Key Terms CHAPTER 5 293 Chapter Review To further practice and reinforce the skills you learned in this chapter, you can perform the following tasks: n Review the chapter summary. n Review the list of key terms introduced in this chapter. n Complete the case scenarios. These scenarios set up real-world situations involving the topics of this chapter and ask you to create a solution. n Complete the suggested practices. n Take a practice test. Chapter Summary n You can use built-in compatibility modes to allow applications designed for previous versions of Windows to run on Windows 7. If one of the existing compatibility modes does not resolve the compatibility issues, you can use the ACT to search a large database of existing application specific fixes and modes. n Windows XP Mode is a fully virtualized instance of Windows XP that can be run on a client running Windows 7 Professional, Ultimate, or Enterprise edition as a way of resolving compatibility problems that you are unable to solve using compatibility modes or the ACT. n Software Restriction Policies can be used on all versions of Windows and allow you to create rules based on a file hash, software path, publisher certificate, or network zone. Software Restriction Policies are applied from the most specific rules to the least specific. Rules that are more specific override rules that are less specific. n AppLocker policies can only be used on computers running Windows 7 Enterprise and Ultimate editions. AppLocker policies can be applied on the basis of publisher identity, file hash, or software path. AppLocker includes wizards that automatically generate rules. AppLocker block rules override all other AppLocker rules. Key Terms Do you know what these key terms mean? You can check your answers by looking up the terms in the glossary at the end of the book. n AppLocker policy n compatibility fix n compatibility mode n hash rule 2 9 4 CHAPTER 5 Managing Applications n path rule n publisher rule n Software Restriction Policy Case Scenarios In the following case scenarios, you apply what you’ve learned about subjects of this chapter. You can find answers to these questions in the “Answers” section at the end of this book. Case Scenario 1: Configuring Application Compatibility at Fabrikam You are in the process of planning a migration of your organization’s desktop computers from Windows XP to Windows 7. At the moment, you are investigating application compatibility issues. You are primarily concerned with three applications named Alpha, Beta, and Gamma. After investigation, you have found that application Alpha does not run on computers running Windows 7 Enterprise but that it does run without problems on computers that have Windows XP Professional SP3 installed. Application Beta runs only on computers with Windows 7 installed when you right-click the desktop shortcut for it and then click Run As Administrator. Application Gamma was created when your organization had a small team of developers. The application does not function under the existing Windows 7 compatibility modes, and your organization now lacks the expertise to revise the original source code so that the application functions properly when installed on computers running Windows 7. With these facts in mind, answer the following questions. Questions 1. What steps should you take to get application Alpha to execute? 2. What steps should you take to enable the execution of application Beta by just clicking on its shortcut? 3. What tool can you use to configure custom compatibility options for application Gamma? Case Scenario 2: Restricting Applications at Contoso You are responsible for configuring computers running Windows 7 Enterprise at Contoso’s Antarctic Research facility. In-house developers created a data collection and analysis application used at the facility. This application communicates with instruments that measure temperature variations in the ice fields that surround the Contoso outpost. The in-house developers did not digitally sign this application. As the application interacts with delicate scientific instruments, only members of the Scientists group should be able to execute the Suggested Practices CHAPTER 5 295 data collection application. You want to create a single rule to manage the execution of this application. With this information in mind, answer the following questions. Questions 1. What type of rule would you create for the data collection application? 2. How can you ensure that only members of the Scientists group can execute the data collection application and other users cannot? 3. What steps would the in-house developers need to take to allow you to create a publisher rule for this application? Suggested Practices To help you master the exam objectives presented in this chapter, complete the following tasks. Configure Application Compatibility In this set of practices, you configure application compatibility. Use your favorite search engine to locate and download an evaluation version of an application that works on a previous version of Windows, such as Windows XP, but which does not work when running Windows 7. n Practice 1 Edit the properties of an application and configure the Windows 7 compatibility modes to get the application to function when running Windows 7. n Practice 2 Edit the properties on an application and configure the Windows 7 compatibility modes to disable the Aero UI when the application is executing. Configure Application Restrictions In this set of practices, you configure application restrictions. It requires that you have downloaded the Process Explorer application to the desktop of your computer running Windows 7. You can obtain this application from the Web site at http://technet.microsoft .com/en-us/sysinternals/bb896653.aspx. You need to enable the Application Identity service temporarily to complete these practices. Remember to disable the service when you complete these exercises, or else you may experience problems executing other applications in later chapters. n Practice 1 Use the Local Group Policy Editor to configure an AppLocker path rule to block the execution of the Process Explorer application that you downloaded for the exercises at the end of Lesson 1. After rebooting the computer, verify that the application is blocked by the path rule. When you have done this, create a copy of the executable file in another location. Attempt to execute the application in its new location. 2 9 6 CHAPTER 5 Managing Applications n Practice 2 Use the Local Group Policy Editor to create a publisher rule to block the execution of the Process Explorer application. After rebooting the computer, verify that the Process Explorer application does not execute. Copy the application file to another location. Verify that the Process Explorer application does not execute in the new location. Take a Practice Test The practice tests on this book’s companion DVD offer many options. For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-680 certification exam content. You can set up the test so that it closely simulates the experience of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question. More Info PRACTICE TESTS For details about all the practice test options available, see the section entitled “How to Use the Practice Tests,” in the Introduction to this book. CHAPTER 6 297 CHAPTER 6 Network Settings T his chapter discusses networks and how you locate computers and other devices within networks. It looks at Internet Protocol version 4 (IPv4), a robust, reliable protocol that has implemented routing and delivered packets to hosts on subnets for many years. It also discusses the various types of IPv4 address and the services on which IPv4 relies. Internet Protocol version 6 (IPv6) is the successor to IPv4, and the chapter explains why IPv4 might no longer be adequate to cope with modern intranetworks, in particular the Internet. It describes the various types of IPv6 addresses and their functions, as well as address types that implement the transition from IPv4 to IPv6. Traditionally, most networks used wired connections, but wireless networking is now much more common, particularly with the increase in mobile communication and working from home. The chapter looks at how you set up both wired and wireless networks and troubleshoot connectivity problems. Finally, the chapter considers the new Windows 7 feature of location-aware printing that enables mobile users to move between networks without needing to re-specify their default printer. Exam objectives in this chapter: n Configure IPv4 network settings. n Configure IPv6 network settings. n Configure networking settings. Lessons in this chapter: n Lesson 1: Configuring IPv4 300 n Lesson 2: Configuring IPv6 328 n Lesson 3: Network Configuration 348 2 9 8 CHAPTER 6 Network Settings Before You Begin To complete the exercises in the practices in this chapter, you need to have done the following: n Installed the Windows 7 operating system on a stand-alone client PC as described in Chapter 1, “Install, Migrate, or Upgrade to Windows 7.” You need Internet access to complete the exercises. n Installed Windows 7 on a second PC. The procedure is the same as for installing the first PC, and the user name and password are the same (Kim_Akers and P@ssw0rd). The computer name is Aberdeen. As with the installation of the Canberra computer, accept the installation defaults (unless you are not U.S based, in which case select the appropriate keyboard and time zone). It is highly recommended that you create the Aberdeen computer as a virtual machine (VM). You can do this by using Hyper-V or by downloading Microsoft Virtual PC 2007 at http://www.microsoft.com/downloadS/ details.aspx?FamilyID=04d26402-3199-48a3-afa2-2dc0b40a73b6&displaylang=en. n If you have two physical computers that are not connected to the same network by any other method, you need to connect their Ethernet ports with a crossover cable or by using an Ethernet switch. n You will need a wireless connection on the Canberra computer and a wireless access point (WAP) connected via a cable modem to the Internet to complete the optional exercise in Lesson 1. You need a wireless adapter on each computer to complete the exercise in Lesson 3, “Network Configuration,” later in this chapter. real World Ian McLean I ’ve just read it in a Microsoft magazine, so it must be correct—we’re running out of IPv4 addresses. As one of those who was crying wolf very loudly indeed in 1999, I can’t say I’m surprised; in fact I am surprised it has taken so long. The use of Network Address Translation (NAT) and private addressing, of Classless Inter-Domain Routing (CIDR), and Variable-Length Subnet Mask (VLSM), and the claw-back of allocated but unused addresses were at best a temporary fix. They were never a solution. We were using up a limited resource. We could slow the process, but we could not halt it. So what’s the solution? In a word (or to be pedantic an acronym): IPv6. There’s a huge amount of money invested in the IPv4 Internet and it’s not about to go away. As a professional, you need to know about IPv4 and how to configure and work with it, and you will for some time yet. However, where there are now islands of IPv6 Internet among seas of IPv4 Internet, IPv6 is growing, and eventually IPv4 will become the islands, and they’ll get smaller all the time. Before You Begin CHAPTER 6 299 So don’t ignore IPv4, but the time has come to add IPv6 to your skills base. After all, it’s hardly new. The IPv6 Internet has been around since the last millennium. You don’t need to subnet or supernet it, and a device can have several IPv6 addresses for different functions. There is quite an incredible (literally) number of available addresses. I’m told the resource is almost infinite. Forgive me, but wasn’t that what they said about IPv4 address space in 1985? So learn IPv6. If I were you, I’d do so quickly. The human race is never more ingenious than when it sets its mind to using up a seemingly infinite resource. I may be getting on a bit, but I have bets with several of my colleagues that IPv8 will be around before I’m finally laid to rest. What hasn’t occurred to them is—how are they going to collect their winnings? 3 0 0 CHAPTER 6 Network Settings Lesson 1: Configuring IPv4 As an IT professional with at least one year’s experience, you will have come across IPv4 addresses, subnet masks, and default gateways. You know that in the enterprise environment, Dynamic Host Configuration Protocol (DHCP) servers configure IPv4 settings automatically and Domain Name System (DNS) servers resolve computer names to IPv4 addresses. You might have configured a small test network with static IPv4 addresses, although even the smallest of modern networks tend to obtain configuration from a cable modem or a WAP, which in turn is configured by an Internet service provider (ISP). You might have set up Internet Connection Sharing in which client computers access the Internet through, and obtain their configuration from, another client computer. You have probably come across Automatic Private Internet Protocol (APIPA) addresses that start with 168.254 when debugging connectivity because computers that fail to get their IPv4 configuration addresses from DHCP typically configure themselves using APIPA instead—so an APIPA address can be a symptom of DHCP failure or loss of connectivity, although it is also a valid way of configuring isolated networks that do not communicate with any other network, including the Internet. However, you might not have been involved in network design or have subnetted a network. Subnetting is not as common these days, when private networks and NAT give you a large number of addresses you can use. It was much more common in the days when all addresses were public and administrators had to use very limited allocations. Nevertheless, subnetting remains a useful skill and subnet masks are likely to be tested in the 70-680 examination. In this lesson, you look at the tools available for manipulating IPv4 addresses and subnet masks and implementing IPv4 network connectivity. The lesson considers the Network And Sharing Center, the Netstat and Netsh command-line tools, Windows Network Diagnostics, how you connecting a computer to a network, how you configure name resolution, the function of APIPA, how you set up a connection for a network, how you set up network locations, and how you resolve connectivity issues. Before you look at all the tools for manipulating and configuring IPv4, you first need to understand what the addresses and subnet masks mean. You will learn the significance of addresses such as 10.0.0.21, 207.46.197.32, and 169.254.22.10. You will learn why 255.255.255.128, 255.255.225.0, 225.255.254.0, and 255.255.252.0 are valid subnet masks, whereas 255.255.253.0 is not. You will learn what effect changing the value of the subnet mask has on the potential size of your network and why APIPA addresses do not have default gateways. This chapter starts with an introduction to IPv4, in particular IPv4 addresses, subnet masks, and default gateways. It continues with the practical aspects of configuring and managing a network. Lesson 1: Configuring IPv4 CHAPTER 6 301 After this lesson, you will be able to: n Explain the functions of an IPv4 address, a subnet mask, and a default gateway, and interpret the dotted decimal format. n Connect workstations to a wired network and set up Internet Connection Sharing (ICS) on that network. n Manage connections for wired networks. Estimated lesson time: 50 minutes Introduction to IPv4 Addressing IPv4 controls packet sorting and delivery. Each incoming or outgoing IPv4 packet, or datagram, includes the source IPv4 address of the sender and the destination IPv4 address of the recipient. IPv4 is responsible for routing. If information is being passed to another device within a subnet, the packet is sent to the appropriate internal IPv4 address. If the packet is sent to a destination that is not on the local subnet (for example, when you are accessing the Internet), IPv4 examines the destination address, compares it to a route table, and decides what action to take. You can view the IPv4 configuration on a computer by opening the Command Prompt window. You can access this either by selecting Accessories and then Command Prompt on the All Programs menu, or by entering cmd in the Run box. If you need to change a configuration rather than to merely examine it, you need to open an elevated command prompt. The Ipconfig command-line tool displays a computer’s IPv4 settings (and IPv6 settings). Figure 6-1 shows the output of the Ipconfig command on a computer connected wirelessly through a WAP to the Internet and internally to a private wired network that is configured through APIPA. For more detail enter ipconfig /all. FIGURE 6-1 Ipconfig command output The IPv4 address identifies the computer and the subnet that the computer is on. An IPv4 address must be unique within a network. Here the private address is unique within the internal 3 0 2 CHAPTER 6 Network Settings network (the number 10 at the start of the address indicates that the address is private). If an IPv4 address is a public address on the Internet, it needs to be unique throughout the Internet. We look at public and private addresses later in this lesson. There is nothing magical about the IPv4 address. It is simply a number in a very large range of numbers. It is expressed in a format called dotted decimal notation because that provides a convenient way of working with it. An IPv4 address is a number defined by 32 binary digits (bits), where each bit is a 1 or a 0. Consider this binary number: 00001010 00010000 00001010 10001111 The spaces are meaningless. They only make the number easier to read. The decimal value of this number is 168,823,439. In hexadecimal, it is 0A100A8F. Neither of these ways of expressing the number is memorable or convenient. note BINARY AND HEXADECIMAL NOTATION You do not need to be a mathematician or an expert in binary notation to understand IPv4 addressing, but you do need a basic knowledge. To learn more, you can search for “the binary system” (for example) on the Internet, but possibly the best way to become familiar with binary and hexadecimal is to use the scientific calculator supplied by Windows 7. For example, enable binary (Bin) and type in 11111111. Enable decimal (Dec) and then hexadecimal (Hex), and ensure that you get 255 and FF, respectively. The same calculator is available in the 70-680 examination. Binary digits are generally divided into groups of eight, called octets (an electronics engineer would call them bytes). So let us group this number into four octets and put a dot between each because dots are easier to see than spaces. 00001010.00010000.00001010.10001111 Convert the binary number in each octet to decimal and you get: 10.16.10.143 Binary, decimal, hexadecimal, and dotted decimal are all ways of expressing a number. The number uniquely identifies the computer (or other network feature) within a network and the specifically identifiable network (or subnet) that it is on. A network is divided into one or more subnets. Small networks—for example, a test network—might consist of only a single subnet. Subnets are connected to other subnets by a router (for example, a WAP, a Microsoft server configured as a router, or a hardware device such as a Cisco or 3Com router). Each subnet has its own subnet address within the network and its own gateway or router connection. In large networks, some subnets can connect to more than one router. You can also regard the connection through a modem to an ISP as a subnet, and this subnet in turn connects to the Internet through a router at the ISP. . can do this by using Hyper-V or by downloading Microsoft Virtual PC 20 07 at http://www.microsoft.com/downloadS/ details.aspx?FamilyID=04d2640 2-3 19 9-4 8a3-afa 2-2 dc0b40a73b6&displaylang=en. n . previous version of Windows, such as Windows XP, but which does not work when running Windows 7. n Practice 1 Edit the properties of an application and configure the Windows 7 compatibility. done the following: n Installed the Windows 7 operating system on a stand-alone client PC as described in Chapter 1, “Install, Migrate, or Upgrade to Windows 7. ” You need Internet access to complete