Each incoming or outgoing IPv4 packet, or
datagram, includes the source IPv4 address of the sender and the destination IPv4 address of
the recipient IPv4 is responsible for routing If information is being passed to another device
within a subnet, the packet is sent to the appropriate internal IPv4 address If the packet is
sent to a destination that is not on the local subnet (for example, when you are accessing the
Internet), IPv4 examines the destination address, compares it to a route table, and decides
what action to take
You can view the IPv4 configuration on a computer by opening the Command Prompt
window You can access this either by selecting Accessories and then Command Prompt on the
All Programs menu, or by entering cmd in the Run box If you need to change a configuration
rather than to merely examine it, you need to open an elevated command prompt
The Ipconfig command-line tool displays a computer’s IPv4 settings (and IPv6 settings)
Figure 6-1 shows the output of the Ipconfig command on a computer connected wirelessly
through a WAP to the Internet and internally to a private wired network that is configured
through APIPA For more detail enter ipconfig /all.
FIgUre 6-1 Ipconfig command output
The IPv4 address identifies the computer and the subnet that the computer is on An IPv4
address must be unique within a network Here the private address is unique within the internal
Trang 10302 CHAPTER 6 Network Settings
network (the number 10 at the start of the address indicates that the address is private) If an IPv4 address is a public address on the Internet, it needs to be unique throughout the Internet
We look at public and private addresses later in this lesson
There is nothing magical about the IPv4 address It is simply a number in a very large range
of numbers It is expressed in a format called dotted decimal notation because that provides
a convenient way of working with it An IPv4 address is a number defined by 32 binary digits (bits), where each bit is a 1 or a 0 Consider this binary number:
00001010 00010000 00001010 10001111
The spaces are meaningless They only make the number easier to read
The decimal value of this number is 168,823,439 In hexadecimal, it is 0A100A8F Neither of these ways of expressing the number is memorable or convenient
note BINarY aND heXaDeCIMaL NOtatION
You do not need to be a mathematician or an expert in binary notation to understand IPv4 addressing, but you do need a basic knowledge To learn more, you can search for “the binary system” (for example) on the Internet, but possibly the best way to become familiar with binary and hexadecimal is to use the scientific calculator supplied by Windows 7
For example, enable binary (Bin) and type in 11111111 Enable decimal (Dec) and then hexadecimal (Hex), and ensure that you get 255 and FF, respectively The same calculator is available in the 70-680 examination.
Binary digits are generally divided into groups of eight, called octets (an electronics
engineer would call them bytes) So let us group this number into four octets and put a dot between each because dots are easier to see than spaces
00001010.00010000.00001010.10001111
Convert the binary number in each octet to decimal and you get:
10.16.10.143
Binary, decimal, hexadecimal, and dotted decimal are all ways of expressing a number The number uniquely identifies the computer (or other network feature) within a network and the specifically identifiable network (or subnet) that it is on
A network is divided into one or more subnets Small networks—for example, a test network—might consist of only a single subnet Subnets are connected to other subnets by
a router (for example, a WAP, a Microsoft server configured as a router, or a hardware device such as a Cisco or 3Com router) Each subnet has its own subnet address within the network and its own gateway or router connection In large networks, some subnets can connect to more than one router You can also regard the connection through a modem to an ISP as
a subnet, and this subnet in turn connects to the Internet through a router at the ISP