Data Loading...

Configuring Windows 7 Flipbook PDF

Configuring Windows 7

110 Views
38 Downloads
FLIP PDF 56.98MB

●●●●●●●●●●●

How to access your CD files

The print edition of this book includes a CD. To access the CD files, go to http://aka.ms/627086/files, and look for the Downloads tab. Note: Use a desktop web browser, as files may not be accessible from all ereader devices. Questions? Please contact: [email protected]

Microsoft Press

MCTS Self-Paced Training Kit (Exam 70-680): Configuring Windows 7 ®

Ian McLean Orin Thomas

PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2010 by Ian McLean and Orin Thomas All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2009932326 ISBN: 978-0-7356-2708-6 Printed and bound in the United States of America. 13 14 15 16 17 18 19 20 21 QG 8 7 6 5 4 3 Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected]. Please tell us what you think of this book at http:// www.microsoft.com/learning/booksurvey. Microsoft, Microsoft Press, Access, Active Directory, ActiveX, Aero, BitLocker, DirectX, Excel, Hyper-V, Internet Explorer, MS, MS-DOS, Natural, Outlook, PowerPoint, ReadyBoost, SQL Server, Visual Basic, Win32, Windows, Windows Live, Windows Media, Windows Mobile, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Acquisitions Editor: Ken Jones Developmental Editor: Laura Sackerman Project Editor: Rosemary Caperton Editorial Production: Ashley Schneider, S4Carlisle Publishing Services Technical Reviewer: Rozanne Whalen; Technical Review services provided by Content Master, a member of CM Group, Ltd. Cover: Tom Draper Design Body Part No. X16-10711

[2013-07-26]

It’s unusual to dedicate a book to one of its authors, but when Orin Thomas agreed to be my writing partner it was my lucky day. Orin is the most competent and capable professional I have ever come across. Not only can he do things, he can write about them too. He’s my peer reviewer as well as my co-author and his reviews are both informative and ruthless, for which I’m eternally grateful. He is always ready and willing to step in with assistance if I am having any sort of problem. Orin, please keep tearing my text to shreds. By the way I’ll do the same for you given the opportunity. I appreciate working with a true professional. —Ian McLean

To all of you who are beginning your certification journey, I hope that you find your journey as rewarding, as useful, and as fulfilling as I have found my own. Good luck on your Windows 7 exam! —Orin Thomas

Contents at a Glance Introduction

xxiii

Chapter 1

Install, Migrate, or Upgrade to Windows 7

1

Chapter 2

Configuring System Images

Chapter 3

Deploying System Images

113

Chapter 4

Managing Devices and Disks

195

Chapter 5

Managing Applications

255

Chapter 6

Network Settings

297

Chapter 7

Windows Firewall and Remote Management

381

Chapter 8

BranchCache and Resource Sharing

421

Chapter 9

Authentication and Account Control

477

Chapter 10

DirectAccess and VPN Connections

513

Chapter 11

BitLocker and Mobility Options

553

Chapter 12

Windows Update and Windows Internet Explorer

599

Chapter 13

Monitoring and Performance

647

Chapter 14

Recovery and Backup

729

Answers

783

Glossary

843

Index

847

53

Contents

Introduction

xxiii

Lab Setup Instructions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiv Hardware Requirements

xxiv

Using the DVD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv How to Install the Practice Tests

xxv

How to Use the Practice Tests

xxvi

How to Uninstall the Practice Tests

xxvii

Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii

Chapter 1 Install, Migrate, or Upgrade to Windows 7

1

Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Lesson 1: Installing Windows 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Windows 7 Editions

3

Windows 7 Hardware Requirements

5

Preparing the Windows 7 Installation Source

6

Installing Windows 7

9

Lesson Summary

22

Lesson Review

23

Lesson 2: Upgrading to Windows 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Upgrading from Windows 7 Editions

25

Upgrading from Windows Vista

26

Migrating from Windows XP

29

Lesson Summary

32

Lesson Review

32

What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit:

www.microsoft.com/learning/booksurvey/

vii

Lesson 3: Managing User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Migrating User Profile then computer = "this computer" List = "" Set objs = WMI.InstancesOf("Win32_Printer") For each obj in objs

List = List & obj.Caption & ", "

Next List=Left(List, Len(List)-2) MsgBox List,64,"Printers on " & computer List = "" Set objs = WMI.InstancesOf("Win32_Process") For each obj in objs List = List & obj.Description & ", " Next List=Left(List, Len(List)-2) MsgBox List,64,"Processes on " & computer

Lesson 2: Configuring Performance Settings

CHAPTER 13

693

List = "" set objs = WMI.InstancesOf("Win32_Processor") For each obj in objs

List = List & obj.Description & ", "

Next List=Left(List, Len(List)-2) MsgBox List,64,"Processor on " & computer

Note that if you specify the Aberdeen computer when you run this script on Canberra, you need to ensure the \\Canberra\Kim_Akers account has administrator rights on Aberdeen. Only a local administrator can run a WMI script on a computer, although if you have the appropriate rights, running WMI scripts on remote computers is straightforward. The script is possibly more relevant to an enterprise environment where Domain and Enterprise Admins have rights on every machine. Also, ensure that the firewalls are not blocking the information. Figure 13-32 shows the list of processes on Canberra displayed in a message box.

Figure 13-32 Processes on this computer (Canberra)

WMI consists of three primary features: the Common Information Model Object Manager (CIMOM), also known as the WMI service; the Common Information Model (CIM) repository, also known as the WMI repository; and WMI providers. Together, these features provide an infrastructure through which configuration and management data is defined, exposed, accessed, and retrieved.

WMI Providers WMI providers, such as Win32 and the built-in Event Log provider, act as intermediaries between the CIMOM and a managed resource. Providers request information from and send instructions to WMI-managed resources on behalf of applications and scripts. Providers expose the managed resource to the WMI infrastructure using a standards-based access model, communicate with their respective managed resources by using the native application programming interfaces (APIs) of the managed resource, and communicate with the CIMOM 694 CHAPTER 13

Monitoring and Performance

by using WMI programming interfaces. Windows 7 introduces additional providers for Windows PowerShell and virtualization. To create an application that manages Windows subsystems, you typically use the Win32 APIs. Without WMI, you would need to call these APIs yourself. Unfortunately, Win32 APIs cannot be called from a script, and you would need to use a programming language such as C++ or Microsoft Visual Basic. Writing C++ or Virtual Basic code is typically much more difficult than writing a script. When you use WMI providers, you do not have to worry about calling the Win32 APIs because WMI does that for you. Also, you do not have to worry about differences between various APIs because you use a standard set of WMI commands and WMI translates those commands into commands that the APIs understand. WMI providers are generally implemented as DLLs in the SystemRoot\System32\Wbem irectory. The built-in providers, also known as standard providers, supply data and management d functions from well-known operating system sources, such as the Win32 subsystem, event logs, performance counters, and the registry.

The CIMOM The CIMOM handles the interaction between consumers and providers. It acts as the WMI information broker and all WMI requests and data flow through the CIMOM. When you write a WMI script, the script is directed to the CIMOM. However, the CIMOM does not directly handle your request. For example, suppose that you request a list of all the services installed on a computer. The CIMOM does not actually retrieve the list of services for you. Instead, it locates the appropriate WMI provider and asks the provider to retrieve the list. When the list has been retrieved, the CIMOM returns the information to you.

The WMI Service The WMI service (Winmgmt.exe) implements the CIMOM on Windows 7. You can start and stop it from an elevated command prompt like any other service (for example, net stop winmgmt). Be aware, however, that if you stop the WMI service, this also stops the Security Center and IP Helper services. If the WMI service is stopped and you run a script or an application that requires WMI, the service automatically restarts.

The CIM Repository Management applications, administrative tools, and scripts make requests to the CIMOM to retrieve data, subscribe to events, or to perform some other management-related task. The CIMOM retrieves the provider and class information necessary to service consumer requests from the CIM repository. The CIMOM uses the information obtained from the CIM repository to hand off consumer requests to the appropriate WMI provider. The CIM repository holds the schema, also called the object repository or class store, which defines all data exposed by WMI. The schema is similar to the AD DS schema and is built on the concept of classes. A class is a blueprint of a WMI-manageable resource. However, u nlike

Lesson 2: Configuring Performance Settings

CHAPTER 13

695

AD DS classes, CIM classes typically represent dynamic resources. Instances of resources are not stored in the CIM repository but are dynamically retrieved by a provider based on a consumer request. This means that the term repository is somewhat misleading. Although the CIM is a repository and is capable of storing static data, its primary role is storing the blueprints for managed resources. The operational state for most WMI-managed resources changes frequently (for example, all the events in all event logs on a computer) and is read on demand to ensure that the most up-to-date information is retrieved. This can sometimes cause queries to run slowly if a lot of information needs to be retrieved, but this is preferable to using the computer resource that would be required to maintain an up-to-date repository of frequently changing data.

CIM Classes CIM classes are organized hierarchically and child classes inherit from parent classes. The Distributed Management Task Force (DMTF) maintains the set of core and common base classes from which system and application software developers derive and create systemspecific or application-specific extension classes. Classes are grouped into namespaces, logical groups representing a specific area of management. CIM classes include both properties and methods. Properties describe the configuration and state of a WMI-managed resource; methods are executable functions that perform actions on the WMI-managed resource associated with the corresponding class. More Info DMTF

For more information about the Distributed Management Task Force, visit the DMTF home page at http://www.dmtf.org/home/.

WMI Consumers A WMI consumer can be a script, an enterprise management application, a Web-based application, or some other administrative tool that accesses and controls management information available through the WMI infrastructure. For example, the script listed earlier that discovered and listed the logical disk drives on your computer is a WMI consumer. An application can be both a WMI provider and a WMI consumer (for example, Microsoft Application Center and Microsoft Operations Manager).

WMI Scripting Library The WMI scripting library provides the set of automation objects through which scripting languages such as VBScript access the WMI infrastructure. The WMI scripting library is implemented in a single automation feature named Wbemdisp.dll that is stored in the SystemRoot\System32\Wbem directory. The Automation objects in the WMI scripting library provide a consistent and uniform scripting model for WMI-managed resources.

696 CHAPTER 13

Monitoring and Performance

EXAM TIP

It is important to distinguish between managed resource class definitions and automation objects. Managed resource class definitions reside in the CIM repository (Cim.rep) and provide the blueprints for the computer resources exposed through WMI. A general-purpose set of automation objects reside in the WMI scripting library and scripts can use these objects to authenticate and connect to WMI. After you obtain an instance of a WMI-managed resource using the WMI scripting library, you can access the methods and properties defined by the class definition of the managed resource.

Variable Naming Convention WMI scripts typically follow a consistent convention when naming variables. Each variable is named according to the automation object name in the WMI scripting library and is prefaced with obj (to indicate an object reference) or col (to indicate a collection object reference). For example, a variable that references an object called SWbemServices is named objSWbemServices; a variable that references an object called SWbemObject is named objSWbemObject; and a variable that references an object called SWbemObjectSet is named colSWbemObjectSet. This convention is not mandatory, but it helps you understand the type of WMI object that you are working with in a WMI script. Following a consistent naming convention makes your code easier to read and to maintain, especially if you are not the person doing the maintenance.

The WMI Administrative Tools You can download the WMI Administrative Tools at http://www.microsoft.com/downloads/ details.aspx?FamilyID=6430f853-1120-48db-8cc5-f2abdc3ed314&DisplayLang=en, although it is probably easier to go to http://www.microsoft.com/downloads and search for “WMI Administrative Tools.” The WMI Administrative Tools include the following: n

n

WMI Common Information Model (CIM) Studio Enables you to view and edit classes, properties, qualifiers, and instances in a CIM repository; run selected methods; and generate and compile Managed Object Format (MOF) files. WMI Object Browser Enables you to view objects, edit property values and qualifiers,

and run methods.

n

WMI Event Registration Tool Enables you to configure permanent event consumers, and to create or view instances of event consumers, filters, bindings, and timer system classes.

n

WMI Event Viewer Displays events for all instances of registered consumers.

Lesson 2: Configuring Performance Settings

CHAPTER 13

697

WMI CIM Studio WMI CIM Studio is designed primarily for use by developers, particularly those who are writing providers. It assists developers to create WMI classes in the CIM repository. WMI CIM Studio uses a Web interface to display information and relies on a collection of ActiveX features installed on the system when it runs for the first time. The tool enables developers to: n

Connect to a chosen system and browse the CIM repository in any namespace available

n

Search for classes by their name, by their descriptions, or by property names

n

Review the properties, methods, and associations related to a given class

n

See the instances available for a given class of the examined system

n

Perform queries in the WMI Query Language (WQL)

n

Generate an MOF file based on selected classes

n

Compile an MOF file to load it in the CIM repository

WMI CIM Studio also provides wizards for generating and compiling MOF files and for generating framework provider code. When you start WMI CIM Studio from the WMI Tools menu, you first need to click the Information bar and permit ActiveX tools to run. You then select a namespace in the Connect To Namespace dialog box or use the default namespace Root\CIMV2. Figure 13-33 shows the WMI CIM Studio tool.

Figure 13-33 WMI CIM Studio

698 CHAPTER 13

Monitoring and Performance

WMI CIM Studio contains a Class Explorer and a Class Viewer. When you select classes in the Class Explorer, their details appear in the Class Viewer. WMI CIM Studio wizards generate and compile MOF files. You can use WMI CIM Studio to view the class inheritance tree for any namespace in your system or on a network by specifying the namespace path in the Classes In box, by clicking the Classes In arrow and selecting the namespace in the history list, or by browsing to a namespace. You can search for a specific class in the namespace by clicking Search For Class in Class Explorer. In the Search For Class dialog box, select one or more check boxes under Search Options to select the type of search to perform: by class name, class description, or property name. Enter the full or partial text value to use for this search, and click Go. The results of the search appear in the Search Results pane. Click the class to view and then click OK. This displays the chosen class in Class Explorer. You can display the properties of a class by selecting the class in Class Explorer and then clicking the Properties tab in Class Viewer. Symbols (for example, a key represents a key property) let you identify the following information about a class: n

Key properties

n

System properties

n

Inherited properties

n

Writable properties

n

The values contained in property arrays

WMI CIM Studio lets you display instances of an existing class by accessing a table of all instances of the class and viewing the associations of an instance. You can also define and display custom views of instances. You can add and delete class definitions in Class Explorer, and you can modify class definitions by adding, editing, or deleting properties, qualifiers, and methods. You can add and delete instances of a class. You can execute regular methods on instances in WMI CIM Studio if the instances are implemented and not disabled. Click the class in Class Viewer and click Instances. Right-click the instance you want to work with and select Go To Object. Click the Methods tab in Class Viewer, right-click the method, and select Execute Method. The Parameters column shows the parameters defined for the method and their default values. Before executing the method, you can configure the parameters by editing their values. The WQL Query Builder lets you write, save, and execute WQL queries. To use this feature, click the WQL Query symbol in Class Viewer. The MOF Generator Wizard in Class Explorer enables you to generate an MOF file for class definitions and instances from an existing repository. Typically, you run this wizard when you have created a new class or when you want to export existing repository information to another computer. You can compile the MOF file into a repository—importing any class definitions or instances from the MOF file into the current repository—by using the MOF Compiler Wizard. This wizard checks the syntax of an MOF file and creates binary MOF files.

Lesson 2: Configuring Performance Settings

CHAPTER 13

699

WMI Object Browser Unlike WMI CIM Studio, the WMI Object Browser is designed for use by system managers. This tool enables you to display the object tree for a CIM repository, view object details, edit object information, and run selected methods. You start WMI Object Browser from the WMI Tools menu and you need to click the Information bar and enable ActiveX controls. You can select a namespace or accept the default. WMI Object Browser contains an Object Explorer and an Object Viewer. When you select objects in the Object Explorer, their details appear in the Object Viewer. Figure 13-34 shows the WMI Object Browser.

Figure 13-34 The WMI Object Browser

The left pane of the WMI Object Browser contains the Object Explorer, which shows the object tree for the current namespace (by default, the Root\CIMV2 namespace on the local computer). You can select a different local namespace or a namespace on a remote computer. The Object Explorer shows a hierarchy of the instances that are found in the selected namespace and any instance in the namespace can be selected as the root of the tree. The tree shows regular objects and grouping nodes. Grouping nodes are not objects themselves but instead are used to organize objects. The symbols next to the names indicate the type of object or node. Resting the mouse over an object in the tree displays the object’s path, which identifies the object in the namespace.

700 CHAPTER 13

Monitoring and Performance

The right pane of WMI Object Browser shows the Object Viewer. You can select the roperties, Methods, or Associations tab for an object. Figure 13-35 displays the Associations P tab. The Object Viewer displays the title of the current view above the tabs. For a single object, the title is the object path of the instance currently displayed. For a multiple-object table, the title describes the group of objects currently displayed.

Figure 13-35 WMI Object Browser Associations tab

WMI Object Browser enables you to do the following: n

Display the object tree contained in a specified CIM repository.

n

Reroot the object tree.

n

Display properties, methods, and associations for a selected object.

n

Display instances of grouped objects.

n

Display property and object qualifiers.

n

Execute methods on a selected object.

n

Edit property values and object and property qualifiers.

You can view the object tree for any namespace in your system or on a network by entering the namespace path in the Objects In box or selecting it in the history list. You can also browse for a namespace or right-click the object whose namespace you want to display and click Go To Namespace. The root of the namespace can be changed temporarily in a session or permanently through the schema. When you select a grouping node in the Object Explorer, the Object Viewer displays an instance table showing all objects in the namespace that belong to the selected group and

Lesson 2: Configuring Performance Settings

CHAPTER 13

701

the common properties of those objects. You can also display the details for any individual instance from the instance table by right-clicking the instance and clicking Go To Object. This displays the object’s Properties tab. From the Properties tab, you can double-click a property to display property qualifiers. When the Properties tab is selected, you can right-click anywhere in the Object Viewer grid and select Object Qualifiers. Selecting the Properties tab also enables you to edit the Value field of properties that are not read-only. To return to the instance table, reselect the grouping node. From the Methods tab in the Object Viewer, you can right-click a method and select xecute Method. The Method Parameters window displays the parameters used when E executing the selected method. The Parameters column shows the parameters defined for this method and their default values. You can configure parameters by editing the values in this table before you execute the method.

WMI Event Registration The WMI Event Registration tool is designed primarily for developers. It provides a graphical interface for what you can also accomplish programmatically. You need to install Windows Management and create a repository of classes on the target computer before you can use the WMI Event Registration Tool. You can do this by compiling an MOF file in the system directory where the WMI Core is installed. To compile the MOF file, type the following at the command-line prompt: mofcomp .mof

However, by default, the WMI Event Registration tool uses the Eviewer.mof file found in the WMI Tools directory. This file is compiled automatically when Windows Management first starts, so the WMI Event Viewer consumer is registered as a permanent event consumer by default and you can open the WMI Event Registration tool and investigate its features. More Info Compiling MOF files

You can find out more about compiling MOF files by downloading the Windows 7 Platform software development kit (SDK) and accessing the “Mofcomp” topic in the Windows Management Instrumentation (WMI) section. However, this topic is beyond the scope of this book and the 70-680 examination.

You start the WMI Event Registration Tool from the WMI Tools menu and need to allow blocked ActiveX content on the Information bar and specify a root, as with the other tools. From the drop-down menu near the top-left of the WMI Event Registration Tool, you can select Filters, Consumers, or Timers. Double-clicking an item in the left pane opens the View Class Properties dialog box, as shown in Figure 13-36. This lets you access the Properties, Methods, and Associations tabs.

702 CHAPTER 13

Monitoring and Performance

Figure 13-36 The WMI Event Registration tool

The WMI Event Registration Tool enables you to create, display, and modify the event consumers, filters, and timers for a given namespace and any bindings between filters and consumers. You can use the tool to do the following: n

View properties of the defined consumer, filter, and timer system classes and instances

n

Add or delete event consumer instances

n

Add or delete event filter instances

n

Add or delete event timer instances

n

Edit instance properties

n

Register consumers for events by binding consumer and filters

WMI Event Viewer WMI Event Viewer is a permanent event consumer that lets you sort and view the details of events generated in WMI by Windows Management or by event providers. Event objects are forwarded to any consumers registered for these types of events. You can register WMI Event Viewer for any event filters and view incoming events that match the filters. You can open WMI Event Viewer from the WMI Tools menu. However, as a permanent event consumer, it is started automatically by WMI whenever an event occurs that needs to be forwarded to it. To register WMI Event Viewer for different types of events, you use the

Lesson 2: Configuring Performance Settings

CHAPTER 13

703

WMI Event Registration Tool. This tool can be started either independently from the WMI Tools menu or from WMI Event Viewer tool by clicking the Register For Events control, as shown in Figure 13-37.

Figure 13-37 The Register For Events control in WMI Event Viewer

WMI Event Viewer enables you to carry out the following tasks: n

View Windows Management–generated events and event information, such as the event’s date and time, class, point of origin, and description

n

View event instance properties

n

Start the WMI Event Registration Tool

n

Clear the display

The Eviewer.mof file, installed in the WMI Tools directory along with WMI Event Viewer, contains the classes and instances required to declare and register the WMI Event Viewer Consumer Provider with the WMI event subsystem. This MOF file is compiled automatically when the Windows Management Service is first started, so that the WMI Event Viewer consumer is registered as a permanent event consumer by default. All permanent event consumers, including WMI Event Viewer, require specific distributed component object model (DCOM) permissions to start automatically on a remote computer for a registered event. To set the DCOM launch permissions for WMI Event Viewer so you can monitor events on a remote computer, carry out the following procedure: 1. Run the Dcomcnfg.exe program from an elevated command prompt on the remote

computer. 2. On the Applications tab of the Distributed COM Configuration Properties dialog box,

select WMI Event Viewer, as shown in Figure 13-38, and click Properties. 3. On the Security tab of the WMI Event Viewer Properties dialog box, select Customize

and click Edit. 4. Click Add.

704 CHAPTER 13

Monitoring and Performance

Figure 13-38 Selecting WMI Event Viewer in Component Services

5. In the Add Users And Groups dialog box, type Everyone. 6. Click Add. Ensure that all permissions check boxes are selected and then click OK.

Note that WMI Event Viewer enables users and event consumers to access event information. It is not a configuration tool. Therefore, there are no security implications to setting these permissions.

Using the System Configuration Tool You open System Configuration (MSConfig) by entering msconfig in the Start menu Search box, the Run box, or the command prompt. The principal purpose of this tool is to troubleshoot the Windows startup process. MSConfig modifies which programs run at startup, edits configuration files, and enables you to control Windows services and access Windows Performance and Troubleshooting tools. You can use the System Configuration tool to configure Windows 7 to perform a diagnostic startup that loads a minimum set of drivers, programs, and services. Figure 13-39 shows the General tab of the System Configuration tool, on which you can specify Normal Setup or Diagnostic Setup. You can also customize a Selective Setup and control whether to load System Services and Startup Items. You can select the System Services and Startup Items to load and start on the Services and Startup tabs, respectively, in the System Configuration tool. It is a good idea to look carefully at the list of programs on the Startup tab. Some software packages—for example, software that detects viruses and other malware—should run at startup and continue to run unless you have a reason to disable them. Other software packages, particularly third-party software, install themselves so that they run at startup whether they need to or not. The more unnecessary programs you have running, the slower your computer goes.

Lesson 2: Configuring Performance Settings

CHAPTER 13

705

Figure 13-39 The General tab of System Configuration

Services are more difficult to manage than packages because of service dependencies. You might see that a service you have never heard of before runs at startup and decide to change its startup type, only to find that half a dozen essential services all depend on the one that is no longer running. The System Configuration tool lets you experiment with a computer on your test network before making changes to production computers. Note Disabling services with MSConfig

Although you can use MSConfig to disable services, this does not change the current state of the service. For example, you can use MSConfig to disable the running Diagnostic Policy service, but the service remains running until you reboot the computer.

The Boot tab of the System Configuration tool lets you specify the source of your boot files and, if desired, make that source the default. For example, in the Boot tab shown in Figure 13-40, the computer is dual-boot, with operating systems on both the C: and D: volumes. It can also boot into Windows 7 Ultimate from a virtual hard drive (VHD). On the Boot tab, you can specify the timeout, which is how long the boot system waits for instructions before booting from its default source. You can specify Safe Boot and the type of Safe Boot to use (Minimal, Alternate Shell, Active Directory Repair, or Network). You can specify a No-Graphical User Interface (GUI) boot, or, if you are having problems with a video driver, specify a boot that uses the Base Video (lowest-resolution and color-depth) driver. You can require a Boot Log and Operating System (OS) Information. You can use reconfigured boot settings only once or make then permanent. Clicking Advanced on the Boot tab lets you specify a Debug Port and Baud Rate for r emote debugging and the Number Of Processors and Maximum Memory available to the boot process.

706 CHAPTER 13

Monitoring and Performance

Figure 13-40 The Boot tab of System Configuration

On the Startup tab, you can disable automatic startup for an application by clearing the check box beside the item. You can disable automatic startup for all items by clicking Disable All. This does not prevent the software from running—it merely stops it from starting automatically when the computer boots. The Services tab works in much the same way, in that you can disable or enable automatic startup of a single service or of all services. You can also determine what third-party services are running by selecting the Hide All Microsoft Services check box. The Tools tab performs a very useful function. Not only are all the available tools listed, but you can enable any tool from this tab. This is often easier than trying to remember or deduce the tool’s place in the Control Panel hierarchy, whether the tool is a Microsoft Management Console (MMC) snap-in, or what file you need to access from the command prompt to start the tool. The tab also lists the file and file path for the application that runs each tool. Exam tip

You can use either Task Manager or the Services Console to start and stop services on a computer running Windows 7 without rebooting the computer.

Using the Services Console The Services console, an MMC snap-in, lists the same services as does the Services tab of the System Configuration tool, but it provides more information about each service and more service management options. For example, the Services console tells you the service startup type (not just whether or not it is running) and the logon details.

Lesson 2: Configuring Performance Settings

CHAPTER 13

707

You can access the Services console by entering services.msc in the Search box on the Start menu, in the Run box, or in a command-prompt window. When you right-click a service in the Services console, you can start it, stop it, restart it, pause it, and resume it. You can access the Properties dialog box for the service and select the General, Log On, Recovery, and Dependencies tabs. The General tab lets you specify the startup type. This can be Automatic, Automatic (Delayed Start) Manual, or Disabled. You should consider the following when specifying the startup type: n

If a service is configured as Automatic, it starts at boot time. Some services also automatically stop when no longer required. However, if you find that you do not need a service, configure its start type as Manual or Disabled.

n

If a service is configured as Automatic (Delayed Start), it starts just after boot time. Configuring this setting can result in a faster boot, but if you need the service to be up and running when you boot, configure it as Automatic. If, on the other hand, you do not need a service, configure its start type as Manual or Disabled.

n

Manual mode allows Windows 7 to start a service when needed. In practice, some services do not start up when required in Manual mode. If you find that you need a service, configure it as Automatic.

n

If you configure a service as Disabled, it does not start even if needed. Unless you have a very good reason for disabling a service, configure its startup type as Manual instead.

The General tab, shown in Figure 13-41, also tells you whether a service is currently started, lets you start or stop it (as appropriate), and specifies the start parameters.

Figure 13-41 The General tab of the Service Properties dialog box

708 CHAPTER 13

Monitoring and Performance

The Logon tab typically specifies that the service logs on with a Local System account. You can specify another account if you need to do so, typically a local Administrator account on the computer on which the service is running. The Recovery tab specifies the actions that you take if a service fails. You can specify actions for the first failure, the second failure, and subsequent failures. If you click Run A Program, you need to type the full path for the program that you want to run. Programs or scripts that you specify should not require user input. If you click Restart The Computer, you need to specify how long the computer waits before restarting. You can also create a message to send automatically to remote users before the computer restarts. If you select Enable Actions For Stops With Errors, you can trigger the recovery actions when service stops with an error. The Dependencies tab lists the services, system drivers, and load order groups that a service depends on. If a service is not running when you expect it to be, you might have disabled another service that it depends on.

Configuring Performance Options The Performance Options tool is a Windows 7 Performance And Analysis tool that you can access by clicking Advanced Tools on the Performance Information And Tools dialog box and then clicking Adjust The Appearance And Performance Of Windows. The Visual Effects tab of this tool is shown in Figure 13-42. You can let Windows decide what is best for your computer, adjust for best appearance, adjust for best performance, or select Custom and specify the appearance settings for your computer manually. If you select Custom, you can choose which visual effects to turn off, one by one. There are 18 visual effects that you can control, such as whether shadows are displayed under screen icons or under the mouse pointer.

Figure 13-42 The Visual Effects tab of the Performance Options tool

Lesson 2: Configuring Performance Settings

CHAPTER 13

709

On the Advanced tab, you can adjust for the best performance of programs or background services. If your computer is running applications (as a typical workstation does), you would specify Adjust For Best Performance Of Programs. On a server that is functioning as a Web server (for example), you would specify Adjust For Best Performance Of Background Services. On the same tab, you can adjust page file settings. A page file is an area of disk space that can be used as paged virtual memory when running memory-intensive operations (such as print spooling) or if the system RAM is not adequate to cope with the demands of applications that are running. You can allow Windows 7 to manage memory paging (the default), as shown in Figure 13-43, or you can manually specify virtual memory allocation. If RAM is a serious bottleneck on your computer or you are running some extremely memory-intensive applications, you might want to specify memory-paging settings manually. Otherwise, you should accept the defaults.

Figure 13-43 Virtual memory default settings

Data Execution Prevention (DEP) helps prevent damage to your computer from viruses and other security threats. Malware attacks your operating system by attempting to execute code from the sections of a computer’s memory reserved for Windows 7 and other authorized programs. DEP helps to protect your computer by monitoring programs and ensuring that they use computer memory safely. If DEP detects a program on your computer that attempts to use memory incorrectly, it closes the program and notifies you. The Data Execution Prevention tab on the Performance Options tool lets you choose whether to turn on DEP for essential Windows programs and services only (the default) or to turn on DEP for all programs and services except those that you specify. For example, in a test environment where application developers are testing applications that could inadvertently

710 CHAPTER 13

Monitoring and Performance

cause security problems on the computer, you would choose to enforce DEP for all programs and services and possibly specify only those in which you have complete confidence as exceptions.

Configuring Hard Disk Write Caching Write caching uses high-speed volatile RAM to collect write commands sent to data storage devices and cache them until the slower storage media (either physical disks or flash memory) can deal with them. You can manage write caching on the Policies tab of the device’s Properties dialog box that you access from Device Manager. For USB flash memory devices (for example), you can specify the Quick Removal option, as shown in Figure 13-44. This option is typically the best choice for devices that you are likely to remove from the system frequently, such as USB flash drives, memory cards, or other externally attached storage devices.

Figure 13-44 The Quick Removal option for removable storage

When you select the Quick Removal option, Windows 7 manages commands sent to the device using write-through caching. In write-through caching, the device operates on write commands as if there were no cache. The cache may still provide a small performance benefit, but the emphasis is on treating the data as safely as possible. The main benefit is that you can remove the storage device from the system quickly without risking data loss. For example, if a flash drive were to be accidentally pulled out of its port, the data being written to it is much less likely to be lost if the Quick Removal option is specified. You should select the Better Performance option for devices that you intend to remove from the system infrequently. If you choose this option and the device is disconnected from

Lesson 2: Configuring Performance Settings

CHAPTER 13

711

the system before all the data is written to it (for example, if you remove a USB flash drive), you could lose data. If you select Enable Write Caching On This Device (the default) on a hard disk, this improves system performance but a power outage or system failure might result in data loss. By default, Windows 7 employs cache flushing and periodically instructs the storage device to transfer all data waiting in the cache to the storage media. If you select Turn Off Windows Write Cache Flushing On The Device, these periodic data transfer commands are inhibited. Not all hard disk devices support this feature. Figure 13-45 shows the Policies tab for a hard disk.

Figure 13-45 The Policies tab for a hard disk

If high data transfer performance is your main objective, you should select the Better Performance option for removable storage and select Enable Write Caching On The Device for hard disks. These are the defaults if the system hardware and storage device support these features. However, if your system or power source has known issues with sustaining power, you should not use these settings. In general, it is best to use the Safe Removal applet before you remove any external storage device from your system.

Troubleshooting Performance Problems with Event Viewer As an IT professional, you sometimes are required to to view details of software and hardware problems affecting Windows performance to troubleshoot these problems. You can view event logs in Event Viewer, as described in Lesson 1 of this chapter, and filter by event type. The events you are looking for are mostly found in the Operational container under Diagnostic-Performance, which you access by expanding Microsoft and then Windows in the Event Viewer tree pane. 712 CHAPTER 13

Monitoring and Performance

However, there is a more straightforward method of accessing this information. Click the Performance Information And Tools item of Control Panel. Click Advanced Tools in this dialog box, and then click View Performance Details In Event Log. This opens Event Viewer and displays the events in the Operational container, as shown in Figure 13-46. Examining a critical error shows that, for example, the Canberra computer had a problem during the boot process.

Figure 13-46 Viewing performance diagnostic events in the Operational container

Note Device drivers

If a device is not working properly, then this has an effect on performance that is often catastrophic. You need to ensure that (in general) the latest device drivers are installed for all your devices. The exception is when a new device driver does not work as well as its predecessor, in which case you need to roll back to the old device driver. Chapter 4, “Managing Devices and Disks,” discusses this topic in detail.

Note Power plans

Power plans and configuring power settings are mentioned in the examination objectives covered in this chapter. However, Chapter 11, “BitLocker and Mobility Options,” discusses these topics in depth, and there is no point duplicating that material here.

Lesson 2: Configuring Performance Settings

CHAPTER 13

713

Using Task Manager to Configure Processes Lesson 1 described how you use Task Manager to close failed applications and manage services. You can also use the tool to configure the processes that implement services. If a process is particularly significant and should be allocated more resources, you can set a higher priority for that process. If a process is using too many resources, or if the speed at which a process works is unimportant, you can assign it a lower priority and hence free resources for other processes. If your computer has more than one processor, you can configure the affinity of your processes to use a particular processor. By default, processes that install on a multiprocessor computer are set to use whatever processor is available. If an additional processor is added retrospectively to a computer, however, processes might require configuration so they can use that processor. For example, if Task Manager or Performance Monitor counters show that one processor on a dual-processor computer is heavily used and the other is not, you should change the affinity so resource-intensive processes use both processors. You also have the option of changing the affinity of some processes so that they use only the second processor. To determine what process or processes are used by a service, right-click the service in the Services tab of Task Manager and click Go To Process. This selects the Processes tab and highlights the relevant process. To change the priority of a process, right-click the process and click Set Priority. As shown in Figure 13-47, you can choose one of six priority levels. Do not select Realtime, though—this could seriously affect the operation of other processes on your computer.

Figure 13-47 Setting process priority in Task Manager

To determine the affinity of a process and change it if necessary, right-click the process and click Set Affinity. You cannot change the affinity of certain system processes, and you

714 CHAPTER 13

Monitoring and Performance

cannot change affinity if the computer has only one processor. Otherwise, the Processor Affinity dialog box appears, as shown in Figure 13-48, and you can configure process affinity.

Figure 13-48 The Processor Affinity dialog box

Configuring Networking Performance Networking performance on an enterprise network depends upon a large number of factors, such as the type of Ethernet or wireless connections used, the speed of switches and routers, the number of devices on a network, and so on. However, in a small network, users tend to define networking performance by the speed of connection to other computers on the network (if they are transferring files) and the performance of their Internet connections. Configuring Internet Options can have a significant effect on networking performance and on computer performance in general. As an IT professional, you are aware that temporary Internet files can take up a considerable amount of disk space and should be deleted on a regular basis. You know that users with excessively large mailboxes can experience lengthy logon times, especially when they are downloading their profiles from a central server in the enterprise environment. These however, are matters that involve user training rather than configuration. The Internet Options dialog box offers configuration options that can affect networking performance. You can access this dialog box from Network And Internet on Control Panel or from your browser. On the General tab, you can delete temporary Internet files and other downloaded information such as Web form information. However, in the context of networking performance settings, the most significant tab in the dialog box is the Advanced tab, shown in Figure 13-49.

Lesson 2: Configuring Performance Settings

CHAPTER 13

715

Figure 13-49 The Internet Options Advanced tab

The Advanced tab enables you to configure Accessibility, Browsing, International, Multimedia, Printing, and Security settings. Some of these have little or no impact on performance, whereas others can affect performance considerably. Typically, for example, Accessibility features would not be considered a performance issue, but if large font or caret browsing is set for a user that does not need them, then the perceived performance for that user is reduced. The Browsing settings can impinge on performance. For example, if you do not disable script debugging and display notifications about script errors, the user’s browsing experience slows down. These settings are useful if you are debugging a new Web site that runs scripts but are inappropriate for the standard user. Even the simplest setting, such as choosing to always underline links, can slow browsing on a slow or heavily used site. If you are accessing sites that provide multimedia files for either streaming or downloading you can choose (for example) whether to play sounds and animations, automatically resize images, or use smart image dithering. In general effects that enhance the user’s multimedia experience often also slow down site access and browsing. The more secure a site is, the slower it tends to be because of additional security checks. Typically, this is something you and your users need to accept. You should not reduce security merely to shorten access times. Nevertheless, it is probably not necessary to warn users whenever they browse from an HTTPS secure site to an insecure HTTP site.

716 CHAPTER 13

Monitoring and Performance

Windows Performance Analysis Tools The Windows Performance Toolkit (WPT) contains performance analysis tools that are new to the Windows SDK for Windows 7, Windows Server 2008, and Microsoft .NET Framework 3.5. WPT can be used by a range of IT Professionals including system administrators, network administrators, and application developers. The tools are designed for measuring and analyzing system and application performance on Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7. Windows performance analysis tools analyze a wide range of performance problems including application start times, boot issues, deferred procedure calls (DPCs), interrupt service requests (ISRs), system responsiveness issues, application resource usage, and interrupt storms. These tools ship with the Microsoft Windows SDK for Windows Server 2008 and .NET Framework 3.5, which you can download at http://www.microsoft.com/downloads/details .aspx?FamilyId=F26B1AA4-741A-433A-9BE5-FA919850BDBF&displaylang=en (although it is probably easier to go to the Microsoft Download Center at http://www.microsoft.com/ downloads and search for it). This SDK provides documentation, samples, header files, libraries, and tools to develop applications for Windows XP; Windows Server 2003; Windows Vista; Windows Server 2008; Windows Server 2008 R2; Windows 7; and .NET Framework versions 2.0, 3.0, and 3.5. You download and install the SDK in the practice later in this lesson. The WPT is released as an MSI installer (one per architecture) and contains the Performance Analyzer tool suite, consisting of the following tools: n

The Trace Capture, Processing, and Command-Line Analysis tool (Xperf.exe) This tool captures traces, processes them for use on a computer, and supports command-line (action-based) trace analysis.

n

The Visual Trace Analysis tool (Xperfview.exe) This tool presents trace content in the form of interactive graphs and summary tables.

n

The On/Off Transition Trace Capture tool (Xbootmgr.exe) This tool automates on/off state transitions and captures traces during these transitions.

The Trace Capture, Processing, and Command-Line Analysis Tool Xperf.exe is a command-line tool that provides the following features:

n

Event Tracing for Windows (ETW) trace control

n

ETW trace merging and enhancements by including other events

n

Executable image and symbol identification

n

Trace dump capabilities

n

Support for post-processing

Lesson 2: Configuring Performance Settings

CHAPTER 13

717

This tool manages the end-to-end operations that are needed to generate a trace file for analysis. You use Xperf.exe in the practice later in this lesson. Xperf.exe enables events in the operating system by using groups and flags. These flags enable and disable events from providers in various parts of the operating system. For example, flags can direct the kernel, services, and applications to one or more trace files by using log sessions with custom configurations. You can then merge all traces into a single aggregate trace file that is referred to as a merged trace file. When Xperf generates this file, it collects additional information from the operating system and adds it to the aggregate trace. You can process the merged trace file on any supported operating system without reference to the system that generated the trace. You can then use Performance Analyzer (Xperfview.exe) to analyze the merged file, you can post-process the merged file into a text file, or you can use actions to do other types of processing. Actions produce summarized outputs that are specific to an area of interest, such as boot, shutdown, suspend, and resume operations, or to a type of system event, such as sampled profile, context switches, DPCs and ISRs, disk I/O, registry accesses, file accesses, or system configuration.

The Visual Trace Analysis Tool The Visual Trace Analysis tool, or Performance Analyzer, is used to view the information from a single trace file generated by Xperf.exe. You can use the following command to start Performance Analyzer: xperf file.etl

Xperf.exe forwards the file name to Performance Analyzer, which then opens and displays the data in the file. You can also run Performance Analyzer directly by entering xperfview in the Search box on the Start menu, the Run command box, or the command prompt. A Performance Analyzer trace is displayed in the practice later in this lesson.

The On/Off Transition Trace Capture Tool Xbootmgr.exe collects information during the on/off transition phases of Windows 7. You can capture data during any of the following phases: n

Boot

n

Shutdown

n

Sleep and resume

n

Hibernate and resume

After issuing a trace command, the test computer resets within 5 seconds. The On/Off Transition Trace Capture tool can automate a reboot cycle during which the computer running Windows 7 is shut down and rebooted multiple times. You can analyze the captured data by using the Xperf.exe and Xperfview.exe tools.

718 CHAPTER 13

Monitoring and Performance

Pr actice

ownloading and Using the Windows Performance D Analysis Tools

In this practice, you download and install the Microsoft Windows SDK for Windows Server 2008 and .NET Framework 3.5, then install the WPT and use the Xperf.exe tool to generate a trace. E xercise 1 Downloading and Installing the SDK

In this exercise, you download and install the SDK. The exercise gives a direct link to the SDK download file, but you might find it easier to browse to this link. Perform the following steps: 1. Log on to the Canberra computer with the Kim_Akers account. 2. Insert a blank recordable DVD-ROM into your optical drive. Close the Autoplay box. 3. Open your browser and access http://www.microsoft.com/downloads/details

.aspx?FamilyId=F26B1AA4-741A-433A-9BE5-FA919850BDBF&displaylang=en. 4. Click Download. 5. In the File Download box, click Open. The download takes some time. 6. If prompted, click Allow to close the Internet Explorer Security dialog box. 7. In the Windows Disc Image Burner, select Verify The Disc After Burning, and then

click Burn. 8. When you have burned and verified the DVD-ROM, it ejects automatically. Close the

Windows Disc Image Burner. Insert the DVD-ROM into the optical drive. 9. In the Autoplay box, click Run Setup.exe. 10. If prompted, click Yes to clear the User Account Control (UAC) dialog box. 11. The Windows SDK Setup Wizard opens. Click Next. 12. Read the License terms, select I Agree, and then click Next. 13. Click Next to accept the Folder defaults. 14. Click Next to accept the Installation Options defaults. 15. Click Next to start the Installation. 16. Click Finish when installation completes. Read the SDK release notes. E xercise 2 Installing the Windows Performance Toolkit

In this exercise, you install the 32-bit version of the Windows Performance Toolkit. If your computer is running a 64-bit operating system, choose Xperf_64.msi instead of Xperf_86.msi. You need to have installed the SDK in Exercise 1 before you attempt this exercise. 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. Open My Computer and navigate to C:\Program Files\Microsoft SDKs\Windows\

v6.1\Bin.

Lesson 2: Configuring Performance Settings

CHAPTER 13

719

3. Double-click the Xperf_86.msi file. The Microsoft Windows Performance Toolkit Setup

Wizard starts. Click Next. 4. Accept the License Agreement. Click Next. 5. Click Typical and then click Install. 6. If prompted, click Yes to clear the UAC dialog box. 7. Click Finish when setup completes. E xercise 3 Using Xperf.exe to Generate Traces

In this exercise, you use the Trace Capture, Processing, and Command-Line Analysis Tool (Xperf.exe) to generate a kernel trace and a user trace. You combine the traces and process the results into a text file. You need to have completed Exercises 1 and 2 before you attempt this exercise. 1. If necessary, log on to the Canberra computer with the Kim_Akers account. 2. Open an elevated command prompt. 3. Start the kernel trace. The kernel session does not need a specified name because its name

is unique. The groups Base and Network are enabled on the kernel provider. The trace is collected in a file called Kernel.etl. To accomplish this, enter the following command: xperf -on Base+Network -f kernel.etl

4. Start a user trace named UserTrace and enable the provider’s Microsoft-Windows-Fire-

wall to it. This trace is collected in a file called User.etl. To accomplish this task, enter the following command: xperf -start UserTrace -on Microsoft-Windows-Firewall -f user.etl

5. Stop the UserTrace session so the user-mode provider no longer produces events to

this session. To accomplish this, enter the following command: xperf -stop UserTrace

6. Stop the kernel session. To accomplish this, enter the following command: xperf -stop

7. Merge the user and kernel traces into a single trace called Single.etl. To accomplish

this, enter the following command: xperf -merge user.etl kernel.etl single.etl

8. Process the binary trace file Single.etl into a text file called C:\Mytrace.txt. To

accomplish this, enter the following command: xperf -i single.etl -o c:\mytrace.txt -a dumper

Figure 13-50 shows the Xperf commands used in this procedure. Note that there was a problem loading a DLL associated with the On/Off Transition Trace Capture Tool, but this tool was not used so the procedure completed satisfactorily. Figure 13-51 shows a portion of 720 CHAPTER 13

Monitoring and Performance

the text file that was created. Figure 13-52 shows the combined trace (Single.eti) displayed in the Performance Analyzer.

Figure 13-50 Xperf commands used to capture and merge traces

Figure 13-51 Trace information captured in a text file

Lesson Summary

n

You can write WMI scripts to customize the system information you retrieve from a computer and generate your own performance-measuring tools.

n

The System Configuration Tool modifies which programs run at startup, edits configuration files, and enables you to control Windows services and access Windows Performance and Troubleshooting tools. The Services console lets you manage and configure services and gives you more options than either the Services tab of Task Manager or the Services tab of the System Configuration tool. Lesson 2: Configuring Performance Settings

CHAPTER 13

721

Figure 13-52 Captured trace displayed in Performance Analyzer n

The Performance Options tool lets you configure visual effects and specify whether the system is adjusted for best performance of applications or background services. It lets you configure page file (virtual memory) settings and DEP.

n

The Windows Performance Analysis tools, downloaded as part of the Windows Server 2008 SDK, analyze a wide range of performance problems including application start times, boot issues, DPCs, ISRs, system responsiveness issues, application resource usage, and interrupt storms.

Lesson Review You can use the following questions to test your knowledge of the information in Lesson 2, “Configuring Performance Settings.” The questions are also available on the companion DVD if you prefer to review them in electronic form. Note Answers

Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book.

722 CHAPTER 13

Monitoring and Performance

1. What WMI tool do you use to view Windows Management–generated events and event

information, such as the event’s date and time, class, point of origin, and description?

A. WMI CIM Studio

B. WMI Object Browser

C. WMI Event Registration Tool

D. WMI Event Viewer

2. Which Windows Performance Analysis tool captures user and kernel traces and can

merge them to form a combined trace?

A. Performance Analyzer

B. On/Off Transition Trace Capture

C. Trace Capture, Processing, and Command-Line Analysis

D. Visual Trace Analysis

3. Which tool provided by Windows 7 helps you determine which applications are responsible

for activity on your hard disk, including which files and folders are being accessed?

A. Process Explorer

B. Resource Monitor

C. Task Manager

D. Windows Experience Index

4. A number of processor-intensive applications have been performing slowly on your

computer. As a result, you add a second processor. This does not solve your problem, however, and you examine processor usage with Task Manager and Performance Monitor. You deduce that several key processes are using only the original processor. How do you ensure that these processes use whatever processor is available?

A. Configure Process Affinity on the Processes tab of Task Manager.

B. Configure Process Priority on the Processes tab of Task Manager.

C. Select Adjust For Best Performance Of Programs on the Advanced tab of the

Performance Options tool.

D. Reconfigure Virtual Memory settings on the Advanced tab of the Performance

Options tool. 5. Your computer is configured to dual-boot between Windows Vista Professional

and Windows 7 Enterprise. Currently, it boots into Windows Vista by default. You want to specify Windows 7 as the startup default operating system and configure how W indows 7 reacts in the event of a system failure. You boot the computer into Windows 7. What tool do you use to accomplish your goal?

A. The Services console

B. Performance Options

C. Task Manager

D. System Configuration Lesson 2: Configuring Performance Settings

CHAPTER 13

723

Chapter Review To further practice and reinforce the skills you learned in this chapter, you can perform the following tasks: n

Review the chapter summary.

n

Review the list of key terms introduced in this chapter.

n

Complete the case scenarios. These scenarios set up real-world situations involving the topics of this chapter and ask you to create a solution.

n

Complete the suggested practices.

n

Take a practice test.

Chapter Summary n

Windows 7 tools such as Performance Monitor, Reliability Monitor, the Action Center, and the Windows Reliability Index let you gauge whether your computer is performing as it should, whether it needs more resources to do what you want it to do, and where performance bottlenecks are occurring.

n

Tools such as Task Manager give you a snapshot of how your computer is currently performing, whereas event logs can store historical events in addition to warning you when problems occur, and DCSs can hold both current and historical counter values so you can compare a computer’s performance with how it was performing at a specified past time.

n

Tools specific to measuring and troubleshooting computer performance include WMI scripts, the System Configuration tool, the Services console, the Performance Options tool, and the Windows Performance Analysis tools.

Key Terms Do you know what these key terms mean? You can check your answers by looking up the terms in the glossary at the end of the book. n

Data Collector Set (DCS)

n

event forwarding

n

event log

n

event subscription

n

performance counter

724 CHAPTER 13

Monitoring and Performance

Case Scenarios In the following case scenarios, you will apply what you’ve learned about network settings. You can find answers to these questions in the “Answers” section at the end of this book.

Case Scenario 1: Using Data Collector Sets and Event Forwarding James Seymour is an IT professional administering the production network at Tailspin Toys. Recently, users have been experiencing intermittent performance problems when accessing a file server running Windows Server 2008 R2 from their computers running Windows 7. James checks resource usage on the file server by using Task Manager but sees no indication of excessive processor, memory, disk, or network resource usage. He needs to monitor these resources over a period of time rather than look at a real-time snapshot, and to monitor resources both when the performance problems are occurring and when they are not. From his computer running Windows 7, James opens Performance Monitor and connects to the file server. With these facts in mind, answer the following questions: 1. How does James generate performance logs that help him analyze disk, network,

processor, and memory resource usage on the server, both when problems are occurring and when performance is normal? 2. James knows roughly when problems started to occur. How can he check what

applications were installed or upgraded at that time? 3. Recently, a number of your users have had problems downloading files and e-mail

because the space on their local disks had reached a critical limit. James needs to create a proactive method of identifying low disk space problems on computers running Windows 7 on the Tailspin Toys network so he can ask his desktop support technicians to free disk space on client computers before critical limits are reached. How does he monitor client computers for low disk space events?

Case Scenario 2: Troubleshooting Performance Issues on a Client Computer James is troubleshooting performance issues on a client running Windows 7 at Wingtip Toys. This is normally a desktop support job, but the computer belongs to the CEO, so James needs to do the job himself and come up with some quick solutions. With these facts in mind, answer the following questions: 1. James runs Task Manager and finds that one of the two processors on the computer is

heavily used whereas the second is hardly used at all. He checks the records and finds that one of his team had installed the second processor retrospectively because the

Case Scenarios

CHAPTER 13

725

CEO had heard that another processor would improve performance on her computer. How does James ensure the processor resource is properly used? 2. James needs to quickly scan events in the event logs that are specifically related to

performance. He knows he can create filters and custom views, but this would take time, and he needs answers now. How does James quickly access the appropriate events? 3. The CEO has a habit of pulling her USB flash memory device out of her computer

without using the Safe Removal applet, especially when she is in a hurry. She has previously lost data on the USB device, but when a CEO loses data, it is (of course) the fault of technical support, not the CEO. How should James minimize the risk of data loss on the USB device?

Suggested Practices To help you master the exam objectives presented in this chapter, complete the following tasks.

Use the Performance Monitoring Tools n

Practice 1 Look at the standard DCSs available and experiment with creating your own. DCSs provide a powerful method of managing current and historical performance on your computer, and the only way to become comfortable with them is to use them.

n

Practice 2 It is part of any IT professional’s job not only to carry out the tasks

required to keep computer and network equipment performing efficiently, but also to report on these tasks to colleagues and to management. You will be judged on the clarity and relevance of your reports, and they will be a factor in your budget allocation. Learn to generate good reports.

Manage Event Logging n

This topic often seems complex at first, but it becomes clearer when you have practiced configuring subscriptions and forwarding events. You can do this initially with only two computers on your test network. Become proficient before you need to do it on a production network.

Write WMI Scripts n

Sample WMI scripts can be found on the Internet and in textbooks in your organization’s library. The easiest way to learn scripting (or any other type of programming) is to understand and adapt other people’s scripts before you try to write your own from scratch.

726 CHAPTER 13

Monitoring and Performance

Take a Practice Test The practice tests on this book’s companion DVD offer many options. For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-680 certification exam content. You can set up the test so that it closely simulates the experience of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question. More Info Practice tests

For details about all the practice test options available, see the section entitled “How to Use the Practice Tests,” in the Introduction to this book.

Take a Practice Test

CHAPTER 13

727

Index

Symbols and Numbers .bat files, 279 .cmd files, 279 .com files, 274, 278 .js files, 279 .ocx files, 279–80 .ps1 files, 279 .swm files, 95 .vbs files, 274, 279 .xml migration files, 40 .zip files, 735, 738–39 16-bit components, installation, 263 32-bit platforms images, cross-architecture tools, 71 servicing images, 75 64-bit platforms images, cross-architecture tools, 71 servicing images, 75 6to4, 335, 337, 516, 519 6to4 Relay Name, 518

A Accelerators, 631 access control lists (ACL), 39 Account Is Locked Out, 501 Account Lockout Duration, 499 account lockout policies, 499–501 Account Lockout Threshold, 500 ACL (access control lists), 39 ACT (Application Compatibility Toolkit), 260–64 Action Center, 609–10, 661–64 Action package, 139 activation, resetting, 82

Active Directory Certificate Services, 454, 520, 533. See also certificates Active Directory Domain Services (AD DS), 385, 454, 559 Active Directory Security Group Discovery, 176 Active Directory System Discovery, 176 Active Directory System Group Discovery, 176 Active Directory User Discovery, 176 Active Directory Users and Computers, 103–04 ActiveX, 625 AD DS (Active Directory Domain Services), 385, 454, 559 AD DS servers, 103 ad hoc networks, 350, 360, 371–73 Add Application Wizard, 127 Add Features Wizard, DirectAccess, 522 Add Features Wizard, Windows Server 2008, 468 Add Hardware Wizard, 206 Add Printer Wizard, 369 Add-Drivers, 124 Additional Data, 734 addresses IPv4, configuring addressing, 301–07 connecting to network, 307–11 overview, 300–01 practice, configuring, 321–24 troubleshooting, 311–21 IPv6, configuring address structure, 328–32 advantages of IPv6, 333–34 connectivity, 338–43 IPv4 compatibility, 334–37 practice, configuring IPv6 connectivity, 343–45

network connections, Windows Firewall, 385 Admin Approval mode, 480, 482–83 Admin Approval Mode for Built-In Administrator Account, 482–83 administrative rights and privileges backup, 737 case scenario, UAC and passwords, 511 compatibility modes, 260, 265 User Account Control (UAC) overview, 479–80 policies, 482–87 practice, configuring, 488–90 Secpol and Local Security Policy, 487–88 settings, 480–82 verification of, 205 Windows Installer rules, 278 administrator passwords, wireless networks, 367 Administrators group, 496 Advanced Boot Options, 750–53 Advanced Encryption Standard (AES), 358–60 Advanced Recovery Methods, 748–49 Advanced Sharing dialog box, 428 Advanced Sharing Settings, 312, 350, 423, 434 AES (Advanced Encryption Standard), 358–60 aggregation, route, 333 alerts, performance counters, 652 Allow Access To BitLocker-Protected Removable Data Drives, 565 Allow Log On Through Remote Desktop Services, 496 Allow UIAccess Applications To Prompt For Elevation Without Using Secure Desktop, 486–87 Analyze Disk, 230

answer file answer file booting to audit file, 83 building, 59–64 creating, 139–40 package installation, 131 reference installation, building, 65–66 settings, saving, 64–65 Sysprep, 80–81 Unattended.xml, 127, 137–40 anti-spyware, 661–64 antivirus, 661–64 anycast, 329, 332 API (application programming interface), compatibility, 262 APIPA (Automatic Private Internet Protocol), 300, 305, 307 AppData, 734 Application Compatibility Diagnostics policies, 264–65 Application Compatibility Toolkit (ACT), 260–64 application control policies. See AppLocker Application Identity Service, 277 application programming interface (API), compatibility, 262 application settings, 40 applications event logs, 674 performance, 717 RemoteApp, 539–40 system restore, 747 applications, managing. See also AppLocker adding, MDT, 164–66 Application Compatibility Diagnostics policies, 264–65 Application Compatibility Toolkit (ACT), 260–64 case scenarios, 294–95 compatibility, configuring options, 257–60 inventories, 175–76 overview, 255 practice, compatibility, 267–69 practice, restricting applications, 286–89 servicing, 125–27 Software Restriction Policies, 271–76 WIM images, 120 Windows XP Mode, 265–66 AppLocker application control policies, overview, 276–77

848

auditing, 285–86 configuring exceptions, 283 practice, restricting applications, 286–89 rules, 277–83 Software Restriction Policies, 271–76 architecture, cross-architecture tools, 71 auditing AppLocker, 285–86 audit mode, booting to, 83 auditSystem, configuration pass, 80 auditUser, configuration pass, 80–81 remote connections, 544 Security event log, 673–80 shared resources, 449–51 authentication account policies, 499–500 BitLocker requirements, 561 case scenario, UAC and passwords, 511 certificates, managing, 502–04 Credential Manager, 493–95 DirectAccess, 516, 520–21 event forwarding, 676 HomeGroup Connections, 425 internal wireless adapters, 357–60 Network Security Key, 355 port-based, 358–60 practice, managing credentials, 504–07 Remote Desktop, 539 remote management, 409–10 removable data drives, 564 resolving issues, 500–01 Runas, 495–96 smart cards, 497–99 User Account Control (UAC) overview, 479–80 policies, 482–87 practice, configuring, 488–90 Secpol and Local Security Policy, 487–88 settings, 480–82 user rights, 496–97 virtual private networks (VPNs), 531–33 Windows Firewall with Advanced Security (WFAS), 393–94 wireless networks, 367 Authentication exemption rules, 393

authorization account policies, 499–500 case scenario, UAC and passwords, 511 certificates, managing, 502–04 Credential Manager, 493–95 practice, managing credentials, 504–07 resolving authentication issues, 500–01 Runas, 495–96 smart cards, 497–99 user rights, 496–97 Auto-Add policy, 99, 103–04 auto-connect, wireless networks, 368 Automated.xml, 138 automatic backups, 736–39 Automatic Private Internet Protocol (APIPA), 300, 305, 307 Automatic Updates, 613 Automatically Fix File System Errors, 233 Automatically Generate Rules wizard, 283 Autounattend.xml, 71 availability, 243–45

B Background Intelligent Transfer Service (BITS), 150 background services, 710 backup. See also Backup and Restore console; recovery, data case scenarios, 779–80 Credential Manager, 493–95 practice, configuring file and folder backup, 741–43 scheduling, 731–39 System Image backups, 739–41 thick images, 150 Backup and Restore console Restore My files, 763 scheduling backups, 731–39 System Image backups, 739–41 Volume Shadow Copy Service (VSS), 766 Backup Operators group, 497 Backup Set folder, 738 BackupGlobalCatalog, 740 backward compatibility, 117, 497 bandwidth, USB host controller, 203

Change Adapter Settings

basic disks, 241–42, 248 basic partitions, 235 battery power, 582–89 BCD (Boot Configuration Data), 754–55 BCDBoot, 71, 173 BCDEdit, 93–94, 148, 173, 754–55 Behavior of the Elevation Prompt for Administrators in Admin Approval Mode, 483 Behavior of the Elevation Prompt for Standard Users, 485 binary notation, 302 Biometric authentication, 498 BIOS, Windows XP Mode, 265–66 BitLocker BitLocker To Go, 564–67 data recovery agents (DRA), 559–61 enabling, 561–63 Encrypting File System (EFS) and, 451–52 modes, 556–57 offline migrations, 42–43 overview, 555–56 practice, BitLocker To Go, 568–71 TPM chip, 557 BITS (Background Intelligent Transfer Service), 150 Block rules, 277–78 Blog accelerator, 631 Bluetooth, 356 Boot Configuration Data (BCD), 148, 754–55 boot images WDS, 74, 100–01, 170 Windows PE, 116 bootable media. See also booting discover images, 171–72 dual-boot installations, 14–19 LTI bootable media, configuring, 168–69 operating system packages, servicing, 127–30 practice, creating Windows PE boot DVD, 84–86 task sequence, deploy to VHD, 159–61 VHD, 90, 93 WIM2VHD, 94–96 Windows boot options, 754–55 Windows PE, 66–68 booting. See also bootable media audit mode or Windows Welcome, 83 boot environment, 556, 566–67

boot options, 754–55 boot time filtering, 384 Bootmgr.exe, 754–55 performance, 717 System Configuration (MSConfig), 705–07 target computers, manually, 173–74 Xbootmgr.exe, 718 BranchCache configuring clients, 463–67 Distributed Cache Mode, 463 Hosted Cache mode, 462 overview, 461–62 practice, BranchCache configuration, 470–71 vs transparent caching, 577 Windows Server 2008, 468–70 broadcast address, 303 broadcast traffic, 333 Browsing settings, 716 bus-powered hubs, 202

C cabinet (.cab) files, 127–28 caching BranchCache configuring clients, 463–67 Distributed Cache mode, 463 Hosted Cache mode, 462 overview, 461–62 practice, BranchCache configuration, 470–71 Windows Server 2008, 468–70 negative, 314–15 neighbor cache, 341 offline files, 574–82 Offline Settings, 430 shared folder options, 431 transparent caching, 577 write caching, configuring, 711–12 capture images, WDS, 74, 100, 172 case scenarios application compatibility, 294 applications, restricting, 294–95 backup and restore, 779 deploying an image, 191–92 driver signing policy, 252 installing Windows 7, 49 Internet Explorer, 644–45 IPv4 connectivity, 377 IPv6 connectivity, 377 managing disk volumes, 252

offline files, 596–97 passwords, problem resolution, 511 performance monitoring, 725–26 remote access, 550–51 remote management, 419 shared resources, 474 system and configuration issues, 779–80 system image, generating, 111 User Account Control (UAC), 511 VHDs, working with, 111 Windows Firewall, 419 wireless networks, 377–78 Catalogs folder, 739–40 CD-ROM backups, 736 bootable Windows PE, 66–68 Removable Disk policies, 234–35 cell phones, 233–35, 540 cellular modems, 360 certificate authority (CA) device drivers, 215–19 DirectAccess, 520 SSL certificates, configuring, 633 User Account Control (UAC), 485–87 Windows Firewall with Advanced Security (WFAS), 393 wireless adapter security, 359–60 certificates certificate of authenticity (COA), 82 certificate rules, 272, 276 certificate store, device drivers, 215–19 Credential Manager, 493 data recovery agents (DRAs), 559 DirectAccess, 520–21 EFS and HomeGroups, 454 Encrypting File System (EFS), 452 errors, 635 Group Policy, 521 Internet Explorer, revocation checks, 626 managing, 502–04 Recovery Agents, 453 smart cards, 497–99 SSL certificates, configuring, 633–36 VPN authentication protocols, 533 Certificates Console (Certmgr.msc), 502–04 Challenge Authentication Protocol (CHAP), 533 Change Adapter Settings, 316

849

Change Advanced Sharing Settings Change Advanced Sharing Settings, 350 CHAP (Challenge Authentication Protocol), 533 Check For Updates, 601–02 Choose How BitLocker-Protected Removable Drives Can Be Recovered, 566 CIDR notation, 303 CIM (Common Information Model) classes, 696 CIM (Common Information Model) repository, 694–96 CIMOM (Common Information Model Object Manager), 694–95 Cipher.exe, 453, 502–04 Class Explorer, 699 class store, 695–96 Class Viewer, 699 client computers. See also system images, configuring backups, VHDs, 89 discovery, 176 images, distributing, 72–75 installing, small numbers, 66 IP configurations, 308 IP settings, 314 network share, deploying, 69–71 operating system packages, servicing, 127–30 pre-staging, 103–04 remote management case scenarios, 419 practice, remote management options, 411–15 Remote Assistance, 405–08 Remote Desktop, 402–04 Windows Remote Management, 408–10 Client for Microsoft Networks, 362 client-side rendering (CSR), 369 COA (certificate of authenticity), 82 colors, 259, 369 COM objects, policies, 265 Command Prompt, 752 command-line tools BCDEdit, 93–94, 148, 173, 754–55 BitLocker, Manage-bde.exe, 567 Cipher.exe, 453, 502–04 Defrag, 231–32 Deployment Image Servicing and Management Tool (DISM), 56–58, 75–77, 116–23, 125, 128, 137–40

850

Diskpart, VHDs, create and attach, 91 Driver Verifier Monitor, 214–15 Icacls, 446–47 Ipconfig, 301 IPv6 connectivity, 338–43 More Info, 671 Net Share, 431 Netsh, 310–11, 352–56, 463–67, 608 Netstat, 319–21 PEimg.exe (Windows PE), 116 Ping, 312–15 power configuration, 587–89 Robocopy.exe, 449 Runas, 495–96 Secedit.exe, 487–88 Sysprep, 77–84 Unattend.xml answer files, 137–40 USMT (User State Migration Tool), 39–42 Wbadmin, 739 WDSUTIL, 99 WIM2VHD, 94–96 WinRS (Windows Remote Shell), 409–10 common criteria mode, 497 Common Information Model (CIM) repository, 694–96 Common Information Model Object Manager (CIMOM), 694–95 Compatibility Administrator, 261–62 compatibility fix, defined, 262 compatibility modes, defined, 262 compatibility, applications Application Compatibility Diagnostics policies, 264–65 Application Compatibility Toolkit (ACT), 260–64 backwards compatibility, 117, 497 case scenarios, 294–95 configuring, 257–60 practice, Windows 7 compatibility, 267–69 Windows XP modes, 265–66 complete PC backup, 740 complete recovery, 749–50 compressed (.zip) files, 735, 738–39 compressed folders, 452 compressed migration stores, 42 compression, backup, 730 computer health check, 656–58 Cone NATs, 337. See also NAT (Network Address Translation) Config.xml, 40

Configuration Manager 2007, 163, 176–77, 179 configuration passes, Windows Setup, 79–80 Configure Schedule, 230 Configure Use of Passwords For Removable Data Drives, 565 Configure Use Of Smart Cards On Removable Data Drives, 564 configuring. See also configuring, system images application compatibility, 257–60 BranchCache, configuring clients, 463–67 default operating systems, dual-boot, 17–19 deployment points, 166–68 device installation policies, 207–08 DirectAccess, client configuration, 517–21 event subscriptions, 677–79 firewall exceptions, 387–88 HomeGroup settings, 435–38 Hosted Cache servers, 462 international settings, 131–33 Internet Explorer add-ons and search providers, 630–32 case scenario, 644–45 Compatibility View, 622–23 InPrivate Mode, 627–30 pop-up blocker, 632–33 practice, InPrivate Mode and add-ons, 636–40 security settings, 623–26 SmartScreen filter, 626–27 SSL certificates, configuring, 633–36 IPv4 addressing, 301–07 connecting to network, 307–11 overview, 300–01 practice, configuring network connectivity, 321–24 troubleshooting connectivity, 311–21 IPv6 address structure, 328–32 advantages of IPv6, 333–34 connectivity, 338–43 IPv4 compatibility, 334–37 practice, configuring IPv6 connectivity, 343–45 LTI bootable media, 168–69 networking performance, 715–16 performance settings

creating CIM Classes, 696 CIM Repository, 695–96 Performance Options, 709–11 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95 WMI scripting library, 696–97 WMI Service, 695 WMI, CIMOM, 695 WMI, overview, 689–94 permissions, Icacls, 446–47 practice BitLocker To Go, 568–71 BranchCache, 470–71 downloading, installing and configuring MDT 2010, 181–87 remote connections, 545–47 User Account Control (UAC), 488–90 Windows Firewall, 395–98 Windows Update, 617–19 processing, Task Manager, 714–15 Remote Desktop, 403–04 shared folders, 580–81 SSL certificates, 633–36 system protection, 756–60 system protection and disk usage, configuring, 769–71 WDS, 169 Windows PE options, 168 Windows Update, 601–08 write caching, 711–12 configuring, system images case scenario, generating system images, 111 Deployment Image Servicing and Management Tool (DISM), 75–77 distributing, 72–75 Offline Virtual Machine Servicing Tool, 96–98 overview, 53 practice, creating bootable VHD, 105–08 practice, creating WIM image, 84–86 pre-staging client computers, 103–04 reference image, creating, 58–72 Sysprep, 77–84 VHDs, native, 89–94 WDS images, 74–75 WDS, online VHD deployment, 98–104

Windows Automated Installation Kit (Windows AIK), 56–58 Windows Image to Virtual Hard Disk Tool (WIM2VHD), 94–96 Windows Preinstallation Environment (WinPE), 58 conflicts device drivers, 209–14 offline files, 575, 578–80 Connect To A More Preferred Network, 364 Connect to Network Folder, task sequence, 178 connections. See also remote management; Windows Firewall DirectAccess client configuration, 517–21 overview, 515–17 practice, configuring with Netsh, 526–27 server, configuring, 521–26 troubleshooting, 519–21 remote auditing, 544 case scenarios, 550–51 dialup connections, 540 incoming connections, accepting, 541–43 NAP remediation, 536–37 practice, configuring remote connections, 545–47 Remote Desktop, 537–40 virtual private networks (VPNs), 530–32 VPN Reconnect, 535–36 statistics about, 319–21 Windows Firewall with Advanced Security (WFAS), 393–94 connectivity ad hoc networks, 360 case scenario IPv4 connectivity, 377 IPv6 connectivity, 377 wireless networks, 377–78 computer to computer, 312 internal wireless adapter security, 357–60 IPv6, configuring, 338–43 networks managing connections, 362–63 overview, 348–50 setting up connections, 350–52 wireless computers, adding, 352–56

practice configuring IPv6 connectivity, 343–45 creating ad hoc network, 371–73 wireless networks managing, 356–57 security, 367–68 technologies, 361 troubleshooting, 363–67 consent, UAC, 484 Contacts, 734 Content Retrieval rule, 463 Control Use of BitLocker On Removable Drives, 564 Convert To Dynamic Disk, 237 copying files, 448–49 Copype.cmd, 66–68 Core Networking Inbound Rules, 317–18 Core Networking Outbound Rules, 317–18 Create A Basic Task Wizard, 675 Create A Password Reset Disk, 500 Create A Shared Folder Wizard, 431 Create New Data Collector Wizard, 655 creating answer files, Windows SIM, 81, 139–40 bootable DVD-ROM, 58 bootable Windows PE medium, 66–68 capture image, 100, 172 Data Collector Sets, 654 data collectors from command prompt, 655–56 discover images, WDS, 171–72 disk volumes, 241 distribution share, 139, 152–53 event subscriptions, 679–80 images, 75 mirrored volume (RAID-1), 243 power plan, custom, 586 practice bootable VHD, 105–08 creating ad hoc network, 371–73 power plan, custom, 589–92 WIM image, 84–86 reference image, 58–72 scripts, network share deployment, 70 simple volumes, 241 striped volume with parity (RAID5), 243–45 striped volumes (RAID-0), 242–43 VHD, native, 90–91

851

Credential Manager WDS, discover image, 101 Windows Firewall with Advanced Security (WFAS) rules, 389–91 Credential Manager, 493–95 credentials, 484, 495–96, 504–07, 737 cross-architecture tools, 71 Cryptographic Operators group, 497 Cscript, 94 CSR (client-side rendering), 369

D Data Collector Sets (DCS), 649, 652–58, 725 data confidentiality protocol, 531 Data Execution Prevention (DEP), 710–11 data integrity protocol, 531 data origin authentication protocol, 531 data recovery agents (DRA), 559–61 data-collection packages, 261 DCOM (distributed component object model), 704 DCS (Data Collector Sets), 649, 652–58, 725 DDNS (Dynamic Domain Name Service), 305 debugging. See also troubleshooting boot configuration data, 754–55 network statistics, 319–21 operating system on VHD, 95 Debugging Mode, 751–52 default gateway, 304–05, 392 Default Local Users Group, 497 default rules, 272, 277 deferred procedure calls (DPC), 717 defragmenting disks, 230–32 deleting volumes, 246 deletion, files and folders, 442–43 Deny Write Access To Removable Drives Not Protected By BitLocker, 565 DEP (Date Execution Prevention), 710–11 deploying. See also deploying, system images; Deployment Image Servicing and Management Tool (DISM) network share, 69–71 updates, 161–63, 611

852

WDS, online VHD deployment, 98–104 Windows 7, More Info, 71 deploying, system images applications, servicing, 125–27 case scenarios, 191–92 DISM WIM commands, 116–23 drivers, servicing, 123–25 images, distributing, 72–75 international settings, 131–33 manual installations, 180–81 Microsoft Deployment Toolkit overview, 146–51 Microsoft Deployment Toolkit (MDT) applications, adding, 164–66 deployment points, 166–68 device drivers, adding, 154–55 distribution shares, creating, 152–53 language packs, 164 LTI bootable media, 168–69 managing and distributing images, overview, 151–52 offline files, updating, 163–64 operating system image, adding, 153–54 program folders, 148 task sequences, 155–61 updates, adding, 161–63 Windows PE options, configuring, 168 operating system packages, servicing, 127–30 package installation, 131 practice downloading, installing and configuring MDT 2010, 181–87 mounting offline image and installing language packs, 140–43 SCCM 2007, 175–80 unattended servicing, command-line, 137–40 WDS, 169–75 Windows editions, managing, 133–35 Windows PE images, servicing, 135–36 Deployment Image Servicing and Management Tool (DISM) applications, servicing, 125 description, 57 operating system packages, servicing, 128 overview, 75–77

system images, configuring and modifying, 56–58 unattended servicing, command-line, 137–40 WIM commands, mounting an image, 116–23 Deployment Workbench, 73, 148–51, 164–66 Designated Files Types, 274 desktop, 259 backup, 734 migrating user profile data, 34 Remote Desktop, 402–04, 411–13, 496–98, 537–40 Secure Desktop, 480, 483–84, 486–87 Desktop Background Settings, 585 Detect Application Failures, 265 Detect Application Install Failures, 265 Detect Application Installations and Prompt for Elevation, 485 Detect Applications Unable to Launch Installers Under UAC, 265 Device Installation Settings, 204 Device Manager, 197–203, 209 devices and drivers Application Compatibility Manager, 261 case scenario, signing policy, 252 configuring installation policies, 207–08 conflict resolution, 210–14 driver signing and digital signatures, 215–19 Driver Verifier Monitor, 214–15 File Signature Verification, 218–19 installation, overview, 203–04 installing non-PnP devices, 206 installing, Windows Update, 204–06 Link-layer Topology Discovery Mapper I/O driver, 362 out-of-box, 66 plug and play, persisting, 81 practice, configuring policy and driver search, 220–25 printers, sharing, 434 staging, 205 System Diagnostics, 652 updates, 209 wireless, connections to WAP, 349 working with device drivers, 208–10

DVD-ROM DHCP (Dynamic Host Configuration Protocol), 169, 300, 304–07 dialup connections, 540–43 digital certificates. See certificates digital fingerprint, 275, 281–82 digital signatures, 485–86 device drivers, 215–19 User Account Control (UAC), 487 validation of, 205 Direct Access case scenarios, 550–51 client configuration, 517–21 HomeGroups, 425 overview, 513, 515–17 practice, configuring with Netsh, 526–27 server, configuring, 521–26 troubleshooting, 519–21 DirectAccess Management Console, 522 Directory Services Restore Mode, 751 DirectX Diagnostic (DXdiag), 217–18 Disable Automatic Restart On System Failure, 751 Disable Driver Signal Enforcement, 751 Disable Driver Signature Enforcement, 216–17 Disconnect If A Remote Desktop Services Session, 498 discover image, WDS, 74, 101, 171–72 Discovery methods, 176 Disk Cleanup, 228–29 Disk Management tool basic disk and dynamic disks, conversion, 237–38 creating disk volumes, 241–42 deleting volumes, 246 partitions, working with, 235–36 reactivating dynamic disks, 240 resizing volumes, 245–46 spanned volumes, creating, 241 striped volumes, creating, 242 VHD, attaching and detaching, 91 VHDs, native, 89 disk steps, 178 Diskpart basic disk and dynamic disks, conversion, 237–38 creating volumes, 241–43, 245 deleting volumes, 246 format volumes, creating, 71 network share, deploying, 69–71 partitioning disks, 236

reactivating dynamic disks, 240 resizing volumes, 245–46 spanned volumes, creating, 242 striped volumes, creating, 243 VHD, create and attach, 91 VHDs, native, 89 disks. See also Disk Management tool; Diskpart backup storage, 733, 736 basic and dynamic disks, 236–38 case scenario, managing, 252 dynamic disks, 95, 240–42, 248 external hard disks, 36, 230–32, 711–12, 733 fixed disks, 95 floppy disks, 234–35 maintenance, 228–35 managing disk volumes, 240–46 MBR disks, 235, 241 moving, 239 partitions, working with, 235–36 performance monitoring, 652 policies, 233–35 practice, configuring policy and disk conversion, 247–48 reactivating dynamic disks, 240 system restore, 748 usage, 769–71 DISM (Deployment Image Servicing and Management Tool) applications, servicing, 125 description, 57 operating system packages, servicing, 128 overview, 75–77 system images, configuring and modifying, 56–58 unattended servicing, command-line, 137–40 WIM commands, mounting an image, 116–23 display, 259–60, 583, 586, 709 Distributed Cache mode, 462 Distributed COM Users group, 497 distributed component object model (DCOM), 704 Distributed Management Task Force (DMTF), 696 distribution share, 139, 146, 149, 152–53, 184–87 DLLs (dynamic link libraries), 263, 273–74, 279–80, 670 DMTF (Distributed Management Task Force), 696

Do Not Allow Write Access To Drives Configured in Another Organization, 565 Domain Name System (DNS) IPv4, configuring, 300 managing, 689–90 network services, 304–06 servers, adding IPv6 addresses, 340 servers, ping test, 314 WDS, 169 Windows Firewall with Advanced Security (WFAS), 392 Domain Networks, 385 dotted decimal notation, 302 Downloads folder, 734 downloads, multimedia, 716 downloads, updates, 613 DRA (data recovery agents), 559–61 drive letters, 239 Driver Details, 210 driver steps, 179 Driver Verifier Monitor, 214–15 drivers, device adding, Microsoft Deployment Toolkit (MDT), 154–55 case scenario, enforcing signing policy, 252 information about, 122 keyboard drivers, 133 managing, 75 Microsoft Deployment Toolkit, 146 out-of-box, 66, 121–23 plug and play, persisting, 81 printers, sharing, 434 rolling back drivers, 755–56 servicing, 123–25 smart cards, 498 System Diagnostics, 652 updates, 209 WIM images, 120 Windows PE images, 135 dual-boot installations, 14–19 dummy restore, 762 DVD-ROM backup, 733, 736 bootable, 58, 66–68, 168–69 deployment points, 166 discover images, 171–72 Install.wim file mounting, 119 installation source, preparation, 6–7 practice, creating Windows PE boot DVD, 84–86 Removable Disk policies, 234–35

853

DXdiag (DirectX Diagnostic) DXdiag (DirectX Diagnostic), 217–18 Dynamic Configuration Protocol (DHCP), 169 dynamic disks, 95, 240–42, 248 Dynamic Domain Name Service (DDNS), 305 Dynamic Host Configuration Protocol (DHCP), 300, 304–07, 392 dynamic link libraries (DLLs), 263, 273–74, 279–80, 670 dynamic partitions, 235

E EAP (Extensible Authentication Protocol), 359, 532 Easy Connect, 406–07 Easy Transfer Cable, 36 edge devices, 393 edition-family images, 133 Effective Permissions, 447 EFS (Encrypting File System), 451–54, 501–04, 556, 735 Eftsboot.com, 68 El Torito boot sector file, 68 e-mail accelerator, 631 e-mail data, 34–39 Enable Boot Logging, 750 Enable Client Side Targeting, 611 Enable Low Resolution Video, 751 Encrypting File System (EFS), 451–54, 493, 501–04, 556, 735. See also encryption encryption. See also Encrypting File System (EFS) backup and, 730 BitLocker BitLocker To Go, 564–67 data recovery agents (DRA), 559–61 enabling, 561–63 modes, 556–57 overview, 555–56 practice, BitLocker To Go, 568–71 TPM chip, 557 event forwarding, 676 File Sharing Connections, 425 internal wireless adapters, 357–60 Network Security Key, 355 offline files, 577 payload encryption, 333

854

Recovery Agents, 453 shared resources case scenarios, 474 practice, encryption and permissions, 454–58 SSL certificates, configuring, 633–36 virtual private networks (VPNs), 531–32 Windows Firewall with Advanced Security (WFAS), 393–94 wireless networks, 367 energy use, 199, 202, 582–89 Enforce Password History, 499 Enforcement Properties, 273–74 errors, hard disk, 232–33 errors, STOP, 652 Ethernet, 319–21, 349–52 ETW (Event Tracing for Windows), 717 Event Log Readers group, 497, 677 event subscriptions, 676–77 Event Tracing for Windows (ETW), 717 Event Viewer, 712–13 events AppLocker audit event log, 285 auditing, 449–51 logging and forwarding, 673–80, 689–90, 725 performance monitoring and reporting, 649–58 troubleshooting performance, 712–13 WMI Event Registration, 702–03 WMI Event Viewer, 703–05 Everyone group, 428–32 exceptions, 383, 387–88, 409 Exclude Files From Being Cached Policy, 578 exculsive ORing (XORing), 335 executable files AppLocker rules, 278 Program Compatibility troubleshooter, 258 Removable Disk policies, 234–35 Software Restriction Policies, 274 Experience Index, 663–64 exporting boot image, WDS, 102 firewall configuration, 394–95 security files, 487–88 Extensible Authentication Protocol (EAP), 359, 532 Extensible Firmware Interface (EFI), 104

Extensible Markup Language (XML) files, 740 extension headers, 333 external hard disks, 36, 230–32, 711–12, 733

F failover protection, 127–30, 243–45 failures, monitoring, 658–60 FAT file system, 7, 442, 449, 452, 565, 733–34, 771 fault tolerance, 242 Favorites folder, 734 Feature IDs, 138 feature properties, 138 File and Printer Sharing, 362, 425 file extensions, Software Restriction Policies, 274 file hash, defined, 281–82 file logging (profiling), 136 File Sharing Connections, 425 File Sharing dialog box, 428 File Signature Verification (Sigverif), 218–19 file-based storage, 71 files backup, 735–39 case scenario, migrating user data, 49–50 corrupted, 121 device drivers, 210 Disk Cleanup, 228–29 managing, 689–90 migrating user profile data, 34 offline files, 574–82 path rules, 274, 282 practice configuring file and folder backup, 741–43 migrating user data, 43–46 recovering renamed files, 771–75 recovery of previous versions, 766 restoring damaged or deleted files, 762–69 restoring user profiles, 767–69 sharing. See also virtual private networks (VPN) auditing, configuring, 449–51 BranchCache, configuring clients, 463–67 BranchCache, Distributed Cache mode, 463

hardware BranchCache, Hosted Cache mode, 462 BranchCache, overview, 461–62 BranchCache, Windows Server 2008, 468–70 case scenarios, 474 DirectAccess, 526 Encrypting File System (EFS), 451–54 file and folder permissions, 442–49 libraries, 432–33 Network And Sharing Center, 423–25 practice, BranchCache configuration, 470–71 practice, encryption and permissions, 454–58 practice, sharing resources, 435–40 printers, 434–35 shared folders, 428–32 User State Migration Tool (USMT), 39–42 Volume Shadow Copy Service (VSS), 766 Windows Easy Transfer, 35–39 fingerprints, Operating System (OS), 384 firewalls Action Center, 609, 661–64 BranchCache, configuring clients, 463–64, 466–67 DirectAccess, 516, 526 event forwarding, 676 network settings, configuring, 317–19 Ping tool and, 312–15 virtual private networks (VPNs), 531 Windows Firewall, 383–88 Windows Firewall with Advanced Security (WFAS), 389–95 Windows Update clients, 607–08 wireless networks, 368 fixed disks, 95 floppy disks, 234–35 folders backups, 736–39 case scenario, migrating user data, 49–50 default Windows folders, 734 managing, 689–90 migrating user profile data, 34

offline files, 574–82 path rules, 274, 282 practice configuring file and folder backup, 741–43 migrating user data, 43–46 recovering renamed files, 771–75 recovery of previous file versions, 766 restoring damaged or deleted files, 762–69 restoring user profiles, 767–69 sharing. See also virtual private networks (VPN) auditing, configuring, 449–51 BranchCache, 461–62 BranchCache, configuring clients, 463–67 BranchCache, Distributed Cache mode, 463 BranchCache, Hosted Cache mode, 462 BranchCache, Windows Server 2008, 468–70 case scenarios, 474 DirectAccess, 526 Encrypting File System (EFS), 451–54 file and folder permissions, 442–49 libraries, 432–33 Network And Sharing Center, 423–25 offline files, 580–81 practice, BranchCache configuration, 470–71 practice, encryption and permissions, 454–58 practice, sharing resources, 435–40 printers, 434–35 shared folders, 428–32 User State Migration Tool (USMT), 39–42 Volume Shadow Copy Service (VSS), 766 Windows Easy Transfer, 35–39 font settings, 132–33 Force Logoff, 498 Forgotten Password Wizard, 500 Format Prefix (FP), 330 FP (Format Prefix), 330 Full Control permission, 429–30 fully qualified domain names (FQDNs), 305, 409

G generalize, configuration pass, 80 global unicast addresses, 330 GlobalCatalog.wbcat, 739–40 globally unique identifier (GUID), 125 GPT disk partitions, 235, 241 Graphical Identification and Authentication DLLs, 263 Group Policy. See also policies account policies, 499–500 administrator account, 496 BitLocker requirements, 561 BranchCache, 463–67 device drivers, 205, 216 DirectAccess, 517–26 event subscriptions, 678–79 Internet Explorer Compatibility View, 623 location-aware printing, 370 power settings, 587 Remote Desktop Gateway, 538–39 remote management, 409–10 User Account Control (UAC), 482–87 user rights, 496–97 Windows Update, 612–16 Group Policy Objects, 521–26 GUID (globally unique identifier), 125

H HAL (Hardware Abstraction Layer), 93 handles, 670 hard disks, 736, 748. See also disks hard-link migration store, 42 hardware. See also devices and drivers; disks Application Compatibility Manager, 261 BitLocker requirements, 561 Hardware Abstraction Layer (HAL), 93 inventories, 175–76 performance monitoring and reporting Action Center, 661–64 case scenarios, 725–26 CIM Classes, 696 CIM Repository, 695–96 events, logging and forwarding, 673–80

855

Hardware Abstraction Layer (HAL) networking, configuring, 715–16 overview, 649–58 Performance Options, 709–11 practice, Performance Monitor, 680–86 practice, Windows performance analysis tools, 719–21 Process Explorer, 670–72 reliability, stability and performance, 658–61 Resource Monitor, 667–70 Task Manager, 664–67, 714–15 troubleshooting, 712–13 Windows Performance Analysis Toolkit (WPT), 717–18 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95 WMI scripting library, 696–97 WMI Service, 695 WMI, CIMOM, 695 WMI, overview, 689–94 write caching, configuring, 711–12 power configurations, 582–89 practice, configuring access policy and disk conversion, 247–48 RAM requirements, Windows XP Mode, 265–66 System Configuration (MSConfig), 705–07 Windows 7 requirements, 5–6 Windows 7 Upgrade Advisor, 27 Windows Memory Diagnostic, 752 Hardware Abstraction Layer (HAL), 93 Harware Resource, Msinfo32, 212 hash rules, 256, 272, 275, 279, 281–82 header size, 333 Heartbeat Discovery, 176 help-desk, remote access, 405–08 hexadecimal notation, 302 hibernate mode, 402–03, 613, 718 hibernation files, 228–29 hibernation mode, 583, 586 hidden devices, 198 High Performance power plan, 582–89 Home or Work (Private) Networks, 385, 423–25 HomeGroup, 434–38, 454 HomeGroup Connections, 425–27 Hosted Cache Client, 464 hotfix patches, 95

856

HTTP (Hypertext Transfer Protocol), 177, 676 HTTPS (Hypertext Transfer Protocol Secure), 177, 676 hybrid images, 151 hybrid network, 349 hybrid sleep mode, 584, 586 Hypertext Transfer Protocol (HTTP), 177, 676 Hypertext Transfer Protocol Secure (HTTPS), 177, 676 Hyper-V, 89–90

I IANA (Internet Assigned Numbers Authority), 306–07 Icacls, 446–47 ICMP (Internet Control Message Protocol), 312–15 ICMPv4 Echo Requests, 317 ICMPv4 protocols, 320 ICMPv6 Echo Requests, 317, 341 ICMPv6 protocols, 320 ICMPv6 traffic, 526 ICS, 304–07, 323–24 ID Attribute, 138 IEEE 802.11i standard, 358–60 IKEv2 protocol, 530, 532, 535 image steps, 178 images, system case scenario, generating system images, 111 configuring Deployment Image Servicing and Management Tool (DISM), 75–77 distributing, 72–75 Offline Virtual Machine Servicing Tool, 96–98 overview, 53 practice, creating bootable VHD, 105–08 practice, creating WIM image, 84–86 pre-staging client computers, 103–04 reference image, creating, 58–72 Sysprep, 77–84 VHDs, native, 89–94 WDS images, 74–75 WDS, online VHD deployment, 98–104

Windows Automated Installation Kit (Windows AIK), 56–58 Windows Image to Virtual Hard Disk Tool (WIM2VHD), 94–96 Windows Imaging (WIM), 71–72 Windows Preinstallation Environment (WinPE), 58 information about, 117–18 ImageX booting from VHD, 93 description, 57 images, information about, 118 images, mounting, 117, 119 network share, image storage, 68–69 system images, capturing, 56–58 Wimscript.ini, 68 Windows PE images, 135 Important Updates, 602 importing, firewall configuration, 394–95 inbound traffic, 385, 389–91, 395, 463–64 informational events, 675 inheritance, permissions, 445–46, 448–49 Initialize Disk Wizard, 236 InPrivate Filtering, 631 InPrivate Mode, 627–30 input locale, 132–33 input/output range resources, 200 install images, WDS, 74, 100–02, 170–71 install pending, 131 Install Software Updates, task sequence, 177 Install Software, task sequence, 177 Install.wim, 119, 170 installing case scenario, Windows 7 installation, 49 device drivers, 197, 207–08, 210 DVD-ROMs, 119 failures, 265 installers, launching, 265 Offline Virtual Machine Servicing Tool, 97 packages, considerations, 131 post-installation tasks, 139 practice clean installation, performing, 19–22 downloading, installing and configuring MDT 2010, 181–87 Windows AIK, 84–86 reference computer, 65–66

LAB deployment point Setup Analysis Tool, 263 source preparation, 6–9 Sysprep, 77–84 update files, manually, 608 WDS, 169 Windows 7, 9–19 Windows Automated Installation Kit (Windows AIK), 56–58 Windows Easy Transfer, 36 Interactive Logon Require Smart Card, 498 Smart Card Removal Behavior, 498 interfaces, IPv6, 340–41 interfaces, Windows Firewall, 385 interference, wireless connections, 364–65 internal hard disks, 230–32, 731 internal network resources, 526 internal private networks, 305 international settings, 75, 120, 122, 131–33 International Settings Configuration Tool (Intlcfg.exe), 116 Internet. See also addresses; Internet Explorer connection sharing, 307 files temporary, Disk Cleanup, 228–29 private IPv4 addresses, 306–07 Remote Desktop connections, 403 security settings, 609 Internet and Corporate Access message, 519 Internet Assigned Numbers Authority (IANA), 306–07 Internet Control Message Protocol (ICMP), 312–15, 384 Internet Explorer. See also Internet add-ons and search providers, 630–32 case scenario, 644–45 certificate errors, 635 compatibility test tool, 262 Compatibility View, 622–23 InPrivate Mode, 627–30 pop-up blocker, 632–33 practice, InPrivate Mode and add-ons, 636–40 security settings, 623–26 SmartScreen Filter, 626–27 SSL certificates, configuring, 633–36 zone rules, 276 Internet Options, configuring, 715–16 Internet Protocol (IP) addresses, 392 Internet Protocol Security (IPSec)

connection rules and policies, 342, 394 cryptography, 497 DirectAccess, 515–16 IPv6, advantages of, 333 Windows Firewall, 384 Internet Protocol Version 4 (TCP/IPv4), 362 Internet Protocol Version 4 (TCR/IPv4) Properties, 310–11 Internet Protocol Version 6 (TCP/IPv6), 340–41, 362 Internet Protocol-Hypertext Protocol Secure (IP-HTTPS), 516 Internet zone rules, 276 internetwork, 315 interrupt request (IRQ), 200, 717 interrupt storms, 717 Intlcfg, 75 intranets, 276, 331–32 Intra-Site Automatic Tunneling Addressing Protocol (ISATAP), 337 invalid logon attempts, 500 invitations, Remote Assistance, 406–07 IP addresses, static, 368 IP configuration, troubleshooting, 312–15 IP routing statistics, 319–21 IP Security Policies Management console, 342 Ipconfig, 301, 313, 338–39 IP-HTTPS, 516, 521 IP-HTTPS State, 518 IPSec (Internet Protocol Security) connection rules and policies, 342, 394 cryptography, 497 DirectAccess, 515–16 IPv6, advantages of, 333 Windows Firewall, 384 IPv4 addressing, 301–07 case scenario, IPv4 connectivity, 377 configuring connecting to network, 307–11 overview, 300–01 practice, configuring network connectivity, 321–24 troubleshooting connectivity, 311–21 DirectAccess, 515–16, 519 network statistics, 319–21 Remote Desktop connections, 403

Windows Firewall with Advanced Security (WFAS), 392 IPv6 address structure, 328–32 advantages of, 333–34 case scenario, IPv6 connectivity, 377 connectivity, 338–43 IPv4 compatibility, 334–37 network statistics, 319–21 practice, configuring IPv6 connectivity, 343–45 Remote Desktop connections, 403 Windows Firewall with Advanced Security (WFAS), 392 IPv6 neighbor Discovery (ND), 333 IPv6 reverse lookup zone, 334 ipv6.arpa, 334 ISATAP (Intra-Site Automatic Tunneling Addressing Protocol), 337 isolation rules, 393

J Join Domain or Workgroup, task sequence, 178

K Kerberos V5 protocol, 393 kernel debugging, 751 Kernel Memory, 665 kernel mode drivers, 263 kernel trace data, 652 Key Management Service (KMS), 82 keyboard layout, 132–33 keys encryption, 556–57 Network Security Key, 355 recovery key, 560, 562 startup keys, 557, 562 Windows Firewall with Advanced Security (WFAS), 393 Knowledge Base ID, 604–06

L L2TP/IPsec, 515, 530–31, 535 LAB deployment point, 168

857

LAN

LAN (local area network), 305–06 Language ID, 138 language packs, 120, 122, 132–33, 135, 140–43, 164, 191 laptop computers. See also wireless connections case scenario, offline files, 596–97 dialup connections, 540 loss of, 555 offline files, 574–82 power configurations, 582–89 shared folders, configuring, 580–81 Sync Center, 578–80 transparent caching, 577 Last Known Good Configuration, 751, 753, 755–56 Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPsec), 515 LDM (Logical Disk Manager), 236 legacy hardware, 206 libraries dynamic link libraries (DLLs), 263, 273–74, 279–80, 670 sharing, 432–33, 435–38 WMI scripting library, 696–97 license product key, 82 Link-layer Topology Discovery Mapper I/O Driver, 362 Link-layer Topology Discovery Responder, 362 link-local addresses, 330–32 Links folder, 734 list items, 139 Lite Touch Installation (LTI), 73, 147, 168–69 LoadState, 41 Local and Internet Access message, 519 local area network (LAN), 305–06 Local Group Policy Editor, 208, 233–35, 449–51 Local Intranet, security settings, 623–24 Local Security Policy, 487–88 Local Subnet, 392 LocalAccountTokenFilterPolicy, 409 location-aware printing, 370 Lock Workstation, 498 lockout policies, accounts, 499–500 loctl_disk_performance files, 681

858

logging events, logging and forwarding, 673–80, 689–90, 725 managing, 75 Sysprep, 83–84 Logical Disk Manager (LDM), 236 Logman, 655–56 logons Credential Manager, 493–95 Remote Desktop, 402–03 loopback address, 332 LTI (Lite Touch Installation), 73, 147, 168–69

M MAC (media access control), 305–06, 334, 367 Machine OOBE, 64 maintenance tasks, disks, 228–35 MAK (Multiple Activation Keys), 82 malware. See User Account Control (UAC) Manage Add-Ons, 632 Manage File Encryption Certificates, 502–04 Manage Wireless Networks, 357 Manage-bde.exe, 567 Managed Object Format (.mof), 179 managing applications Application Compatibility Diagnostics policies, 264–65 Application Compatibility Toolkit (ACT), 260–64 AppLocker control policies, overview, 276–77 AppLocker rules, 277–83 AppLocker, auditing, 285–86 AppLocker, configuring exceptions, 283 case scenarios, 294–95 compatibility, configuring options, 257–60 executable rules, 278 overview, 255 practice, compatibility, 267–69 practice, restricting applications, 286–89 Software Restriction Policies, 271–76 Windows XP Mode, 265–66 BitLocker BitLocker To Go, 564–67

data recovery agents (DRA), 559–61 enabling, 561–63 modes, 556–57 overview, 555–56 practice, BitLocker To Go, 568–71 TPM chip, 557 certificates, 502–04 devices configuring installation policies, 207–08 Device Manager, 197–203 driver signing and digital signatures, 215–19 Driver Verifier Monitor, 214–15 File Signature Verification, 218–19 installing non-PnP devices, 206 installing, Windows Update, 204–06 overview, 203–04 practice, configuring policy and driver search, 220–25 resolving conflicts, 210–14 staging device drivers, 205 working with drivers, 208–10 DirectAccess case scenarios, 550 client configuration, 517–21 overview, 515–17 practice, configuring with Netsh, 526–27 server, configuring, 521–26 troubleshooting, 519–21 disks basic and dynamic disks, 236–38 case scenario, managing disk volumes, 252 disk volumes, 240–46 maintenance, 228–35 moving, 239 partitions, working with, 235–36 practice, configuring policy and disk conversion, 247–48 reactivating dynamic disks, 240 Internet Explorer, InPrivate Mode, 627–30 network connections, 362–63 performance CIM Classes, 696 CIM Repository, 695–96 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95

Microsoft Update, application servicing WMI scripting library, 696–97 WMI Service, 695 WMI, CIMOM, 695 WMI, overview, 689–94 practice, managing credentials, 504–07 printers, 434 remote management BCDEdit, 754–55 case scenarios, 419 practice, remote management options, 411–15 Remote Assistance, 405–08 Remote Desktop, 402–04 Windows Remote Management, 408–10 shared resources BranchCache, 461–62 BranchCache, configuring clients, 463–67 BranchCache, Distributed Cache mode, 463 BranchCache, Hosted Cache mode, 462 BranchCache, Windows Server 2008, 468–70 folders, 431 practice, BranchCache configuration, 470–71 system image deployment applications, adding, 164–66 applications, servicing, 125–27 case scenarios, 191–92 deployment points, 166–68 device drivers, adding, 154–55 DISM WIM commands, 116–23 distribution share, creating, 152–53 drivers, servicing, 123–25 international settings, 131–33 language packs, 164 LTI bootable media, 168–69 managing and distributing images, overview, 151–52 manual installations, 180–81 MDT (Microsoft Deployment Toolkit), overview, 146–51 offline files, updating, 163–64 operating system image, adding, 153–54 operating system packages, servicing, 127–30 package installation, 131 practice, downloading, installing and configuring MDT 2010, 181–87

practice, mounting offline image and installing language packs, 140–43 SCCM 2007, 175–80 task sequences, 155–61 unattended servicing, command-line, 137–40 updates, adding, 161–63 WDS, 169–75 Windows editions, managing, 133–35 Windows PE, 135–36, 168 User Account Control (UAC), 479–80, 482–90 user profiles migrating user profile data, 34 practice, migrating user data, 43–46 User State Migration Tool (USMT), 39–42 Windows Easy Transfer, 35–39 virtual hard disk files case scenario, working with VHD, 111 native VHDs, using, 89–94 Offline Virtual Machine Servicing Tool, 96–98 practice, creating bootable VHD, 105–08 pre-staging client computers, 103–04 WDS, online VHD deployment, 98–104 Windows Image to Virtual Hard Disk Tool (WIM2VHD), 94–96 Windows Firewall, 383–88, 395–98 Windows Firewall with Advanced Security (WFAS) overview, 389–95 practice, configuring, 395–98 wireless networks, 356–57 map accelerator, 631 Maximum Password Age, 499 MBR disks, 235, 241 MBSA (Microsoft Baseline Security Analyzer), 616 MDT (Microsoft Deployment Toolkit) applications, adding, 164–66 deployment points, 166–68 distribution share, creating, 152–53 language packs, 164 LTI bootable media, 168–69 managing and distributing images, overview, 151–52

MDT 2010, overview, 73 offline files, updating, 163–64 operating system image, adding, 153–54 overview, 146–51 practice, downloading, installing and configuring MDT 2010, 181–87 SCCM, integrating, 179–80 task sequences, 155–61 updates, adding, 161–63 Windows PE options, configuring, 168 media access control (MAC), 305–06, 334, 367 Media Streaming, 425 Mediald file, 740 memory, 5–6, 200, 652, 664–67, 752 memory cards, 711–12 messages, 208, 519, 609–10 Action Center, 661–64 Microsoft Baseline Security Analyzer (MBSA), 616 Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2), 533 Microsoft Data Protection Manager, 89 Microsoft Deployment Toolkit (MDT), 73 applications, adding, 164–66 deployment points, 166–68 distribution share, creating, 152–53 language packs, 164 LTI bootable media, 168–69 managing and distributing images, overview, 151–52 offline files, updating, 163–64 operating system image, adding, 153–54 overview, 146–51 SCCM, integrating, 179–80 task sequences, 155–61 updates, adding, 161–63 Windows PE options, configuring, 168 Microsoft Hyper-V Server, 97 Microsoft Protected EAP (PEAP), 532–33 Microsoft Secured Password (EAP-MSCHAP v2), 532 Microsoft Smart Card or Other Certificate, 532–33 Microsoft Update, application servicing, 125

859

Microsoft Virtual PC Microsoft Virtual PC, 265 Microsoft-Windows-SecurityLicensing (SLC), 82 MigApp.xml, 40 MigDocs.xm., 40 migration case scenario, migrating user data, 49–50 from Windows Vista, 26 from Windows XP, 29–30 practice, migrating user data, 43–46 store types, 42 user profile data, 34 Windows Easy Transfer, 37–39 MigUser.xml, 40 Minimum Password Age, 499 Minimum Password Length, 499 mirrored volumes, 237, 239, 243 MOBIKE, 535 mobile devices. See also virtual private networks (VPN) case scenario, offline files, 596–97 offline files, 574–82 shared folders, configuring, 580–81 Sync Center, 578–80 transparent caching, 577 mobile phone networks, 360 mobility offline files, 574–82 power configurations, 582–89 shared folders, configuring, 580–81 Sync Center, 578–80 transparent caching, 577 modems, 403, 540–43 modules, 670 MOF Generator Wizard, 699 monitoring systems Action Center, 661–64 events, logging and forwarding, 673–80 performance monitoring and reporting, 649–58 case scenarios, 725–26 CIM Classes, 696 CIM Repository, 695–96 CIMOM, 695 networking, configuring, 715–16 Performance Options, 709–11 practice, Performance Monitor, 680–86 practice, Windows performance analysis tools, 719–21 troubleshooting, 712–13

860

Windows Performance Analysis Toolkit (WPT), 717–18 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95 WMI scripting library, 696–97 WMI Service, 695 WMI, overview, 689–94 write caching, configuring, 711–12 Process Explorer, 670–72 reliability, stability and performance, 658–61 Resource Monitor, 667–70 Services console, 707–09 System Configuration (MSConfig), 705–07 Task Manager, 215, 664–67, 714–15 More Info ACT, 261, 264 advanced system tools and command-line utilities, 671 answer files, 65, 81 AppLocker auditing, 286 audit mode and Sysprep, 64 audit mode, booting to, 83 audit policy, advanced, 451 BCD boot options, 755 BCD WMI interface, 755 BCDBoot, 71, 174 BCDEdit, 94 Biometrics, 498 BitLocker, 556 BitLocker DRAs, 561 Bluetooth, 356 configuration pass, 139 custom commands and scripts, adding, 140 Data Collector Sets, 654–55 Default Local Users Group, 497 deployment, 67, 99 DirectAccess, 519, 521 DirectAccess Executive Overview, 516 Disable Driver Signature Enforcement, 217 Diskpart, 174, 246 Distributed Management Task Force (DMTF), 696 driver store and staging, 206 Driver Verifier Monitor, 215 EAP, 359 El Torito boot sector file, 68 Encrypting File System (EFS), 452

external resolution, 349 files and settings, rerouting, 41 global unicast addresses, 330 Hosted Cache servers, configuring, 462 Icacls, 447 images, creating, 75 internal vs. external resolution, 305 Internet connection sharing, 307 Internet Explorer enhanced security, 626 IPv6 addressing, 330 LoadState, 41 loctl_disk_performance files, 681 Logman, 656 managing images with WDS, 103 MDT (Microsoft Deployment Toolkit), 148 Microsoft Baseline Security Analyzer (MBSA), 616 Microsoft-Windows-SecurityLicensing-SLC, 82 migration, 40, 42–43 MOF files, compiling, 702 NAP, 537 Netsh, 341 Network Address Translation (NAT), 306 network bridges, 313 Offline Virtual Machine Servicing Tool and SCVMM, 164 Peer Name Resolution Protocol, 334 PhysicalDisk %Disk Time counter, 683 PnPUtil, 224 power management, 584 Powercfg.exe, 588 pre-staging client computers, 104 printer permissions, 435 RD (Remote Desktop) Gateway, 537 remote access, Windows PowerShell, 410 RemoteApp, 540 ScanState, 41 SCCM 2007 and software update installation, 180, 611 SCCM client discovery, 176 share permissions and NFTS permissions, 432 smart cards, 499 Software Restriction Policies, 276 subnetting and supernetting, 303

NFTS permissions Sysprep, Audit mode, 79 task sequence actions and variables, 178 Task Sequence Editor, 158 TCP connection states, 320 Teredo addresses, 336 transparent caching, 577 USMT, 58 virtual hard drives (VHDs), 90 Virtual PC and Windows XP, 735 Wbadmin, 740 WDS, 98–100, 175 WDSUTIL, 175 Web Proxy Auto Detect, 608 WIM2VHD, 96 Windows 7 deployment, 71 Windows 7 Upgrade Advisor, 27 Windows image, state of, 83 Windows Update Stand-alone Installer, 608 WMI classes, 691 WSUS, 612 moving files, 448–49 MP3 players, 233–35 MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2), 533 MSConfig (System Configuration), 705–07 MS-DOS-style MBR partition tables, 236 Msinfo32 (System Information), 212–14 multicast, 329, 332 multifactor authentication, 498 multimedia settings, 586, 716 multinetting, 329 Multiple Activation Keys (MAK), 82 music, 425 My Computer, zone rules, 276 Mystore, 41

N NAP (Network Access Protection), 536–37, 609–10 NAT (Network Address Translation), 305–06, 337, 393, 403 negative caching, 314–15 neighbor cache, 341 Net Share command, 431 NetBIOS, 310, 409 netbook computers, 7

Netsh BranchCache, configuring clients, 463–67 DirectAccess, 519 IPv4 configuring, 310–11 IPv6 configuring, 340–41 IPv6 to IPv4 compatibility, 337 practice, configuring DirectAccess, 526–27 Windows Firewall, 388 Windows Firewall with Advanced Security (WFAS), 395 Windows Update, 608 wireless networks, 352–56 Netstat, 319–21, 338 Network Access Protection (NAP), 536–37, 609–10 Network Address Translation (NAT), 305–06, 337, 393, 403 network address, Windows Firewall, 385 Network And Sharing Center ad hoc networks, 360 connection interfaces, 362 dialup connections, 540 HomeGroups, 427 ICS clients, adding, 308 Internet connections, 350 Network Location Awareness (NLA), 385 sharing resources, 423–25 virtual private networks (VPNs), 530–31 Windows Network Diagnostics, 316 wireless networks, 356 network bridges, 313, 363 Network Configuration Operators group, 497 Network Diagnostics, 675 Network Discovery, 176, 425 Network Level Authentication, 403–04 Network Location Awareness (NLA), 385–87 network migration method, 36 Network Printer Installation Wizard, 369 Network Security Key, 355 network share as installation source, 8–9 capturing installation images, 68–69 deployment, 69–71 network-based installation, 99 networks. See also offline files

ad hoc networks, 360 backup storage, 733 case scenario IPv4 connectivity, 377 IPv6 connectivity, 377 wireless networks, 377–78 connectivity managing connections, 362–63 overview, 348–50 setting up connections, 350–52 internal wireless adapter security, 357–60 IPv4, configuring addressing, 301–07 connecting to network, 307–11 overview, 300–01 practice, configuring, 321–24 troubleshooting, 311–21 IPv6, configuring addresses, 328–32 advantages of IPv6, 333–34 connectivity, 338–43 IPv4 compatibility, 334–37 practice, configuring IPv6 connectivity, 343–45 managing, 689–90 Network Location Awareness, 385–87 network services, 304–06 network type, selecting, 14 performance monitoring, 652, 715–16 practice, creating ad hoc network, 371–73 printing enhancements, 368–70 wireless, 675 wireless computers, adding, 352–56 wireless networks managing, 356–57 security, 367–68 technologies, 361 troubleshooting, 363–67 zone rules, 276 New Application Wizard, 165–66 New Connection Security Rule Wizard, 393–94 New Deployment Point Wizard, 166–68 New Driver Wizard, 154–55 New Inbound (or Outbound) Rule Wizard, 389–91 New OS Wizard, 153 New Task Sequence Wizard, 177 NFTS permissions, 432

861

NLA

NLA (Network Location Awareness), 385–87 Notify Blocked Drivers, 265 NTFS files, 169, 442, 449, 733 NTFS permissions, 442, 449, 556 NTFS-formatted removable devices, 565 NTLMv2, 393

O object repository, 695–96 octets, 302 OEM Activation licenses, 82 offline attacks, 555 offline dynamic disks, 240 offline files, 163–64, 574–82, 596–97. See also sharing resources offline images, 123, 129 offline migrations, 42–43 Offline Settings, 430 Offline Virtual Machine Servicing Tool, 128, 163–64 offline Web pages, 228–29 offlineServicing, 80 On/Off Transition Trace Capture (Xbootmgr.exe), 717–18 online images, working with, 121–23, 129 Only Elevate Executables That Are Signed and Validated, 485–86 Only Elevate UIAcess Applications That Are Installed In Secure Locations, 487 OOBE (out-of-box experience), 94, 134 oobeSystem, 63, 80, 83 Operating System (OS) fingerprinting, 384 operating system image, adding, 153–54 operating system packages, servicing, 127–30 operating system, default, 17–19 operating systems. See also system images, configuring; specific system name Windows Automated Installation Kit (Windows AIK), 56–58 optical media, 173 Optional Updates, 603 orphaned images, 121 Oscdimg, 58

862

outbound traffic, 385, 389–91, 395, 463–64 out-of-box device drivers, 66, 121–23 Out-of-Box Experience (OOBE), 94, 134 overlapping networks, 364

P Package Manager (Pkgmgr.exe), 75, 116 packages, 75, 122, 131, 135 page files settings, 710 PAP (Password Authentication Protocol), 533 parameters, WIM2VHD, 94–95 partitions basic and dynamic disks, 236–38 disks, working with, 235–36 network share deployment, 69 Password Authentication Protocol, 533 Password Must Meet Complexity Requirements, 499 Password Protected Sharing, 425 password reset disk, 500 passwords account policies, 499–500 case scenario, UAC and passwords, 511 Credential Manager, 493–95 HomeGroup Connections, 425 on wakeup, 585 practice, managing credentials, 504–07 recovery passwords, 559–60 remote access, 409–10 Remote Assistance, 407 removable data drives, 565 resolving authentication issues, 500–01 Runas, 495–96 smart cards, 497–99 VPN authentication protocols, 533 wireless networks, 367 patches, 95, 125–27 path rules, 272, 274 Pathping tool, 315, 338 PCI Express, 586 PEAP (Microsoft Protected EAP), 532–33 Peer Name Resolution Protocol (PNRP), 334, 406–07

Peer-Discovery, 464 peer-to-peer environments, 334 PEimg, 75 pending computers, 99 performance Action Center, 661–64 booting from VHD, 93 case scenarios, 725–26 defragmenting disks, 230–32 events, logging and forwarding, 673–80 monitoring and reporting, 649–58 network statistics, 319–21 networks, configuring, 715–16 Offline Virtual Machine Servicing Tool, 97 practice, Performance Monitor, 680–86 practice, Windows performance analysis tools, 719–21 Process Explorer, 670–72 reliability, stability and performance, 658–61 Resource Monitor, 667–70 Services console, 707–09 spanned volumes, 241 striped volumes with parity (RAID5), 243–45 System Configuration (MSConfig), 705–07 Task Manager, 664–67, 714–15 troubleshooting, 712–13 Windows Performance Analysis Toolkit (WPT), 717–18 WMI CIM Classes, 696 CIM Repository, 695–96 CIMOM, 695 overview, 689–94 providers, 694–95 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI scripting library, 696–97 WMI Service, 695 write caching, configuring, 711–12 Performance Analyzer, 718 Performance Log Users group, 497 Performance Monitor, 215, 650–52, 680–86 permissions configuring with Icacls, 446–47 Effective Permissions, 447 file and folder, 442–49 inheriting, 445–46 NTFS permissions, 271

Process Explorer printers, 434–35 Removable Disk policies, 234–35 script rules, 279 shared folders, 428–32 shared resources, 454–58, 474 personal identification number (PIN), 556–57 Personal mode, 359–60 phishing, 626 physical machines, image deployment, 89 Physical Memory, 665 pictures, 425 PID (process ID), 320 PIN (personal identification number), 556–57 Ping, 312–15, 317–19, 338 PIV standard, 498 Pkgmgr.exe, 75 plug and play (PnP) devices, 81, 197–203 PNRP (Peer Name Resolution Protocol), 334 Point-to-Point Tunneling Protocol (PPTP), 515, 530–31, 535, 541–42 policies. See also Group Policy accelerators, 632 account lockout policies, 501 Application Compatibility Diagnostics policies, 264–65 AppLocker auditing, 285–86 configuring exceptions, 283 practice, restricting applications, 286–89 rules, 277–83 auditing remote connections, 544 Auto-Add, 99, 103–04 BitLocker DRAs, 559–60 BitLocker To Go, 564–66 BranchCache, configuring clients, 463–67 case scenario restricting applications, 294–95 case scenario, driver signing policy, 252 device drivers, 205, 207–08, 216, 220–25 DirectAccess, 517–26 disk policies, 233–35 event subscriptions, 678–79 InPrivate, 629–30 IPSec, 342 location-aware printing, 370 offline files, 577–78

power settings, 587 practice access policy and converting a disk, 247–48 BitLocker To Go, 568–71 remote access, 409 Remote Desktop Gateway, 538–39 smart cards, 498 Software Restriction Policies, 271–76 updates, 611 User Account Control (UAC), 482–87 user rights, 496–97 Windows Update, 612–16 write caching, configuring, 711–12 pop-up blocker, 632–33 portable computers case scenario, offline files, 596–97 dialup connections, 540 loss of, 555 offline files, 574–82 power configurations, 582–89 shared folders, configuring, 580–81 Sync Center, 578–80 transparent caching, 577 port-based authentication, 358–60 ports, 319–21, 384, 387–89 power allocation, 202, 582–92 Power Management, 199 Power Users group, 497 PowerShell, 163–64, 408–10, 414–15 PPTP (Point-to-Point Tunneling Protocol), 515, 530–31, 535, 541–42 practice backup, configuring file and folder, 741–43 BitLocker To Go, 568–71 BranchCache configuration, 470–71 clean installation, performing, 19–22 compatibility, 267–69 credentials, managing, 504–07 device drivers, configuring policy and driver search, 220–25 DirectAccess, configuring with Netsh, 526–27 disks, access policy and covertion, 247–48 Internet Explorer, InPrivate Mode and add-ons, 636–40

MDT 2010, downloading, installing and configuring, 181–87 migrating user data, 43–46 mounting offline image and installing language packs, 140–43 Performance Monitor, 680–86 power plans, managing, 589–92 recovering renamed files, 771–75 remote connections, configuring, 545–47 remote management options, 411–15 shared resources, encryption and permissions, 454–58 sharing resources, 435–40 system protection and restore, 756–60 upgrading to Windows 7, 30–31 User Account Control (UAC), configuring, 488–90 VHD, bootable, 105–08 WIM image, creating, 84–86 Windows Firewall, 395–98 Windows performance analysis tools, 719–21 Windows Update, configuring, 617–19 precedence, 272, 274 preferred wireless networks, 356–57 pre-shared key (PSK) mode, 359–60 Print Management MMC snap-in, 369 printers, 370, 434–35, 689–90 printing, Windows 7 enhancements, 368–70 private addresses, 306–07 private intranets, 331–32 private keys, 452 private networks, 305–06 privileges case scenario, UAC and passwords, 511 elevation of, 479–80 User Account Control (UAC) overview, 479–80 policies, 482–87 practice, configuring, 488–90 Secpol and Local Security Policy, 487–88 settings, 480–82 virtual private networks (VPNs), 530 Problem Devices, 212 Process Explorer, 267–69, 670–72

863

process ID (PID) process ID (PID), 320 Processor Power Management, 586 processors, 5–6, 265–66, 652, 664–67 product keys, 82, 133–34 Program Compatibility troubleshooter, 257–58, 265 Program Files, 279, 486–87 Programs and Features, 387–88 prompts, UAC, 483–84 Protected Mode, Internet Explorer, 624 Provide The Unique Identifiers For Your Organization Policy, 565 proxy servers, 607–08 PSK (pre-shared key) mode, 359–60 public addresses, 306–07 Public Folder Sharing setting, 425 public key encryption, 452 Public Networks, 385 publisher rules, 280–81 PXE-compliant clients, 147 PXE-enabled computers, 173

Q Quality of Service (QoS), 333, 362 Quick Fix Engineering (QFE), 95

R RADIUS (Remote Authentication Dial In User Service), 358–60 RAID-5 volumes, 237, 239, 243–45 RAM, 265–66, 664–67, 752 RAMdisk mode, 135 read performance, 244 permissions, 442–43 removable devices, 565 Removable Disks policies, 234–35 shared folders, 428–32 Read/Write image, 120 Read/Write permissions, 428–32 read-only images, 119 real-time traffic, 333 reboots, monitoring, 658–60 Recommended Updates, 602 Recovery Agents, 453 recovery key, 560, 562 recovery passwords, 559–60

864

recovery, data. See also backup Advanced Boot Options, 750–53 BitLocker protected drives, 566–67 boot options, 754–55 case scenarios, 779–80 file copying and, 730 practice, recovering renamed files, 771–75 previous versions of files, 766 renamed and deleted files, 765–66 restoring damaged or deleted files, 762–69 system protection and disk usage, configuring, 769–71 user profiles, restoring, 767–69 Volume Shadow Copy Service (VSS), 766 recovery, system, 755–60 Recycle Bin, 228–29, 735, 765–66 Redirect, 333 Reduced Functionality Mode (RFM), 82 reference computers, 59, 65–66 registry, 486, 689–90, 730, 746–50 registry keys, 263 Reliability Monitor, 214, 658–60 Remember My Credentials, 493 Remote Assistance, 405–08 Remote Authentication Dial In User Service (RADIUS), 358–60 remote computers, Device Manager, 198 remote connections auditing, 544 case scenarios, 550–51 dialup connections, 540–43 practice, configuring remote connections, 545–47 Remote Desktop, 537–40 virtual private networks (VPNs) incoming connections, accepting, 541–43 NAP remediation, 536–37 overview, 530–32 VPN Reconnect, 535–36 Remote Desktop, 402–04, 411–13, 496, 537–40 Remote Desktop Services, 498 Remote Desktop Users group, 404, 496–97 remote management case scenarios, 418–19 practice, remote management options, 411–15

Remote Assistance, 405–08 Remote Desktop, 402–04 Windows Remote Management, 408–10 RemoteApp, 539–40 removable devices. See also USB (universal serial bus) devices booting target drives, 173 data drives, 564–66 deployment points, 166 disk policies, 233–35 partioning, 236 policies about, 208 practice, write access, 247–48 Repair Your Computer, 746 replay protection protocol, 531 Replicator group, 497 reports. See resources, performance monitoring and reporting Res.rwm files, 99 Reset Account Lockout Counter After, 500 resetting user account passwords, 500 resizing volumes, 245–46 Resource Monitor, 667–70 resources Device Manager, 200 hardware, Msinfo32, 212 performance monitoring and reporting Action Center, 661–64 case scenarios, 725–26 CIM Classes, 696 events, logging and forwarding, 673–80 networking, configuring, 715–16 overview, 649–58 Performance Options, 709–11 practice, Performance Monitor, 680–86 practice, Windows performance analysis tools, 719–21 Process Explorer, 670–72 reliability, stability and performance, 658–61 Resource Monitor, 667–70 Task Manager, 215, 664–67, 714–15 troubleshooting, 712–13 Windows Performance Analysis Toolkit (WPT), 717–18 WMI Administrative Tools, 697–705 WMI consumers, 696

security

WMI providers, 694–95 WMI scripting library, 696–97 WMI Service, 695 WMI, CIMOM, 695 WMI, overview, 689–94 sharing. See also virtual private networks (VPN) auditing, configuring, 449–51 BranchCache, configuring clients, 463–67 BranchCache, Distributed Cache mode, 463 BranchCache, Hosted Cache mode, 462 BranchCache, overview, 461–62 BranchCache, Windows Server 2008, 468–70 case scenarios, 474 DirectAccess, 526 Encrypting File System (EFS), 451–54 file and folder permissions, 442–49 libraries, 432–33 Network And Sharing Center, 423–25 practice, BranchCache configuration, 470–71 practice, encryption and permissions, 454–58 practice, sharing, 435–40 printers, 434–35 shared folders, 428–32 System Configuration (MSConfig), 705–07 usage monitoring, 215 Restart Computer, task sequence, 178 restore, 493–95, 746–50, 758, 762–69 Restore Files Wizard, 763, 767–69 Restore My Files, 763 Restore Settings, 770 Restore Vault, 495 Restricted Sites, 276, 624 resume, 718 reverse lookup, 334 roaming profiles, 767 Robocopy.exe, 449 roll backs, 28, 197, 208, 612 Route, command-line tool, 338 Router Discovery, 333 routers edge devices, 393 site-local addresses, 331–32

SOHO, Windows Firewall and, 387 subnets and supernets, 303–04 switching between WAPs, 363–64 routing table, IPv6, 333 Rule Creation Wizard, 281–82 rule scope, 392–93 rules, 383, 386 Run All Administrators In Admin Approval Mode, 486 Run Command Line, task sequence, 177 RunSynchronous, 81

S Safe Mode, 747, 750 Same Service Set Identifier (SSID), 365–68 Saved Games, 734 scaling, 259 ScanState, 41 SCCM 2007, 163, 175–80 scheduled tasks, 689–90 scratch space, 136 screen resolution, 259 scripts AppLocker, script rules, 279 Cscript, 94 Deployment Workbench, 148 More Info, 140 network share deployment, 70 rules for, 279 WMI scripting library, 696–97 SCSI (Small Computer System Interface) defragmenting disks, 232 SCVMM (System Center Virtual Machine Manager), 97–98, 128, 147, 163 search providers, 630–32 Searches folders, 734 Secedit.exe, 487–88 Secpol, 487–88 Secure Desktop, 480, 483–84, 486–87 Secure Socket Tunneling Protocol (SSTP), 515, 530–31, 535 Secure Sockets Layer (SSL), 531, 626, 633–36 security. See also remote management; updates; User Account Control (UAC) Action Center, 661–64

AppLocker auditing, 285–86 configuring exceptions, 283 rules, 277–83 backup, 737 BitLocker BitLocker To Go, 564–67 data recovery agents (DRA), 559–61 enabling, 561–63 modes, 556–57 overview, 555–56 practice, BitLocker To Go, 568–71 TPM chip, 557 case scenario, restriction applications, 294–95 device drivers, 205 DirectAccess, 517–19 disk policies, 233–35 events, logging and forwarding, 673–80 internal wireless adapters, 357–60 Internet Explorer settings, 623–26 IPv6, advantages of, 333 managing, 689–90 mobility case scenario, offline files, 596–97 offline files, 574–82 shared folders, configuring, 580–81 Sync Center, 578–80 transparent caching, 577 network performance and, 716 Network Security Key, 355 operating system image, adding, 153 patches, offline images, 127 practice, restricting applications, 286–89 pre-staging client computers, 104 public and private addresses, 306 SCCM 2007, 175–76 shared resources configuring auditing, 449–51 Encrypting File System (EFS), 451–54 file and folder permissions, 442–49 practice, encryption and permissions, 454–58 Software Restriction Policies, 271–76 updates, adding with MDT, 161–63

865

Security Center virtual private networks (VPNs), 531–33, 536, 544 Windows Firewall, 383–88, 395–98, 419 Windows Firewall with Advanced Security (WFAS), 389–98, 419 wireless networks, 356–57, 365–68 Security Center, 537, 609–10 Security Health Validators (SHVs), 536 Security Levels, 272 Security Template, 487–88 self-powered hubs, 202 Serial Advanced Technology Attachment (SATA) disks, 232 server message block (SMB), 177 server-to-server rules, 394 service set identifier (SSID), 353–54 Services console, 707–09 services, event logs, 674 servicing jobs, 163–64 Set Network Location, 423 Set Task Sequence Variable, 178 settings. See also settings, network Action Center, 662–63 Advanced Sharing Settings, 423, 434 answer file, 59, 64–65 devices, 197, 199 file copying and recovery, 730 international, 75, 131–33 Internets Explorer security, 623–26 migrating user profile data, 34, 37–39 Offline Settings, 430 performance CIM Classes, 696 CIM Repository, 695–96 Performance Options, 709–11 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95 WMI scripting library, 696–97 WMI, CIMOM, 695 WMI, overview, 689–94 power configurations, 582–89 system restore, 746–50 time and date, 13 User Account Control (UAC), 480–82 user, compatibility modes, 260 Windows Firewall, 388 Windows PE images, 135 settings, network. See also settings ad hoc networks, 360

866

case scenario IPv4 connectivity, 377 IPv6 connectivity, 377 wireless networks, 377–78 connectivity managing connections, 362–63 overview, 348–50 setting up connections, 350–52 internal wireless adapter security, 357–60 IPv4 addressing, 301–07 connecting to network, 307–11 overview, 300–01 practice, configuring, 321–24 troubleshooting connectivity, 311–21 IPv6 advantages of IPv6, 333–34 configuring addresses, 328–32 connectivity, 338–43 IPv4 compatibility, 334–37 practice, configuring IPv6 connectivity, 343–45 practice, creating ad hoc network, 371–73 printing enhancements, 368–70 wireless computers, adding, 352–56 wireless networks managing, 356–57 security, 367–68 technologies, 361 troubleshooting, 363–67 Setup Analysis Tool, 263 setup log files, 228–29 shadow copies, 762–69 share permissions, 432 sharing media, 586 sharing resources. See also virtual private networks (VPN) auditing, configuring, 449–51 BranchCache, configuring clients, 463–67 BranchCache, Distributed Cache mode, 463 BranchCache, Hosted Cache mode, 462 BranchCache, overview, 461–62 BranchCache, Windows Server 2008, 468–70 case scenarios, 474 DirectAccess, 526 EFS and HomeGroups, 454

EFS recovery, 453 Encrypting File System (EFS), 451–54 file and folder permissions, 442–49 folders, 428–32, 580–81, 689–90 libraries, 432–33 Network And Sharing Center, 423–25 practice BranchCache configuration, 470–71 encryption and permissions, 454–58 sharing resources, 435–40 printers, 434–35 shim, defined, 262 shutdown, 403, 583, 612, 718 SHVs (Security Health Validators), 536 side-by-side migrations, 29 signing, drivers, 215–19 Sigverif (File Signature Verification), 218–19 single instance storage, 72 site IDs, 339 site-local addresses, 331–32 SkipReam, 82 SKU (Stock-Keeping Unit), 94 sleep mode, 402–03, 583, 586–87, 718 Small Computer System Interface (SCSI), 232 small office/home office (SOHO), 387 Smart Card or Other Certificate, 533 smart cards, 497–99, 532, 539

SmartScreen Filter, 626–27 SMS (System Management Server), 73 snapshots, 766 software. See applications, managing Software Restriction Policies, 256, 271–76, 286–87, 294–95 SOHO (small office/home office) network, 306–07, 350–52, 359–60, 387 spanned partitions, 235, 237 spanned volumes, 239, 241–42 specialize, configuration pass, 80 split WIM, 95 SQL Server, 147 SSID, 353–54, 365–68 SSL (Secure Sockets Layer), 531, 626, 633–36

Task Sequence Editor SSTP (Secure Socket Tunneling Protocol), 515, 530–31, 535 Stability Chart, 661 Stability Index, 660–61 staging device drivers, 205 standard providers, 695 Standard User Analyzer, 263–64 Start Windows Normally, 751 startup keys, 557, 562 Startup Repair, 751 stateful address configuration, 331 stateless address configuration, 331–32 static IP addresses, 368 statistics, network, 319–21 stealth, 384 Stock-Keeping Unit (SKU), 3, 94 STOP errors, 652 storage. See also disks; removable devices; USB (universal serial bus) devices backup, 733, 736 defragmenting disks, 230–32 file-based, 71 ImageX, 68–69 migration store types, 42 requirements, 5–6 write caching, configuring, 711–12 Store Passwords Using Reversible Encryption, 499 streaming multimedia, 716 stress tests, device drivers, 215 striped partitions, 235, 237 striped volumes, 239, 242–45 subnet address, 303 subnet masks, 300 subnets, 302–04 subscriptions, event, 676–77 supernetting, 303–04 Switch To The Secure Desktop When Prompting For Elevation, 486 Switch User, 403 Sync Center, 575, 578–80 synchronization, offline files, 574–82 Sysprep, 64, 77–84, 172 sysprep/generalize command, 79 System and Security, 661–64, 731–39 System Center Virtual Machine Manager (SCVMM), 97–98, 128, 147, 163 System Check, 563 system cleanup, 78

System Configuration (MSConfig), 705–07 system diagnostics report, 656–58 System Diagnostics, DCS, 652 system files, backup and restore, 735, 747 System Image Recovery, 752 System Image, backup and restore, 733–34, 739–41, 749–50 system images, configuring. See also system images, deploying case scenario, generating system images, 111 Deployment Image Servicing and Management Tool (DISM), 75–77 distributing images, 72–75 international settings, 131–33 Offline Virtual Machine Servicing Tool, 96–98 operating system packages, servicing, 127–30 overview, 53 practice, creating bootable VHD, 105–08 practice, creating WIM image, 84–86 pre-staging client computers, 103–04 reference image, creating, 58–72 Sysprep, 77–84 VHDs, native, 89–94 WDS images, 74–75 WDS, online VHD deployment, 98–104 Windows Automated Installation Kit (Windows AIK), 56–58 Windows Image to Virtual Hard Disk Tool (WIM2VHD), 94–96 Windows Preinstallation Environment (WinPE), 58 system images, deploying. See also system images, configuring applications, servicing, 125–27 case scenarios, 191–92 DISM WIM commands, 116–23 drivers, servicing, 123–25 manual installations, 180–81 MDT (Microsoft Deployment Toolkit) applications, adding, 164–66 deployment points, 166–68 device drivers, adding, 154–55 distribution shares, creating, 152–53

language packs, 164 LTI bootable media, 168–69 managing and distributing images, overview, 151–52 offline files, updating, 163–64 operating system image, adding, 153–54 overview, 146–51 program folders, 148 task sequences, 155–61 updates, adding, 161–63 Windows PE options, 168 package installation, 131 practice, downloading, installing and configuring MDT 2010, 181–87 practice, mounting offline image and installing language packs, 140–43 SCCM 2007, 175–80 unattended servicing, command-line, 137–40 WDS, 169–75 Windows editions, managing, 133–35 Windows PE images, servicing, 135–36 System Information (Msinfo32), 212–14 system locale, 132–33 System Management Server (SMS), 73 system partitions, network share deployment, 69 System Performance, DCS, 652 System Properties, 403–04, 406 System Protection, 769–71 system recovery boot options, 754–55 practice, system protection and restore, 756–60 rolling back drivers, 755–56 system restore, 746–50 System Recovery, 750–53 System Recovery Options, 751–52 System Restore Wizard, 746–47 system settings. See settings; settings, network

T target path, 135–36 Task Manager, 215, 664–67, 714–15 Task Sequence Editor, 156, 177–79

867

tasks

tasks attaching to events, 675 managing, 689–90 Task Scheduler, 739 task sequence, 148–49, 155–61 TCP (Transmission Control Protocol), 320 TCP/IP, 675 technician computers, 59 template files Deployment Workbench, 148 Security Template, 487–88 temporary files, 228–29, 735 Teredo, 335–36, 516, 519–21 Teredo Default Qualified policy, 518 Teredo Server Name policy, 518 Terminal Services, 537 Terminal Services Gateway, 403, 498, 537 themes, visual, 259 thick images, 150–51, 153 thin images, 150–53 thumbnails, 228–29 time and date settings, 13 time zones, 133 timers, wake, 586 TLS (Transport Layer Security), 626 Toolbars and Extensions, 630 TPM (Trusted Platform Module), 556–57, 564 Trace Capture, Processing, and Command-Line Analysis tool (Xperf.exe), 717–18 Tracert tool, 315, 338, 342 traces, kernel trace data, 652 transaction processing, 146 translate accelerator, 631 Transmission Control Protocol (TCP), 320, 384 Transmission Control Protocol/ Internet Protocol (TCP/IP), 497, 675 transparent caching, 577 Transport Layer Security (TLS), 626 troubleshooting Action Center, 609 Application Compatibility Diagnostics policies, 264–65 boot configuration data, 754–55 case scenario, performance, 725 device driver conflicts, 212–15 Device Manager, 197 DirectAccess, 519–21 DirectX, 217–18 IP configuration, 312–15

868

IPv4 network connectivity, 311–21 IPv6 connectivity, 342–43 Program Compatibility, 257–58 System Configuration (MSConfig), 705–07 System Performance, DCS, 652 wireless networks, 363–67 Trusted Platform Module (TPM), 556–57, 564 Trusted Publishers certificate store, 215–19 Trusted Root CA Certification Authorities, 216 Trusted Sites, 276, 624 trusts, 409, 485–86 tunnel rules, 394 Tzutil, 133

U UAC (User Account Control) Action Center, 609 application compatibility, 265 case scenario, UAC and passwords, 511 overview, 479–80 policies, 482–87 practice, configuring, 488–90 Remote Assistance, 405 Secpol and Local Security Policy, 487–88 settings, 480–82 UDP (User Datagram Protocol), 320, 335, 384 UIAccess Applications, 486–87 Unattend.xml, 94 unattended answer files, 134 unattended installations, 59, 80–81, 83 Unattended.xml answer files, 127, 137–40 unblocking, 317 uncompressed migration stores, 42 universal serial bus (USB) devices as installation source, 7–8 backup storage, 733, 736 BitLocker, 563–64 booting target drives, 173 data migration, 36 defragmenting, 230–32 deployment points, 166 dialup connections, 540

discover images, 171–72 Encrypting File System (EFS), 451–52 network connections, 350–52 password reset disks, 500 policies, 208, 233–35 power settings, 586 practice, write access, 247–48 security and, 555 write caching, configuring, 711–12 unspecified address, 332 Update Driver, 208–09 updates Action Center, 609–10 adding, MDT (Microsoft Deployment Toolkit), 161–63 applications, servicing, 125–27 case scenarios, 644 device drivers, 197, 208 DirectAccess, 515 images, WDS, 102–03 Microsoft Baseline Security Analyzer (MBSA), 616 offline files, 163–64 Offline Virtual Machine Servicing Tool, 96 practice, configuring Windows Update, 617–19 reliability, stability and performance, 658–61 SCCM 2007, 175–76 WIM images, 120 Windows Server Update Services (WSUS), 610–12 adding updates, 163 application servicing, 125 NAP remediation, 537 offline files, 163 Offline Virtual Machine Servicing Tool, 96 overview, 610–12 Windows Update Action Center, 661–64 case scenario, 644 configuring, 601–08 device drivers, installing, 204–06 policies, 612–16 practice, configuring, 617–19 smart cards, 498 upgrades from Windows 7 Editions, 25–26 from Windows Vista, 26–28 practice, upgrading to Windows 7, 30–31 Windows image, 75

WAP

USB (universal serial bus) devices as installation source, 7–8 backup storage, 733, 736 BitLocker, 563–64 booting target drives, 173 data migration, 36 defragmenting, 230–32 deployment points, 166 dialup connections, 540 discover images, 171–72 disk policies, 233–35 Encrypting File System (EFS), 451–52 password reset disks, 500 policies, 208 power settings, 586 practice, write access, 247–48 security and, 555 write caching, configuring, 711–12 USB controllers, 203, 350–52 USB hubs, power allocation, 202 User Account Control (UAC) Action Center, 609 application compatibility, 265 case scenario, UAC and passwords, 511 overview, 479–80 policies, 482–87 practice, configuring, 488–90 Remote Assistance, 405 Secpol and Local Security Policy, 487–88 settings, 480–82 user accounts data recovery agent (DRA) accounts, 559 HomeGroup Connections, 425 shared folders, 428–32 User Datagram Protocol (UDP), 320, 335, 384 User Defined Reports, 656 User Interface Accessibility (UIAccess), 486–87 user messages, 208 user names, 425, 493–95, 497–99 user profiles backup, 735 case scenario, migrating user data, 49–50 migrating user profile data, 34, 37–39 migration, Windows AIK, 56–58 practice, migrating user data, 43–46 restoring, 767–69 Windows Easy Transfer, 35–39

user rights, 496–97, 530 user settings, compatibility modes, 260 User State Migration Tool (USMT), 39–42, 56–58 user state steps, 178 users Remote Desktop Users group, 404 Runas, 495–96

V validation, 64–65, 205, 485–86, 536 verification, 205 VHD. See virtual hard disks (VHDs) video playback settings, 586 video, recovery options, 751 video, sharing, 425 View Certificates, 633 View Update History, 604 virtual hard disks (VHDs) attaching and detaching, 91 backup storage, 733, 736 BitLocker recovery, 566–67 boot entry, adding, 93–94 booting from, 93 case scenario, working with VHDs, 111 defragmenting, 230–32 dual-boot installations, 17–19 image creation, Windows PE, 67 LTI bootable media, 168–69 native, using, 89–94 network share, image storage, 68–69 offline files, updating, 163–64 Offline Virtual Machine Servicing Tool, 96–98 operating system packages, servicing, 127–30 overview, 513 practice, creating bootable VHD, 105–08 pre-staging client computers, 103–04 System Image backups, 739–41 task sequence, deploy to VHD, 159–61 updates related to, 53 WDS, online VHD deployment, 98–104 WIM2VHD, 94–96 virtual machines, image deployment, 89

Virtual PC, 89–90 virtual private networks (VPN) auditing, 544 authentication protocols, 533 case scenarios, 550–51 DirectAccess client configuration, 517–21 overview, 515–17 practice, configuring with Netsh, 526–27 server, configuring, 521–26 troubleshooting, 519–21 incoming connections, accepting, 541–43 NAP remediation, 536–37 overview, 530–32 practice, configuring remote connections, 545–47 Remote Desktop connections, 403 VPN Reconnect, 535–36 wireless networks, 356 Virtual Server, 89–90, 97 Virtualize File and Registry Write Failures To Per User-Locations, 486 Visual Effects, 709 visual themes, 259 Visual Trace Analysis (Xperfview.exe), 717–18 VMware ESX Server, 97 volume licenses, 82 Volume Shadow Copy Service (VSS), 766 volume status, 239 volumes, disk case scenario, managing, 252 deleting, 246 managing, 240–46 resizing, 245–46 VPN (virtual private networks). See virtual private networks (VPN) VPN Reconnect, 532, 535–36 VSS (Volume Shadow Copy Service), 766

W Wake on LAN, 402–03 wake timers, 586 wakeup, 585 WAN (wide area networks), 349, 577 WAP, 304–07, 312, 363–64

869

Wbadmin

Wbadmin, 739 WCS (Windows Color System), 369 WDS (Windows Deployment Services) as installation source, 9 image deployment, 153, 169–75 MMC snap-in boot image, adding, 101 capture image, creating, 100 discover image, creating, 101 exporting image, 102 images, 74–75 install image, adding, 101–02 overview, 99 updating an image, 102–03 online VHD deployment, 98–104 WDSUTIL, 99, 102–04, 174–75 Web Proxy Auto Detect (WPAD), 608 web sites, certificate errors, 635 WEP (Wireless Equivalent Privacy), 357–60, 367 WFAS (Windows Firewall with Advanced Security), 317–19 wide area network (WAN), 349, 577 Wi-Fi Protected Access (WPA), 357–60 wildcards, 274 WIM (Windows Imaging) command options, 75 image mounting, 116–23 imaging format, 71–72 mounted images, information about, 119–21 practice, creating WIM image, 84–86 WIM2VHD (Windows Image to Virtual Hard Disk Tool), 94–96 Wimscript.ini, 68, 71 Windows 2000, compatibility modes, 258 Windows 7 activation, resetting, 82 automated installations, Windows AIK, 56–58 editions, overview, 3 Enterprise, 5, 93, 96, 276–77, 403–04, 451–52, 461, 517, 564, 574, 734 hardware requirements, 5–6 Home Basic, 4 Home Premium, 4 installation source, preparing, 6–9

870

installing, 9–19 migrating from Windows XP, 29–30 practice, performing clean installation, 19–22 practice, upgrading to Windows 7, 30–31 Professional, 403–04, 451–52, 574 Starter, 4 Ultimate, 5, 93, 96, 276–77, 403–04, 451–52, 461, 517, 564, 574, 734 upgrading from Windows 7 Editions, 25–26 upgrading from Windows Vista, 26–28 Windows 7 Professional, 4 Windows 7 Upgrade Advisor, 27 Windows 95, compatibility modes, 258 Windows 98, compatibility modes, 258 Windows AIK (Windows Automated Installation Kit) BCDboot, 173 installing and using, 56–58 MDT (Microsoft Deployment Toolkit), 147 mounting images, 116 practice, installing, 84–86 USMT (User State Migration Tool), 39–42 VHDs, native, 90 Windows boot manager (Bootmgr.exe), 754–55 Windows Color System (WCS), 369 Windows DDNS, 331–32 Windows Deployment Services (WDS) as installation source, 9 MMC snap-in boot image, adding, 101 capture image, creating, 100 discover image, creating, 101 exporting image, 102 images, 74–75 install image, adding, 101–02 overview, 99 updating an image, 102–03 online VHD deployment, 98–104 Windows Deployment Services Image Capture Wizard, 74, 173 Windows Deployment tools, 90 Windows Deployment Wizard, 168 Windows Event Collector, 676

Windows Experience Index, 663–64 Windows Firewall allowing programs, 387–88 case scenario, 419 event forwarding, 676 Network Location Awareness, 385–87 network settings, configuring, 317–19 overview, 383–88 Ping commands, 341 practice, configuring, 395–98 Windows Firewall with Advanced Security (WFAS) case scenario, 419 DirectAccess, 526 network settings, configuring, 317–19 overview, 389–95 practice, configuring, 395–98 Windows folders, 279, 486 Windows Image to Virtual Hard Disk Tool (WIM2VHD), 94–96 Windows Imaging (WIM) command options, 75 image mounting, 116–23 imaging format, 71–72 mounted images, information about, 119–21 practice, creating WIM image, 84–86 Windows Installer (.msi), 123, 125–27, 276, 278 Windows Internet Naming Service (WINS), 310, 392 Windows Memory Diagnostic, 752 Windows Network Diagnostic tool, 315–16, 675 Windows NT, 258 Windows operating system loader (Winload.exe), 754–55 Windows PE boot images, 116 bootable medium, creating, 66–68 capture image, WDS, 74 configuration passes, 79 configuring options, 168 feature settings, 62 images, creating, 56–58 images, servicing, 135–36 MDT (Microsoft Deployment Toolkit), 148 network share, image storage, 68–69

Wizards practice, creating boot DVD, 84–86 profiling tool, 135 system images, capturing, 58 Windows AIK tools, 58 Windows Performance Analysis Toolkit (WPT), 717–18 Windows PowerShell, 163–64, 408–10, 414–15 Windows Preinstallation Environment (WinPE). See Windows PE Windows RE (Recovery Environment), 749–50, 752 Windows Recovery Environment (Windows RE), 749–50, 752 Windows Remote Assistance, 405–08, 486–87 Windows Remote Management (WinRM), 408–10, 676–77 Windows Remote Shell (WinRS), 395, 409–10, 414–15 Windows Resource Protection (WRP), 263 Windows resume loader (Winresume.exe), 754–55 Windows Server 2003, 96, 175, 259, 271–76, 461 Windows Server 2008 backward compatibility, 117 BranchCache, 461, 468–70 change and configuration managment, 175 DirectAccess, 522 discover image, creating, 171 MDT (Microsoft Deployment Toolkit), 73, 147 Offline Virtual Machine Servicing Tool, 96 Remote Assistance, 406–07 Remote Desktop, 403 SCVMM Administrative Console, 97 servicing, 75 smart cards, 498 Software Restriction Policies, 271–76 Teredo address, 335–36 Windows Server and Certificate Services, 215–19 Windows Server Backup, 89 Windows Server Update Services (WSUS) adding updates, 163 application servicing, 125 NAP remediation, 537

offline files, 163 Offline Virtual Machine Servicing Tool, 96 overview, 610–12 Windows Setup, 79–80 Windows SIM (Windows System Image Manager), 57, 60, 81, 138–39 Windows System 32 folders, 486–87 Windows Task Scheduler, 739 Windows Update Action Center, 661–64 case scenario, 644 configuring, 601–08 device drivers, installing, 204–06 policies, 612–16 practice, configuring, 617–19 smart cards, 498 Windows Update Stand-alone Installer (.msu), 127–28 Windows User State Migration Toolkit (USMT), 147 Windows Vault, 493–95 Windows Virtual PC, 387–88, 735 Windows Vista backward compatibility, 117 BitLocker, 564 compatibility modes, 259 connection security and IPSec, 394 deploying to VHD, 159–61 DirectAccess, 517 migrating user profile data, 34, 39 practice, upgrading to Windows 7, 30–31 Remote Assistance, 406 Remote Desktop, 403–04 servicing, 75 Software Restriction Policies, 271–76 Teredo address, 335–36 upgrading from, 26–28 Windows Easy Transfer, 35–39 Windows Firewall, 386–88 Windows Welcome, 64, 83 Windows XP compatibility modes, 258 connection security and IPSec, 394 DirectAccess, 517 migrating from, 29–30 migrating user profile data, 34, 39 Remote Assistance, 405–08

Remote Desktop, 403–04 ScanState, 41 Software Restriction Policies, 271–76 Windows Easy Transfer, 35–39 Windows XP Mode, 265–66 WindowsImageBackup folder, 740 Winload.exe, 754–55 WinPE (Windows Preinstallation Environment) boot images, 116 bootable medium, creating, 66–68 capture image, WDS, 74 configuration passes, 79 configuring options, 168 feature settings, 62 images, creating, 56–58 MDT, 148 network share, image storage, 68–69 practice, creating boot DVD, 84–86 profiling tool, 135 system images, capturing, 58 Windows AIK tools, 58 Winresume.exe, 754–55 WinRM (Windows Remote Management), 408–09, 676–77 WinRS (Windows Remote Shell), 395, 408–10, 414–15 wipe-and-load migrations, 30 Wired Equivalent Privacy (WEP), 357–60, 367 wired small network, 349 wireless adapter settings, 585 wireless connections case scenario, wireless networks, 377–78 IPv4 network connections, 309 networks, 349, 352–56, 361, 675 security, 357–60, 367–68 troubleshooting, 363–67 Wireless Network Setup Wizard, 355 wireless devices, 349 Wireless Network Properties, 355, 364, 367 Wizards Add Application Wizard, 127 Add Features, DirectAccess, 522 Add Features, Windows Server 2008, 468 Add Hardware Wizard, 206

871

WMI

Add Printer Wizard, 369 Automatically Generate Rules, 283 certificate management, 502 Create A Basic Task Wizard, 675 Create A Shared Folder Wizard, 431 Create New Data Collector Wizard, 655 Forgotten Password Wizard, 500 Initialize Disk Wizard, 236 MOF Generator Wizard, 699 Network Printer Installation Wizard, 369 New Application Wizard, 165–66 New Connection Security Rule Wizard, 393–94 New Deployment Point Wizard, 166–68 New Driver Wizard, 154–55 New Inbound (or Outbound) Rule Wizard, 389–91 New OS Wizard, 153 New Task Sequence Wizard, 177 Restore Files Wizard, 763, 767–69 Rule Creation Wizard, 281–82 System Restore Wizard, 746–47 Windows Deployment Services Image Capture Wizard, 74, 173 Windows Deployment Wizard, 168

872

Wireless Network Setup Wizard, 355 WMI CIM Classes, 696 CIM Repository, 695–96 CIM Studio, 697–99 Event Registration, 702–03 Event Viewer, 703–05 Object Browser, 700–02 overview, 689–94 providers, 694 repository, 694 Service, 694 WMI Administrative Tools, 697–705 WMI consumers, 696 WMI providers, 694–95 WMI scripting library, 696–97 WMI Service, 695 WPA encryption, 367 WPA2 certifications, 358–60 WPA2-Enterprise, 359 WPAD (Web Proxy Auto Detect), 608 WPA-Enterprise, 359 WPT (Windows Performance Analysis Toolkit), 717–18 WQL Query Builder, 699 write performance, 244 permissions, 442–43 practice, access to USB devices, 247–48 Removable Disk policies, 234–35

removable drives, 565 removable media, 233–35, 565 User Account Controls (UAC), 486 write caching, configuring, 711–12 WRP (Windows Resource Protection), 263 WSUS (Windows Server Update Services), 610–12 adding updates, 163 application servicing, 125 NAP remediation, 537 offline files, updating, 163 Offline Virtual Machine Servicing Tool, 96

X Xbootmgr.exe, 717–18 XML Paper Specification (XPS), 368 XORing (exclusive ORing), 335 Xperf.exe, 717–18 Xperfview.exe, 718

Z Zero Touch Installation (ZTI), 73, 147 zone ID, 341 zone rules, 272

Ian McLe an , MCSE, MCITP, MCT, has over 40 years of experience in industry, commerce, and education. He started his career as an electronics engineer before going into distance learning and then education as a university professor. Currently, he runs his own consultancy company. Ian has written more than 20 books and many papers and technical articles. He has been working with Microsoft operating systems since 1997.

Orin Thoma s , is an author and an MCT. He has written

more than a dozen certification textbooks for Microsoft Press. He holds many certifications, including several MCSE and MCITP credentials. He is the convener of the Melbourne Security and Infrastructure Interchange and a Microsoft Security MVP. He lives in Melbourne, Australia, with his wife and son and enjoys traveling around the world speaking at technical conferences like Tech.ED.

System Requirements We recommend that you use a test workstation to complete the exercises in each lab. The following are the minimum system requirements your computer needs to meet to complete the practice exercises in this book. For more information, see the Introduction.

Hardware Requirements You can complete almost all practice exercises in this book using virtual machines rather than real workstation hardware. The following hardware is required to complete the lab exercises: n

Personal computer with minimum 1GHz (x86) or 1.4GHz (x64) processor (2GHz or faster recommended).

n

1 GB of RAM or more (2 GB recommended; 4 GB enables you to host all the virtual machines specified for all the practice exercises in the book.)

n

40 GB hard disk space of which 15 GB is available (40 GB free hard disk space recommended; 60 GB enables you to host all the virtual machines specified for all the practice exercises in the book.)

n

DVD-ROM drive

n

A graphics adapter that supports DirectX 9 graphics, has a Windows Display Driver Model (WDDM) driver, supports Pixel Shader 2.0 hardware and 32 bits per pixel, and has 128 MB graphics memory. (256 MB graphics memory recommended.)

n

Keyboard and Microsoft mouse or compatible pointing device

n

1 GB or larger USB storage device.

Software Requirements n

Windows 7 Enterprise or Ultimate.

n

To perform the practice exercises in Chapter 6, “Network Settings,” you need an additional Windows 7 Workstation. (This can be a virtual machine.)

n

To perform the optional exercises in Chapter 14, “Recovery and Backup,” you need an additional hard disk formatted with the NTFS filing system. This hard disk can be internal or external and should have at least 20 GB free hard disk space.

n

Windows Media Player. To view the Webcasts on the book’s DVD you will need Windows Media Player. A free download is available at http://www.microsoft.com/windows/ windowsmedia/player/download/download.aspx.

To minimize the time and expense of configuring physical computers, we recommend that you use virtual machines. To run computers as virtual machines within Windows, you can use Microsoft Virtual PC 2007. You can download Virtual PC 2007 for free from http://www.microsoft.com/ windows/downloads/virtualpc/default.mspx.