315 23 8MB
English Pages 402
MIKE MEYER'S CERTIFICATION
Passport
MCTS Windows Vista Client Configuration EXAM
70-620
Brian Culp
New York • Chicago • San Francisco Lisbon • London • Madrid • Mexico City Milan • New Delhi • San Juan Seoul • Singapore • Sydney • Toronto
Copyright © 2008 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-159667-4 The material in this eBook also appears in the print version of this title: 0-07-149331-X. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/007149331X
Professional
Want to learn more? We hope you enjoy this McGraw-Hill eBook! If you’d like more information about this book, its author, or related books and websites, please click here.
Dedication For Griffin Chapter 1 A young boy approached his father one day while the father was busy working on a task. That looks boring, said the boy. Let’s go out for a walk. It’s exciting for me, said the father. What do you think would be more exciting than what I’m working on? What if we went outside, walked down to the creek, and looked around for giant slugs? The father paused a moment, put away the papers he was reading, and swiveled in his chair to face the boy. His brow furrowed as he considered how to respond. His son had never mentioned giant slugs before. Giant, huh? We’re not just looking for regular slugs? Giant. You mean giant as in bigger than my thumb, right? You could say that. Well, how big then? They aren’t eating the hosta plants out in the back yard, are they? This one was down by the creek. The father was in midslurp of his afternoon coffee, and only his years of training with the kung fu masters of eastern Nepal saved him the embarrassment and scalding pain of blasting the mouthful of hot beverage out through his nose. His heart rate quickened from 42 all the way to 44 beats per minute. As the old monks who taught him would easily be able to tell, the father was terrified. So you’d say it was bigger than my thumb, then? I’d say it was about 12 feet long. Chapter 2 Twelve feet, huh? That’s an awfully big slug, son. Where did you say you saw this 12-foot slug? I didn’t just see it. But I thought you said— I rode one. This morning. This time the father could not help himself. Worry and fear combined with anger—how could the boy be so reckless? How could the father have let the boy go down to the creek by himself? So unnerved was the father that he set his cup of coffee down on the table, making a faint clunking sound as the glassware hit the table. A single drop spilled over the side of the mug—he had never been so careless with his coffee in his entire life. The monks would not be pleased if they were to see how the father had let his emotions boil over in that moment. Son. You know I like to hear your stories. But haven’t we talked before about— It’s true, the boy reiterated. I rode one this morning for about 20 minutes. The father thought on this a moment and slowly shook his head. But you’re only nine years old, and nine-year-olds don’t ride giant slugs. At least if they do, they don’t live to tell about it. The father reached for his coffee mug once again, and the boy watched as the father slowly brought the mug toward his mouth. The boy was thinking of how he could convince his father that he rode
the slug, thinking that he should take his father down to the creek and try to find the giant slug once again. But then he saw his father pause before taking his next sip of his coffee. The boy saw the faraway look in his father’s eyes. The father took a deep breath. You have the gift, it seems. I didn’t ride my first giant slug until I was 12. Chapter 3 It had recently rained, and the banks of the creek were difficult to navigate. The boy and the father did not care, however, that there would be mud on their legs by the end of the day. There would be a much more dangerous mess to contend with in just a short while. For now, they just rolled up their pant legs and stumbled their way toward the water, which whispered its soft tune as they made their way north. They were headed deeper into the woods, toward the thick shade offered by the trees above, toward the place where the small creek became just a trickle of water fed by a spring somewhere deep underground, toward the place where the sunlight could not reach the ground and the grass under their feet was replaced by moss and sedum and mycelium, toward the hosta plants with leaves three feet wide that burst forth from the edge of the water, and ultimately, toward the lair of the giant slug. That’s when the first attack came. Chapter 4 The first wave swooped down from just over the canopy of trees, descending on the boy and his father with breathtaking speed. The treetops shook as if they, too, were scared. The attackers could be heard before they were seen, although only the father knew for certain what was about to hit them: the slug king had sent his cavalry to do his bidding. What was normally the high whinny whiney sound of tiny mosquito wings beating thousands of times a minute was instead the furious low rumbling bumbling sound of what, under different circumstances, could have been mistaken for an approaching train. But the father knew full well that what was about to hit them was not on rails. The low rumbling bumbling sound was to be expected when the mosquitoes in question stood—when on their hind legs—over two feet tall. The two-foot-tall mosquitoes were powered by their great wings, angrily beating and batting the air around them, brandishing their deadly weapons. The first puncture from the hypodermic mosquito proboscis went all the way through the father’s right arm just as he was reaching out a protective arm to sweep the boy behind him. Except for the mosquito needle that was now sticking through his arm, the father’s arm sweep had come up empty; the boy was simply not there. He had already disappeared. The father exhaled through his nose—so great was his pain—and ducked down to avoid the second swooping, slashing mosquito, dropping to one knee. In doing so, he also managed to twist his arm—and thus the embedded mosquito—under a crushing blow from his knee. The result was a splash of blood from the mosquito’s abdomen. The first mosquito expired immediately. With a quick wrench of his arm—a maneuver the monks had once made him practice for 90 days in a row without sleep or food—the father snapped off the proboscis. His right arm was now a deadly arm-sword. Alas: his acrobatic feat was too late to stop the second mosquito from plopping down on his back. The father had just enough time to resign himself to his fate and command his son to run far away. Then, he felt the mosquito raise four of its legs up off his back, preparing to finish the father with a single fatal stab, and the father thought: it’s too bad I’m about to die. I had some really good coffee left in my pantry that I would most like to drink. That’s when the boy burst out of the shallow water, charging, a crawdad in each hand.
To be continued . . .
For more information about this title, click here
Contents Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Check-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
1
Installing and Upgrading Windows Vista . . . . . . . . . . . . . .
1
Chapter Preamble: The Five (U.S.) Vista Editions . . . . . . . . . . . . . .
2
Objective 1.01 Identify Hardware Requirements . . . . . . . . . . . . . .
3
Requirements on Vista Home Basic . . . . . . . . . . . . . . . . . . . . . . . Requirements for Other Editions . . . . . . . . . . . . . . . . . . . . . . . . . Objective 1.02 Perform a Clean Installation . . . . . . . . . . . . . . . . . . Clean Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dual Boot Considerations . . . . . . . . . . . . . . . . . . . . . . . . . Objective 1.03 Upgrade to Windows Vista . . . . . . . . . . . . . . . . . . . . The Vista Upgrade Advisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Performing the Upgrade to Windows Vista . . . . . . . . . . . . . . . . . . Upgrade Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrade Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A Word or Two About Profiles . . . . . . . . . . . . . . . . . . . . . Objective 1.04 Upgrade from One Edition to Another . . . . . . . . . . Vista Upgrades and the Digital Locker . . . . . . . . . . . . . . . . . . . . . Objective 1.05 Troubleshoot Windows Vista Installation . . . . . File Copy Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frozen Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 1.06 Install and Configure Windows Vista Drivers . . Update Drivers Automatically with Windows Update . . . . . . . . . Configuring Windows Update Settings . . . . . . . . . . . . . . . Use the Windows Update Driver Settings . . . . . . . . . . . . Update Drivers Manually with Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 5 7 7 12 13 14 15 17 18 19 21 21 22
23 24 25 25 28 29 30 31 32 35
v
vi
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2
Configuring and Troubleshooting Post-Installation System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 2.01 Troubleshoot Post-Installation Issues . . . . . . . . .
The User State Migration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . XML and USMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the USMT . . . . . . . . . . . . . . . . . . . . . . . . . . . . Migrating a User Account . . . . . . . . . . . . . . . . . . . . . . . . . Migrating a Domain Account . . . . . . . . . . . . . . . . . . . . . . Migrate with Windows Easy Transfer . . . . . . . . . . . . . . . . . . . . . Part One: Preparing the Target (Vista) Machine . . . . . . . . Part Two: Gathering Settings from the Existing Machine . . . Vista Hard Disks: Basic vs. Dynamic . . . . . . . . . . . . . . . . . . . . . . Partitioning the Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Formatting the Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . The FAT and FAT32 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . The NTFS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 2.02 Configure and Troubleshoot Windows Aero . . . Enable Windows Aero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Change Window Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Live Thumbnails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Flip 3D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring the Default Theme . . . . . . . . . . . . . . . . . . . . . . Disabling Theme Changes . . . . . . . . . . . . . . . . . . . . . . . . . Objective 2.03 Configure and Troubleshoot Parental Controls . . . Limit Computer Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Limit Internet Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prevent Users from Running Programs . . . . . . . . . . . . . . . . . . . . Prevent Users from Running Games . . . . . . . . . . . . . . . . . . . . . . Activity Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 2.04 Configure Internet Explorer . . . . . . . . . . . . . . . . . . . Changes for the User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Browser Viewing Improvements . . . . . . . . . . . . . . . . . . . . Favorites Center Enhancements . . . . . . . . . . . . . . . . . . . . Using Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Integrated Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Page Zoom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RSS Feed Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Printing Capabilities . . . . . . . . . . . . . . . . . . . . .
37 38 39 39 40 41 42 43 43 45 46 47 49 51 51 52 53 55 56 56 58 59 62 63 64 66 67 68 69 70 71 72 73 78 79 80 83
Contents
3
vii
CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
84 85 89
Configure Windows Security Features . . . . . . . . . . . . . . . . .
91
Objective 3.01 Configure and Troubleshoot User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Account Control Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . Disabling User Account Control . . . . . . . . . . . . . . . . . . . . Objective 3.02 Configure Windows Defender . . . . . . . . . . . . . . . . . Membership in the Spyware Community . . . . . . . . . . . . . . . . . . . Protect Your Computer with Windows Defender . . . . . . . . . . . . Objective 3.03 Configure Dynamic Security for Internet Explorer 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IE Privacy Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Pop-up Blocker . . . . . . . . . . . . . . . . . . . . . . . . . . IE Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Phishing Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Check for a Phishing Site Manually . . . . . . . . . . . . . . . . . Objective 3.04 Configure Security Settings in Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Example of a Firewall Exception at Work . . . . . . . . . . Objective 3.05 Understand Windows Group Policy Objects . . . Understanding the Active Directory . . . . . . . . . . . . . . . . . . . . . . . Objects Managed by Active Directory . . . . . . . . . . . . . . . . Logical Active Directory Components . . . . . . . . . . . . . . . . Group Policy and Vista Administration . . . . . . . . . . . . . . . . . . . . The Local Group Policy Object . . . . . . . . . . . . . . . . . . . . . . Open the Group Policy Object Editor . . . . . . . . . . . . . . . . . Group Policy Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Administrative Templates . . . . . . . . . . . . . . . . . . . . . . . . . What Can Be Managed with a Group Policy . . . . . . . . . . . . . . . . Changes to Group Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . Removable Storage Device Management . . . . . . . . . . . . . Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Printer Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92 93 96 97
98 99 100 102 103 105 105 108 109 109 112 113 114 115 117 120 120 121 122 123 123 124 125 127 127 128 128 129
viii
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Group Policy Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Group Policy Processing Considerations . . . . . . . . . . . . . . Multiple Local Group Policy Objects . . . . . . . . . . . . . . . . . . . . . . Create a Multiple Local Group Policy Object . . . . . . . . . . Delete a Multiple Local Group Policy Object . . . . . . . . . . Disable User and Computer Configuration Settings . . . . . . . . Configure the User Environment with Administrative Templates Configure Security Settings with Group Policy . . . . . . . . . Configure a Firewall Setting . . . . . . . . . . . . . . . . . . . . . . . Other New Group Policy Settings . . . . . . . . . . . . . . . . . . . . . . . . Background Information: ADM and ADMX Files . . . . . . . . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
129 130 132 134 134 137 138 139 140 141 142 143 148 149 153
Configure Network Connectivity . . . . . . . . . . . . . . . . . . . . . . 155 Objective 4.01 Configure Networking Using the Network and Sharing Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The Network and Sharing Center . . . . . . . . . . . . . . . . . . . . . . . . . The Network Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Network Discovery . . . . . . . . . . . . . . . . . . . . . . . Customize the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Create a Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Network Card Options . . . . . . . . . . . . . . . . . . . . . Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Network Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Set Up a Virtual Private Network Connection . . . . . . . . . . Set Up an Ad Hoc Network . . . . . . . . . . . . . . . . . . . . . . . . Disconnect from a Network . . . . . . . . . . . . . . . . . . . . . . . . Manage Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security with the Network and Sharing Center . . . . . . . . . . . . . . Sharing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . Traditional Windows Folder Sharing . . . . . . . . . . . . . . . . . Advanced Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 4.02 Troubleshoot Connectivity Issues . . . . . . . . . . . . . Troubleshooting Logical Connections . . . . . . . . . . . . . . . . . . . . . IPCONFIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
156 158 160 161 162 163 165 165 168 171 173 175 176 177 178 180 182 183 185 186 186 188
Contents
TRACERT.EXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PATHPING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NSLOOKUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Status and Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 4.03 Configure Remote Access . . . . . . . . . . . . . . . . . . . . . . Using Remote Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting up a Remote Assistance Connection . . . . . . . . . . Remote Assistance and Security . . . . . . . . . . . . . . . . . . . . Remote Assistance and the Windows Firewall . . . . . . . . Remote Assistance and Compatibility . . . . . . . . . . . . . . . Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deploying Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . Establishing the Remote Desktop Connection . . . . . . . . . Remote Desktop and Windows XP . . . . . . . . . . . . . . . . . . Making the Remote Desktop Connection . . . . . . . . . . . . . Remote Desktop and Windows Firewall . . . . . . . . . . . . . . Remote Desktop and NAT . . . . . . . . . . . . . . . . . . . . . . . . . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
ix
189 189 190 191 192 193 194 196 199 201 202 203 204 209 209 209 210 212 213 217
Configure Applications Included with Windows Vista . . . . 219 Objective 5.01 Configure and Troubleshoot Media Applications . .
Windows Media Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Media Player 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Media Sharing with Windows Media Player . . . . . . . . . . Integrated Instant Search . . . . . . . . . . . . . . . . . . . . . . . . . Windows Photo Gallery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Movie and DVD Maker . . . . . . . . . . . . . . . . . . . . . . . . Objective 5.02 Configure Windows Mail . . . . . . . . . . . . . . . . . . . . . Set Up and Edit an E-mail Account . . . . . . . . . . . . . . . . . . . . . . . Windows Mail and HTTP E-mail Accounts . . . . . . . . . . . . Instant Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Junk Mail Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Safe and Blocked Senders . . . . . . . . . . . . . . . . . . . . . . . . . Phishing Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Newsgroup Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 5.03 Configure Windows Meeting Space . . . . . . . . . . . Conduct a Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Firewall and Other Network Considerations . . . . . . . . . . .
220 221 222 226 227 229 231 232 232 234 234 236 237 238 239 242 243 245
x
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Objective 5.04 Configure Windows Calendar . . . . . . . . . . . . . . . . .
Add an Appointment or Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . Calendar Publishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Calendar Sharing and Subscription . . . . . . . . . . . . . . . . . . . . . . . Objective 5.05 Configure Windows Fax and Scan . . . . . . . . . . . . Set Up a Fax Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sending and Receiving a Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 5.06 Configure Windows Sidebar . . . . . . . . . . . . . . . . . . Changing Sidebar Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Add a Gadget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows SideShow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
247 248 249 250 252 252 254 255 256 257 258 260 261 265
Maintaining and Optimizing Systems that Run Windows Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Objective 6.01 Troubleshoot Performance Issues . . . . . . . . . . . . .
The System Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Windows Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applications Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Processes Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Performance Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Networking Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reliability and Performance Monitor . . . . . . . . . . . . . . . . . . . . . . Resource Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Collector Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wizards and Templates for Creating Logs . . . . . . . . . . . . Reliability Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User-friendly Diagnosis Reports . . . . . . . . . . . . . . . . . . . . Performance Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 6.02 Troubleshoot Reliability Issues Using Built-in Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Problem Reports and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . Hard Disk Reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disk Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Vista Performance Enhancements . . . . . . . . . . . . . . . . . . .
268 269 271 272 273 276 277 278 279 279 279 280 281 283 284 284 288 290 290 291 293 295
Contents
Windows ReadyBoost . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows SuperFetch . . . . . . . . . . . . . . . . . . . . . . . . . . . . Vista ReadyDrive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 6.03 Configure Windows Update . . . . . . . . . . . . . . . . . . . Hiding and Restoring Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . Objective 6.04 Configure Data Protection . . . . . . . . . . . . . . . . . . . . File Encryption with EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encryption with BitLocker Drive Encryption . . . . . . . . . . . . . . . . . Setting up BitLocker (no TPM) . . . . . . . . . . . . . . . . . . . . . . Manage a TPM Environment . . . . . . . . . . . . . . . . . . . . . . . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
xi
295 297 298 299 301 302
303 305 306 310 311 312 316
Configuring and Troubleshooting Mobile Computing . . . . 319 Objective 7.01 Configure Mobile Display Settings . . . . . . . . . . . .
Change Screen Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Changing Display Refresh Rate . . . . . . . . . . . . . . . . . . . . . . . . . . Use Multiple Monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Use Multiple Monitors Manually . . . . . . . . . . . . . . . . . . . Multiple Monitor Considerations . . . . . . . . . . . . . . . . . . . Objective 7.02 Configure Power Options . . . . . . . . . . . . . . . . . . . . . Shut Down and Other Power Options . . . . . . . . . . . . . . . . . . . . . Switch User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Log Off and Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sleep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hibernate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shut Down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Vista Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Change Sleep Options on Mobile Computers . . . . . . . . . . Configure Power Settings with Group Policy . . . . . . . . . . . . . . . . Objective 7.03 Configure Tablet PC Software . . . . . . . . . . . . . . . . . The Tablet PC Input Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Back of Pen Erase and Scratch-Out Gestures . . . . . . . . . . . . . . . Changing Screen Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other General Tablet PC Settings . . . . . . . . . . . . . . . . . . . Pen Cursors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Pen Flicks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
320 321 323 324 326 326 327 328 328 329 330 330 333 334 334 337 339 341 343 344 345 345 346 347
xii
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Objective 7.04 Configure Mobile Devices . . . . . . . . . . . . . . . . . . . .
The Sync Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Set Up a Mobile Device Partnership with the Sync Center . CHECKPOINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW QUESTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . REVIEW ANSWERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A B
348 349 350 351 352 356
About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Career Flight Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Acknowledgments Here’s how it works: I write a bunch of words and then other people come in and make sure those words are technically accurate (in draft form, they usually are but sometimes are not), are relatively well-organized complete thoughts that follow some sort of logical flow (again, usually the case but not always), and follow generally accepted procedures for coherent writing (the people who clean up after me don’t really do too much with the front matter; this paragraph is pretty much all the supporting evidence you need as to how much these talented people contribute in an effort to make this book as good as possible given the limitations of its author; I tend ramble, it seems), and after all that review and correction and re-review, the end result is the pretty good little title you’re reading right now that will soon have you on your way to Microsoft certification. In other words, the book in is every way a team effort, and I have the fortune of having a very good team around me. Following, then, is a list of the good people whom I have sent into a flop sweat with chapter drafts during most of the late winter/early spring months of 2007. Each deserves thanks both from me and from you for how well this book turned out. And trust me, this book delivers the goods. If you read this and take the practice exam, you’ll pass. Period. I have “piloted” this book with a few people while it was in draft form, and they have the 620 passing exam grades to prove it. The talented individuals referenced heretofore are as follows: Agatha Kim Agatha did the lion’s share of copy editing for this book, and likely rues the day she was assigned this project. Her contributions have been invaluable. She made endearing comments like these during the draft review process: Author: please put down your crayons and learn to use the spellcheck feature—AK. Now that I think on it, she made me cry several times during the course of this book. Jennifer Housh Her title is Acquisitions Coordinator, and she’s involved in the edit every step of the way. She did a great job. By the way, she signs her e-mails Jenni, but her automated signature thing at the bottom of the e-mails reads Jennifer. She will always remain a mystery to me.
xiii
xiv
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Jody McKenzie Jody is the project editor, shepherding the project to completion, helping to keep everyone on this team communicating, catching mistakes, and making improvements until the day this book goes to press. She’s great to work with and is very talented. Sally Engelfried Sally also made many valuable contributions and corrections during the copy edit process. The book reads much better than it did in draft form thanks to her hard work. Brian Barber He performed the technical review of the book and review questions and helped make sure that what you are reading is as technically accurate as possible. Jennifer Hageman and Rex O’Neill These two made valuable contributions to the chapter review and CD questions herein. Again, thanks to all of these people for contributing their talents to this project. Any errors that remain are the sole responsibility of the author. Should you stumble across any, feel free to write and chew me out at [email protected].
Check-In May I See Your Passport? What do you mean you don’t have a passport? Why, it’s sitting right in your hands, even as you read! This book is your passport to a very special place. You’re about to begin a journey, my friend, a journey toward that magical place called certification! You don’t need a ticket, you don’t need a suitcase—just snuggle up and read this passport—it’s all you need to get there. Are you ready? Let’s go!
Your Travel Agent: Mike Meyers Hello! I’m Mike Meyers, president of Total Seminars and author of a number of popular certification books. On any given day, you’ll find me replacing a hard drive, setting up a website, or writing code. I love every aspect of this book you hold in your hands. It’s part of a powerful book series called the Mike Meyers’ Certification Passports. Every book in this series combines easy readability with a condensed format—in other words, it’s the kind of book I always wanted when I went for my certifications. Putting a huge amount of information in an accessible format is an enormous challenge, but I think we have achieved our goal and I am confident you’ll agree. I designed this series to do one thing and only one thing—to get you the information you need to achieve your certification. You won’t find any fluff in here. The authors pack every page with nothing but the real nitty gritty of the MCTS Windows Vista Configuration Certification exam. Every page has 100 percent pure concentrate of certification knowledge! But we didn’t forget to make the book readable, so I hope you enjoy the casual, friendly style. My personal e-mail address is [email protected]. Please feel free to contact me directly if you have any questions, complaints, or compliments. If you have questions about Windows Vista or Vista certification or about the book, you can get in touch with Brian through his website, brianculp.com.
Your Destination: Windows Vista Configuration Exam 70-620 You have already been introduced to the purpose of this book: it’s your passport to the Windows Vista Configuration exam, also known as exam 70-620. This test
xv
xvi
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
will measure your ability to implement, administer, and troubleshoot information systems that incorporate the Microsoft Windows Vista operating system. You can expect to be tested on topics such as installing Windows Vista, configuring hardware such as network cards and hard drives, configuring the desktop environment for end users, establishing connectivity between computers, and troubleshooting security settings. In addition, exam candidates are expected to have at least some amount of experience implementing and administering real-world networks. Upon passing the 620 exam, you will then be able to call yourself a Microsoft Certified Professional. More importantly, Microsoft will call you that as well, officially assigning you the title of MCTS—a Microsoft Certified Technology Specialist (in Windows Vista). If you want, you can stop your certification ambitions there, or use the MCTS certification as a springboard for other certifications such as the MCITP, MCDST, MCSA, or the MCSE. If all these certification initials have your head spinning, you can always go to www.micorosft.com/learning for all the details. And we’ve even spelled out many of the available Microsoft certification tracks in Appendix B. The MCSE certification, by the way, is one of the industry’s most powerful certifications—always has been. A few things are still up in the air as of this writing, but know that the certification tracks are scheduled for a bit of an overhaul starting in the Fall of ’07. One thing that won’t change, however: the MCSE certification will demonstrate to employers and colleagues a thorough mastery of the Microsoft Windows operating systems. And unless you think that Microsoft will be out of the network operating system business anytime soon, it will remain a valuable certification for years to come.
Your Guide: Brian Culp Brian Culp (CompTIA A+, MCT, MCSE) is the author of several books on computer topics, including Windows Vista Administration: the Definitive Guide, Spring into Windows XP, and many certification titles in the Passport Series from McGraw-Hill. He has worked for firms such as IBM and Microsoft. He currently lives in Kansas City.
About the Technical Editor Brian Barber (MCSE, MCSA, MCP+I, MCNE, CNE, CNA-GW, Linux+) is a consultant with Sierra Systems Consultants Inc., specializing in IT Service Management and infrastructure architecture design and implementation. His primary areas of interest are operating systems, multiplatform integration, directory services, and enterprise messaging. In the past he has held the positions of Senior Technical Analyst at MetLife Canada and Senior Technical Coor-
Check-In
xvii
dinator at the LGS Group Inc. (now a part of IBM Global Services). Brian has been an author of or technical editor for nine books on IT certification and Microsoft technologies.
Why the Travel Theme? The steps to gaining a certification parallel closely the steps to planning and taking a trip. All of the elements are the same: preparation, an itinerary, a route, and even mishaps along the way. Let me show you how it all works. This book is divided into seven chapters. Each chapter begins with an Itinerary that provides objectives covered in each chapter and an ETA to give you an idea of the time involved learning the skills in that chapter. Each chapter is broken down by objectives, either those officially stated by the certifying body or our expert take on the best way to approach the topics. Also, each chapter contains a number of helpful items to bring out points of interest:
Exam Tip Points out critical topics you’re likely to see on the actual exam.
Travel Assistance Shows you additional sources, such as books and websites, to give you more information.
Local Lingo Describes special terms in detail in a way you can easily understand.
Travel Advisory Warns you of common pitfalls, misconceptions, and downright physical peril!
The end of each chapter gives you two handy tools. The Checkpoint reviews each objective covered in the chapter with a handy synopsis—a great way to review quickly. Plus, you’ll find Review Questions and Answers to test your newly acquired skills.
xviii
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
CHECKPOINT But the fun doesn’t stop there! After you’ve read the book, pull out the CD and take advantage of the free practice questions. Use the full practice exam to hone your skills, and keep the book handy to check answers. When you’re acing the practice questions, you’re ready to take the exam. Go get certified!
The End of the Trail The IT industry changes and grows constantly, and so should you. Finishing one certification is just a step in an ongoing process of gaining more and more certifications to match your constantly changing and growing skills. Read the Career Flight Path at the end of the book to see where this certification fits into your personal certification goals. Remember, in the IT business, if you’re not moving forward, you are way behind! Good luck on your certification! Stay in touch.
Mike Meyers Series Editor Mike Meyers’ Certification Passport
1
Installing and Upgrading Windows Vista
ITINERARY
• • • • • •
Objective 1.01 Objective 1.02 Objective 1.03 Objective 1.04 Objective 1.05 Objective 1.06
Identify Hardware Requirements Perform a Clean Installation Upgrade to Windows Vista Upgrade from One Edition to Another Troubleshoot Windows Vista Installation Install and Configure Vista Drivers
NEWBIE
SOME EXPERIENCE
EXPERT
3 hours
2 hours
1 hour
1
2
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Use of Windows Vista—and thus your journey toward Vista certification on the 70-620 exam—begins with deployment. This book is a passport, after all, and its purpose is to get you pointed in the right direction, both in your exam preparations and in your actual use of the operating system. We’ll start with a look at hardware requirements for Windows Vista. There are essentially two bars a computer has to clear in order to run Vista: one for the Basic experience and one for Vista Aero. As you’ll soon see, the former is one that most modern PCs should be able to clear handily, while the latter will present a little more of a chore, especially on mobile systems that are currently running Windows XP. After making sure the bases are covered hardware-wise, we will then look at actual implementation, first during a clean installation procedure and then during an upgrade from Windows XP to Windows Vista. But the upgrade possibilities don’t end there. In Objective 1.04, you will learn the procedure to upgrade from one Vista edition to another. Vista users will delight in the ease at which they are able to switch from one edition to another as their needs change. The same could not be said for the Windows XP experience. This chapter closes with a look at troubleshooting the installation process (not to be confused with troubleshooting post-installation issues) and at getting everything up and running once Vista has installed. Generally, this means making sure the latest drivers and software patches are in place, and Vista automates both of these tasks to a large degree with the utilities that are described herein. Before launching into the official 70-620 exam objectives, however, it’s important to take a brief inventory of the many different editions of Windows Vista currently being offered by Microsoft. As you will see throughout the book, some of the utilities and technologies available on one edition will not be available on all editions. Likewise, a chapter preamble section, as follows, will not be a part of any other chapter, but it’s vital to have a reference point when I refer to the capabilities of each edition.
Chapter Preamble: The Five (U.S.) Vista Editions
A
s of the release-to-manufacturer (RTM) time (meaning that Microsoft has shipped the final code so that computer makers can start building systems with Vista preinstalled), there are five versions of Windows Vista available in the U.S. market.
CHAPTER 1 Installing and Upgrading Windows Vista
3
The different editions are specifically tailored to meet the needs of varying operating system scenarios. Two are designed for the home user, two are meant to operate in a secure business environment, and one, Vista Ultimate, has the ability to happily exist in both. The formal titles are as follows:
• • • • •
Windows Vista Home Basic Windows Vista Home Premium Windows Vista Business Windows Vista Enterprise Windows Vista Ultimate
We’ll discuss the characteristics of each under a separate heading, starting with the Home Basic edition.
Travel Advisory There are actually many more versions of Vista than those listed in this chapter. My European readers, of whom there will be many no doubt, may be using a version called Vista version N, which is essentially Vista with Media Player stripped out of the default install in order to comply with an EU antitrust resolution. There is also a sixth edition called the Windows Vista Starter edition, available in what Microsoft refers to as “emerging markets.” Designed for users for whom Vista may be their first encounter with a personal computer, the Starter edition includes additional tools and tutorials to make it easier to use. The biggest difference in the Starter edition, however, is the price, which is a fraction of what the other versions will cost. The Starter edition is not available in “high income” markets such as the United States, Canada, the European Union, Australia, and New Zealand. Features that apply only to the Starter edition will not be covered in this book.
Objective 1.01
W
Identify Hardware Requirements
hat kind of machine should be running Windows Vista? The answer, naturally, depends on the edition of the operating system that meets your needs. Fortunately, though, we don’t have to keep track of five different levels of hardware requirements. When the topic is Vista hardware considerations, essentially there’s Home Basic, and then there are all of the others.
4
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory So, is it Vista-capable or Vista Premium-ready? And will a Vista-capable PC run the Business edition? Does a Home Premium machine mean that it’s automatically Premium-ready? In practice, these distinctions should more accurately be described as the Windows Vista Basic interface and the Aero interface. You can run a Home Premium or Ultimate edition, for example, on a machine that doesn’t support the Windows Aero requirements. We’ll try to sort out this unnecessary confusion in Chapter 2 as a separate exam objective.
Requirements on Vista Home Basic We’ll begin with a look at the Vista Home Basic requirements. What kind of machine should be running the Vista Home Basic edition? To start with, maybe “should” is the wrong word here. “Can” is more like it. The following are the minimum hardware requirements to run this version of the operating system:
• • • •
800 MHz processor 512MB RAM A graphics card that supports DirectX 9 15GB free space on a 40GB hard drive
What if you want a really tricked-out Home Basic machine? The 32-bit version will support a single processor (although the dual-core CPUs count as only one processor) and support 4GB of physical RAM. The 64-bit version will support up to 8GB of physical memory.
Exam Tip Vista Home Basic supports five simultaneous inbound network connections, making it a poor choice as a file or print server in environments where more than five systems are involved.
In summary, Windows Vista Home Basic is most similar to Windows XP Home edition. It is a solid operating system built for home users who want basic computer functionality while spending the least amount of money possible to get that functionality. It is a good choice as a platform for almost any application the home user may want to run and includes a bundle of standard games, the new Internet Explorer 7 browser, Media Player 11, and Windows Photo Gallery, which is a vastly improved application for digital photo management over any-
CHAPTER 1 Installing and Upgrading Windows Vista
5
thing that Microsoft has natively offered before. Vista Home Basic will run applications such as Adobe Photoshop and Microsoft Office with aplomb. But there is a long list of what it can’t do as well, especially in comparison with other Vista editions. It does not include support for the Media Center (easily confused with the Media Player), which provides advanced digital entertainment support. Nor does it include the Vista Backup or premium games like Chess and Mahjong, and it does not support Tablet PC functionality. This doesn’t have anything to do with the test, but in the end I find it difficult to make a strong case that someone should upgrade an XP Home machine to Vista Home Basic. The only exception to this is if you use a PC extensively for managing digital photos, in which case Photo Gallery is a slick little bundled application. But if you’re going to upgrade a system, my recommendation is to use the Vista Home Premium edition. Microsoft plans on supporting the Home Basic edition until 2012.
Requirements for Other Editions When most people think of the new features in Windows Vista, they’re thinking of a user interface environment known as Windows Aero. I often get the question, “Hey, what’s that thing where the applications do that swirly thing and you can see through them?” That’s Aero, and it’s the default user interface for computers running Windows Home Premium and above. For sheer wow factor, this one’s tough to beat—that’s why it’s always featured at the end of the Microsoft Vista commercials. The stated objective of Aero is to make PC use smoother and more intuitive than it has been in the past, or what Microsoft terms more “clear and confident.” Add to this that Microsoft stresses new features heavily on any of their certification exams, and wise test-takers will be sure to brush up on this new visual interface.
Travel Advisory Just because your machine can run the Vista Home Premium Edition doesn’t automatically mean that you can use Aero.
One vital component of the Windows Aero discussion is that your hardware must be capable of supporting it in order to use it. When compared to the Windows Vista Basic interface, Aero requires a heck of a lot more horsepower. The following are the minimum hardware requirements for Aero, which in turn pretty much
6
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
define the minimums for Windows Home Premium. I don’t think many folks will want to run the Home Premium edition without using the Aero interface:
• • • •
1GHz processor
•
15GB free disk space on a 40GB hard drive.
1GB physical RAM 128MB memory on the graphics card A graphics card driver that supports DirectX 9 and uses a Windows Display Driver Model (WDDM) driver, Pixel Shader 2, and 32 bits per pixel
As you can see, the graphics card is going to present the biggest performance hurdle for users upgrading older machines, with the 1GB physical memory requirement running a close second on many laptops. (When I started this book, only one of my two desktop machines had 1GB of RAM, and they seem to be chugging along just fine.). Also, I wouldn’t worry about the DirectX 9 and WDDM requirement too much if I were you. Most video card cards from manufacturers ATI or nVidia installed with 128MB or more of video RAM support the WDDM standard, but you should check that it’s WDDM compliant before you buy. Because of this, you may see some question on the exam where a computer looks like it should run Vista Aero, but the video card driver is not WDDM-compliant.
Travel Advisory Original equipment manufacturers will advertise their system as “Windows Vista Premium Ready” (italics mine) if it supports the minimum requirements for running the Aero interface.
As mentioned earlier, it’s important to bear in mind that a system can still run the Home Premium, Business, Enterprise, or Ultimate editions of Windows Vista with only the minimum hardware requirements. The Aero user interface, however, will not run with the minimum hardware configuration. It’s a bit of a rough segue, but we’ll pick up the Aero discussion again in Chapter 2. Microsoft has deconstructed what I think is one topic into two separate test objectives; therefore, I will follow suit. After all, I’m not writing about Vista so much as about a test on Vista. Now that the hardware minimums are established, the next order of business is to perform the installation. There is a lot to consider during this process, but fortunately not as much as there has been in past upgrades
CHAPTER 1 Installing and Upgrading Windows Vista
7
throughout the Windows food chain. Generally speaking, there are now a whole lot fewer steps.
Objective 1.02
Perform a Clean Installation
U
sually, a clean Vista installation is a fairly simple operation, consisting of little more than inserting the installation DVD and making sure the system BIOS is able to boot to the DVD drive. You answer a few questions and are on your way to using Vista for the first time. But, it wouldn’t be a separate 620 exam objective unless Microsoft expected you to understand each of the clean installation steps. Here’s what you’ll need handy during a clean installation:
• • • •
The installation media. The Windows Vista product key. Your computer name if you plan on connecting to a network. In a network, no two computers can use the same name. If joining a domain, you’ll also be prompted for user account credentials with the right to add a computer to the network. Exactly which accounts have this right is up to the domain administrator.
Exam Tip Windows Vista is distributed on DVDs, not CDs. If your computer doesn’t have a DVD drive, you can’t install Windows Vista unless you perform a network installation or utilize some kind of image deployment strategy (which usually entails installing over the network).
Clean Installation Procedure The clean installation involves either preparing a blank hard drive, or wiping out all existing data before proceeding. Either way, the result is a computer with Windows Vista installed and nothing else. That last point bears repeating: nothing else. Make sure before performing a clean installation that either there’s nothing on the existing hard drive that you want to keep, or that what you do want to keep has been copied elsewhere. Once you complete the steps listed here, all data is gone.
8
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
As mentioned, the clean installation typically begins with you inserting the Windows installation DVD into the computer’s optical drive. Two considerations come immediately into play:
•
If you’re dealing with a computer with no operating system, you will probably have to reboot. Note also that you may have to edit your system’s BIOS settings to boot to the DVD drive first before looking to the hard drive.
•
If your system does have an existing Windows OS, the Autorun feature should present you with the Install Windows dialog box, shown next. If it doesn’t, look for the setup.exe file on the root directory of the optical drive.
Once you see the Install Windows dialog box, you can proceed with the clean installation by following these steps: 1. If you choose the Custom option, you’ll be prompted to restart your computer. (Choosing the Upgrade option is covered in the next objective.) 2. The computer goes through its Power On Self Test, detects bootable media in the optical drive, and then loads the Windows Preinstallation Environment (Windows PE). The next screen you’ll see is the Install Windows page. Click Install Now. 3. You should see the Get Important Updates For Installation page, shown next. Thanks to Windows PE, you might be able to get these
CHAPTER 1 Installing and Upgrading Windows Vista
updates even if you’re setting up Vista on a blank disk. Getting the updates is recommended, as they can help facilitate less configuration work once setup is complete.
4. In the next dialog box, you’re prompted for the 25-character product key. Using the product key now can help avoid problems during activation.
9
10
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
5. In the next dialog box, click to Accept The License Terms of Vista licensing. 6. Now you arrive at the crucial part of the Vista attended installation. After accepting the license agreement, you’re asked which type of installation you want. To perform the clean installation if there is an existing operating system on the disk, choose the Custom option, shown next.
Travel Advisory You don’t necessarily have to enter a product key during installation; it may be done later on. By not entering a product key, you will be allowed to test different versions of Vista, using the 30-day grace period as an evaluation period.
7. The next dialog box asks where you want to install Windows, as shown next. Here’s your chance to either configure or reconfigure the hard drive to best suit your needs using the Drive options (advanced) selection.
CHAPTER 1 Installing and Upgrading Windows Vista
• •
If Vista will be the only OS—as is the case on most computers—you might just create a single partition out of the entire drive.
•
If the hard drive already has a defined partition you’re happy with—as is the case when performing a clean installation on a system with an existing OS—you can just click Next, and installation will start automatically.
11
If you plan on installing another operating system—as is the case with many administrator or lab machines—you have the option of partitioning off your disk. Note that installing Vista into a partition that already holds an operating system is not recommended by Microsoft and is not supported by any of their technical support staff.
Executing Vista’s installation routine (setup.exe) is the easy part of the clean installation. The other part is making sure all drivers are present and that all devices have been detected and are working properly. From a productivity standpoint, you will also likely want to install a series of applications before your system is ready to go. We’ll discuss some of these post-installation steps later in the chapter. An upgrade, on the other hand, typically reduces the amount of post-install work, as discussed in the next objective.
Travel Advisory If you do a Vista install on a partition that already contains an OS, it will likely cause that OS to no longer be bootable.
12
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Two more notes regarding the clean installation process:
•
As mentioned previously, Vista is distributed only on DVD. If your system doesn’t have a DVD drive or is without an optical drive altogether, you must boot using an alternate device.
•
If you download Vista from the Internet, possibly during an upgrade from one version to another (discussed later), it is possible to create a bootable USB drive with the installation bits on it.
Dual Boot Considerations It is possible to have two clean installations of the Windows operating system living side-by-side on the same machine. There are two ways to do this. One of these is the ability to run another operating system such as Windows XP inside a virtual machine. The other is to configure a dual-boot machine, where only one operating system can be used, or booted up, at the same time. Setting up a dual-boot machine is not without its pitfalls. Specifically, there are two issues that can plague Windows Vista machines when also trying to boot with previous editions of Windows:
•
When you install an earlier version of Windows such as Windows XP after installing Vista first. In this case, you’ll find that Vista no longer starts. In the example here, you’ll find that only the earlier version of Windows, XP, will be able to start.
•
When you install a second instance of Windows XP on a computer where you have already configured a Windows XP/Windows Vista dual-boot configuration. If this is the case, you may receive this error message: “Disk read error has occurred.”
Why would you run into either of these issues? It’s all about the new way that Windows Vista uses Boot Configuration Data (BCD) to boot up rather than a boot.ini file, as was the case with Windows XP. In other words, the new bootup procedure is incompatible with the old. When you install Windows XP onto a computer that’s already running Windows Vista, the XP setup procedure overwrites everything from the existing Master Boot Record (MBR), boot sector, and the boot files. This is a big deal because this old boot configuration method is unable to locate or load anything related to Windows Vista. It’s as if the original Windows Vista installation is gone. So don’t do it that way. If you want to set up a dual boot machine, install Windows XP first.
CHAPTER 1 Installing and Upgrading Windows Vista
13
Exam Tip Remember, to set up a dual-boot machine, you should install the older Windows (Windows XP) OS before installing Windows Vista. When discussing dual booting, the edition of Windows Vista is irrelevant.
Editing the BCD information is less intimidating than it may sound. To change the order of operating systems presented by the boot configuration data interface, open the System properties dialog box (System Control Panel application | Advanced System Settings) and click the Advanced tab. Use the Startup and Recovery Settings button to open the Startup and Recovery dialog box shown here.
Objective 1.03
A
Upgrade to Windows Vista
n upgrade to Vista is a less drastic operation than a clean installation, as all files, settings, and programs are retained from the previous operating system. The only things that are replaced are the existing operating system files, which are replaced with Windows Vista. If preserving the existing Desktop environment—including the user’s data—is a main concern, you’ll probably want to
14
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
perform an upgrade of an existing system. It is usually less disruptive to the end user than a clean installation, but it can also preserve a lot of settings that many administrators want to see changed. An important question to ask before jumping right in to the upgrade procedure is whether your current computer can even handle the upgrade in the first place. Previously, you learned about the hardware requirements needed to run Windows Vista. But what if you haven’t committed them to memory? Is there a tool available that can just tell you whether or not your computer can handle Vista, and if not, can it make recommendations about what needs improvement? There is. It’s called the Windows Vista Upgrade Advisor.
The Vista Upgrade Advisor Microsoft has made the Windows Vista Upgrade Advisor available for download from this Vista website: microsoft.com/windows/products/windowsvista/buyorupgrade/upgradeadvisor.mspx
Once there, you can grab the Upgrade Advisor (you should see a Download Windows Vista Upgrade Advisor link). Once you’ve downloaded this tool, using the new Vista Upgrade Advisor is fairly straightforward. Just double-click the MSI file you’ve downloaded, and the Advisor will do most of the rest: 1. The Vista Upgrade Advisor first asks your permission, and then performs a system scan of your computer’s hardware and software. 2. The results are then displayed in a dialog box, as shown next.
CHAPTER 1 Installing and Upgrading Windows Vista
15
As you can see, the Upgrade Advisor identifies the hardware and/or software components that, if upgraded, would enhance the Vista user experience. A simple video card drive upgrade flagged by the Advisor, for example, can go a long way toward maximizing the Windows Vista experience (think Aero). What’s more, you certainly don’t want to discover after the Vista upgrade that your company’s mission critical application refuses to behave under Vista.
Travel Advisory You might see a compatibility report just after your install selection that lists which programs and software drivers won't work after the installation. This is for information only; you’ll have to wait until installation is complete to start troubleshooting.
Performing the Upgrade to Windows Vista Similar to the clean installation, the upgrade process starts when you insert the Vista installation DVD into your computer's optical drive. Autorun should present you with the Install Windows dialog box, shown next.
The rest is just a matter of following onscreen instructions and won’t prove much of a chore for most preparing for the exam. Click Install Now to get things moving and then follow these steps: 1. You should first see the Get Important Updates for Installation dialog box. Once again, it’s good practice to grab these updates. And, because you’re installing over the existing OS, you shouldn’t have any difficulty connecting to the Internet to retrieve these updates.
16
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. You’ll be prompted for your 25-character product key in the activation page. As mentioned earlier in the clean installation procedures, using the product key now generally ensures a problem-free activation. If, on the other hand, you’re just setting up a test system, this step can be skipped until you purchase (or use) an activation key later on. 3. The licensing terms come next. Click I Accept The License Terms to proceed. 4. You’ll arrive at the attended upgrade’s most critical step from the Which Type of Installation Do You Want? screen, shown next. Choose Upgrade. Vista’s setup may then present you with a compatibility report.
5. Follow the instructions to complete the setup procedure. Your computer will restart automatically when done. Once the restart completes, inspect your Desktop for changes. Other than the background, the environment should contain data and applications that were part of the previous operating system environment. During an upgrade, Vista’s setup program does not ask any questions of the end user. Instead, it uses all of the user’s old settings and data, making them immediately a part of the user’s new desktop environment. If the user has placed a bunch of Desktop shortcuts because that’s how she likes to launch applications, for example, the shortcuts remain in the Vista Desktop. (Conversely, Vista likes to keep the desktop as clean as possible during a new computer installation.)
CHAPTER 1 Installing and Upgrading Windows Vista
17
Upgrade Options Another important consideration for exam candidates is what kind of Windows operating system can be upgraded in the first place. Table 1.1 shows what operating systems can and cannot be upgraded to Windows Vista.
Exam Tip You won’t be blamed if you find Table 1.1. a trifle confusing; I’ll bet that only a fraction of 1 percent of Microsoft employees could accurately recall this Byzantine matrix, either. What you should remember is that Microsoft will allow current users of Windows 2000 Professional and/or Windows XP Professional x64 to upgrade to Windows Vista, although it won’t technically be an upgrade. We’re talking mainly in terms of licensing here. If you’re using one of these two operating systems, for example, Microsoft states that “you are eligible for an upgrade copy to a corresponding or better edition of Windows Vista, but a clean installation is required.” (Don’t ask me what Microsoft considers as the “corresponding” Vista version for Windows 2000 Professional.)
You can upgrade XP Home to Vista Home Premium, but if you have XP Professional, you must perform a clean installation. Does this mean that Microsoft considers XP Professional a better OS than Vista Home Premium? It appears so. Just try to get XP Professional when buying a new laptop, though. Won’t happen. With rare exception (and possibly no exception by the time this book goes to press), people who purchase computers through most retailers or big OEMs are forced to buy a version of Windows Vista. See how simple this all is? Why Microsoft has continued to make their OS choices more and more complex while promising to make them more simplified over the past eight years or so is beyond me. I can tick off at least 15 different versions of Windows Vista off the TABLE 1.1
Vista Upgrade Versus Clean Installation Options
XP Professional XP Home XP Media Center XP Tablet PC XP Professional x64 Windows 2000 Professional
Home Basic
Home Premium
Business
Ultimate
clean upgrade clean clean clean clean
clean upgrade upgrade clean clean clean
upgrade upgrade clean upgrade clean clean
upgrade upgrade upgrade upgrade clean clean
18
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
TABLE 1.2
Not All Previous Windows Installations Can Be Upgraded
Can Be Upgraded
Cannot Be Upgraded
XP Professional XP Home Windows 2000 Professional Windows Vista
Windows 98 Windows 3.x and 95 Windows NT 4 Windows Me
top of my head, and there are probably many more. I am not grasping at hyperbole here, either: there are at least 15 different versions of a (supposedly) single OS. Who says Microsoft has only made one OS in the last six years? Other operating systems cannot be upgraded at all, and the only purchase option for systems running older operating systems such as Windows Millennium will be a full version license. Table 1.2 provides upgrade information into an easy reference. What you should take away from the preceding table is that the NT-based operating systems such as XP Professional and Windows 2000 can be upgraded (from a licensing standpoint, anyway), while the more traditional Windows “home use” operating systems cannot (I’d like to see the Windows 3.1 computer that is running on a 2GHz processor with a GB of memory, however). If your computer is one of those listed under the “Cannot Be Upgraded” column of Table 1.2, you’ll be performing either a new computer installation or a side-by side migration, where a new system (and thus a clean installation) replaces an older system, but data from the old computer is still brought to the new using a variety of methods. You may have noticed that Windows Vista was listed as an upgrade candidate as well. This is because the Vista operating systems represent a departure from the XP model in that it can more easily migrate from one version to another. But we’ll get to that during the next chapter, specifically when we take a look at some of the utilities that can assist the end user in getting data from one system to another. These utilities are introduced here and fleshed out in more detail in Chapter 2’s look at post-installation troubleshooting.
Upgrade Utilities Whether simply upgrading to Vista on a home computer or rolling out a company-wide upgrade, it’s usually vital that users keep existing settings. By keeping existing favorites, shortcuts, program settings, and the like, the transition process can be smoothed out significantly and will allow users to quickly become comfortable with Vista’s new features. For companies, this can save hours of potentially lost worker productivity as users re-create their Desktop environments.
CHAPTER 1 Installing and Upgrading Windows Vista
19
Vista places two tools at your disposal for the job of migrating settings:
•
The User State Migration Tool Now at version 3, the USMT is a command-line tool built with larger scale, corporate migrations in mind. This newest release of the USMT contains several enhancements that are detailed later in this section. The main advantage of USMT from an administrator’s point of view is that it can use scripting. This in turn allows for batching of several migrations at once.
•
The Windows Easy Transfer Unlike USMT, this is a graphical, wizard-based interface that helps individual users import information from an old computer to a new one running Windows Vista. Such information can include e-mail accounts and messages, application settings, Windows preferences such as the Desktop and Internet Explorer favorites, photos, and music.
While both utilities perform essentially the same tasks at the end of the day, they do them utilizing different means. The Windows Easy Transfer requires user interaction; someone has to be sitting at the migrated computer answering prompts and instructing the utility which profiles are to be moved. If a system has more than one profile, the process must be repeated for each one being migrated. While there’s no law against using it in a company environment, it’s built more for individuals who move from older OSes to Vista on a “onesey-twosey” basis. A USMT migration, on the other hand, requires no user interaction. And, unlike the Windows Easy Transfer, the USMT utility can capture and then migrate every profile on a system. Here are a few important factors to keep in mind:
• • •
The Windows Vista migration tools support only Vista, XP, and Windows 2000 SP4 as sources of migration data. The Windows Easy Transfer allows only Vista as a migration target. The USMT allows both Vista and XP as migration targets.
However, before we discuss the utilities themselves, you should first understand better what these utilities transfer. For the most part, they’re responsible for collecting profile information and shepherding it from computer A to computer B. But what exactly is a profile?
A Word or Two About Profiles In Windows XP and 2000 systems, application settings and other personal data, such as the Outlook mailbox data file (PST), are stored in a profile. It may sound mysterious, but it’s really not. The profile is just a folder hierarchy where applications and tools (such as Outlook) store the data that makes them behave the way they do. On Windows XP and 2000 machines, the profile folders are stored
20
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
in the \Documents and Settings\%username%\ folder, where %username% is the name of the user in question. Under Windows Vista, though, the profile paths are different. Each user’s profile folders are now stored under a folder called Users\%username%. Again, each user gets his or her own copy of the Documents, Music, Pictures, Favorites, and Links folders, as shown here. When you add a certain website to your list of Favorites, for example, Internet Explorer places that URL in the Favorites folder. Other applications and tools, such as the Start Menu, also reference this location. That’s why you see the same list of Favorites when clicking Start | Favorites on an XP machine. Again, it’s this profile information that has to get from the XP machine and its folder hierarchy to the Vista machine and its hierarchy. This is exactly what the tools discussed in this section do. Sometimes, however, the profile folders aren’t stored in local folders at all, but rather on a central location that the user can access from any computer they happen to use. What have I just described? A roaming profile. Roaming Profiles Another way to mitigate the transfer of profiles is to use roaming profiles, which is essentially just a strategy that centrally stores a user’s profile folders. With a roaming profile, a user logs on to any computer in the domain, and then retrieves their settings from this central location, usually one of the Active Directory Domain Controllers. There are a few roaming profile caveats, however, that make this relatively uncommon in most companies:
•
Roaming profiles consume resources, namely disk space on the server and network bandwidth as settings, files, and so on, are sent to whatever machine the roaming user is currently using.
•
Not many users really have a need to use several computers. Think about it: when you go into the office each day, do you normally sit at the same desk and log on to the same machine, or do you float around from computer to computer throughout the day, logging on to multiple machines? That’s what I thought.
CHAPTER 1 Installing and Upgrading Windows Vista
Objective 1.04
21
Upgrade from One Edition to Another
U
sers also have the ability to upgrade an existing Vista computer to a different version of Vista. As you will see shortly, this upgrade process can even occur online without needing any kind of installation media prior to the upgrade. Why would you want to upgrade Vista, you ask? To unlock items that are part of the overall Vista feature-set without having to do a complete do-over of your machine. For example, you might want to upgrade a Home Basic installation to Home Premium in order to take advantage of the Media Center, or you might upgrade Home Premium to Ultimate to be able to use Media Center and join a domain. As this sort of upgrade is a new technology introduced with Vista, you can be sure to see a question that requires knowledge of the Vista-to-Vista upgrade. The procedure will be roughly the same as upgrading a Windows XP computer to Vista—out with the old OS files, in with the new—but of course it involves a few different steps, as described next. As you will see, upgrading a Vista machine with another version of Vista is a breeze thanks to the new “nesting toy” approach Microsoft has taken with the operating system features. To get started, launch IE7 and navigate to the Windows Vista Anytime Upgrade website, located at www.windowsanytimeupgrade.com. From there, you’ll initiate a procedure that starts with ordering a disk of your new Vista version. But you won’t have to wait for the disk to arrive in order to perform the upgrade. At the end of the procedure, there’s an Upgrade Now link that will lead you the rest of the way. During the actual upgrade, your system will reboot and complete the upgrade. You may be instructed to insert a Windows Anytime Upgrade disk created during this process. This Upgrade disk contains the version you are upgrading to.
Vista Upgrades and the Digital Locker Another interesting thing happens during the Vista-to-Vista upgrade process: Microsoft creates a personal “digital locker” for you during the upgrade process. Simply put, the digital locker stores your original product keys and purchase information. If you ever need to reinstall the upgrade you just purchased, you can use this information. A copy of your upgrade key is also stored in your digital locker.
22
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
When creating the digital locker, you’re prompted for Windows Live account information. This will be the account used to access the digital locker in the future should you need to. If you don’t have a Windows Live account, you can create one at this time, as shown next.
The digital locker is a great feature that gives you peace of mind when purchasing a new computer with Windows Home Basic, say, and then later performing an upgrade to Home Premium or Ultimate. You’ll never have to prove you made the purchase or go hunting around for product keys should you ever decide to either reinstall or get a new computer.
Objective 1.05
B
Troubleshoot Windows Vista Installation
ecause much of the complexity of Windows installation has been removed with the release of Windows Vista, not much can or should go wrong. As long as the hardware supports Windows Vista and includes a way to access the installation media (whether over the network or on the DVD drive), not much should stand in your way.
CHAPTER 1 Installing and Upgrading Windows Vista
23
A problem with any of the key hardware components may cause difficulties with the performance of Vista once the hardware has been installed. For example, if the monitor won’t display a clear image, you should check the video card, drivers, and software for compatibility. If you can’t hear anything coming from the speakers, you should check the sound card for compatibility. Of course, issues such as these should easily be flagged by the Windows Vista Upgrade Advisor, which is why Microsoft recommends so stridently that you run the tool in the first place on any system you’re considering for upgrade. Don’t forget about good old-fashioned, physical double-checking as well. Is it plugged in? Are the cables correctly seated? Often computers are touched and/or moved during an upgrade, and it’s easy to lose that vital physical connection.
File Copy Problems Other installation problems can sometimes be localized to a specific hardware component. If the optical and/or hard drive is having issues, for example, the system won’t be able to copy the necessary operating system files, resulting in a halted installation. As you prep for the 620 exam, be aware of some other possible causes and solutions to a halted installation:
•
The Vista installation disk may have been scratched, smudged, or dirty. If this gets in the way of copying files, simply clean the disk with a soft cloth, insert in the DVD drive, and then begin the Windows installation again. If the installation disk has been damaged, you might need to replace it. Users are able to order replacement Vista disk by going to www.microsoft.com and then searching for “replace software.”
•
The DVD drive may be vibrating too much or otherwise not working properly. If you suspect that vibration is preventing the laser from reading the DVD, you can always reseat the drive and tighten the screws. Otherwise, contact the drive or computer manufacturer.
•
If your computer has multiple optical drives, your computer might be trying to locate files on the wrong drive. If this is possible on your system, try disabling any optical drives that aren’t being used. Otherwise, try the Vista DVD in a different drive, and then start the installation again.
•
A virus could be the source of the problem. Viruses usually don’t prevent files from copying from the optical drive to the hard drive (I don’t recall ever hearing of such behavior), but it doesn’t hurt to check if the installation won’t proceed. To troubleshoot, run an antivirus scan to identify needed repairs.
24
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Exam Tip It’s more likely that the antivirus program is the cause of an installation problem than a virus. That’s what antivirus programs do: they prevent software installations. In theory, they only prevent installation of viruses and other malware. In practice, you should disable the antivirus program before beginning the installation.
Frozen Installation Installations can also hang when the setup encounters hardware or software that is incompatible with Windows Vista. Yes, it’s been hammered home by now, but the Upgrade Advisor is supposed to act as preventative medicine for just this kind of thing. If you have plowed ahead and the incompatible software is giving the upgrade procedure a case of the howling fantods, it can often manifest itself as a black or blue screen that doesn’t change. In this case, there are several courses of action you can take before calling your computer manufacturer or boxing the thing up and taking it back to the Big Buy from whence it came:
•
Wait about ten minutes, keeping an eye on the hard disk indicator LED. If the hard disk appears to be active, then the installation or upgrade is active too. If the hard disk does not appear to be working, on the other hand, you can proceed to the next step.
• •
It may be the antivirus program that is seeing the Vista setup as a virus. Try uninstalling all antivirus software and then restarting your computer.
•
If hardware and software are compatible and the computer still hangs on install, disable any unnecessary devices. This might include the removal and/or disabling of universal serial bus (USB) devices, network adapters, sound cards, and serial cards. After stripping the system to just the bare minimums of functionality, try restarting the installation again.
There might be a hardware incompatibility problem. Assuming that this is not a clean installation and there is an existing operating system to boot to, run the Vista Upgrade Advisor already! Your computer might not have enough horsepower to run Windows Vista.
If none of these actions work, look for the telephone or packing material. It’s time for a conversation with the computer manufacturer. As mentioned, however, these troubleshooting scenarios should be the exception, not the rule. What will be much more common for the everyday user
CHAPTER 1 Installing and Upgrading Windows Vista
25
is the need to update a Vista driver or two that did not load during initial setup. The next exam objective looks at this very task.
Objective 1.06
Install and Configure Windows Vista Drivers
S
ometimes it’s necessary to update device driver software even if everything is working smoothly. This is normally because an upgrade of another component or software installation may not be compatible unless you have the latest driver. If that’s the case, you need to know about the Vista driver update procedure. There are two ways to update driver software, and wise test candidates will have a thorough knowledge of both. The easiest is to use Windows Update, which will conduct a system scan and update a host of software, hardware drivers being just one of the items. The big advantage of Windows Update is that it automates the driver update process. The other method is to manually update the driver using the Vista Device Manager. I’ll describe both methods here. For dealing with the Device Manager, I’ll offer a specific driver update example, but the procedure for manually updating driver software doesn’t differ significantly from device to device. Both methods assume an active Internet connection.
Update Drivers Automatically with Windows Update First, try Windows Update to update driver software: 1. Open the Control Panel’s Windows Update application. If using the Standard view, look for the link under the Security grouping. Typing update at the Start Menu works like a charm as well. 2. You may now be prompted for administrator password or confirmation. 3. In the left pane of the Windows Updates dialog box, click the Check For Updates link. Vista then checks online for any available updates. 4. After the scan, look right. In the main section of the Windows Updates window, you should also see a notification as to whether or not there
26
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
are any available updates. If you see one (or more), follow the View Available Updates link to the right, as shown next.
5. Next, in the Windows Update dialog box, any updated drivers are listed. Just check the updated driver you’d like to apply and click Install, as shown next.
Because you’re about to make a system-wide change, you will be prompted for an administrator password or confirmation if User Account Control is enabled. Vista doesn’t allow access to vital system components without authorization. Also notice that, by default, Windows Update is configured to check for updates automatically. You may not have to scan for updates and instead just use
CHAPTER 1 Installing and Upgrading Windows Vista
27
this tool to view and install available ones. That is, while you should know how to manually run Windows Update for testing purposes, in real-world practice you can pretty much ignore steps 1-3. The Windows Update tool also lets you review and even remove an installed update. To review the installed updates, simply click the View Update History link under the task list in the Windows Update main screen. You will see the Review Your Update History dialog box shown next.
Notice the Installed Updates link, which is part of a sentence: “To remove an update, go to Installed Updates.” Following this link takes you to a different section of the Vista Control Panel called Programs and Features, where you can review and remove installed updates, including all that have been updated with the Windows Update tool. To uninstall an update, just select it from the list and choose the Uninstall button.
28
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
When uninstalling a Windows update, it can be a little difficult to understand just exactly what you’re removing. The Knowledge Base (KB) article number beside the update will explain exactly what was installed and why. To reference the exact article, just go to the website support.microsoft.com and type in the KB number you see listed in the Installed Updates list.
Configuring Windows Update Settings As you’ve seen, Windows Update does a great job of automating the driver update process. For the vast majority of users, there’s no compelling reason to change the default settings, which will have Windows Update perform an automatic check for new software daily. However, as you prepare for the 620 exam, you should spend a few minutes experimenting with the configuration settings in the Windows Update utility. All you have to do is open the Windows Update tool and click the Change Settings task from the left-hand side to see the dialog box shown next.
There are four possibilities:
•
To install updates automatically, which is the default action. The user can change the frequency and time when the updates are installed by using the drop-down boxes.
•
To download updates but check with the user before installing.
CHAPTER 1 Installing and Upgrading Windows Vista
• •
29
To check for updates but then let the user choose whether to download and subsequently install. To never check for updates. If this is the selection, the Windows Security Center will notify you that the Windows settings are unsafe and will continue to do so until you either change the Windows Update settings or change the way the Security Center notifies you.
The next option in this dialog box determines whether recommended updates will be included in addition to the high-priority (security) updates that are part of the basic settings. A recommended update will often include improvements in the hardware drivers—not an update that’s necessarily crucial to Windows security, but it can improve performance. The other option in this dialog box includes the Microsoft Update with the Windows Update. The Microsoft Update service includes update checks for any and all Microsoft software that’s currently installed on the system. If you run Microsoft Office, for example, it’s recommended that you keep this check box enabled.
Use the Windows Update Driver Settings Another significant driver setting tells Vista what to do when a new device is connected. You will do this with a dialog box called the Windows Update Driver Settings. As seen here, you have three options each time a new device is connected:
• • •
Check for drivers automatically (recommended). Ask me each time I connect a new device before checking for drivers. Never check for drivers when I connect a device.
This driver update setting can be found using the System Properties dialog box. To open it, follow these steps: 1. Open the System Control Panel application, then follow the Advanced System Settings link from the left.
30
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. In the System Properties dialog box that follows, choose the Hardware tab. 3. Click the Windows Update Driver Settings button and make the selection from the ensuing dialog box. Now that we’ve covered the automated way of updating a device driver, let’s examine the steps to do the same thing manually.
Update Drivers Manually with Device Manager Rather than scan the entire system for potential driver updates, you can manually choose a device and either install or check for an available update. The tool that does this is the Vista Device Manager: 1. Open the Device Manager Control Panel application. Once again, type dev from the Start Menu to find it quickly. You may be prompted for an administrator password or confirmation. 2. In the Device Manager Windows, find the device you want to update, and then access its Properties dialog box with a double-click. 3. In the device’s Properties dialog box, choose the Driver tab, and then click Update Driver. (A shortcut: right-click the device you want to update.) 4. You should see a dialog box asking you how to locate the updated driver software, shown next. There are two choices here: Search Automatically For Updated Driver Software or Browse My Computer For Driver Software.
Each choice will result in different completion paths. It’s not too difficult, though; just follow the onscreen prompts and you shouldn’t have any trouble.
CHAPTER 1 Installing and Upgrading Windows Vista
31
Travel Advisory We’ll touch on device installation again in the next chapter, as there is some overlap in the test objectives. For now, if you understand the purpose and use of the new Windows Update interface, you’ll be good to go. The Device Manager procedure is all but identical to the one used in Windows XP.
CHECKPOINT ✔Objective 1.01: Identify Hardware Requirements
This book’s first exam objective deals with a question that will likely be a top concern of yours if you have a lab computer that will be running Windows Vista: will this machine run Windows Vista in the first place? Here we looked at the hardware needed to run both a Windows Vista-capable computer and a Windows Vista Premium–ready computer.
✔Objective 1.02: Perform a Clean Installation
Here we examined the clean installation process for a Windows Vista computer. There isn’t a whole lot to talk about in this objective—you just pick an installation drive and install—but you should have a general understanding of the concept and the choices that come with a clean install.
✔Objective 1.03: Upgrade to Windows Vista
Not only can you perform a clean installation, but you can also upgrade an existing Windows XP (or earlier) computer to Windows Vista. The section on this objective examined the upgrade process, including when you will be presented with the option to upgrade.
✔Objective 1.04: Upgrade from One Edition to Another
A minor exam objective, but one not to be overlooked. You can upgrade from one Windows Vista version to another now without even having any installation media handy. All of the upgrading can be done online by essentially just purchasing a new product code and downloading any needed files. Information about previous installations of Vista can be stored in a Microsoft digital locker.
✔Objective 1.05: Troubleshoot Windows Vista Installation
The vast majority of Vista installations should be trouble-free. After all, there aren’t that many steps where things can go wrong, especially compared to previous Windows setup procedures. Most of the time, installation problems can be
32
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
traced back to an incompatible hardware device or one that is just downright faulty. As long as you run the Vista Upgrade Advisor before installation and double-check for physical hardware problems, installations should be worry-free.
✔Objective 1.06: Install and Configure Windows Vista Drivers
A vital part of getting everything up and working is making sure the latest and greatest Vista drivers are in place. Fortunately, Vista integrates a new utility that automates this procedure as never before: the Windows Update tool. Windows Update will perform a scan of hardware and software on your system and update any software that has updates available. Device drivers are but one of the items scanned and checked by the Windows Update tool.
REVIEW QUESTIONS 1. What are the minimum hardware/system requirements to install and run Windows Vista Business Edition? A. 1GHz processor, 512MB RAM, 15GB HDD with 10GB free, Super VGA video with WDDM driver, CD-ROM drive B. 1.5GHz processor, 1GB RAM, 40GB HDD with 15GB free, XVGA video with WDDM driver, DVD-ROM drive C. 750MHz processor, 256MB RAM, 20GB HDD with 15GB free, Super VGA video, CD-ROM drive D. 800MHz processor, 512MB RAM, 40GB HDD with 15GB free, Super VGA video with WDDM driver, CD-ROM drive 2. What are the recommended hardware/system requirements for installing and running Windows Vista Business Edition? A. 1GHz processor, 1GB RAM, 40GB HDD with 15GB free, Super VGA video with WDDM driver, CD-ROM drive B. 1.5GHz processor, 1GB RAM, 40GB HDD with 15GB free, XVGA video with WDDM driver, DVD-ROM drive C. 1GHz processor, 1GB RAM, 40GB HDD with 15GB free, 128MB video with DirectX 9 support and WDDM driver, DVD-ROM drive, audio system, Internet access D. 800MHz processor, 512MB RAM, 20GB HDD with 15GB free, Super VGA video with WDDM driver, CD-ROM drive, USB headset 3. Which of the following methods of installation are supported for a clean installation?
CHAPTER 1 Installing and Upgrading Windows Vista
A. Boot from a Windows 98 floppy disk and then run winnt.exe from the I386 folder on the installation DVD. B. Start the installation from within a working copy of Windows XP by launching setup.exe from the I386 folder in the root of the installation DVD. C. Boot the computer from the installation DVD and follow the prompts to perform a clean installation. D. Open the command prompt from within Windows 2000 or XP, type D:\Windows\setup\setup.exe, and then follow the prompts to perform a clean installation. 4. Your workstation is currently running Windows XP Professional SP1. You want to upgrade to the new Windows Vista. Which edition can you directly upgrade to? A. B. C. D.
Windows Vista Home Premium Windows Vista Business Windows Vista Ultimate None of the above
5. You are performing a clean installation of Windows Vista Business. You insert the Windows installation DVD into the optical drive and restart the computer. You are never prompted to “press any key to boot from CD.” Windows XP boots cleanly and prompts you to login. What are the possible causes for your computer not launching the installation from the DVD? A. B. C. D.
The BIOS is preventing bootup from the optical drive. The installation disk has been damaged. The computer’s optical drive is a CD drive. All of the above.
6. You are running Windows 2000 Professional on your notebook computer. The system consists of an Intel core 2 duo 2GHz processor, 1GB RAM, 128MB Video with WDDM driver, 60GB HDD with 40GB free, DVD-RW drive, Fast Ethernet and 802.11g WiFi. Which edition of Windows Vista can you upgrade to? A. B. C. D.
Windows Vista Home Premium Windows Vista Business Windows Vista Ultimate None of the above
33
34
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
7. You have purchased a new PC that has the following system components: 2GHz processor, 2GB RAM, 512MB video with WDDM driver, 120GB HDD with 108GB free, DVD-RW drive, 10/100 Ethernet adapter. It has Windows Vista Home Premium preinstalled on it. Which edition of Windows Vista can you upgrade to directly? A. B. C. D.
Windows Vista Home Premium Windows Vista Ultimate Windows Vista x64 bit None of the above
8. You have a computer system that consists of the following: P4 1.8GHz processor, 1.5GB RAM, 128MB video with WDDM driver, 80GB HDD with 45GB free, 10/100 Ethernet, DVD-R drive. It has Windows Vista Ultimate preinstalled on it. Which edition of Windows Vista can you upgrade to directly? A. B. C. D.
Windows Vista Home Basic Windows Vista Business Windows Vista x64 bit None of the above
9. What is the supported method for installing and or configuring drivers within Windows Vista? A. Run the setup or install program provided on the CD that came with the device. B. Use the Windows Update feature within Windows Vista to obtain and install the latest driver for the device. C. Use the Device Manager from the System and Maintenance section of the Control Panel. D. All of the above. 10. What utility or application is recommended by Microsoft for hardware installation, configuration, and modification? A. B. C. D.
Control Panel Computer Management The Registry Editor All of the above
CHAPTER 1 Installing and Upgrading Windows Vista
35
REVIEW ANSWERS 1.
The minimum hardware requirements for Windows Vista Basic are listed in answer D. To run Windows Vista Basic edition, the computer must possess an 800MHz processor, 512MB RAM, 40GB HDD with 15GB free, Super VGA video with WDDM driver, CD-ROM drive.
2.
The Windows Vista Business edition requires a more powerful hardware configuration than the Windows Vista Home Basic minimums. This requires a system with the hardware listed in answer C—a 1.0GHz processor, 1GB RAM, 40GB HDD with 15GB free, 128MB video card with DirectX 9 support and WDDM driver, DVD-ROM drive.
3.
Of all the install methods listed, the only way to perform a clean installation is to boot from the installation DVD media and follow the prompts. Installing from a working copy of XP, for example, would upgrade the OS but not perform a clean installation.
4.
To upgrade to any edition of Windows Vista from Windows XP Professional requires that XP be running Service Pack 2. Windows XP with Service Pack 1 cannot be upgraded.
5.
Any of these reasons might cause a problem with Vista installation. Recall that Vista media is only available on DVD, not CD, so a DVD drive is required to boot using optical media.
6.
The computer described here will support any edition of Windows Vista. You can purchase the upgrade license to any of the Vista versions listed, but you cannot upgrade a machine running Windows 2000 Professional. Yes, that’s confusing to me, too. Even though you buy the upgrade, you will do a clean installation if running Windows 2000 Professional.
7.
Windows Vista allows for in-place upgrades from one Vista version to another. You can upgrade Vista Home Basic edition to Home Premium or to Ultimate, and you can upgrade a Home Premium edition to Ultimate.
8.
With the exception of the virtual PC licenses available with the Vista Enterprise edition, Vista Ultimate contains all available Vista features and therefore cannot be upgraded.
36
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
9.
All of these are supported methods for installing and configuring Windows device drivers.
10.
The Control Panel provides a graphical interface for working with most hardware and software components.
Configuring and Troubleshooting Post-Installation System Settings
2
ITINERARY
• • • •
Objective 2.01 Objective 2.02 Objective 2.03 Objective 2.04
Troubleshoot Post-installation Issues Configure and Troubleshoot Windows Aero Configure and Troubleshoot Parental Controls Configure Windows Internet Explorer
NEWBIE
SOME EXPERIENCE
EXPERT
3 hours
2 hours
1 hour
37
38
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Now that you’ve gotten Windows Vista up and running, it’s time to make adjustments. One of the key components of Windows’ success over the years has been the way it can be modified by users, the way it can work with a variety of applications, and the way it can perform on a variety of hardware platforms. We begin the discussion with a look at what post-installation issues you may encounter immediately following either a clean installation or an upgrade to Windows Vista and what steps you can take to remedy those situations. We’ll especially keep an eye out for post-installation issues that can affect hardware and software performance. Next, we’ll discuss how to configure the user experience by tweaking two of the more significant new enhancements that are included with Windows Vista: the Aero interface and Parental Controls. As you may already be aware, however, these two features are not available on every Windows Vista version, so I’ll be sure to identify those situations where both Aero and Parental Controls come into play. As always, we’ll keep an eye toward items you are likely to see crop up on the exam. The chapter closes with a look at a new application that’s built into the Vista operating system: Internet Explorer 7. I certainly don’t have to explain how often this application is used, and it’s received a significant facelift with the release of Windows Vista. Because it’s new, you can be sure to see a test question or two on Microsoft’s latest browser update.
Objective 2.01
N
Troubleshoot Post-Installation Issues
ow that you’ve been successful in your first order of business—getting Windows Vista up and running—it’s time to make sure everything’s working as planned. Vista probably isn’t the first operating system you’ve ever laid your hands on. Therefore, a large portion of your post-installation troubleshooting will be spent making sure that the new computing environment works pretty much the same as it did under the previous operating system. Most importantly, you (and your network’s users) would like uninterrupted access to data. There are two Microsoft tools that help out in this endeavor: the User State Migration Tool and the Windows Easy Transfer. This section will discuss the best usages of each. Better yet, after reading it, you should be able to perform a migration with confidence (or at least refer back to this section should such confidence be lacking). Of these two tools, we’ll first talk about the one with the most administrative horsepower, so to speak: the User State Migration Tool (USMT).
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
39
The User State Migration Tool The User State Migration Tool has been available to Windows administrators for some time now. Its previous release, version 2.6, allowed for migrations between Windows XP or Windows 2000 machines to either the 64-bit or 32-bit versions of Windows XP and Server 2003. Now some of the rules have changed for USMT’s version 3:
•
The USMT supports migrations where the destination operating systems must be either Windows Vista or Windows XP. No other destination OSes are supported.
• •
If the destination system is Windows XP, the cookies, network drives, and printer settings will not be migrated.
• •
USMT now allows administrators to move profiles that contain files encrypted with the Encrypting File System (EFS).
•
The ScanState and LoadState commands can be driven by key scripts that are in XML format.
Source operating systems must be only Windows Vista, Windows XP, and Windows 2000. Migrating from previous Windows versions is not supported.
If the target machine is running Windows XP, only the mail files from Outlook Express and the phone book files from Remote Access Settings are migrated. If the target machine is Windows Vista, all Outlook Express and Remote Access settings are migrated.
The mention of XML, of course, merits another brief subsection about the different kind of files you may use for scripting.
XML and USMT The User State Migration now includes several XML files to help handle the migration work, all of which can be customized to meet specific migration objectives:
•
MigApp.xml Controls which application settings are migrated. There are sections in the file to specify which applications are included in the migration and which are excluded.
•
MigUser.xml Identifies which user folders, files, file types, and Desktop settings are migrated. Although the name might suggest otherwise, it does not specify which users are migrated.
•
MigSys.xml Only used when the target machine is running Windows XP. It stores information that governs migration of operating system and browser settings. Windows Vista migrations do not require this file; they rely on a different mechanism.
40
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Config.xml A custom file that can capture a list of user, application, and operating system settings used for a specific organizational migration. The Config.xml file is created with a special ScanState switch, /genconfig, and can be used only if the target system is running Windows Vista. Typical use of the Config.xml file includes loading a single target system with migrated applications, then running ScanState /genconfig on this system to capture the list of user, operating system, and application settings to migrate. If Config.xml is not included, USMT migrates all default components in Windows Vista.
The following are a few additional notes on the XML files:
• • •
XML files can be edited in any plain-text application, such as Notepad. If the target computer is Windows Vista, use the MigApp.xml and MigUser.xml files. If the target computer is Windows XP, one additional file is required. It’s called MigSys.xml.
Regardless of the enhancements in this latest version of the USMT, using it will still include three basic steps to transfer information. While using the USMT, you will do the following: 1. Scan the source machine for files and settings, then copy these files and settings in a compressed format to some storage location. 2. Deploy the operating system to the new computer. If you’ve stored settings on a removable drive or network location, this can even mean a clean wipe of the source’s hard drive and installing a fresh copy of the OS and line of business applications. 3. Restore the files and settings on the target machine.
Configuring the USMT Now that you have a better understanding about what one of the Windows PC migration utilities does, let’s get into some specifics about behavior and configuration. First up: the following are a few of the items migrated by the USMT:
• • • • •
Internet Explorer settings Outlook Express settings (migrated to Windows Mail) Desktop Accessibility options Favorites
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
• • • • • • •
41
Folder options Fonts Quick Launch toolbar shortcuts Sounds settings Regional options My Documents Mouse and keyboard settings
The preceding list, of course, merits a full iteration of the items that won’t be moved by the User State Migration Tool:
• • • • •
Hardware settings Drivers Passwords Applications Synchronization files
Migrating a User Account Now that you’ve seen what the USMT does, it’s time to look at how it does it. Follow these steps to migrate all user accounts from one system to another with the USMT: 1. Log on to the source computer as an administrator and open a command prompt session (Start | All Programs | Accessories | Command Prompt). From the command prompt, type the following: scanstate \\fileserver\migration\mystore /i:miguser.xml / i:migapp.xml /o
2. Log on to the destination computer as an administrator and perform one of the following tasks: If you are migrating domain accounts, specify the following:
•
loadstate \\fileserver\migration\mystore /i:miguser.xml / i:migapp.xml
•
If you are migrating local accounts along with domain accounts, specify the following:
loadstate \\fileserver\migration\mystore /i:miguser.xml / i:migapp.xml /lac /lae
By default, all users are migrated. You can only specify which users to include using the command line and cannot specify individual users in the XML files. As hinted at in the bullet points prior, there are a few other considerations to keep
42
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
in mind when migrating Windows Server domain accounts. We’ll touch on these next.
Migrating a Domain Account In the previous example, you learned how to move user environments from one computer to another when each machine is a standalone system. In other words, the account migration so far have been instances where the user exists in a workgroup setting, not in a domain (although, yes, it did include some syntax about what to type when migrating a domain account). Because the 70-620 test is mostly about the Vista operating system and not about Vista in a domain environment, I recommend focusing mainly on the workgroup migration scenario. But then again, you never know. In most companies larger than just a few people, however, administrators will be moving users who exist within a domain environment. It certainly won’t do any harm to compare the domain user migration procedure to the standalone instance. Fortunately, there isn’t much difference; USMT can handle domain migrations just as easily. In this example, we’ll look at how to migrate two domain accounts to the new Vista machine: 1. Log on to the source computer as an administrator. Open a command prompt and type the following command: scanstate \\fileserver\migration\mystore /ue:*\* / ui:Domain\user1 /ui:Domain\user2 /i:miguser.xml / i:migapp.xml /o
2. USMT will gather the necessary files and settings. Then log on to the destination computer. As before, open a command prompt and specify the following: loadstate \\fileserver\migration\mystore /i:miguser.xml / i:migapp.xml
That should be all there is to it. As long as you’ve stored the settings to a network location and the network is still available, the USMT should automate things from there, which is the whole idea. Migrate Settings While Changing Domain Membership Sometimes a new physical configuration will prompt a new logical configuration as well. If a user moves from a branch office in Calgary to one in Kansas City, for example, it’s a fairly good bet that the domain membership will change too. It’s also possible to move an account from one domain to another while performing the migration operation, by using the following syntax:
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
43
1. Log in at the source computer as an administrator, then type the following into the command prompt: scanstate \\fileserver\migration\mystore /ue:*\* / ui:fareast\user1 /ui:fareast\user2 /i:miguser.xml / i:migapp.xml /o
2. Use administrative credentials at the destination computer and use the following syntax: loadstate \\fileserver\migration\mystore / mu:fareast\user1:farwest\user2 /i:miguser.xml /i:migapp.xml
Using these two commands, administrators will ensure a seamless transition from one location to another. And, assuming that the USMT commands have been executed while the worker is in transit, the user will then see the exact same Desktop they left behind when they report to the new office for the first time. For migrations that involve fewer computers, or for those of you who simply don’t like to type, there’s another tool available in Windows Vista for quick and painless migration of the user environment. We’ll discuss it in the following section.
Exam Tip The 70-620 test concentrates mostly on administration of a single instance of Windows Vista and less on more complex administration such as is sometimes found in a domain environment. For this reason, I recommend remembering the USMT "levers"—scanstate and loadstate— and then focus especially on the Windows Easy Transfer utility discussed in the next section.
Migrate with Windows Easy Transfer In addition to the USMT, Vista includes another tool for easy migration of files from an old system to a new one: the Windows Easy Transfer. The migration process it uses can be generally described as consisting of two distinct parts. What follows is a breakdown of each of these two parts of Windows Easy Transfer.
Part One: Preparing the Target (Vista) Machine The migration begins at the destination machine. For our purposes here, I’ll assume the target is a Vista machine. To transfer user data and settings with the Windows Easy Transfer, follow these steps: 1. From the Vista machine, close any open programs. (You don’t necessarily have to, but it’s a good idea. Vista won’t let you use either of the computers during the Easy Transfer process—this is why it’s a good
44
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
idea to save and close work first.) Now, launch Windows Easy Transfer by clicking Start | All Programs | Accessories | System Tools | Windows Easy Transfer. The Easy Transfer takes over your Desktop with a Welcome screen, as shown here. Click Next to proceed.
2. If you have any open applications, you’ll be prompted to close them now. Fortunately, Easy Transfer allows you the option to save your work. You also have the ability to close all open programs at once. (See why it’s easier to close applications before running the Easy Transfer?) Click Next. 3. Click Start, and Windows Easy Transfer begins gathering information from the computers involved in the migration operation. 4. Since you’re on the Vista machine, choose the This Is My New Computer option. 5. Select the destination for Windows Easy Transfer files. You have the following options:
• • •
CD or DVD Removable media Network drive
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
45
Travel Advisory Both computers must support the selected transfer method. You can’t choose the CD or DVD transfer method, for example, if the destination computer lacks an optical drive. Choosing the network drive option requires that the computers be connected on the same network.
6. Choose the location for the Windows Easy Transfer files. The default directory is C:\migwiz. Take note of the location because you’ll need this to complete the process. Click Next. Now you’re ready for part two, in which you will gather your existing settings as files from your existing computer.
Part Two: Gathering Settings from the Existing Machine There are many choices about how to get the migrated files and settings from point A to point B, but for this example, I’ll highlight the steps for transferring across a network: 1. Again, it’s a good idea to first close any open applications. Then launch the Windows Easy Transfer on the existing machine. Here’s where you’ll need to locate the Windows Easy Transfer directory created in part one. In this instance, you’ll browse to the network location containing the \migwiz directory and then double-click migwiz.exe. 2. If you ignored my advice, you’ll now be prompted to close open applications. Once more, you will have the ability to save work in each program before closing them. Click Next. 3. Select the Through a Network option for the transfer method. 4. Choose Connect Directly via Network, and the transfer begins. You can also save your migration files to a network location and complete the transfer at a later time if you prefer. If you choose to store the data in a network location, you will be prompted to provide the path. 5. You’ll be given the option to choose what gets sent to the new Vista installation. The Easy Transfer recommends that all user accounts, files, and program settings be transferred, although in my experience this is hardly ever what you want. I prefer to choose exactly which files should be migrated by clicking either the Only My User Account, Files, and Program Settings, or Custom selections. If you click Custom, you’ll see
46
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
another dialog box in which you select exactly what gets transferred from old machine to new. 6. In the final dialog box, you can review the list of files and settings to be transferred. Choose Customize to add and remove certain files or settings. Click Start to begin the transfer. The steps for each of the other two Easy Transfer options will vary slightly, of course, but the basic principles will remain the same: you’ll launch the utility by double-clicking migwiz.exe, then specify what files and settings to gather, choose where they’ll be stored, and then be prompted to complete the operation. If you’re saving migration files to a CD, for example, you’ll have to move the media to the new Vista computer, launch the Windows Easy Transfer again, and then select an option called Continue a Transfer in Progress. There are a few more steps to be sure, but you should be able to take it from there. For testing purposes, the actual medium of data transfer won’t matter a whit, but the network option should be the most commonly used in day-to-day practice. And speaking of data storage/transfer mediums, there’s another topic that needs to be addressed while on the subject of post-installation issues: the type of hard disk storage used by Windows Vista. As you will see, there are two different choices available, and each one will have an impact on how you are able to use the physical storage on your machine.
Vista Hard Disks: Basic vs. Dynamic As you already know, the Vista installation will be placed on one of your computers’ hard drives, which as you also already know serve as long-term repositories of data—both data used by the operating system and data used by you while working with applications. But in Windows Vista, there’s more to hard drives than meets the eye. Vista can use two types of storage on hard drives, in fact: basic and dynamic. Both types can be deployed on a single machine, although they won’t coexist on the same hard drive. Here’s a brief summary of each storage type’s capabilities:
•
Basic Disks This is the traditional method of storing data. Basic disks use partition-based logical storage, which carries with it several rules and regulations. In brief, a basic disk can contain up to three primary partitions and one extended partition. Each primary partition gets assigned a logical drive letter; extended partitions can be further subdivided into multiple logical drives. (There are a few exceptions, which I’ll discuss.) When dealing with partitions in Windows Vista, though, these logical storage areas are known as basic volumes.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
47
The main benefit of a basic disk is its flexibility: a basic disk can be read by MS-DOS and all Windows operating systems. So, you can take a basic disk from one machine to another and use that disk without worrying about whether or not it can be read from.
•
Dynamic Disks These disk types are not new to Windows Vista. Like in previous Windows iterations, dynamic disks represent a more powerful and flexible (i.e., dynamic, get it?) storage choice. Dynamic disks use volume-based logical storage rather than partition-based storage, meaning that dynamic disks just take a chunk of space from the hard disk and treat it as a logical drive—leaving you with none of the rules or regulations to deal with when working with basic storage.
Exam Tip If you perform a clean install of Windows Vista, what type of storage type are you dealing with? By default, Windows Vista installs using basic storage. You have to upgrade a basic disk to make it dynamic.
Keep in mind that the terms partition and volume are used interchangeably throughout almost all technical documentation. For practical purposes as well, they are interchangeable: no matter the term, it refers to a logical chunk of physical disk space that can then be formatted with a file system. Once the logical space has been formatted, it can be used to store information. If that sounds confusing, I assure you that the picture will become clearer as we go along. For the time being, I’ll make like an economist and make assumptions that serve the hard disk discussion. The first assumption is that you’ve just installed (or are setting up) a basic disk, and therefore will need to prepare that disk with a partition.
Partitioning the Drive Here are the rules: a physical hard drive cannot store data unless it is first partitioned and then formatted. Partitioning divides the real estate of the hard drive into discrete logical sections. Formatting takes those chunks of logical sections, divides them into storage containers, and then creates a tracking system so that the Basic Input/Output System (BIOS) and operating system can keep track of what files are stored where. Think of the tracking system as sort of like the table of contents of a book. As mentioned previously, a hard disk won’t store anything until a partition has been defined. And of course, there’s no reason you can’t create more than one partition if it better suits your needs.
48
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
One of the main reasons you might consider multiple partitions is to use different file systems on a single physical drive. One partition can use the FAT file system, for example, and the other can use NTFS. (I define these file systems in the following section.) Another reason is performance. Generally speaking, smaller partitions make more efficient use of disk space. Buyer beware, however: once you run out of storage for a particular partition, it can be quite a hassle to try to free up additional space. If you run out of space on the drive that holds the operating system and supporting files especially, you could be severely limited in your choices. It’s always better to err on the side of space rather than performance, in my opinion. At any rate, if you have unused space on a basic disk, you need to create a new volume in order to store additional files on that free space: 1. Right-click an area of unused hard drive space in the Disk Management utility and choose Create Partition. 2. In the wizard that launches, select the partition type and partition size, and then assign a drive letter, as shown here.
You can assign any drive letter other than B, which believe it or not is still reserved for a second floppy drive. (It dates back to the days when computers needed two 5.25-inch floppy disks: one for the operating system and one for whatever data you wanted to work with.) Once you’ve set up the volume, it will display in the Disk Management utility as a separate storage entity. The space should still appear as “unformatted,” with diagonal stripes across it.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
49
A note here about Vista Explorer is appropriate: Explorer shows you logical drives, not physical drives. The only way to verify that you’re using a single physical drive or multiple drives is to use the Disk Management tool. The Disk Management tool shows both physical and logical drives. There are several rules governing partition behavior which you would be wise to commit to memory (although many of you who have used Windows operating systems may already have them memorized):
• • •
A single disk can have either four primary partitions or up to three primary partitions and one extended partition. A primary partition can be assigned only a single drive letter. Extended partitions can be subdivided into multiple logical drives. Once set, partitions cannot be resized with the built-in Vista tools.
I’ve discussed a lot of terms so far, but that’s really just setting the table. Let’s now discuss what happens after you create a partition.
Formatting the Volume You need to complete one more step before you can actually use the new disk space. In order to keep track of files, you must format simple volumes with a file system. File systems essentially represent a set of rules that are followed by the operating system for the storage and retrieval of information on a logical drive. An interesting, but not test-relevant, side note is about something that doesn’t exist. It’s called the Windows File System (WinFS). In about 2003 or so, the operating system you’re reading about right now was supposed to ship with WinFS. It promised (and still does) a quantum change in the way you manage and access files and folders. The hope for WinFS is that you’ll be able to aggregate information in multiple applications to make much more powerful use of that data. Wikipedia has a great article that contains a hypothetical query that pretty neatly summarizes the promise of WinFS. It reads like this: …it is nearly impossible to search for “the phone numbers of all persons who live in Acapulco and each have more than 100 appearances in my photo collection and with whom I have had e-mail within [the] last month” … WinFS solves this problem…. Or at least it will someday. Possibly. Anyway, you now you have a better understanding of why even Mr. Gates himself has referred to WinFS as the “Holy Grail”: it really and truly would change how humans interact with data by changing how the operating system catalogues it. Aero is cool and all, I suppose,
50
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
but at the end of the day switching between programs is still switching between programs, no matter if they spin or flip or breakdance before making the switch. And an application window is an application window—you’re still running Vista if it’s the poor-old, translucent-window-challenged Vista Basic edition. At any rate, back to formatting. Formatting a simple volume using the currently available file systems takes only a couple of steps: 1. Right-click on an unformatted volume in the Disk Management tool and choose Format from the context menu. 2. You’ll see a dialog box asking you which file system to use, as shown here.
Now, try to perform the preceding steps with the C: drive. I’m betting that your C: drive is the one marked “(System, Boot, Page File, Active, Crash Dump, Primary Partition).” Yes, that one. Go ahead. What happens? You can’t, of course. The Disk Management tool includes a little safety mechanism that won’t let you reformat these partitions. To do so would be disastrous for your computer (and by disastrous I mean really bad, which is the technical jargon for wiping out the entire contents of the volume, rendering your Vista computer unusable). Also, know that these System, Boot, etc. partitions don’t always have to be located on the same logical drive. You can designate other logical drives with these roles. So, which file system is best? Well, that depends on your storage goals, of course, as I’ll detail more in the following sections.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
51
The FAT and FAT32 File Systems The FAT file system divides space on a fixed disk into exactly 65,536 (16 bits’ worth, or 216) storage locations, and each location is assigned a number. The storage locations are also known as clusters. A cluster is the smallest unit of storage space on a FAT partition. File location in these storage spaces is tracked by the File Allocation Table, which, as mentioned earlier, works very much like the table of contents for this book—it’s simply a way of keeping track of the reality that in cluster (page number) x lives file (topic) y. FAT32, then, is an updated version of FAT that generally uses smaller cluster sizes, simply because it creates so many more of them (232 of them, to be exact). Smaller cluster sizes generally result in more efficient use of a logical drive’s disk space and, moreover, support much larger drives. But neither version of FAT is the default file system used by Windows Vista at setup time. NTFS is the default, and this file system makes even better use of larger drives. Moreover, the NTFS file system makes available a host of improved security features over FAT. So, why on earth would you want to format a drive using the FAT32 file system? In a word: compatibility. The FAT32 file system was first introduced with the release of Windows 95 OEM Service Release 2 (OSR2), and it has been supported on all Windows versions since then. If your goal is to store data on a drive that will be used on earlier Windows versions, FAT32 might be your best choice. However, it is not compatible with Windows NT versions 4.0 and earlier.
The NTFS File System NTFS (or NT File System, depending on who you ask) was first used with the Windows NT operating system many years ago and has been steadily improved ever since. It provides the highest level of performance and features for Windows Vista computers and, thus, is the default file system used at installation. In fact, many of the enhancements to Windows operating systems over the years (especially in terms of security) are technically enhancements to the file system, which continues to evolve much like any other software component. And, as mentioned earlier, the big leap forward that Vista originally promised was indeed an overhaul of the file system used. At the time of this writing, Vista uses NTFS version 3.1. The file system technologies included with NTFS 3.1 include compression, quotas, and encryption—technologies that haven’t always been a part of the Windows NTFS environment. All of these technologies get coverage within this book. NTFS supports volumes of up to 2 terabytes, and as with FAT32, cluster size is relatively small. This means NTFS makes efficient use of disk space and is well suited for larger drives.
52
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Another significant advantage of NTFS is that it allows for local security of files and folders, which is especially important when two or more users are accessing the same computer. With NTFS, different users can be assigned different levels of access to a resource. For example, one user may have access permission to change a particular file, whereas another user has permission to only read that file. This kind of local security is not possible with a FAT partition. The biggest drawback when using an NTFS volume is compatibility, although this is becoming less of an issue as time goes on. Windows 9.x computers don’t have the necessary file system drivers to read data from NTFS partitions. Windows 2000, XP, and Server 2003 operating systems do. About the only instance in which you would need to format your Vista system drive with the FAT file system today is if you plan to dual-boot with Windows 98. This issue of file system choice is sometimes confused by the fact that a Windows 9.x computer can still access data housed on an NTFS partition as long as that access occurs over the network. In that case, the Vista computer fields the request from the Windows 9.x system and then retrieves the appropriate file system drivers needed to access the data. In practice, that means you can have a workgroup set up with some computers running Windows 9.x and some running Vista without having to worry about formatting all your Vista drives with FAT. If you’re already certified or have experience on Windows 2000 or Windows XP, you probably found much of the preceding discussion to be a review. And indeed it is: not much has changed in Windows Vista as far as file systems go. You might see a question or two about it on the 70-620 exam, however, because these choices do affect post-installation capabilities.
Objective 2.02
A
Configure and Troubleshoot Windows Aero
big selling point of the Windows environment over the years has been that a user or administrator can control virtually every single aspect of the Windows Desktop. This includes the Desktop backgrounds, colors, screen savers, sounds, and icons that help users personalize the computing environment. What’s more, changes to several of these elements could be saved in definitions called themes. As will be discussed in more detail in just a bit, themes can define a sweeping array of Desktop behavior. Windows Vista carries this philosophy forward, to be sure, but also introduces an entirely new Desktop look and feel called Windows Aero. If your computer meets the minimum requirements for Aero, this will be the default user
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
53
interface. For testing purposes, it might be most important to reiterate the minimum requirements for Windows Aero:
• • • •
Windows Vista Home Premium edition or higher (Business, Enterprise, or Ultimate) 1GB system RAM 1 GHz processor 128MB RAM on the graphics card that meets the following requirements:
• • •
Is Windows Device Driver Model (WDDM)–compliant. Supports Pixel Shader 2 in the hardware Can render 32 bits per pixel
I recommend that you commit the preceding list to memory. Exactly what does such a hardware configuration get you? In brief, the Windows Aero interface can be summed up as having the following three characteristics:
• • •
“Glass” appearance of windows Live thumbnails view of running programs Windows Flip 3D
I’ll assume that most readers are familiar with the routine for changing the appearance of the Windows Desktop, and there’s no real reason to detail that here, other than to say that these same options are available with Windows Vista when not using the Vista Aero interface. However, Vista’s Aero color scheme changes the game somewhat when it comes to tweaking the appearance of windows and other elements such as the Start Menu, and it’s this that will be covered in this exam guide.
Enable Windows Aero First off, let’s revisit how to enable the Aero interface in the event that it’s turned off. To enable the Vista Aero color scheme: 1. Open the Control Panel’s Personalization application. 2. Follow the Windows Color and Appearance link. 3. From the Appearance Settings dialog box, choose Windows Aero. 4. After a brief wait, you should be able to deal with transparent windows, live preview thumbnails, and all other elements that describe the Aero theme.
54
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Now then, the point of this objective is not to detail toggling on and off the Windows Aero color scheme, but rather to point out the differences in the Windows Color and Appearance dialog box once Aero is on.
Exam Tip What you’ve heard is true—Vista’s Aero interface is a resource hog. Almost every troubleshooting tip floating around on the Internet about Vista’s slow performance (and there are tons of them since it’s a common complaint) includes some mention of disabling Aero. If there’s one thing that might come up on the 70-620 exam about Aero, it’s how to disable it if the computer is running into performance problems. This can include general slow performance and trouble performing routine tasks such as moving an open window. You may even see a message that says, “The color scheme is using most of its allotted memory.”
With Aero enabled, after following the same steps just listed, you will see a very different configuration dialog box than the one you see without Aero. It’s called the Windows Color and Appearance dialog box, as shown next.
As you can see, there’s not much here that should present any challenge to the Vista test-taker. There are several color options that let users select a color of
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
55
glass to use, and users can also configure a level of transparency with a single click. The Color Intensity slider can then change how easy it is to see through the current window. For even more options that dictate window color, click the Show Color Mixer button, as shown in the preceding illustration. With these options showing, users can manipulate the hue, saturation, and brightness of the window color by using the corresponding slide controls.
Travel Advisory This is confusing, and certainly not worthy of mention except for in an exam guide, but Windows Aero is what is generally called a Vista color scheme (although the help files refer to Aero as an experience. I chuckled at that one, too) and is enabled using the Color and Appearance settings dialog box. But you can also disable/ enable Windows Aero by using a different theme such as Windows Classic. So is Aero a theme or scheme? I really don’t know. Told you it was confusing.
Change Window Elements Additionally, users still have the ability to manipulate any of the individual Vista graphical elements no matter what theme (if any) is being used. If you want to configure a different look and feel for message boxes, for example, or if you want to change how the application title bars display their text, you can: 1. Open the Control Panel’s Personalization application, then follow the Windows Color And Appearance link. 2. From the dialog box shown earlier in this section, click the Open Classic Appearance Properties For More Color Options link. 3. In the Appearance Settings dialog box, click the Advanced button. You’ll see the Advanced Appearance dialog box, shown here. From this dialog box, it’s now just a matter of selecting from the Item drop-down menu and then using the other configuration options to make the desired changes. Note that not every element will use every configuration option, however. You won’t config
56
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
ure a font, for example, for the Desktop item (and it’s probably worth mentioning that changing the Desktop color won’t have any effect on appearance if you’re using Wallpaper for a Desktop background). Select the ToolTip item, on the other hand, and you can specify a font, size, and color for the displayed ToolTip text. Once you know about the Personalize Control Panel application and you understand how to change the glass color and transparency of Vista’s windows, you’ve pretty much covered all there is to know about configuring Windows Aero. The other two characteristics of Aero are the live thumbnails and Windows Flip 3D.
Live Thumbnails Live Thumbnails are little pictures of the applications themselves that can be seen during one of two instances:
• •
When hovering the mouse over an open application that’s been minimized to the Taskbar When using Windows Flip (not to be confused with Windows Flip 3D), which is one of the program switching tools included with Vista. To use Windows Flip, simply hold down the ALT key and press TAB.
The idea behind Live Thumbnails is that it helps users be more certain of their choice when switching between applications. They will see a little picture of the application contents because sometimes the program icon and title that appear in the Taskbar buttons don’t reveal enough information, especially in a Taskbar that’s been crowded with several open applications.
Windows Flip 3D Windows Flip 3D is the Aero feature that gets all the press. To launch it, just hold down the Windows key and then press TAB. You’ll see all open program windows in a Rolodex-style presentation. Press TAB again and Vista will move the topmost program window to the back of the pile. It looks cool during commercials and will probably sell thousands of copies of Vista, but it has little practical value to the average user. For starters, performance is hit-and-miss. As in, sometimes the flipping windows display window contents, sometimes they don’t. Another thing that’s lacking in particular from Flip 3D is that it doesn’t show you the title of the application—a lot of the application windows look the same in the miniaturized view. Granted, I often have several similar documents open at once, so maybe it’s just me. But after using Windows Flip 3D for about the third time, I switched back to good old Windows Flip and haven’t had the slightest desire to use Flip 3D ever again.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
57
Aero’s Flip and Flip 3D are nice enough features to be sure, but they also aren’t configurable in any significant way—and by significant I mean they can’t be changed with the standard Vista tools such as the Control Panel. Also, they’re not testable in any significant way. Microsoft makes a lot of marketing noise about the Aero interface, and you are likely to see a 70-620 exam question because of that, but honestly, it’s not a game-changer. The live thumbnails in the Taskbar only work about half the time in my experience, anyway.
Exam Tip One reason you might not see the Aero scheme even though it’s enabled: the power plan. Because Aero is a resource hog and thus taxes both your computer’s graphics and central processors, Vista will sometimes disable Aero if using the Power Saver power plan. There’s a setting in the Power Saver power plan that sets a governor on maximum processor usage when on battery power.
Limit the Number of Windows Available in Windows Flip 3D Even though you won’t see it on the exam, there is one Windows Flip 3D performance configuration tip worth passing along. As just discussed, Windows Flip 3D is a function of Vista’s new Aero interface. If you have several open windows, Flip 3D has to render each of those windows when switching between programs. As a result, some users might notice glitches in performance when several Windows are open. If this is the case, you might consider limiting the number of windows displayed in Flip 3D.
Travel Advisory There’s a Group Policy Object setting that lets administrators disable the invocation of Flip 3D. From the Group Policy Object Editor, it can be found under User Configuration | Administrative Templates | Windows Componets | Desktop Window Manager. Group Policies are mentioned again in this chapter, but for a full discussion, turn ahead to Chapter 3.
To further limit Windows Flip 3D, follow these steps: 1. From the Start Menu, type regedit, then launch the Registry Editor application from the Programs list. Alternatively, you can press the Windows-R keyboard shortcut and then type regedit from the Run dialog box.
58
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Choose Allow when asked permission to launch the Registry Editor (assuming User Account Control is enabled). 3. Navigate to the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM
4. Create a new DWORD (32-bit) entry and name it Max3DWindows. 5. Double-click to open the Edit DWORD Value dialog box, shown next, and set the DWORD value to the maximum number of windows you want displayed by Vista’s Flip3D. For low-end Vista Premium machines, try a maximum of 5. For more robust machines, 10 should work without a performance hiccup.
6. Click OK and exit the Registry Editor.
Travel Advisory I’m telling you how to limit the number of windows available in Windows Flip 3D just for your own edification. I’ve taken a lot of Microsoft certification exams in my day, and I’ve never seen a question that required any specific knowledge of the Registry. As a rule, Microsoft doesn’t even want you opening the Registry directly.
Restoring the Default Theme Once you’ve taken Windows Aero out for a spin and possibly made some changes to the Desktop elements and even saved them to a new theme, you can easily reset the theme to what it was during the out-of-box experience.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
59
To restore Vista to the default theme, just follow these three steps: 1. Access the Control Panel’s Personalization application by right-clicking the Desktop and choosing Personalize. 2. Click the Theme link to open the Theme Setting dialog box. 3. From the drop-down menu, choose the Windows Vista theme and click OK to complete the change. And if you don’t want to keep a saved theme around any longer, there’s a way to get rid of it, as covered next. Delete a Theme We’ve spent quite a bit of time discussing how to customize the Vista Desktop appearance and then save those changes as a theme. But what if you want to delete a theme? It only takes a few steps: 1. Open the Personalization Control Panel application (right-click an open area of the Desktop and choose Personalize), and then choose the Theme link. 2. From the Theme dialog box, select the theme you’ve slated for deletion in the drop-down menu and click the Delete button. Vista removes the theme definition file and all related media that may be associated with the custom theme. Theme files, by the way, are stored in the %WinDir%\Resources\Themes folder by default, but you shouldn’t delete theme files manually. Use the steps just outlined instead.
Disabling Theme Changes Sometimes themes can be the bane of an administrator’s existence. Users end up losing icons and can’t figure how else to launch favorite applications, changing the wallpaper to something that’s, shall we say, less than business-appropriate, and so on. Inevitably, they end up calling you over to set things back to the way they were. Fortunately, there’s a way to enforce that a particular theme be used. More specifically, there’s a way to prevent changes to any part of the Vista Desktop, so that whatever settings have been configured for the user will remain unaltered. The technology answer is to use a Group Policy Object and configure a policy setting that prevents any Desktop changes.
60
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory The ability to create or edit a GPO is not available on Vista Home Basic or Home Premium.
To configure a policy setting preventing Desktop changes, follow these steps: 1. Open the Microsoft Management Console by typing mmc from the Start Menu. You will be prompted to continue if using User Account Control. 2. A blank MMC console opens. This console doesn’t have any functionality right now, but it will once we add a snap-in. To do so, click File | Add Remove Snap-in. 3. The Add/Remove Snap-in dialog box appears. From the list, choose the Group Policy Object Editor and then click the Add button (in the middle) to snap it in to the blank console.
4. You’ll then be asked which object the Group Policy Object will be linked to. In a Windows Server domain environment, you can link GPOs to domains, sites, and organizational units (OUs). To manage just a single computer, choose to link the GPO to just the Local Computer Policy setting. If your Vista computer is not part of a domain, you’ll only get one choice: the local computer.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
5. Now the MMC console appears with a snap-in loaded called Local Computer Policy:
• •
Computer settings These settings configure computer behavior, such as startup and shutdown activity. User settings These control user behavior, such as actions at logon and logoff time.
There are hundreds of possible Group Policy settings that get further discussion in the following chapter, so we’ll limit the discussion here to just the desired result: preventing a user from changing their Desktop. 6. Expand the Group Policy to User Configuration | Administrative Templates | Desktop | Desktop. 7. You will see just a few of the possible Desktop settings that could affect user behavior. (Not to beat a dead horse here, but these are just the Desktop settings in the Desktop folder. Look at the Taskbar and Start Menu settings if you really want to feel overwhelmed.) 8. Note that none of these settings are configured by default. To prevent changes to the Desktop Theme (that is what kicked off all this discussion, recall), double-click the Prohibit Changes setting. 9. In the Prohibit Changes settings dialog box, shown next, click the Enabled radio button.
10. Click OK. The setting should now show as enabled in the Group Policy Object Editor MMC console.
61
62
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
In addition to Group Policy Objects, Windows Vista provides another method (at least on some versions) for governing activity with the operating system. Like the Aero interface, this is another new feature of Windows Vista, and one that, in my opinion, is much more likely to be a game-changer technology for everyday users. You’ll see why in the next objective.
Objective 2.03
Configure and Troubleshoot Parental Controls
F
or a relatively long time now, computer administrators have been able to dictate how a computer can be used by leveraging Group Policy Objects. Now Vista gives much of this administrative power to the hands of parents (or spouses; let’s not kid ourselves). Vista does this with a new feature called Parental Controls, which allow parents to set the parameters for computer use for other users of the system. What’s more, parents are able to use Parental Controls to generate detailed reports about when and how the computer is used. In other words, Parental Controls make parents the administrators over their family’s “domain.” The Vista Parental Controls can be set up to govern four key areas of computer use for any computer account:
• • • •
Set time limits for computer use Limit Internet usage Prevent users from running certain programs Prevent users from playing certain games
Travel Assistance To use Parental Controls, you have to have the right version of Vista. As they are designed for use in home settings, Parental Controls are only available on the Home Basic, Home Premium, and Ultimate editions. For the same kinds of control and reporting over program, game, and Internet usage with the Business or Enterprise editions, the solution is a Group Policy Object (GPO).
We’ll look at the configuration steps for each of these tasks in the following sections.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
63
Limit Computer Use As mentioned, one of the ways to leverage the Parental Controls is to place limits on hours of computer use. Options include setting limits for hours of the day, total hours of computer use, or both. To set it up, follow these steps: 1. Open the Control Panel (choosing Start | Control Panel works), then open Parental Controls. If using the Classic View, there’s a Parental Controls icon. If using the Standard View, choose the link called Set Up Parental Controls For Any User under the User Accounts and Family Safety grouping. (You will be prompted for administrative confirmation of User Account Control is enabled.) 2. Choose the account for whom you’ll be configuring time limits. 3. As seen next, choose the On radio button under Parental Controls. Then click the Time Limits link.
4. You’ll see a days/hours time grid. Click and drag to set blocked hours, which will appear in blue. To undo a blocked section, simply click and drag again.
64
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Limit Internet Usage Parents also have the ability to constrain Internet usage. To do so, follow the steps outlined previously to access the Parental Controls application in the Control Panel. Then follow these steps: 1. Choose the Windows Vista Web Filter link. You then get a dialog box with several options, shown next.
2. Note that once you enable Parental Controls, certain behaviors are configured automatically. One such behavior is the Web Filter’s action of Block(ing) Some Websites Or Content. The Block/Allow radio buttons in the top section work in conjunction with the Block Content Automatically radio buttons below them. There are four settings:
• • • •
High Medium None Custom
The Medium web restriction level is set by default, and Vista explains what the Medium level will block in the text box just below the buttons. The High level
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
65
blocks all content except for websites approved for children. None is self-explanatory, and choosing the Custom level changes the text box to a set of check boxes that the parent checks to enable filtering of certain kinds of content. No matter what default level you choose, parents and administrators can further modify how these automatic filters behave by editing the Allow and Block list. In fact, this list can be used with the None automatic filter and the Only Allow Websites Which Are On The Allow List check box for ultimate micromanagement, taking any decision making power away from Vista completely. Editing the Allow and Block list, while tedious, is fairly self-explanatory: 1. Open the Parental Controls application in the Control Panel. Type parent at the Start Menu’s instant search box to shortcut directly to this location. 2. Select the user for whom you’re setting Parental Controls, then turn Parental Controls on. 3. Follow the Windows Web Filter link, then click the Edit The Allow And Block List link. 4. You’ll see the Allow Block Webpages dialog box, shown next. Use this dialog box to add sites to either the Allow or Block categories.
To speed up the process for additional computers, parents can use a list that’s been built on one Vista computer on a second machine. Once you’ve built the
66
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Allow/Block list, export it with the Export button. On the second Vista machine, choose Import and then locate your .weballowblocklist file. (And yes, that’s really the file extension.)
Exam Tip The Windows Web filter simply blocks (or allows) the website from displaying. It is not a setting that has anything to do with a website’s security or privacy settings. It can be used to block file downloads, however, which does implement a level of security, to be sure.
Prevent Users from Running Programs Prior to Windows Vista, it was a chore to restrict access to certain applications without third-party software. Now it’s quite a bit easier thanks to the Parental Controls. All you have to do is follow the Allow And Block Specific Programs link from the User Controls dialog box, and you’re on your way. To prevent a user from using a certain program: 1. Open the Vista Parental Controls as specified previously, then follow the Allow And Block Specific Programs link. 2. You’ll see a dialog box asking for a default action. Choose the User Can Only Use The Programs I Allow radio button. 3. The section below will then be populated with programs, as shown next. To block a program, simply place a check mark next to the program name. If you don’t see the program listed, you can Browse for the program’s executable (EXE) file.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
67
Prevent Users from Running Games You can also place limits on game availability. What’s appropriate for your 16-year-old might not be appropriate for your 6-year-old. Again, the process starts in the Parental Controls section with the selection of the user account to be configured. Then, follow these steps: 1. Click the Games link, opening the Game Controls dialog box. 2. You’re given a choice about whether the account can play games. There are then two sections that allow the admin to: Block (or allow) games by rating Block (or allow) games by name
• •
3. There are links in each section. The Rating link opens the Game Restrictions dialog box shown next.
By default, a user who is allowed to play games is able to play all games. The Rating dialog box lets you change this default behavior, letting them play only games rated teen and lower, for example. The other link allows for restriction of certain game titles for the chosen account. If Halo 2 is a bit too intense for the 6-year-old, you can prevent its use by choosing its title from the list of games and then clicking the Always Block radio button.
68
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Explicitly blocking a game is usually not necessary because of the default setting in this list: User Rating Setting. This setting examines the game rating against the highest allowable level for the user. For example, if a Halo 2 has a rating of Mature (it does) and the maximum allowable game rating for that user is Teen, the user will not be able to play it.
Activity Reports Of particular interest for the everyday parent/spouse/administrator is the availability of detailed Activity Reports. Once enabled, they can be used to determine exactly how much each user is using the computer, and more importantly, what they’re doing on the computer. To enable reports, follow these steps: 1. Open the Parental Controls application. You may be prompted for administrative credentials. 2. Choose the desired account and then under Parental Controls, click On. 3. In the Activity Reporting section, choose the On radio button to collect information about computer usage. 4. To view a report on usage, just follow the View Activity reports link from the same section. Vista then displays a report like the one shown next.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
69
As you can see, the activity reports lets you drill down to get a view of specific activity, such as web usage or game playing. Parents can even use the Activity Reports to monitor incoming and outgoing e-mail and Instant Messaging conversations, or even changes to a contact list. Powerful technology for the parent or administrator, indeed.
Travel Advisory The Parental Controls will alert you if there is an administrative account that does not have a password configured. One easy way to circumvent Parental Controls is to simply log on as an administrator, for whom Parental Controls have no effect. And how could a 10-year-old log on with an administrative account? Quite easily, in fact, if that administrative account is not password-protected.
And speaking of powerful technologies, Vista also includes a powerful new update to the Internet browser. It’s Internet Explorer 7, of course, and it includes several significant enhancements over its predecessor that aid with ease of use and with keeping Internet browsing as secure as possible. You can use IE7 on Windows XP systems, too, although some of IE7’s features are only available on the Vista platform. 70-620 exam takers would be wise to understand these enhancements and which ones are unique to Windows Vista.
Objective 2.04
V
Configure Internet Explorer
ista includes a new version of Internet Explorer, IE version 7, and with it is a great many features that will enhance the end-user Internet browsing experience. In fact, there are so many features that Microsoft mentions them in two separate 70-620 exam objectives: a configuration objective which is discussed here, and a dynamic security objective which is parsed out in the chapter that follows. As you will see, the first of these two Internet Explorer 7 objectives looks mainly at the changes that will most affect the end user. The second of these objectives dwells mostly in the realm of the Windows Vista administrator. As you will see in this first IE7 subsection, the improvements to the end user experience should help save time when surfing the Internet while also making the experience safer than ever before.
70
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Changes for the User Most of this book’s readers know this already: you don’t have to use Windows Vista to use IE7. IE7 happens to be included with Windows Vista as part of the operating system, but users of IE6 under a Windows XP environment can take advantage of the newest browser update as well. Either way, the first time IE7 is launched, users of Internet Explorer 6 will be immediately struck by the changed interface, which most will agree has been reengineered to be simpler, less cluttered, and streamlined for efficiency. Simply put, more of your screen is now dedicated to viewing of the web page, not viewing the browser that’s framing the web page. Some IE6 users might even breathe a sigh of relief—for users who were not vigilant against it, IE6 could be notorious for becoming cluttered with big buttons, lots of buttons, and isolated action panes (for example, Search, History). Figure 2.1 may conjure up unpleasant memories for some. It’s worth noting, in fact, that if you’re still using Windows XP, Internet Explorer 7 is a recommended security update. To be fair, however, IE6 did have an initial release date of August 2001. Service Pack 1 was released in September 2002, SP2 in August 2004, and a lot of browsing has happened since then. So when viewed in the context of an average PC’s lifespan being three years, IE6 has more than held up its end of the bargain.
FIGURE 2.1
What could happen to Internet Explorer 6
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
71
Now that we’ve briefly laid out what was, let’s touch on what is with the new browser.
Browser Viewing Improvements Beyond the overall more polished appearance—one that incorporates much of the Aero glass styling of Vista no matter what OS it’s used on—the redesigned user interface of IE7 provides navigation that is cleaner and more streamlined than ever before. Figure 2.2 shows this new look and feel when used on a Windows XP machine, while Figure 2.3 shows IE7 running under Windows Vista. As can be seen in both the XP and Vista versions, IE7 has significant navigational enhancements:
•
The browser frame has been reorganized with the Address Bar appearing at the top of the window, replacing the drop-down menu list in IE6.
• • •
The Back and Forward buttons are smaller and moved to the left of the Address Bar. Flanking the Address Bar on the right is the smaller Refresh and Stop buttons. The new Instant Search box lives in the upper right-hand side of the Refresh and Stop buttons. We’ll discuss the new Instant Search in more detail later in this chapter.
The changes in the navigational design of IE7 continue onto the next row of buttons, beginning below the Back/Forward buttons with a new Star icon.
FIGURE 2.2
The IE7 interface in Windows XP
FIGURE 2.3
The IE7 interface in Windows Vista
72
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Favorites Center Enhancements In exploring the second row of navigational buttons, IE7 users will find significant usability enhancements. These usability enhancements are immediately evident within the new Favorites Center:
•
Adding to Favorites The Favorites menu is now positioned to the left of the tabs and represented by a star icon. It is paired with the star-plus or plain plus (+) icon, indicating quick access to the Add Favorites/ Feeds options. You can add a site to the list of favorites by choosing the Add To Favorites menu option, bringing up the dialog box seen next.
•
Favorites/Feeds and options Clicking the star icon provides the user with access to their favorites, RSS feed subscriptions, and browser history, as shown here. This is done without interfering with browser window viewing.
Microsoft has also provided the option of docking the Favorites/Feeds/History panel, similar to Microsoft browser behavior of the past. This can be done with the Docking button to the right of the History button. For those who want a little more browsing real estate, the menu interface allows you to take care of business and then get back to your full-screen browser window. The Add Favorites/Feeds menu operates in the same manner as the Favorites/Feeds/ History menu but without the option of docking the menu. However, if you choose to organize your Favorites from within this menu, you will get one of the few pop-up menus to be found in IE7. For those who may be pop-up window-phobic, rest assured that basic organizing can be performed in the Favorites menu using drag-and-drop.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
73
Continuing to the right of the star icon in the IE7 browser interface are some of the best new features of IE7:
• •
Quick Tabs
A button with four rectangles arranged on it
Tabs List A button with a down arrow that grants access to the Tabs List
Which of course leads us to a discussion of one of the most noticeable interface enhancements in Internet Explorer 7: the incorporation of native tabbed browsing.
Using Tabs Tabbed browsing is the default behavior in Internet Explorer 7, but that doesn’t necessarily mean the Vista computer you’re using is behaving that way. To use the new tabs in IE7, you might want to first verify your tabbed browsing capabilities: 1. Press the ALT key and then choose Tools | Internet Options. You’ll now see the Internet Options dialog box with the General tab selected. From there, select the Settings button under the Tabs sections. 2. You can now configure tabbed browsing settings in the Tabbed Browsing Setting dialog box shown next.
Based on your determined tabbed browsing settings, you may then use some or all of the tools discussed in the following sections. Configure Tab Options Getting started is simple: to create or open tabs in IE7, users can simply click the empty tab to the right of the open tabs or use the shortcut keystroke combination of CTRL-T.
74
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Easy enough, and even the most novice user can quickly figure this one out. But there are other options for opening new tabs that require a little more digging; consider this book your shovel. If you right-click any web page hyperlink and choose Open in New Tab from the context menu, for example, the new site magically opens in a new tab. This can be a great way to avoid unnecessary typing in the Address bar or, even better, as a way to view linked web pages without navigating away from your current page. It’s particularly useful when viewing a site, for instance, that has multiple articles referenced on a page. You can maintain your linking page for reference while opening and viewing each linked article in a separate tab. There are two other handy ways to open a new tab:
• •
Hold down CTRL while clicking a hyperlink. Hold down ALT when pressing ENTER in either the Address Bar or the Search Bar.
In each case, your results will automatically open in a new tab. Nifty, eh? But wait—the fun doesn’t stop with mere tab creation. Users also have the ability to right-click a tab and perform one of several other browser actions, including:
• • •
Refreshing each page as an individual tab Refreshing all tabs as a group Closing individual tabs or the entire group
What if you want to group two tabs side by side? Do you have to close any intervening tabs? Absolutely not. Users can reorder tabs by simply clicking the tab and then dragging and dropping. It’s an extremely useful feature that, amazingly, doesn’t appear in some of the other tabbed browsers. Along with the tabbing functionality are some awesome tools that help manage and maximize the usefulness of those tabs. First among our discussion of the various the tab tools is Quick Tabs. Quick Tabs If tabs present users with a great new way to interact with web pages, then Quick Tabs present a great way to interact with multiple tab collections. By using Quick Tabs, users can easily manage multiple tabs by viewing thumbnail images of all open tabs in a single window, as seen in Figure 2.4. To begin your first experience with Quick Tabs, click the leftmost tab with the square of rectangles. This will present you with a new window showing a single page thumbnail representation for each open tab within this particular browser window.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
FIGURE 2.4
75
Quick Tabs in the house
At the risk of stating the obvious, I’ll say that the thumbnails shown are only for the tabs associated with the browser window within which you clicked the Quick Tabs icon. If you have any additional browser windows open, those browser tabs will not appear in this particular Quick Tabs window. However, a thumbnail Quick Tab will appear for each tab, regardless of how many tabs you have open in this particular browser. The thumbnail images will merely scale as necessary to show all open tabs in a single window. And here’s where it gets really cool. Each Quick Tab shows not only the thumbnail image of the page open in the tab, but also shows the associated page’s title above the thumbnail. To the right of the title for each Quick Tab is an “X” icon which can be used to close the tab without having to navigate back.
Travel Advisory Quick Tabs is most useful, in my opinion, when I have multiple tabs open from the same site, and that particular site shows incredibly long page titles such as “WebSiteName.com—This is your open page.” With multiple tabs open, it is impossible to know which tab is which, a problem which is easily alleviated using the Quick Tab image.
76
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
The Tab List Just in case the Quick Tab viewing option is just a little too extreme for some users, Microsoft threw in the option of viewing a comfortable, familiar drop-down list of all open tabs. To the right of the Quick Tabs group viewing tab is a little button with a down-arrow. It’s called the Tab List button. Clicking here will provide users with a drop-down listing of all open tabs, as shown next. Users can then select whichever tab they wish to view, and IE7 will make it so.
Tab Groups Another tab management utensil built into Internet Explorer 7 is Tab Groups, which allows users to group different URLs together in a single location. Rather than opening up a tab for this site, a tab for that site, and so on—making multiple trips to the Favorites Center along the way—users can launch all associated tabs at once with a single click. IE7 pulls off this impressive feat of efficiency by allowing Tab Groups to be saved as a single Favorites entry. To create a Tab Group, open all sites as tabs within a browser window. Once open, click the Add Favorite button, and then click the Add Tab Groups to Favorites option from the menu. Once created, the Tab Group will appear as a seemingly regular folder in the Favorites menu. By clicking the folder, the Tab Group expands to show all of the unique sites organized within the folder. Better still, the user can open all the sites within the Tab Group with a single click of the arrow shown to the right of the folder in the Favorites list, shown here.
Setting a Tab Group as Your Home Page The section title pretty much says it all: you don’t have to set only a single URL as your IE7 home page. In fact, setting just one home page will seem downright homespun once you learn about setting up an entire Tab Group as your home page.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
77
Why? Let’s say that each time you hop onto the Internet you check your e-mail via the webmail log-in, check the daily movement in your current stock holdings, spend some time feeding your brain on YouTube (“Look, hon! Those otters are holding hands!”), and then see if Dane Cook has responded to your MySpace friend request (he probably has; he’s just cool like that). As we discussed earlier, you can open up each of these websites as a separate tab and then save all open tabs as a Tab Group, as shown here.
Once you have a saved Tab Group, you can set this group as your home page. To set the Tab group as IE7’s home page, use the Home button drop-down menu and choose Add or Change Home Page. From there, you receive a dialog box asking you what to set as the default location. You have three choices here. Obviously, you will want to choose the third selection, Use The Current Tab Set As Your Home Page, as shown next.
If you want to set a specific site or Tab Group as your home page without opening the page(s), you may also use the Internet Options menu that is accessible through Tools | Internet Options | General Tab. Merely enter the desired home page site address or, if you want to use multiple sites, enter each site address on a separate line, as shown next.
78
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Exam Tip A Tab Group can contain an unlimited number of tabs or sites, and users can create an unlimited number of Tab Groups within Favorites.
Another significant enhancement of the Internet Explorer 7 user interface is the overhaul of the search capability: it now includes an integrated, customizable, search feature that provides functionality that users of IE6 typically looked to a search toolbar to provide.
Integrated Search IE7’s new search interface allows users to not only search the Internet directly from the browser frame, but also to deploy their favorite search provider to perform the search. The default search provider is Windows Live, naturally, but users can choose a different default search provider from the drop-down list shown here and easily add more providers to the list. To offer users a greater degree of choice, however, Internet Explorer has expanded the definition of a “search provider” to include both broad and vertical search providers as potential candidates for inclusion in the Instant Search drop-down list. From the Instant Search drop-down menu, users can click Find More Providers to view the linked Windows Search Guide, shown in Figure 2.5.
FIGURE 2.5
Add more Search bar options.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
79
Once a search provider has been added, users can toggle between providers with the drop-down arrow on the right. Doing a research paper on the Seattle grunge bands? Maybe Expedia is a better starting point than Goog—excuse me—Windows Live Search. Trying to find a great price on the game consoles? Maybe Shopzilla or eBay can point you in the right direction.
Page Zoom IE7 also adds a much-needed Page Zoom feature. By choosing the Page Zoom option, users can increase or decrease the page size to meet their viewing needs. Not only does the zoom feature change the appearance of the text size, but any graphics or embedded text in graphics will also be visually modified. In taking a web page at normal view, as shown in Figure 2.6, it is easy to see why a user might want to use the zoom feature. While the site’s designer might not have had any difficulty reading the site within the website design application, live text on the web can often be difficult to read due to size, color, or even the page design itself. But, as shown in Figure 2.7, a slight zoom to 150 percent makes all the difference in the world. This can be especially helpful when dealing with spreadsheets and other lists of data that have been saved as web pages. The most obvious way to zoom is by using the Zoom menu on the status bar, located in the lower right of the browser window. If you happen to have a wheel
FIGURE 2.6
A web page at normal size
80
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
FIGURE 2.7
Zoom in to a particular area.
mouse at your disposal, however, you can also hold down CTRL while spinning the wheel. Spin up to zoom in and spin down to zoom out.
RSS Feed Support Yet another significant enhancement in IE7 is integrated support for Really Simple Syndication (RSS) feeds. Using this feature, users can easily discover, subscribe to, and read RSS feeds directly in the browser, allowing them to receive a variety of different subscriptions delivered directly to them. The RSS reader capabilities mean that users can subscribe to multiple feeds and read new entries without visiting individual websites or opening a separate feed reader. In previous versions of Internet Explorer, RSS feeds were rendered in the browser in raw Extensible Markup Language (XML), which was virtually useless. In IE7, however, users can find feeds, subscribe to the feeds, read the feeds directly in the browser, scan the feeds for important stories, and view a synopsis of the story’s content. Users can also subscribe to a feed with a single click within IE7, a process that is virtually identical to the process of adding a new Favorite. Some of the features of using IE7 as the RSS reader application are as follows:
•
Feed Discovery Button The Feed Discovery button tells users if there is a feed detected on the web page being viewed. It lives on the command bar and lights up when a feed is found. Clicking it navigates the browser to the Feed Reading Page.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
•
Feed Reading Page This is the view of the feed for reading. When you subscribe to a feed, you can determine the new content versus the content that you’ve seen before. To assist users in accessing the content that is of interest, IE7 makes controls for inline searching, sorting, and filtering available within the reading page.
•
Feed list By clicking the Favorites/Feeds List star icon, users can access their list of subscribed feeds, as shown next. A feed is bold if there is new content available for users to access.
81
IE7 incorporates a RSS platform that may be used by any application. This cross-platform availability provides different applications the ability to share access to the same set of RSS subscriptions, enabling the possibility of a whole new range of options for RSS feed use. Microsoft Outlook 2007, for example, can be used to read RSS feeds that have been subscribed to using Internet Explorer 7. Getting Started with RSS To get started with Really Simple Syndication using IE7, users must first find a feed and then subscribe to it. Most users will encounter a feed through the Feed Discovery button located on the command bar. A website may advertise that it has one or more feeds available. If available, the button is active and appears orange. If not, the RSS button remains grayed out or inactive. If there are multiple feeds associated with the page, click the RSS button to see a drop-down menu of all the discovered feeds. To subscribe, click the desired feed from the drop-down list. You’ll then see a confirmation dialog box where you can rename the feed if you’d like.
82
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Users can further adjust the Feed Settings by right-clicking any feed entry, then selecting Properties. From this dialog box, shown here, users can rename the feed entry, change how often IE checks for new content, automatically download enclosures, and control the archiving of old items. Once subscribed, the feed will then be listed in the Feed List within the Favorites Center. If a feed appears bold in the Feed List, then there is new content associated with that feed that the subscriber has not yet viewed. Any downloaded content generated via the user’s designated subscriptions is available for reading in the Feed Reading page. Users can further manage the general feed discovery/download activity within IE7 by following these steps: 1. From IE7, click Tools | Internet Options | Content. 2. Click the Settings button to access the Feed Settings dialog box.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
83
Exam Tip IE7 restricts downloads in RSS feeds by default. Attached files can only be downloaded upon determination that they are safe (no executables, for example). IE7 then stores the files separately from any personal files, much like a virtual quarantine.
Applying an RSS Filter Users can deploy filters to quickly locate a specific category if categories are included in the feed. As shown here, you can quickly jump to just those feeds that are marked as having downloads. Just as with sorting, a website publisher can include different filtering fields such as region and color.
Advanced Printing Capabilities Amidst the oft-trumpeted additions of tabbed browsing and RSS feeds, one of the most useful and dynamic new features of IE7 is often left by the wayside. Not so in these pages—nor should you overlook it in your preparation for the 70-620 exam. With IE7, Microsoft helps users win those annoying battles waged between browser and printer.
84
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
For instance, how many times have you printed a web page only to find that the right-hand side has been cut off? What about that mysterious, unexplained blank page that prints at the end (or sometimes the beginning, depending on how the printer’s configured) of a print job? Or the page that prints with one line of text—the website address? Is there an answer? There is, or at least IE7 tries to place such an answer at your disposal. In IE7, web pages are automatically scaled for viewing within the browser window by using Shrink to Fit and Orphan Control (for unnecessary white space). Pages should always fit the paper with these two technologies working on your behalf. The printing of useless blank pages can be easily avoided as well: 1. Click the Print drop-down arrow in the IE7 toolbar. 2. From the Print menu, select Print Preview. From here, you have several options, as shown next. You can choose from multiple view options, ranging from a single page all the way up to a 12-page view. You can also view each page full-width or full-page and switch between landscape and portrait view modes.
What’s more, you can choose to print headers and footers or leave them out entirely while in the preview window. To do so, click the little gear button on the Print Preview toolbar, which will open the Page Setup dialog box. To remove the header and/or footer, select and remove the field entries in the Header and Footer sections, respectively. This ease of use means no more looking at the preview, canceling the print, then having to adjust the document properties in another dialog box prior to resuming your print operation. Add this to the new Live Margin sliders in the preview and users gain a much greater sense of control over what is sent to the printer.
CHECKPOINT ✔Objective 2.01: Troubleshoot Post Installation Issues
In this objective, we looked at ways to troubleshoot post-installation issues that are sometimes a regrettable part of an upgrade procedure. The main focus of this objec-
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
85
tive is on getting data from one computer to another in order to preserve the user environment after an upgrade. The tools for this include the User State Migration Tool and the Windows Easy Transfer. You should especially be familiar with the Easy Transfer when you sit for the 70-620 exam.
✔Objective 2.02: Configure and Troubleshoot Vista Aero
Vista Aero is the new user interface that includes three main features: a glass appearance, live thumbnails, and Windows Flip 3D. In this objective, we looked at how to enable and disable the Windows Aero interface, what software and hardware requirements are necessary to run Vista Aero, and finally, at what performance issues may present themselves on a system that may not quite be up to the task of running Aero.
✔Objective 2.03: Configure and Troubleshoot Parental Controls
In the past, one challenge for home computer users was trying to determine exactly what kind of activity the computer was being used for. Concerned parents had to look to third-party utilities such as NetNanny for this ability. Now, the home versions of Windows Vista (Home Basic, Premium, and Ultimate) include Parental Controls, which combine several features that let parents limit computer use and obtain detailed reports about computer activity. Much more so than Aero, this could be the killer application for many home users looking for a good reason to upgrade.
✔Objective 2.04: Configure Windows Internet Explorer
Internet Explorer is probably the most often used application on the Vista platform (or on virtually any computing platform today), and it’s undergone a significant overhaul with IE7. As you learned in this objective, the redesign changes the look and feel of Internet Explorer, but the changes go far beyond the cosmetic. You can be sure to see at least two questions about Microsoft’s new Internet browser.
REVIEW QUESTIONS 1. You are thinking of upgrading a favorite laptop system from Windows XP Professional to Windows Vista Business edition after upgrading memory. You want to transfer all the files and settings from the old XP setup to the new system. What tool do you need to investigate to ensure this transfer is successful? A. B. C. D. E.
The Windows Easy Transfer utility The User State Migration Tool The Files and Settings Transfer Wizard The Windows System Image Manager None of the above
86
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. You have recently purchased a laptop computer from an online retailer with Windows Vista Business edition preinstalled. It will be used as the only system for your home-based business. Your existing computer runs Windows 2000, and you would like to quickly move all existing Windows settings and program files from the Windows 2000 computer to the new Vista system. What tool will allow you to accomplish this task most easily? A. B. C. D. E.
USMT Files and Settings Transfer Wizard Windows Easy Transfer Group Policy Objects All of the above
3. Which of the tools listed here is ideal for migrating files and settings from Windows XP and Windows 2000 to Windows Vista in a Windows Server 2003 domain setting? A. B. C. D. E.
System Preparation Tool Application Compatibility Toolkit User State Migration Tool (USMT) Windows System Image Manager Windows Preinstallation Environment (PE)
4. You have just upgraded your Windows Home Premium computer with a new graphics card with 256MB RAM, yet upon reboot, you see that it is still not using the see-through windows and Flip 3D of the Windows Aero interface. How should you enable this on your machine? A. Open the Personalization Control Panel application. Using the Windows Color and Appearance settings, select the Enable Transparency check box. B. Open the Personalization Control Panel application. Using the Windows Color and Appearance settings, choose the Windows Aero color scheme. C. Open the System Properties Control Panel application. Using the Device Manger, perform a Scan for New Hardware and then choose Enable Aero from the New Hardware Found Wizard. D. Open the System Properties Control Panel application. Using the Device Manger, open the Properties dialog box for the new graphics card and choose the Windows Aero color scheme. E. This cannot be done.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
5. You are purchasing a Vista OS for a laptop computer and want to be able to record television programs on the weekends, but you also need to join it to the domain at the office during the week. You do not care about the Windows Aero interface. Which edition of Windows Vista is right for you? A. B. C. D. E.
Home Basic Home Premium Business Enterprise Ultimate
6. You suspect a problem with a built-in audio controller on your Vista desktop computer. Which of these is a quick way to verify whether or not the device has been properly installed? A. Open Windows Media Player and play one of the sample tracks. No audio means there’s a problem with the driver installation. B. Open the Vista Device Manager. If the driver has not been installed, you will see a yellow warning symbol next to the audio controller. C. Right-click the speaker icon in the Vista Taskbar and turn the volume up. If the volume slider does not work, you don’t have an audio driver installed. D. Open the Vista Sounds and Notifications Control Panel application. If no audio device has been set up, you will be notified as such with an error message (the same audio message is also written to the Vista System Log, viewable with the Event Viewer). E. All of the above. 7. You are a parent who has purchased a new Windows Vista Home Premium desktop computer for family use. There are three kids who will use the computer, and you want to use the Parental Controls to limit and monitor system use. Which of these can be configured with the Parental Controls? A. B. C. D.
Time limits to keep the teenager off the computer after 10 P.M. Game limits to keep the 12-year-old from playing violent games Web restrictions to keep the husband off Internet poker sites Blocked access for all children to the financial application that tracks family finances E. All of the above
87
88
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
8. You are the administrator for a small company that uses Windows Vista Business edition to join all computers in a workgroup of nine computers. The company’s CEO is concerned that Internet access is becoming a drag on productivity and asks you to monitor Web and Instant Messaging activity on all employees. How can you implement your task? (Choose all that apply.) A. Use the Vista Parental Controls and configure a Web Filter which will capture a log file of all network activity. B. Use a third-party tool like NetNanny. C. Use the Vista Parental Controls and enable Activity Reporting. D. Upgrade all computers to Windows Vista Ultimate edition. E. Use a Group Policy object to disable Instant Messaging programs. 9. You have just performed a clean installation of Windows Vista and are now looking through the file structure for the physical location of the Documents folder. You notice that under Vista, there is no Documents and Settings hierarchy as there was under Windows XP. What’s the default location for the user profiles folders? A. B. C. D. E.
%SystemDrive%\Windows\Users %SystemDrive%\Windows\Profiles %SystemDrive%\%UserName% %SystemDrive%\Users None of the above
10. You are browsing the Internet and come upon a website that frequently publishes changes to content. What is the best way to keep informed about changes to the website content? A. Click the orange button in the Internet Explorer toolbar and subscribe to the site’s Really Simple Syndication feed. B. Configure a Scheduled Task that will check the website for updates every 15 minutes. C. Use the File | Send To option from Internet Explorer. Send the website address to your default e-mail client. The website will then notify you of updates using the settings configured in the e-mail client application. D. Add the website to your list of favorites and keep the IE7 Favorites Center open. Any new content will cause the shortcut to become bold. E. None of the above.
CHAPTER 2 Configuring and Troubleshooting Post-Installation System Settings
REVIEW ANSWERS 1.
Some questions require that you simply read them carefully, and this is one such question. When upgrading from Windows XP to Vista, you do not need to transfer anything. All files, settings, and programs will be automatically retained during the upgrade procedure.
2.
The Windows Easy Transfer lets a user easily migrate personal files, e-mail, data files, media, and settings from your old computer to the new Vista system. It does this with the least amount of administrative overhead.
3.
The Microsoft Windows User State Migration Tool (USMT) is used to migrate files and system settings from Microsoft Windows XP and Windows 2000 to Windows Vista.
4.
The Windows Vista Aero color scheme is enabled.
5.
Vista Ultimate is the only edition that includes the ability to join a domain and run the Windows Media Center that will allow you to record television programs. The Ultimate Edition is Windows Aero–capable, but it does not have to be enabled.
6.
Device driver problems are indicated when opening Device Manager. If there is a problem, you will see either a red “X” signifying that the device has been uninstalled or a yellow warning if there is a problem such as the driver not working.
7.
Vista’s new Parental Controls can place a wide variety of administrative restrictions on computer use, no matter what the age of the kids—or spouse, as the case may be.
8.
Windows Vista Business edition does not include the Parental Controls, and you need third-party tools to monitor Internet and Instant Message activity. Microsoft does make some products that can do this, but they are beyond the budget of most small businesses. If you said C and were thinking that it would be combined with answer D, then you’ve got a good grasp of the subject matter.
9.
After a clean installation, Vista places all of the user documents, contacts, Desktop Settings, and Favorites in a folder under %SystemDrive%\ Users. Vista then creates a folder for each user of the system.
10.
The scenario being described here is one that could be addressed perfectly by subscribing to the site’s RSS feed. Generally speaking, as long as the RSS feed adheres to an XML format, IE7 will serve as a very capable RSS reader. You can be notified of new RSS content by opening the Favorites Center and choosing the desired feed from the RSS grouping.
89
This page intentionally left blank
Configure Windows Security Features
3
ITINERARY
•
Objective 3.01
• •
Objective 3.02 Objective 3.03
•
Objective 3.04
•
Objective 3.05
Configure and Troubleshoot User Account Control Configure Windows Defender Configure Dynamic Security for Internet Explorer 7 Configure Security Settings in Windows Firewall Understand Windows Group Policy Objects
NEWBIE
SOME EXPERIENCE
EXPERT
3 hours
2 hours
1 hour
91
92
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
This chapter’s objectives deal with securing the Windows Vista operating system. It is by no means a comprehensive tour of network security, or even operating system security. Nonetheless, exam takers should find within a discussion that does a thorough job of hitting on all the topics you’ll need to pass the 70-620 test, and that’s exactly why you picked up the book. It begins with a look at the oft-discussed and sometimes maligned User Account Control (UAC). There have even been television advertisements from competitors seeking to use this new Vista security feature as a weapon against poor Microsoft. (It would be unseemly to mention any specific competitors, but let’s just say that the company’s name in question here rhymes with the word “apple.”) We then move into discussion of other utilities now included with the Vista operating system: Windows Defender, Windows Firewall, and Internet Explorer 7. Yes, some of these aren’t exactly new applications, but their default behavior certainly has changed. And, because the majority of computing threats come from the Internet, these three applications will work in harmony—if properly configured—to keep Internet threats at bay. The chapter concludes with a big discussion on the biggest topic in the chapter, and quite possibly the entire book: Group Policies. If you’re taking this certification exam in order to become (or refresh skills about) a Windows network administrator, you will no doubt be revisiting this subject again. In fact, it’s no stretch to say that the majority of Windows network administration is Group Policy administration. The conclusion of this chapter will leave you with a good understanding of Group Policies, which in turn will provide a good foundation as your studies continue.
Objective 3.01
T
Configure and Troubleshoot User Account Control
o fully understand Vista’s new User Account Control, it’s important to examine computer behavior under Windows XP. This chapter then begins with a little background information, giving you a few of the reasons why User Account Control was developed in the first place and the specific security concerns it addresses. Here’s the challenge for many-a Windows administrator: your users have the ability to do too much with and on their computers. But that’s a rather nebulous description, isn’t it? Too much, at least to an operating system, can encompass many things, including (inadvertently, of course) rendering a system all but in-
CHAPTER 3 Configure Windows Security Features
93
operable by either deleting some crucial file or executing some program or script that tells the computer to do something you don’t want it to do. Why does this happen? Because in the past, many user accounts ended up with administrative rights. In Windows XP for instance, all user accounts have rights as local administrators by default. Why? Because the XP Setup Wizard is kind enough to place all users in the local administrators group. This means that all XP users, by default, had the ability to do the following:
• •
Exert read, write, and execute permissions over every single file, including Windows system files Exercise all Windows rights (including, for example, the right to take ownership of a file and then change permissions at will)
Windows XP also provided the ability to create other accounts called Standard User accounts. These accounts had much more limited privileges over the computer. In fact, these privileges were too limited for a lot of users, companies, and circumstances. For example, a Standard User account under Windows XP could not install applications, creating many a headache for the end user trying to get that mission-critical ActiveX control installed in their browser. I personally can attest that I’ve seen more than one company give every single user full local administrative privileges just so users could get their work done. But no more. Now, Vista introduces the User Account Control (UAC) technology, making it easier for companies to limit the rights of the average user, while still protecting the computer from accidental installations of malware (read: mission critical ActiveX control) and other changes that affect the computer as a whole.
User Account Control Behavior With the User Account Control technology acting as a sentry, two securityrelated benefits are immediately realized: 1. Malware cannot install silently in the background while a user is unaware. UAC doesn’t prevent malware from installing, mind you; it just stops the installation in its tracks before an administrator gives it the go ahead. What’s more, this safeguard is directly related to the second main benefit. 2. UAC requires either credentials or confirmation before performing any act that will affect all users of the computer. Individual users can still make changes to their own user environments because that won’t affect the computer as a whole. But more sweeping changes such as accidentally disabling a driver (or installing a piece of malware) will be prevented by UAC until administrator approval is given.
94
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
But before we get too far into the discussion, it’s important to stop for a moment to realize that Vista still includes the two basic kinds of user accounts that were available in Windows XP. Each one will be handled differently by User Account Control’s security mechanism. With Vista, new user accounts fall under these two categories:
•
Administrator accounts These accounts can perform any and all administrative tasks on the machine, including application installation and system settings changes.
•
Standard User accounts These are the equivalent of the Standard User accounts in previous Windows versions. Standard accounts can now install applications, but not those apps that install into the %systemroot% folder. Also, they cannot change system settings or perform other administrative tasks.
Travel Advisory %Systemroot% is a variable designating the installation directory for Windows Vista. On most computers, this will be \Windows.
Now here’s where Vista has made a big improvement over the past: a standard user can still perform administrative tasks if they provide proper administrative account credentials, as shown next.
And, when UAC is enabled, even a member of the local Administrators group will be prompted to approve a process where a standard user would be asked for
CHAPTER 3 Configure Windows Security Features
95
administrative credentials. In other words, even the administrator behaves as a standard user until trying to perform some administrative task, at which time Windows Vista asks permission, as shown here.
If you investigate further by clicking the Details button, you’ll notice the reason why: you’re trying to launch an executable living in that pesky %systemroot% folder, which in turn would affect everyone, not just the currently logged-on user. So even if an administrator account is trying to install that mission critical ActiveX control, UAC ensures that, at the very least, said administrator is aware of the fact. Table 3.1 summarizes the rights of standard accounts versus administrator accounts under the rules of User Account Control. Because it’s one of the most significant changes to the operating system—both from a usability standpoint and from an architectural standpoint—it’s vital that any prospective exam candidate have a full grasp of UAC behavior. The following sections examine some of the User Account Control specifics in greater detail. TABLE 3.1
Privileges of Standard Users vs. Administrative Users
Standard User Account Rights
Administrator Account Rights
Establish a network connection Modify display settings Play a CD or DVD Burn a CD or DVD Configure battery options Change their own password Restore their own backup Set up sync between devices Connect a Bluetooth device
Install and uninstall apps Install device drivers Install Windows updates Configure parental controls Change a user account type Add and delete user accounts Configure Remote Desktop access Schedule automated tasks Modify the UAC settings
96
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Disabling User Account Control So now that you’ve learned all about UAC, there’s really only one real configuration question that needs to be addressed: how do you turn the thing off? Some folks find the User Account Control feature the absolute zenith of computer annoyance. Blogs abound filled with gripes and rants on UAC. You’re a smart person, after all, and don’t need some OS reminding you that you’re installing a new app. To stop those constant reminders that you’re about to install something, or make a configuration change, follow these steps: 1. Open the Control Panel. (There are lots of ways to do this—use the Start Button and then choose Control Panel if you’re lost.) 2. Double-click User accounts, and then choose the Turn User Account Control On Or Off link. Since UAC is on, you’ll have to grant approval for your action before getting to the next screen. 3. Uncheck the Use User Account Control (UAC) check box to help protect your computer. 4. Click OK. You’ll then need to restart your computer. There are several other ways to do this, by the way. We’ll hit on most of them throughout the course of the book. For now, all that’s necessary is an understanding of UAC’s implications. Once you’ve disabled the ability for Administrators to run in Admin Approval Mode, you have effectively turned UAC behavior off; you’ve made your brand-new operating system behave more like the old one, where users logged in as local administrators carrying the full access token with them at all times. (Note that you’re immediately warned about the utter stupidity of your action: the Security Center squawks a warning your way in the System Tray. Open the Security Center and Vista even gives you a chance to atone for your transgression with a single click. Since you’re disabling UAC you can ignore this warning, of course.) Before you take the step, however, I must pass along this word of warning, directly from Microsoft: While some non-UAC compliant applications may recommend turning UAC off, it is not necessary to do so since Windows Vista includes folder and Registry virtualization for pre-Windows Vista or non-UAC compliant applications by default. Turning UAC off opens your computer to systemwide malware installs. In other words, Vista will make “virtual” allowances for applications that want to run in the context of an administrative account. You shouldn’t have to disable User Account Control to make things work. So there.
CHAPTER 3 Configure Windows Security Features
97
Exam Tip It’s new. It’s a security feature. It changes the way both administrators and standard users interact with the operating system. So, expect a question or two covering UAC!
Besides User Account Control, Microsoft offers another tool that assists in the fight against malware. It’s called Windows Defender, and while another version was previously available with Windows XP systems, this is the first time Microsoft has included such a tool bundled with the operating system.
Objective 3.02
Configure Windows Defender
V
ista ships with a built-in antispyware and malware tool now known as Windows Defender. Previously known as Windows AntiSpyware, Defender’s mission is to prevent installation of malware: software that can either install itself or run without your knowledge or consent. It’s sometimes difficult to determine whether or not malware has been installed—a well-written piece of malware calls little attention to itself—thus making detection and removal all the more critical. Why bother removing malware? Because malware has a job, and it’s one you probably don’t want it to do. It’s called spyware for a reason. Malware applications can be written to gather information about online usage, including vital information such as login names, passwords, and credit card information. They can also change settings on your computer such as Internet Explorer’s home and/or just generally slow down performance. In a cruel joke to the uninformed, many of these malware programs are called “Internet optimizers,” or “spyware cleaners,” or other names that indicate something other than what they do. Malware can define a broad range of code such as worms, Trojans, viruses, and so on. There’s also the pop-up advertisement, brought to you courtesy of that old friend, adware. One of the things Defender works hardest against is the pop-up. (Really nasty adware can display ads even when you’re not connected to the Internet.) Windows Defender helps to keep spyware off your computer—and remove it if it’s there—using a three-pronged approach that includes the following features:
•
Real-time protection Defender uses this to help prevent new installations of malware. Defender alerts you whenever potentially
98
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
unwanted software attempts to install itself. Real-time protection also signals the user when programs attempt to change Windows settings. Both of these types of real-time alerts appear in the System Tray.
•
Membership in the SpyNet community During the Defender setup, you’re given the opportunity to join the SpyNet community; it’s checked by default. SpyNet is a good first line of defense against spyware, letting you see whether or not others have installed software that’s not yet classified. If other members of SpyNet haven’t allowed a particular piece of software, you can use that information in your decision of whether or not to install. Your installation choices then close the feedback loop by helping other people choose what to do. It is recommended practice to join SpyNet during setup.
•
Automated scanning options This is how Defender helps with malware that’s already been installed. There are options within to scan manually and at regular intervals. You can also specify here what actions to take with any detected malware.
Membership in the Spyware Community One of the most significant factors in determining the behavior of the Windows Defender tool revolves around your decision of whether to join the SpyNet community, and therefore merits a bit of further discussion here. Fortunately, there isn’t much to discuss. As you just learned, Windows Defender suggests membership in the SpyNet community during setup time (when you first launch the application). You will be faced with deciding between two levels of this SpyNet membership:
•
Basic Membership Causes Windows Defender to send basic information about the software it detects to Microsoft. Such basic information includes the actions you perform on software, as well as reports on whether the action was successful. Also, you will not be given alerts about detected software that has not yet been analyzed for risks. In some cases, the basic information sent might include personal information, but Microsoft will not use this info to contact you.
•
Advanced membership Gives you an additional level of control by alerting you about software installations or changes made by installed software that has not yet been analyzed for risks. An advanced membership will send basic information plus information about
CHAPTER 3 Configure Windows Security Features
99
potentially unwanted software such as the filenames, locations, and how this software has changed your computer. In some cases, personal information may be sent, but Microsoft will not contact you using this info. As you can see, the choice really comes down to a matter of how much information to send to Microsoft as part of your SpyNet membership. In neither instance of SpyNet membership will Microsoft use any of the information collected to contact you. If you don’t ever want Defender to send any information to Microsoft, then don’t join SpyNet. As you prepare for the exam, it will be good practice to familiarize yourself with the differences between the two. (If you have been reading carefully, you just did.)
Protect Your Computer with Windows Defender We could spend an entire chapter discussing each and every feature of Windows Defender, but instead I’ll concentrate on just two: the Automatic Scan and the Defender Definitions. Once these two features are in place, Windows Defender works pretty much on autopilot: it carries out its job without much, if any, additional input from the user. On the exam, you shouldn’t be asked anything that falls outside the scope of these two configuration parameters. One of the most important components of the Windows Defender tool is its list of spyware. During a scan, Defender compares the list of installed software against the list of known malware and then detects (and most often deletes) software that matches what’s on the spyware definitions list. Another important function of the antispyware tool is the automatic scan. After all, an updated list is of little use if it’s not actually used in a scan. Fortunately, these two options are configured from the same location. To make sure your malware definitions are always up to date and that your system receives a regular scan, follow these steps: 1. Open Windows Defender. You can use several methods, including the Control Panel (which is its own app if using the Classic View). Alternatively, you can click the link in the Security Center. 2. Click the Tools link, then the Options link. 3. Under Automatic scanning, shown next, make sure the Automatically Scan My Computer (Recommended) check
100
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
box is selected, and set the scanning frequency using the drop-down boxes.
4. To make sure definitions are up to date, make sure the Check For Updated Definitions Before Scanning check box is selected. 5. Click Save. You may be prompted for administrative credentials if using User Account Control. While we’re on the subject of protection from Internet-borne attacks, it’s also important to take note of the many security features available in Internet Explorer 7. Microsoft has even made it the subject of a test objective, and it’s discussed in the next section.
Objective 3.03
S
Configure Dynamic Security for Internet Explorer 7
ince the Internet browser is usually the main point of contact between you and the network, a vital area of network security, then, is to make sure your browser is configured with the most secure settings for your purposes.
CHAPTER 3 Configure Windows Security Features
101
Although we discuss IE7 in various chapters throughout the book, this particular test objective requires that you fully understand Internet Explorer 7’s many new security features. Some of these features are visible upon first opening the browser; the status bar at the bottom of the IE7 window, shown here, highlights several of these security indicators.
The security indicators are as follows:
• •
A Privacy Report The little eyeball that indicates whether any cookies have been blocked.
•
Protected Mode status A setting that makes it more difficult for websites to plant malicious code in your computer.
The Zone Indicates whether the page you are viewing is in the Local Zone, Trusted Zone, or Internet Zone. These are explained in detail later in this section.
Users can double-click any of these status bar indicators to view settings or status. For instance, if you double-click the Privacy Report (the eyeball icon), you’ll see the Privacy Report window, shown next.
Other IE7 security settings are configured using a more familiar dialog box that can be accessed using the Tools menu. You will notice two security sections, Privacy Settings and Security Settings, which are both described here in detail.
102
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
IE Privacy Settings Internet Explorer’s privacy settings are found by choosing Tools | Internet Options, then selecting the Privacy tab, shown next.
Here you can select your security settings for the Internet Zone. In other words, you tell IE what sorts of cookies you will accept when you are visiting a new or untrusted website. (Most of the sites you visit, I bet, are untrusted—this isn’t necessarily a bad thing, it’s just that they haven’t been added to the Trusted Sites list. What you trust and what Vista means by a trusted site usually means two different things.) For the most part, the Privacy tab configures how IE7 will handle cookies. Cookies are small little text files that store personal information about you on the Vista computer. These files are then read by websites upon visiting, which in turn allows the website to tailor content specifically for you. Most of the time, cookies are very useful. For example, every time I visit the site finance.yahoo.com, I’m shown a list of the most recent stocks I’ve looked up. I also get weather information for Kansas City on the Yahoo! home page. Why? Because the site reads a cookie file that contains stock symbols and an entry for Kansas City. Yahoo! is then able to retrieve information that is most useful to just one person: me.
CHAPTER 3 Configure Windows Security Features
103
But not every cookie is used for such benevolent purposes. Some are commonly used by spyware and adware programs to track web surfing habits of users, usually without their consent or knowledge. A famous example is the cookie used by DoubleClick. (Don’t know what DoubleClick is? Perfect—they like it that way. In fact, I’ll bet you five dollars that you have something from them on your computer at this very moment. Just do an Instant Search on “double” and see if anything comes up.) DoubleClick uses cookies to target ads to the specific surfing habits of users. It might be one reason we could hit Vegas.com at the exact same time, yet I would see an advertisement for discount golf times, while someone else would see an ad for hotel specials.
Manage Cookies It should now make sense that most of the privacy configuration done in Internet Explorer 7 has to do with how cookies are dealt with. There are six possible settings available when you move the slider up and down:
•
Block All Cookies Blocks all cookies from all websites. Cookies that are already stored on the system are not accessible by websites. Effectively, this means that users accept no new cookies and websites are unable to use the cookies that have already been created. This is the most secure setting but will also prevent any convenience features that cookies make possible, such as a website displaying weather or news specific to your locale.
•
High All cookies from websites that do not have a “compact privacy policy” (that is, that are not P3P compliant) are blocked. You also block all cookies that save contact information for you.
•
Medium High All third-party cookies that lack a compact privacy policy are blocked, as well as cookies that contain contact information for you.
•
Medium All third-party cookies that lack a compact privacy policy are blocked, as are all third-party cookies that can be used to contact you without your explicit consent. Cookies that can be used to contact you without your implicit consent are restricted in their use—IE7 will ask you whether to accept specific cookies of this type. This setting represents a good balance of practical use and security.
•
Low All third-party cookies that lack a compact privacy policy are blocked, and you restrict cookies that can be used to contact you without your implicit consent.
•
Accept All Cookies IE7 will accept all cookies, and cookies that are already on your computer are accessible by websites you visit. Microsoft strongly recommends against using this setting.
104
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Users have the ability to configure which sites are in the Internet Zone. This security topic is discussed in the next subsection.
You also have the ability to specify individual sites that should never send you cookies. You can edit this list by clicking the Sites button to view or change the list, as shown next. The Per Site Privacy Actions window will appear, as shown here.
To add a site to the Managed Websites list, simply type (or paste) the address of a website in the Address entry box and then click either Block or Allow.
Exam Tip Remember this little mnemonic for the exam: Privacy tab = cookies, Security tab = downloaded content. Okay, fair enough, it’s not a mnemonic, but you should remember it anyway.
If you have saved privacy settings on another computer, you can import these settings: from the Privacy tab click on the Import button.
CHAPTER 3 Configure Windows Security Features
105
Moreover, you can override the default cookie handling behavior with the Advanced button. This will give you the Advanced Privacy Settings dialog, shown here. Here you can Accept, Block, or Prompt cookies from first parties and third parties, and you can always allow session cookies if you want to.
Manage Pop-up Blocker You can also configure the IE Pop-up Blocker on the Privacy tab. From here, you can enable or disable the Pop-up Blocker and click the Settings button to manage additional settings. On the screen that appears, you can manage the list of sites whose pop-up windows you will always accept, as well as set a filter policy. When IE blocks a pop-up window, a message bar appears at the top of the viewing screen. You can then unblock pop-ups for that site if you wish, or ignore the message if you want the pop-up blocked.
IE Security Settings In addition to the Privacy settings, it’s important for 620 exam takers to examine the many security settings available in IE7. To access these, open the Internet Options dialog box as discussed previously, and then go to the Security tab, as shown here. The principal feature in IE’s Security setting is the management of sites that belong in one of the four available zones:
•
Internet The big zone of all sites on the Internet.
106
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Local Intranet Sites that are inside your organization’s network. This really only applies to computers in organizations with websites that are physically within the premises.
• •
Trusted Sites
Internet sites that you explicitly trust.
Restricted Sites Internet sites that you do not trust. More than that, these are sites that you wish to avoid.
IE lets you change its security behavior for each of these zones in two ways: first, you can use the slider on the window to move your security levels up and down. Text to the right of the slider describes settings for that level.
Travel Advisory Just because a site has been added to the list of Trusted Sites doesn’t mean that the site is security-free. The default level of security for Trusted Sites is Medium, which is higher than the default level for the Local Intranet zone, whose default security level is Medium-Low. When a site is added to the Trusted Sites list, users will still be prompted before downloading potentially unsafe content, and unsigned ActiveX controls will not be downloaded.
The second way to change security settings for each zone is through the Custom settings dialog box. To access this, click the Custom Level button. In the Security Settings dialog, shown next, you’ll be able to change dozens of fine-grained settings. Microsoft recommends use of these advanced settings only for experts who understand the technologies involved.
CHAPTER 3 Configure Windows Security Features
107
There’s a really great feature on this screen: a Reset button that lets you put everything back to default settings. If you start making changes and then decide that you’re in over your head, you can just click the Reset All Zones To Default Level button to easily go back to square one.
Exam Tip If the slider is grayed out for any of the four security zones, it means that custom settings have been set for that zone, in which case you must go back into Custom settings to make more changes.
To manage the list of Intranet, Trusted, and Restricted sites, click one of those zones, then click the Sites button. You’ll get the Restricted Sites window, shown next, where you can see what sites are in the list and add more if you like.
Travel Advisory There are additional settings that IE can use to automatically detect sites in the Intranet zone. You can also edit the sites in the Intranet zone manually, as you can for Trusted and Restricted sites.
Finally, you can turn Protected Mode off and on in the Security tab. Protected Mode is a setting that makes it more difficult for websites to install malicious software onto your computer. The Internet, Local Intranet, and Restricted sites all use Protected Mode by default; only the Trusted Sites zone disables this feature as a standard setting. Microsoft recommends you leave Protected Mode on for the zones for which it is configured.
108
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Phishing Filter New to Internet Explorer 7 is a Phishing filter that will help users detect phishing sites to keep them from sending valuable information (usually usernames, passwords, credit card information, or some combination thereof) to an untrusted entity. A phishing site is a fraudulent website that pretends it’s something else. Usually, phishing sites masquerade as trusted sites, such as a well-known banks and financial service companies. PayPal and eBay are commonly copied by phishing sites to try and gain personal information. Viewers are usually enticed to visit phishing sites via a spam e-mail message that originate from the owner of the fake site. If you’ve ever gotten an e-mail stating that “your PayPal account has been accessed” or something similar, chances are that the e-mail has originated from a phishing site. To view Phishing Filter settings, click Tools | Phishing Filter | Phishing Filter Settings. Doing so will take you to IE7’s Internet Options dialog box with the Advanced tab selected, as shown next.
From here, scroll down to the bottom to find the only phishing setting available. You can use the options here to either disable the Phishing Filter altogether
CHAPTER 3 Configure Windows Security Features
109
or turn automatic website checking off or on. By default, the automatic website checking behavior is turned on.
Check for a Phishing Site Manually If you aren’t sure about the intentions of a particular website, you can ask the Phishing Filter to check it manually by clicking Tools | Phishing Filter | Check This Website. IE will then check with Microsoft’s central phishing site database and tell you whether the site is a reported phishing site or not, as shown here.
If you suspect a site is trying to obtain your personal information for illegitimate reasons, you can report the site to the Microsoft phishing database by clicking Tools | Phishing Filter | Report This Website. If you inadvertently visit a known phishing site, IE will display a message that warns you that the site is suspected to be a fake. This in turn will help other users avoid sending personal information to the site. Don’t be surprised to see a question about this on the exam. So far, we’ve covered User Account Control and IE7, two new technologies built into all editions of Windows Vista. Now let’s look at another technology that has been around for a while yet is still an important part of the overall Vista security picture. The Windows Firewall, just as it has in the past, can examine inbound (and outbound) traffic to your system and make decisions about whether or not to allow the network activity. Of course, there are a few new wrinkles introduced with Vista.
Objective 3.04
W
Configure Security Settings in Windows Firewall
indows Firewall prevents the vast majority of Internet attacks from reaching your computer by closing off points of entry known as ports. And even if you’re not worried about someone hacking into your system—let’s
110
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
say you’re on a corporate network that’s protected by its own firewall on the gateway router, for example—Windows Firewall can still help enhance network security by stopping your computer from sending out malicious software to other systems. Before configuring Windows Firewall, a little history is merited. Windows Firewall is actually nothing new. It’s been around and available for use on Windows 2000 and XP machines for some time now. It just wasn’t enabled by default. That is, until Windows XP’s Service Pack 2.
Local Lingo Port The end-point of a logical connection between two computers, designated by a number. The number helps the computer identify what application/protocol handles the incoming traffic. For example, traffic sent to Transmission Control Protocol (TCP) port 80 is handled, eventually, by a web browser because port 80 is the standard port assignment for HTTP.
Travel Assistance The list of TCP port numbers is maintained by the Internet Assigned Numbers Authority (IANA). A full listing of IANA port numbers can be located at www.iana.org/assignments/port-numbers.
To enable and disable the Windows Firewall, follow these steps: 1. Open the Windows Vista Security Center. There are several ways to do this, including from the Control Panel. Alternatively, you can right-click the System Tray (on the lower right-hand section of the Taskbar) shield icon for the Security Center and choose Open Security Center. 2. On the left side of the Security Center, choose Windows Firewall. 3. On the left side of the Windows Firewall dialog box, follow the Turn Windows Firewall On Or Off link (you can also click the Change Settings button). You may be prompted for an administrator password if User Account Control is on. 4. The Windows Firewall Settings dialog box appears, as shown next. Choose the On (Recommended) radio button and click OK.
CHAPTER 3 Configure Windows Security Features
111
You can then further configure behavior of the firewall with the two other tabs in the Windows Firewall dialog box.
•
Exceptions As the name implies, this tab, shown here, allows you to configure exceptions to blocked traffic. This is important because many applications need network connectivity in order to perform as written. To add an exception, simply click either the Add Program or Add Port button and then complete the appropriate dialog boxes. To add a program, just select it from the list and click OK. For a port, you’ll name the port, select the protocol and specify the port number. Under most circumstances, you’ll only need to specify a program exception.
112
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Advanced This tab isn’t as advanced as the name implies but rather just lets you adjust settings for an individual network adapter. If you’re on a desktop system, you probably only have a single adapter. If using a laptop, however, chances are you have both a wireless and wired adapter. By default, both are selected and Firewall settings apply to both connections.
Exam Tip Firewall settings can also be configured at the domain level by a Group Policy Object (GPO) when the Vista computer is part of a Windows Server domain. If this is the case, you’ll see notification of such when configuring the Windows Firewall. More on Group Policy settings can be found later in this chapter.
Average users don’t normally have to configure Windows Firewall using the method just described. During normal computer use, the firewall asks permission before allowing a program to access the Internet. If permission is granted, Windows Firewall automatically configures the exception. To turn off this behavior, uncheck the Notify Me When Windows Firewall Blocks A New Program on the Exceptions tab in the Windows Firewall Settings dialog box.
An Example of a Firewall Exception at Work So, you want to play Halo against friends online or you want to listen to the radio on iTunes or you want to allow Remote Administration of your computer, or better yet, how about all three? Windows Firewall prevents this activity, however, until you configure otherwise. As mentioned, it shouldn’t be a problem under most circumstances: answer Allow the first time a program tries to access the Internet and you’re on your way. If you’ve answered Block previously, though, you’ll have to follow the steps listed previously to configure an exception. Once you add Halo to the firewall’s list of allowed programs, you’ll be able to frag at will.
Exam Tip Remember that games—as well as any other application, for that matter—can also be restricted through the use of Parental Controls. Using the Vista Parental Controls is covered in Chapter 2.
CHAPTER 3 Configure Windows Security Features
Objective 3.05
113
Understand Windows Group Policy Objects
O
ne of the most powerful tools that a Windows Vista administrator has at their disposal is the Group Policy Object. Group Policies offer what I describe as a technological administrative lever—a lever that will help administrators implement a written administrative policy.
Exam Tip Windows Group Policy Objects can only be deployed with the Business, Enterprise, and Ultimate editions of Windows Vista. They are not available in either Windows Home Basic or Home Premium. This could be a trick question on the exam.
Like many of the topics we’ve touched on throughout this chapter, Group Policies aren’t new to Windows Vista, although many individual settings are. Group Policies remain a way to get an administrative desire out of your head and into the Desktops of your company’s users. For example, let’s say your company doesn’t want ordinary users to access the Control Panel. Fine, you enforce the desire with a Group Policy. Like folders and files, like users and groups, a Group Policy Object (GPO) is just another software object, typically stored in the Windows Server Active Directory database. (I say “typically” because there is one stored in Vista’s local directory database as well, but mostly Group Policies are used to manage Active Directory–based computing environments.) This software object contains a collection of settings that can potentially affect almost any aspect of user and computer configuration. They’re independent pieces of software, stored somewhere on the hard drive, just like everything else. (And, like files and folders, the Group Policies are sometimes stored on network locations.) We’ll start this section with a look at Group Policies in the most general terms, discussing how Group Policies are created, managed, and processed when a user logs on. We’ll then look at some specific implementations later in this objective, focusing most specifically on deployment on a Windows Vista machine. Bear in mind, though, that these are just some examples of how Group Policies can be used. It would be impossible to examine every possible Group
114
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Policy scenario, and such exploration would be a waste of your test preparation time—there are other objectives to cover in these pages. What’s much more important is that you have a clear understanding of what Group Policies can do and where to go to configure the ones that might affect the local Vista machine. To discuss application of Group Policies to Active Directory objects, it helps to have the proper foundation: you need to understand what those objects are. For seasoned Windows network administrators, this should be old hat. But not everyone is a seasoned Windows network administrator. The next section is a necessary, if lengthy, segue to help those who might be new to Windows Server enterprise computing concepts. We continue with the discussion of how to apply Group Policy once this segue is done.
Understanding the Active Directory As we start looking at Group Policy deployment to Active Directory objects, we can’t avoid a particular question: what, exactly, is an Active Directory? An excellent question. In the simplest of terms, Active Directory is just another piece of Microsoft software built upon the networking technologies that preceded it and is certainly nothing unique in that regard. Microsoft, along with software companies everywhere big and small, has taken existing technologies and/or the ideas from existing software and made it theirs by taking what in their view is the next evolutionary step. In the case of Active Directory, Microsoft already had a working (if somewhat grumbled about) domain model built into their Server products. When Microsoft moved to the NT 4 operating system, they added the capability to link domains together with trust relationships. Carefully implemented, the enterprise could still be managed centrally or, conversely, distributed among multiple administrative groups. This linking also provided for easy access to resources, and it accommodated business mergers and subsidies as organizations redefined themselves. The problem with NT 4’s domain model was one of scalability. To wit: NT 4’s domain model was flat, affording no levels of hierarchy. As you started to add multiple domains to the NT mix, several problems occurred, and these problems usually compounded themselves as the organization began to grow. In the next iteration of its Server family, Windows 2000, Microsoft set out to address this scalability problem by seeking an enterprise model that could meet two primary design objectives. The Windows 2000 domain model needed the following:
• •
A global list of each domain’s directory available at every domain A system to automatically manage trust relationships, lessening the administrative overhead when deploying multiple domains
CHAPTER 3 Configure Windows Security Features
115
The result was Active Directory, which made its debut in Windows 2000, and it came with a handy little side benefit. By storing all Windows domain information in a centralized database, users and administrators could then perform queries like, “Which one of the printers on the fourth floor of building 22 prints in color?” or “Is that computer located in the North building or the South building?” The next release of Microsoft’s Server operating system is the current version,Windows Server 2003. (Its successor,Windows Server 2008, is scheduled for release late 2007/early 2008.) Windows Server 2003 includes many improvements to Windows 2000’s version of Active Directory, making it even more versatile, dependable, and economical to use. Windows Server 2003 provides the following benefits:
•
Easier deployment and management Improved migration and management tools. Better tools with drag-and-drop capabilities, multiobject selection, and the ability to save and reuse queries. Improvements in Group Policy that make it easier to manage groups of users and computers in an Active Directory environment.
•
Greater security Cross-forest trusts provided a new type of Windows trust for managing security relationship between two forests. (I’ll define forests in a bit.) Users can securely access resources in other domains without sacrificing the administrative benefits of having only one user ID and password maintained in the user’s home domain.
•
Improved performance and dependability More efficiently managed replication and synchronization of Active Directory information. In addition, Active Directory provides more features that allow you to intelligently select only changed information for replication; it no longer requires updating of entire portions of the directory.
All of these improvements were made in one area: the Windows directory database. And what is stored in an Active Directory database? Group Policy Objects, for one. Others are discussed in the section that follows.
Objects Managed by Active Directory At its core, the Active Directory database is simply a collection of things in a Windows computing enterprise. The list of exactly which things are stored in an Active Directory database is exhaustive, and certainly most of these things are of little to no importance, at least to a human being. Of most concern to the administrator, of course, is a listing of what can be managed: computers, users, groups, printers, and shared folders. Computers A computer object is a software representation of a physical entity, namely, the computer. It represents an important level of participation in
116
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
the Active Directory domain. This level of participation usually has to do with security. You should also understand that only certain operating systems have this ability to create a computer account in the domain:
• • • • •
Windows Vista (Business, Enterprise, and Ultimate editions) Windows XP Professional Windows 2000 Professional Windows Server 2003 Windows 2000 Server
The Vista Home Basic and Home Premium editions cannot participate in a Windows domain. This can be terribly significant, of course, if your aim is to administer security options on the Desktop via a Group Policy Object. Users All computing activities, whether they include access to a resource or backing up a file, occur in the context of a user account. An account is needed to interact with the local computer and the network and is issued an access token at logon time. This access token is presented against a resource’s Access Control List to determine what level of access a user has. Most often associated with domains, user accounts are also essential for standalone Vista computers. Groups A group object is just another type of account, much like a user account. However, this account’s purpose is to contain a list. In this list is an inventory of all the user accounts that belong to the container account (that is, the group). It is also used at logon time, in conjunction with the user account, to help generate an access token. The advantage of a group is straightforward: it simplifies administration of permissions and rights. When you grant a level of access permission to a group, the permission applies to all members of that group. This is especially significant as domain accounts grow into the hundreds and even thousands of accounts, but groups can be deployed locally on a standalone Vista machine as well. Printers In a Windows domain environment, you have the option of creating a software object in Active Directory for each shared printer in your enterprise. The advantage is that it enables users to find an enterprise’s printers more easily by conducting a search through Active Directory. Additionally, printers deployed with Active Directory can be managed with some of the new Group Policy settings released with Windows Vista. Shared Folders Much like printers, shared folders are shared out from file servers in your enterprise. Also like printers, information about the shares can
CHAPTER 3 Configure Windows Security Features
117
be published in Active Directory, facilitating easier searches when users are looking for resources. The computer hosting the share will still be responsible for managing the security permissions on that shared folder when it is accessed from the network. Keep in mind that these are just a few of the more common objects you create in an Active Directory database. You can also create Contact, InetOrgPerson, and MSMQ Queue Alias objects, along with many others, as your needs require. Now that you understand some of the things you can store in an Active Directory database, we turn our attention to some of the containers you can store them in. And what’s the significance of these containers? You can manage the objects in the Active Directory containers with a Group Policy Object.
Logical Active Directory Components When you examine the Active Directory container objects you can place other objects in (such as users, computers, printers, and so on), you’re looking at the logical structure of a Windows Server enterprise environment. Let’s take a look at the components that make up this logical structure. Domains If the logical structure of a Windows Server environment describes container objects, a domain is the main container. Simply defined, a domain is a logical collection of users and computers. This is where all other Active Directory objects, such as user accounts, are stored. In other words, while there may be multiple domains in your enterprise, all objects will be stored in one of these domains. More significantly, a domain represents a unit of administration. The objects in one domain can be administered very differently than the objects in other domains. With Server domains in place, your computing enterprise gains several benefits over Windows Vista workgroups:
•
They enable you to organize objects within a single department or single location. Further, all information about the objects is available throughout the domain.
•
They act as security boundaries. Domain administrators exercise complete control over all domain objects. Additionally, Group Policies, which are just another type of domain object, can be applied to manage domain resources.
• •
Domain objects can be made available to other domains. Domain names follow established DNS naming conventions, permitting the easy creation of child domains to best suit your administrative needs.
118
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Not only does Active Directory store the list of the objects in your domain, but it also provides a set of services that make those objects available and searchable by clients of the domain, including:
• • • • •
User logons Directory replication Domain security Resource publication Application of Group Policies
The Active Directory database is stored on any Windows Server that is designated as a domain controller. The server is designated by running the Active Directory setup application.
Travel Assistance Specific instructions on domain controller setup are beyond the scope of this book, and you most certainly will not see any questions like these crop up on the Vista 620 exam. Any Windows Server 2003 or Server 2008 tome will provide detailed instructions, and you can find them easily enough online at sites like Microsoft’s TechNet.
As mentioned, a domain is created using a single DNS namespace. But isn’t it possible for some enterprises to have more than one namespace? Of course it is; Microsoft is a perfect example. Larger enterprises like this end up needing Active Directory trees. Trees The hallmark of an Active Directory tree is a contiguous linking of one or more Active Directory domains that share a common namespace. In other words, the domains are linked together in parent/child relationships. Think of the multiple Microsoft domains and you have the idea, as shown here.
CHAPTER 3 Configure Windows Security Features
119
Travel Advisory I’m not sure why, but the geometric shape given to a domain in every Windows book you’ll ever see is a triangle.
There are cases, however, where a single tree full of domains will not work for your enterprise. Say, for example, you run a company like Microsoft, and you decide to purchase another company. Let’s pretend that said company is hotmail.com. The computing resources—users, computers, and so on—of one enterprise need to be merged with another so that they can be managed in a single administrative structure. In this case, you’ll create another logical entity, an Active Directory forest. Forests A forest lets administrators link together multiple domain trees in a hierarchical arrangement. The goal is to create an administrative relationship between several Windows Server domains that do not share a common namespace. By creating a forest, administrators have the computing to reflect the real-world business flexibility of acquisitions, mergers, and spin-offs, as represented by the following illustration.
Organizational Units One of the most significant logical components of an Active Directory environment is the Organizational Unit (OU). They are container objects within a domain used to group domain computers, users, and other domain objects into separate logical units. These separate units are also administrative entities. Don’t confuse an OU with a standard group. The only things groups can contain are users or other groups. Organizational Units, on the other hand, can contain computers, shared resources, and printers, as well as groups and users. More significantly, you can manage the objects in an Organizational Unit with a Group Policy Object. Although it looks strange in a sentence, you don’t apply Group Policies to groups. This gives administrators almost unlimited control over how the domain objects are administered. A Group Policy security setting can dictate encrypted network traffic on one OU’s set of computers, in a research department, for example, but not on another.
120
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
It’s entirely possible—likely, in fact—that more than one Group Policy Object will be applied to the computer/user session. For this reason, it’s important that administrators understand how Group Policy Objects are processed (discussed later in this section). Now that you have a better feel for the broad range of Group Policy options and how they can be leveraged in a larger Windows enterprise, let’s turn our attention more specifically to Group Policies on Windows Vista computers.
Group Policy and Vista Administration In very broad terms, an administrator can accomplish the following with Group Policy Objects:
•
Provide a Desktop environment that enables users to accomplish job functions while also ensuring that applications cannot be changed or removed.
• • •
Control the user experience by managing the appearance of the Desktop, including what software is or can be installed. Ensure that company-written policies regarding computer use and security settings have a computing mechanism for application. Enforce centralized control of user and computer settings at the site, domain, or organizational unit level.
As mentioned, this can and usually does apply to Windows Server sites, domains, and organizational units, although they can be deployed on individual Vista computers as well. But let’s focus on what’s new. For now, we’ll concentrate on the one Group Policy Object available on every Vista computer, no matter where that computer is deployed (that is, domain or workgroup): the local Group Policy Object.
The Local Group Policy Object Group Policies were first introduced with the Active Directory domain model with the release of Windows 2000. Since that time, every computer running Windows 2000, XP Professional, Server 2003, and now Vista has a local Group Policy Object (GPO) linked to it. This doesn’t necessarily mean the local GPO has any effect on the user environment, however. By default, none of the GPO settings are configured. For network administrators, the advantage of a local GPO is the ability to configure just a single computer without affecting any others. In an Active Di-
CHAPTER 3 Configure Windows Security Features
121
rectory environment, these local settings are overwritten by settings configured at the site, domain, and OU level, respectively. When Vista is operating in a workgroup, the local GPO is the only way to apply a Group Policy setting.
Open the Group Policy Object Editor A good way to get a feel for all the Group Policy capabilities is to configure one. To do this, start with an unconfigured GPO. To open the Group Policy Object Editor and get started with a Local Policy, follow these steps: 1. From the Start Menu, open an empty MMC console by typing mmc. It should appear at the top of the program list. You’ll be asked for administrative confirmation if User Account Control is turned on. 2. An empty MMC opens. From the File menu, choose Add/Remove Snap-in. 3. In the Add/Remove Snap-ins dialog box, shown next, choose the Group Policy Object Editor and then click Add.
4. You’ll see the Select Group Policy Object dialog box, shown next. The default object is the Local Computer object, which is what you want.
122
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
If you’re in an Active Directory environment, you can browse to edit Group Policies that apply to other domain objects.
5. After you click Finish, you’re taken back to the Add/Remove Snap-ins dialog box. You can continue to add more management snap-ins to create an MMC console that best suits your needs. Click OK to finish. Now that you have a point of reference, I’ll take some time to explain what you’re looking at.
Group Policy Components You will have the Group Policy Object Editor loaded into your custom MMC console, as shown next. Now you can edit your computer’s local policy.
CHAPTER 3 Configure Windows Security Features
123
There are two main categories of Group Policy settings:
•
Computer Configuration settings Set policies that affect the computers regardless of who logs on. They are applied as the operating system initializes, before the user is presented with the logon screen.
•
User Configuration settings Set policies that apply to users regardless of the computer they are using. User settings are applied after a user is authenticated, usually through a username and password, and before the Desktop is presented.
If you expand each of these main groupings, you will see several subheadings of policy settings. Each grouping includes a collection of software settings, windows settings, and administrative templates. This does not mean that individual settings for users and computers are the same. Generally speaking, there are three types of settings you can expect in each category heading.
Software Settings Found in both user and computer configurations, the software settings specify software installation options. These settings help you deploy and maintain installed software for the computers and/or users in your organization. For example, you can use the software settings to ensure that all computers in a site get a service pack update to an application or ensure that a particular user has an accounting program available to them no matter what computer they are logging in to.
Windows Settings Found in both user and computer configurations, the Windows settings contain subgroups of scripts and security settings. The scripts node is where you can most clearly see the difference between which settings affect the user and which affect the computer. Notice that the scripts assigned to computers are startup/shutdown scripts, as computers engage in starting up and shutting down. Users, though, are assigned logon and logoff scripts, because that’s what they do—they log on and log off. Here’s what else to look for under the Windows Settings node:
•
Scripts node Administrators can attach a script to a group using Group Policy. There aren’t any limitations on the scripting languages used—ActiveX, VBScript, JScript, Perl, and DOS-based scripts such as BAT and CMD are all acceptable.
•
Deployed Printers node Allows for management of printers deployed through Active Directory policy.
124
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Security settings Allow for manual security configuration. These settings include Audit Policies, Password Polices, and User Rights Assignments, to name but a few. There are hundreds of Security settings available.
•
Policy-based QoS settings Allow administrators to configure policies that will affect application traffic depending on network performance and availability. Quality of Service describes an industry-wide set of mechanisms for ensuring that applications receive the required amount of network performance to endure high quality.
•
User Configuration group Includes policies used for Internet Explorer Maintenance and Remote Installation Services. If you’re creating a Group Policy Object that will apply to an Active Directory container, you’ll see a Folder Redirection node. You won’t see one when working with a Vista local Group Policy Object.
Administrative Templates The Policy settings configurable in the Administrative Templates section are many and will have the most visible impact on the end user environment. Further, these settings are all Registry-based, meaning that they all write changes to the Registry when they are processed. For computer settings, these settings are processed at startup time. For users, they are processed at login time. Administrative Templates includes settings for Windows Components, System, Desktop, Control Panel, and Network. Configuring the System node controls Group Policy itself and will be examined later when we discuss processing exceptions. To make changes to the status of an Administrative Template setting, simply double-click the setting (or right-click and choose Properties) to open the dialog box, as shown next. In it, you will notice three options regarding configuration:
•
Enabled Enforces the selected GPO setting. A setting that’s enabled will edit the Registry of the computer where the GPO is applied. These settings are usually the equivalent of editing a Registry setting with a value of true (1).
CHAPTER 3 Configure Windows Security Features
•
Disabled Doesn’t enforce the GPO setting. Administrators use the Disabled setting to specifically configure something they don’t want to happen. These settings are usually the equivalent of editing a Registry setting with a value of false (0).
•
Not Configured The default for all local policy settings. It simply means the setting will not be configured one way or another and that the setting (display of the Control Panel, for example) will be controlled somewhere else.
125
When you configure an Administrative Template setting, the change will be written to the Registry, thus increasing processing time for the Group Policy Object. This includes configuring the policy setting in the negative. Therefore, you want to configure as few of these settings as possible while still meeting your administrative objectives. If you don’t want to scroll through the many hundreds of Administrative Template settings, you can display only those settings that have been configured. To do so, choose the Administrative Templates node, and from the View menu, choose Filtering. You’ll see the Filter dialog box shown next, in which you can check the option to Only Show Configured Policy Settings. Of course, this won’t be effective when you are configuring the settings in the first place.
What Can Be Managed with a Group Policy Almost anything you can think of can be managed with a Group Policy. If it relates to Vista, it can be managed with a Group Policy. If you need to impress friends and coworkers, tell them that with Windows Vista you can now manage 2400 settings. Give or take a few. You read that right: 2400 settings.
126
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
But don’t worry—you won’t be asked how many possible Group Policy settings are available. Instead, all you need to concentrate on are the new settings that have been added to Vista. That’ll narrow our discussion down to a scant 800 or so. Better settle in with a glass of scotch or something, we’re going to be here a while. Okay, not really. There won’t be a question that relies on rote memorization of all 800 new settings. Your focus should be on a general understanding of what’s changed from Windows XP to Windows Vista and then on a general knowledge of how to deploy these changes. Fortunately, the procedure doesn’t substantially change no matter what setting you’re trying to configure. Half the battle is just finding the setting in the first place. What follows is a summary of the changed categories in the next few subsections. Then I’ll show you a table highlighting some of the most significant changes to help you get your bearings. Painting with the broadest brush to start with, the following are Group Policy categories where settings have been enhanced:
• • • • • •
Wired and wireless networking policy Windows Firewall and IPSec Print management Desktop shell Remote Assistance Tablet PC
Travel Advisory The new wired and wireless networking policies may require a forest-wide schema update, a discussion of which is beyond the scope of this book. For more information, go to microsoft.com/technet and search on “Vista Active Directory extensions.”
Not only have there been enhancements to what was already there, but also some new grouping have been added. Here are the brand-new GPO groupings in Windows Vista:
• • • •
Removable Storage Device Management Power management User Account Control Windows Error Reporting
CHAPTER 3 Configure Windows Security Features
• •
127
Network Access Protection Windows Defender
Exam Tip The eyes can skim over it pretty fast, but savvy exam takers should make sure they are very familiar with the list of Group Policy categories where settings have been enhanced and the new GPO groupings in Windows Vista. My suggestion: open the Group Policy Object Editor using the steps described previously and start clicking around with these GPO groupings.
Bear in mind that in order to edit a GPO setting that will specifically affect Vista machines, you must launch the GPO Editor from either a Vista or Windows Server Longhorn system. These new settings won’t appear when using previous versions of Windows.
Changes to Group Policy Settings A few of these new changes require more explanation. The next subsections provide that explanation. You did read my last Exam Tip, didn’t you? The biggest part of this section on Group Policy is so that you better understand the concept of Group Policy administration in a Windows Vista\Windows Server environment. However, what follows in the next sections are the concrete items you need to know in order to call yourself well-prepared for the 620 exam. It’s $125 to take the darn thing, after all, so I don’t want to see you throwing that investment away with just a vague grasp of a GPO. (I’m not sure what Microsoft is charging in Europe for this test, but with the conversion rates I believe the price of the 620 exam works out to be about $12,000/test. My math may be a little off, but I bet not by much.) If you’re using a Windows Home Premium computer as you prepare, you’re at a decided disadvantage on the subject, which is all the more reason to carefully comb through what follows.
Removable Storage Device Management Device installation presents a considerable challenge to network administrators. Your network firewall can be a paragon of secure computing, for example, but do nothing to combat the user with a USB drive on their keychain. The new Vista GPO settings offer control over the installation and use of these devices so that there is a reduced threat of viruses, worms, and other malicious applica-
128
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
tions using removable media as conduit. You can disable removable device installation altogether, as shown next.
You can even configure removable storage installation policies so that only approved devices can be attached.
Power Management As will be discussed in more detail in Chapter 7, the new Vista power options, such as sleep, can save a considerable chunk of money per year on a single machine. Implemented across an enterprise, this can have a substantial impact on the bottom line. Prior to Windows Vista companies had to enforce hibernate and other power management edits with third-party tools such as Desktop Standard and Full Armor. Now these can be controlled with the Power Management options, as shown here.
Security Settings With Vista, Firewall and IPSec have been combined, allowing network administrators greater control over client-to-server and server-to-server communications, both inside and outside the firewall. These are crucial security settings; GPOs enable them to be better managed centrally.
CHAPTER 3 Configure Windows Security Features
129
Printer Assignment Employees are on the move more than ever. They want to be able to boot up their computer and print from anywhere. Vista addresses this by allowing printers to be configured based on Active Directory membership, letting computers move from site to site and automatically install the right printer for the site.
User Account Control The first section of this very chapter dissected User Account Control, a new security feature that’s built into Windows Vista. It can be disabled using a wide variety of methods to be sure, but you need to be especially aware of how UAC can be manipulated using the new Group Policy Object settings. To access these settings, open the Group Policy Object Editor and expand the node Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options. There are a host of security settings that can be applied, but of note are the nine at the bottom of the list that control User Account Control behavior. Especially significant are the two that govern the default level of interruption of the UAC elevation prompt:
• •
User Account Control standard users
Behavior of the elevation prompt for
User Account Control Behavior of the elevation prompt for administrators in Admin Approval mode
To configure the settings of each—and thus the behavior of the UAC elevation prompt—just give either of the settings a double-click. You will see a dialog box similar to what is shown here.
130
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
You will be able to configure the elevation prompt so that administrators are not asked for consent or credentials, for example. Additionally, you can change the standard user elevation prompt behavior so that attempts to perform administrative tasks (even those permitted by UAC) are always denied.
Exam Tip With the Group Policy Objects that govern the default level of interruption of the UAC elevation prompt, you’ve got a convergence of two items: new features and some new administrative settings that control those new features. I recommend spending a few moments opening each of the new UAC Group Policy settings and clicking the Explain tab to get a sense of what each of these settings do.
Group Policy Processing Many Group Policies can play a hand in determining the end user environment. It is therefore important for administrators to understand the default Group Policy processing order. The Computer configuration and User configuration settings are applied at (computer) startup and (user) logon time as follows: 1. At computer startup time, a computer obtains a list of GPOs that will be applied to the computer. This list depends on the following: Whether or not the computer is a member of a Windows Active Directory domain
• • •
In what site the computer resides in Active Directory Whether or not the list of GPOs has changed
2. After the list has been obtained, the computer configuration settings are processed synchronously in the order dictated by the processing hierarchy, which is discussed later in this objective. 3. Any startup scripts assigned to the computer are run synchronously: each script must complete before the next one is run. All this occurs before the user gets any user interface, including the Windows logon dialog box. 4. The user presses CTRL-ALT-DELETE and submits user credentials. 5. After the user is authenticated, a list of GPOs for the user is obtained. This list is also dependent on several factors, including: Whether loopback is enabled, as discussed later
•
CHAPTER 3 Configure Windows Security Features
•
Where the user account resides in the Active Directory tree structure (assuming a domain account is used; a logon using a local account to a local machine does not have any domain-based policies take effect)
•
Whether or not the list of GPOs has changed
131
6. The User settings are then processed using the processing hierarchy. 7. Any logon scripts assigned run asynchronously—all scripts are run at the same time by default. Even though we’re dealing with just the local computer Group Policy Object in a book such as this, there are several Group Policies that might ultimately affect the user experience. As mentioned, GPOs can be linked to domains, sites, and Organizational Units, and your user or computer may exist in one or more of these logical containers. It’s important, then, to understand GPO processing order so that administrators know where the local GPO fits into the picture. Here’s the order in which GPOs are processed by default:
• • • •
Local Each Windows Vista computer will have at least a single local GPO which will get processed first. Site Any GPOs associated with a site the computer belongs to, or a user is logging in from, will be processed next. Domain GPOs linked to the domain container are processed next according to the order listed in the Group Policy tab. Organizational Unit (OU) GPOs linked to parent OUs are processed next, followed by GPOs linked to child OUs if applicable. In this way, the immediate parent object of the user or computer account will be processed last, which has a significant impact on effective settings.
So, the local GPO is processed first. What you should be aware of during your exam preparations, however, is that this actually makes local settings lowest in the GPO “pecking order” (for lack of a better term). This means that a setting applied by a local GPO can be overwritten by any setting applied at the site, domain, or OU level. This doesn’t mean the setting will be overwritten, just that it can be if there’s a setting conflict. For example, if you’ve configured a local GPO so that the Control Panel is not available to the computer, but there’s a domain setting specifying that the Control Panel is available, the Control Panel will be available at logon time. Why? Because the domain setting is processed after the local setting and will therefore override the local one.
132
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
However, if no Control Panel settings are configured for any other GPO that applies to the session, the Control Panel will be disabled as dictated by the local Group Policy Object. In other words, the last setting processed becomes the effective setting, but only when there is a conflict between settings. See? It’s simple.
Group Policy Processing Considerations Okay, it’s not really that simple, especially when you throw in a few of the many Group Policy exceptions to default GPO processing order. Keep in mind, however, that all of these characteristics are meant to provide an administrator with more flexible control over their Desktops. Some of the exceptions are as follows:
•
Workgroup computers process only the local GPO Because all of the other containers you can link a GPO to—sites, domain, and OUs—reside in Active Directory, workgroup computers can process only the local GPO. This is especially significant in our discussion of Vista.
•
Administrators can block Policy inheritance Inheritance behavior of some GPOs can be blocked. This applies only to GPOs that are linked to domains and OUs, however. It will not affect Vista machines in a workgroup.
•
There is a No Override feature This is the antidote for the Block Policy Inheritance option, but once again does not affect the local GPO. Any GPO linked to the site, domain, or OU can be configured so that its settings cannot be overridden by other GPOs lower in the processing chain.
•
You can set a loopback setting This is probably the most confusing and definitely the least often used method for configuring an exception. A much better way to set a loopback is with the Multiple Local Group Policy Object, as discussed later on. The loopback setting is designed for computers that are part of a closely controlled environment such as laboratories or kiosks. In essence, this setting makes the Computer Configuration settings the effective settings, no matter what other GPOs might apply to the user account at logon time. It’s actually a setting of the Group Policy itself.
Configure GPO Loopback To configure the loopback setting, you must edit the local GPO and then edit one of the Computer Configuration settings. The full path to the loopback setting is Computer Configuration | Administrative Templates | System | Group Policy | User Group Policy loopback processing mode, as shown next.
CHAPTER 3 Configure Windows Security Features
133
Double-click this setting to enable loopback. Once in the Enabled state, the loopback behavior will operate in one of two modes:
•
Replace Replaces the GPO list obtained for the user with the GPO list obtained for the computer at startup time. This mode effectively overrides any user-specific settings the user might have.
•
Merge Appends the computer GPO list with the user GPO list. Because the GPO list for the computer is applied after the user’s normal GPO list is received from Active Directory, any settings configured with the local GPO settings override the user’s normal settings where there are conflicts.
An example will help make better sense of all of this. Let’s say a user who is a part of the Marketing OU logs on to the computer in the office reception area to check her e-mail before lunch rather than walking back to her desk. Here’s the complication: you’ve set a GPO on the Marketing OU such that a large software package is distributed to all users of that OU. Without loopback, the user would have to wait until the software package deploys, and the target computer in the reception area would have an unnecessary application loaded. With the loopback setting, however, the user does not have the application sent and installed on the reception computer. For more info on the loopback setting, choose either the Explain function or the Extended View in the Details pane of the Group Policy Object Editor. Having explained the loopback setting, I will add that it’s doubtful that you’ll actually ever configure a GPO to use it. There’s now a much better option, one that’s much more likely to make an appearance on the 620 exam. This new feature is called Multiple Local Group Policy Objects and is discussed in the next section.
134
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Multiple Local Group Policy Objects Vista adds a new wrinkle to the local computer Group Policy mix with the ability to apply Multiple Local Group Policy Objects, or as some describe them, MLGPOs (pronounced “milg-pos”). Come to think of it, I may be the only one who describes them like this. At any rate, they work very much like filtering the scope of a GPO with the Access Control List but generally with much less confusion and configuration headache than before. Here’s why: prior to Windows Vista, administrators working with a computer that wasn’t joined to a domain had but one local Group Policy Object they could apply—by default, settings applied to administrators and everyday users alike. This could present quite a challenge to administrators who wanted to change a setting or two—a Local Policy not really meant for an administrator locked the computer from changes, and working around this could be a lot of effort. But with a MLGPO, administrators can apply two different local Group Policy Objects to the local machine—one for administrators, for example, and one for users. In fact, they can configure one for a particular user, as you’ll see. This might come in especially handy where you’re deploying a standalone Vista computer in a kiosk setting or other public locale. Here’s how it all breaks down: 1. When a user logs on to a local machine, Vista checks to see if that user is a member of the local Administrators group. If so, a special Administrator LGPO is processed for the session. 2. If the user is not an administrator, the Non-Administrators LGPO is processed instead.
Exam Tip When applying one of the two local Group Policy Objects (either for administrators or users), it’s an “either/or” proposition, not an “and”. The effects are not cumulative.
Now that you have a concept of how this new Vista feature works, let’s set up a MLGPO and configure a machine.
Create a Multiple Local Group Policy Object To create and apply a Multiple Local Group Policy, follow these steps: 1. Open the Microsoft Management Console and add the Group Policy Object Editor snap-in.
CHAPTER 3 Configure Windows Security Features
135
2. From the Select Group Policy Object dialog box, click Browse, as shown next.
3. Select the Users tab and click the user or group for which you want to create or edit local Group Policy, as shown next.
4. Click OK, click Finish, and then click OK. You’ll see an item in the MMC console that allows editing of policy settings that will apply only to the selected users.
Exam Tip Note the absence of Computer Configuration settings as you edit the Group Policy Object. Only the User settings are present.
136
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Once you’ve set up a MLGPO, it’s important to understand the order of processing for Multiple Local Group Policy Objects: 1. Local Group Policy 2. Administrators or nonadministrators Local Policy 3. User-specific local Group Policy As discussed previously in the chapter, the last setting processed is the effective setting. For instance, any local GPOs that would lock down the computer can be overridden by more relaxed settings in an Administrators Local Policy. This lets administrators log on to a kiosk-type of Vista computer and make quick changes without facing a lot of Group Policy obstacles. Further, there’s even a new computer configuration setting released with Vista called Turn off Local Group Policy Objects Processing, shown in Figure 3.1. If you enable this setting, the system will not process any local GPOs. It is meant for use in domain environments to ensure that no other policies are applied at startup/logon time. This setting will be ignored on a machine that is part of a workgroup environment. Practical Use for an MLGPO You can use a combination of several local GPOs to tailor the user environment in almost any conceivable way. Let’s say you have a child user on your home network. You can configure a rather lax set of Group Policy settings for all except the child’s account. To lock down the Desktop, create a MLGPO for just the child user and then configure setting restrictions as you please. If you want to take the Internet Explorer off the Desktop completely, for example, navigate to User Configuration |
FIGURE 3.1
A Local Policy setting that disables Local Policy settings
CHAPTER 3 Configure Windows Security Features
137
Administrative Templates | Desktop and then configure the Hide Internet Explorer Icon On The Desktop setting, as shown next.
Remember to save it as a custom MMC console on exiting—it can save a lot of clicking around when you need to edit these settings later on. This is just the kind of real-world usage scenario that Microsoft loves to incorporate into the Vista exam. But what happens when you are done with the Multiple Local Group Policy Object and want to delete it? That’s covered next.
Delete a Multiple Local Group Policy Object Removing a MLGPO is a breeze. You don’t have to fish around to undo all the setting changes; just delete the particular MLGPO instead: 1. Open a Microsoft Management Console instance and add the Group Policy Object Editor snap-in. 2. Choose Browse and select the Users tab. 3. Right-click the Administrators, Non-Administrators, or User-Specific Local Group Policy Object. Choose Remove Group Policy Object from the context menu. 4. Click Yes to confirm and close Microsoft Management Console.
138
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
If you’ve saved a previous custom MMC console, you can open that as well. Then click File | Add/Remove Snap-in and follow the procedure just described.
Exam Tip You can delete a user-defined GPO or the administrative/nonadministrative one. You cannot delete the built-in local GPO, however. To disable the configured settings of a local GPO, the suggestion is to reset all settings to the default of Not Configured.
Disable User and Computer Configuration Settings As you have already seen, not all of your settings in a particular GPO need be configured. In fact, it’s a safe bet to say that the vast majority of settings won’t be configured. For example, if you configure a GPO whose only function is to configure a sleep timeout, then the User Configuration settings will remain untouched. However, these unconfigured settings still have to be processed at logon time. You can boost performance just a bit by disabling one of the two settings headings (User or Computer) if the only configured settings are in the other heading. In fact, this is recommended practice from Microsoft—disabling of a part of a GPO can speed up its processing. Generally speaking, however, you’ll notice the biggest performance increase when several GPOs apply to a user logon, not just the single local GPO. Disabling the User or Computer settings won’t have much of an impact if you’re applying just the local Group Policy Object. Nonetheless, it’s a tweak that all administrators should carry around in their back pocket, just in case. To disable the User or Computer settings for a given GPO, follow these steps: 1. Open the Group Policy Object that you want to edit. On a Vista workgroup system, this means opening the custom MMC where you built the GPO or adding the Group Policy Object Editor. 2. Right-click the policy name and choose Properties. In the case of a standalone Vista deployment, right-click the Local Computer Policy item. 3. From the GPO’s General tab, select either the Disable User Configuration Settings or Computer Configuration Settings check box. You’ll see a warning, as shown next. 4. Click OK to accept the changes and then OK again.
CHAPTER 3 Configure Windows Security Features
139
Configure the User Environment with Administrative Templates Now that you’ve learned the fundamentals of Group Policy Objects, the rest of our discussion will be about specific examples of what GPOs can manage. As you’ve already seen, they can manage quite a bit. What follows is an examination of just a couple of ways to effectively manage this Vista environment. To briefly review, there are generally two ways to manipulate the Vista Desktop environment for your users:
• •
Changing settings with the various applets in the Control Panel, as discussed numerous times throughout the book Using the administrative templates in the Group Policy Object Editor
This section focuses on the latter option. When you edit the Control Panel, essentially you edit Registry setting for a single system. Depending on what changes are made, they will apply either to all users of the machine or just a single user. However, the changes made with the Control Panel can be overwritten by a user with sufficient privileges, and there are multiple pathways to access the Control Panel. Just because you remove the Start Menu option doesn’t prevent a curious user from discovering another way. The advantage of a Group Policy Object, on the other hand, is that the changes become a permanent part of the user Desktop, and these changes can then be easily ported to multiple computers. If you take away access to the Control Panel with a GPO, it’s gone; there is no pathway to open it. Keeping this in mind, let’s say you want to make sure that users—all users—have to enter a password when the computer resumes from either hi bernate or sleep. You have two options: one is to open the Power Management Control Panel application. The other longer-term solution is to follow these steps: 1. Open a Microsoft Management Console instance and add the Group Policy Object Editor for the Local Computer Policy. 2. Navigate to User Configuration | Administrative Templates | System | Power Management.
140
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
3. In the User settings, there is but one power management option: the requirement of a password on resume. Double-click the setting, and then choose Enabled, as shown next.
Of course, as an administrator you’re worried about security settings that will have a much more substantial impact. You can also configure a host of security settings with a local GPO, as discussed next.
Configure Security Settings with Group Policy Another major subheading of Group Policies settings includes security settings. As with the end user environment, administrators can exert control over wide swaths of computer security with GPOs. The challenge is to understand how each setting meets a particular challenge. All security areas can be accessed from under Windows Settings in each of the User and Computer Configuration nodes, as shown next.
CHAPTER 3 Configure Windows Security Features
141
The security area settings include the following:
• •
Account Policies Apply to user accounts, including password and account lockout policies.
•
Windows Firewall with Advanced Security Lets you specify rules for Windows Firewall behavior. You can configure sets of rules to specify how the firewall responds to incoming and outgoing traffic.
• •
Public Key Policies Allows administrators to enforce data encryption on NTFS volumes and to define encrypted data recovery agents.
•
IP Security Policies on Local Computer Configures secure IP traffic. You can use this area to set encryption rules for inbound and outbound traffic and specify particular networks or individual computers your system can communicate with. Much like the software restriction policies, IP Security policies are exception-based, configured by either accepting or rejecting traffic based on a set of conditions. The different permutations of IP Security polices are virtually infinite.
Local Policies Based on the computer you are logged on to; these settings affect the abilities a user has over that system. The local policies settings include audit policies, user rights assignments, and security options.
Software Restriction Policies Lets you manage what software can run on a particular machine. This can be an important security level if you are worried about users downloading and running untrusted software in your network. For example, you can use these policies to block certain file type attachments from running in your e-mail program. Other rules include path rules, which have the potential to restrict users from running software unless it resides in a specific directory or Registry path.
Configure a Firewall Setting Here’s just one other security configuration example. Because we’ve discussed Windows Firewall configuration earlier in this chapter, I’m including an example of another way to configure Windows Firewall. For added Internet security, an administrator can set up the Windows Firewall for all users and disable further changes. Mind you, we could look at almost any of the security settings in more detail to give you a better feel for the configuration steps and possibilities. I lean toward the firewall settings because it’s a new option in Vista. With a Windows Firewall GPO setting in place, administrators can dictate several aspects of firewall behavior. For example, incoming packets can be inspected by Windows Firewall to determine whether it meets specific criteria in a firewall rule. If there’s a match, Windows Firewall security carries out the speci-
142
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
fied action. If Windows Firewall cannot find a match, it discards the packet and writes an entry in the firewall log if logging is enabled. To get started with creating a Windows Firewall with Advanced Security rule: 1. Open a Microsoft Management Console instance and add the Group Policy Object Editor for the Local Computer Policy. 2. Navigate to Computer Configuration | Security Settings | Windows Firewall with Advanced Security. 3. Right-click the Windows Firewall with Advanced Security item and choose Properties. You’ll see a dialog box with four tabs: Domain Profile, Private Profile, Public Profile, and IPSec Settings, as shown next. In this example, you’ll configure a setting that ensures the Windows Firewall is on.
Additionally, you’ll configure a rule so that the Windows Firewall blocks all inbound connections and allows all outbound connections (the firewall will still allow responses initiated from the local system, such as routine web surfing).
Other New Group Policy Settings Bear in mind that the preceding discussion is just a brief overview. Table 3.2, provided by Microsoft, summarizes several of the new or expanded Group Policy settings. I include it here not because I expect anyone to actually read the whole thing, but to provide a quick point of reference in case you’re wondering whether or not there’s a Group Policy setting that will address a particular challenge.
CHAPTER 3 Configure Windows Security Features
TABLE 3.2
The New Vista Group Policy Settings
Setting Category
Description
Location
Antivirus
Manages behavior for evaluating high-risk attachments.
Background Intelligent Transfer Service (BITS)
Configures the new BITS Neighbor Casting feature to facilitate peer-to-peer file transfer within a domain. This feature is supported in Windows Vista and Windows Server Longhorn. Determines where your users access Help systems that may include untrusted content. You can direct your users to Help or to local offline Help. Deploys a printer connection to a computer. This is useful when the computer is shared in a locked-down environment, such as a school or when a user roams to a different location and needs to have a printer connected automatically. Allows or denies a device installation, based upon the device class or ID. Controls the level of information displayed by the disk failure diagnostics.
UC\Administrative Templates\Windows Components\Attachment Manager CC\Administrative Templates
Client Help
Deployed Printer Connections
Device Installation
Disk Failure Diagnostic
DVD Video Burning
Enterprise Quality of Service (QoS)
Hybrid Hard Disk
Customizes DVD disc authoring settings.
Alleviates network congestion issues by enabling central management of Windows Vista network traffic. Without requiring changes to applications, you can define flexible policies to prioritize the Differentiated Services Code Point (DSCP) marking and throttle rate. Configures the hybrid hard disk to allow management of nonvolatile cache, startup and resume options, solid state mode, and power savings mode.
\Network\Background Intelligent Transfer Service
CC\Administrative Templates\Online Assistance UC\Administrative Templates\Online Assistance CC\Windows Settings\Deployed Printers UC\Windows Settings\Deployed Printers
CC\Administrative Templates\System\Device Installation CC\Administrative Templates\System\Troubleshoot ing and Diagnostics\Disk Diagnostic CC\Administrative Templates\Windows Components\Import Video UC\Administrative Templates\Windows Components\Import Video CC\Windows Settings\Policy-based QoS
CC\Administrative Templates\System\Disk NV Cache
143
144
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
TABLE 3.2
The New Vista Group Policy Settings (continued)
Setting Category
Description
Location
Internet Explorer 7
Replaces and expands the current settings in the Internet Explorer Maintenance extension to allow administrators the ability to read the current settings without affecting values.
CC\Administrative Templates\Windows Components\Internet Explorer
Networking: Quarantine
Networking: Wired Wireless
Power Management
Removable Storage
Security Protection
Shell Application Management Shell First Experience, Logon, and Privileges
Manages three components: the Health Registration Authority, Internet Authentication Service, and the Network Access Protection protocol. Applies a generic architecture for centrally managing existing and future media types.
Configures any current power management options in the Control Panel. Allows administrators to protect corporate data by limiting the data that can be read from and written to removable storage devices. Administrators can enforce restrictions on specific computers or users without relying on third-party products or disabling the buses. Combines the management of both the Windows Firewall and IPSec technologies to reduce the possibility of creating conflicting rules. Administrators can specify which applications or ports to open and whether or not connections to those resources must be secure. Manages access to the toolbar, taskbar, Start Menu, and icon displays. Configures the logon experience to include expanded Group Policy settings in roaming profiles, redirected folders, and logon screens.
UC\Administrative Templates\Windows Components\Internet Explorer CC\Windows Settings\Security Settings\Network Access Protection
CC\Windows Settings\Security Settings\Wired Network (IEEE 802.11) Policies CC\Windows Settings\Security Settings\Wireless Network (IEEE 802.11) Policies CC\Administrative Templates\System\Power Management CC\Administrative Templates\System\Removable Storage Access UC\Administrative Templates\System\Removable Storage Access
CC\Windows Settings\Security Settings\Windows Firewall with Advanced Security
UC\Administrative Templates\Start Menu and Taskbar UC\Administrative Templates\Windows Components\
CHAPTER 3 Configure Windows Security Features
TABLE 3.2
The New Vista Group Policy Settings (continued)
Setting Category
Description
Location
Shell Sharing, Sync, and Roaming
Customizes autorun behavior, creation and removal of sync partnerships, sync schedule, creation and access to workspaces. Configures the Desktop display to include the Aero glass display, new screen saver behavior, and new search and views. Configures Tablet PC to include tablet Ink Watson and personalization features, Tablet PC touch input, input personalization, and pen training.
UC\Administrative Templates\Windows Components
Shell Visuals
Tablet PC
Terminal Services
Troubleshooting and Diagnostics
User Account Protection
Windows Error Reporting
Configures Terminal Services remote connection properties to enhance the security, ease-of-use, and manageability. You can prevent redirection of devices, require use of the TLS or RDP encryption, and require additional encryption settings. Controls the diagnostic level from automatically detecting and fixing problems to indicating to the user that assisted resolution is available for application issues, leak detection, and resource allocation. Configures the properties of user accounts to determine behavior of elevated command prompt and elevate the user account during application installs. Disables Windows Feedback only for Windows or for all components. By default, Windows Feedback is turned on for all Windows components.
UC\Administrative Templates\Windows Components\ CC\Administrative Templates\Windows Components\ UC\Administrative Templates\Windows Components\ CC\Administrative Templates\Windows Components\Terminal Services UC\Administrative Templates\Windows Components\Terminal Services CC\Administrative Templates\System\Troubleshoot ing and Diagnostics
CC\Windows Settings\Security Settings\Local Policies\Security Options
CC\Administrative Templates\Windows Components\Windows Error Reporting UC\Windows Components\Administrative Templates\Windows Error Reporting
145
146
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
For example, if you’re wondering whether or not you can manage DVD burning on a Vista machine with a Group Policy setting, this table might be a good place to look. If you’d like to know if there’s a way to have applications install with an elevated account automatically so that you don’t have to disable User Account Control completely, you can find out here. I generally hate printed tables, but this one can save you a lot of fishing around with the GPO Editor. In the table is the setting title followed by a brief description of what it does and the location. To save space, I used the UC abbreviation to denote User Configuration and CC for the Computer Configuration tree. Have a quick look now, or just skip ahead and use as needed. You shouldn’t have to memorize everything in the table, but it certainly won’t hurt to open up the Group Policy Object Editor and explore each of these settings just to help with the cognitive connection. Which of these new settings you might need to configure for your environment will be a matter of exploration, trial, and error.
Exam Tip This might be the subject of a “trick” question: the new Group Policy Settings can be configured in a mixed Windows Vista and Windows XP environment, but they can only be effective on Vista machines. A Hybrid Hard Disk setting, for example, won’t have any influence on a Windows XP system even if the computer happens to be using a hybrid disk.
Background Information: ADM and ADMX Files Under previous versions of Windows, Administrative Templates were stored using a file with an ADM extension. These files were the central nervous systems of the Administrative Templates and provided the underlying definition of what was possible with Group Policy. They defined everything that was stored in the following locations:
• •
User Configuration | Administrative Templates Computer Configuration | Administrative Templates
When an Administrative Template was changed or created, a Registry.pol file was created. The POL file simply pointed to the corresponding ADM or ADMX files where the actual settings were defined in the templates. The machine or user receiving the policy didn’t need the ADM files at all, just awareness of a POL file at logon time. In Windows domain environments, these files were stored in the SYSVOL folders on domain controllers.
CHAPTER 3 Configure Windows Security Features
147
But two of the big problems with ADM files in Windows domain environments were the ADM file size and replication. In previous Windows versions, several ADM files were copied to the SYSVOL folder every time an administrator created a new GPO. With several of these ADM files being placed the domain controller’s SYSVOL folder and each file running about 5MB—well, you see the problem. Now, Vista and Windows Server Longhorn utilize the XML file format and store settings using the new ADMX file extension. The ADMX format supports a central store that eliminates replication of duplicate information and makes it easier to update the file. If a future service pack updates one of the ADMX files, for example, all the Windows administrator needs to do is drop the updated file in the central store and you’re done. (This central store needs to be created manually on a domain controller, however.) Vista comes with roughly 130 ADMX files preinstalled, with the exception of Home Premium (which comes with four ADMX files). They can be found in the Windows\PolicyDefinitions directory, as shown next.
But again, this is largely background information, and it is a very unlikely subject for a test question. As you’ve already seen, the tools used to edit these files—namely the Group Policy Object Editor and Group Policy Management Console—are what’s important, and these have not significantly changed from previous iterations. You can edit the ADMX files directly if you’re so inclined, but it is not recommended.
Travel Advisory There is no ADM-to-ADMX conversion tool to convert custom ADM files your network may already be using.
148
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
CHECKPOINT ✔Objective 3.01: Configure and Troubleshoot User Account Control
In this objective, we looked at what might be the most talked-about new security feature in Windows Vista: User Account Control (UAC). We examined why the new feature was developed and how it behaves and altered default configuration by turning it off.
✔Objective 3.02: Configure Windows Defender
This objective looked at the antispyware tool known as Windows Defender. Although not new to Windows Vista, this is the first time Microsoft has included such a tool in the operating system, and it should therefore be considered an important utility to deploy and configure in your exam preparation process.
✔Objective 3.03: Configure Dynamic Security for Internet Explorer 7
Vista has brought with it a significant overhaul of its Internet browser software, and with the new browser come some significant security enhancements. Although IE 7 is discussed at other times in the book, this objective focuses solely on the security features available. We examined the Privacy and Security tools and how to use the new built-in Phishing filter.
✔Objective 3.04: Configure Security Settings in Windows Firewall
As discussed in the objective, Windows Firewall is not new to Windows Vista but is still an important tool for protecting the Vista system from outside attack. For test preparation purposes, it is vital to know how to configure exceptions to default Windows Firewall behavior by opening ports and allowing certain programs to access the network.
✔Objective 3.05: Understand Windows Group Policy Objects
An important part of any Windows Vista administrator’s life will be configuring and deploying Group Policy Objects, and this objective provided a detailed overview of what these Group Policy Objects are, how they can be used, and most importantly, what changes have been made to Group Policies with the release of Windows Vista. Exam candidates should make sure they are comfortable with use of the Group Policy Object Editor and be able to identify scenarios in which the use of one of the new Vista settings would perfectly address a particular administrative challenge.
CHAPTER 3 Configure Windows Security Features
REVIEW QUESTIONS 1. Vista’s new User Account Control feature is designed to secure the Windows environment from which of the following threats to stability and security? (Choose all that apply.) A. Installation of an ActiveX control from any website B. Placing ordinary users in the Power Users or Administrators group in order to run a particular application C. Changing the Power Management settings D. Updating a device driver E. All of the above 2. The User Account Control feature will still allow standard users to perform most everyday computing activities but will prevent activities that may affect security or settings that will affect all users. Which of the following activities will UAC prevent the standard user from performing? A. B. C. D. E.
Connecting to a wireless network Installing an ActiveX Control from an administrator-approved website Creating a Virtual Private Network connection Installing critical Windows Vista updates None of the above
3. You have recently purchased a laptop running Windows Vista Ultimate from a major computer manufacturer that installs third-party software as part of their disk imaging setup. You configure this machine to use Windows Firewall. The laptop has two network connections: a built-in wireless connection and a built-in wired Ethernet connection. You are now accessing a file server on the network, but you notice that the Vista Security Center is notifying you of an unsecure condition. What is the most likely source of this message? A. Windows Firewall is not enabled for all connections. B. Windows Firewall has been disabled by a third-party firewall product. C. The Security Center itself has a corrupted Registry entry; a reinstall of Windows Vista would fix the problem. D. You have configured a program exception for file and printer sharing, and the Vista Security Center is just working as it should by notifying you of a potentially unsafe condition. E. None of the above.
149
150
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
4. You share a Vista computer with multiple users and want to ensure that administrators are always prompted for user credentials when performing an administrative action. Which action should you perform to ensure this behavior is always followed? A. Enable the Group Policy security setting User Account Control: Behavior of the elevation prompt for administrators in Admin Approval mode to Always Prompt For Credentials. B. Enable the Group Policy security setting User Account Control: Behavior of the elevation prompt for administrators in Admin Approval mode to Prompt For Consent. C. Enable the Group Policy administrative template User Account Control Behavior and specify a username and password under the Always Use These Administrative Credentials setting. D. Enable the Group Policy security setting User Account Control: Behavior of the elevation prompt for standard users to Automatically Deny Elevation Requests. E. This can’t be done. User Account Control can only be enabled or disabled. 5. You are the administrator for a small network that has just upgraded its computers to Windows Vista, and you are aware that Vista comes with a bundled antispyware utility called Windows Defender. You are trying to configure the Windows Defender settings to provide the highest level of security from spyware. What action should you take? A. Configure Defender to automatically scan the computer for spyware every day. B. Configure Defender to automatically quarantine all software that is detected as malicious by Defender’s spyware definitions. C. Join the Microsoft SpyNet community so that you can get help responding to potential malware threats. D. Configure Defender to monitor all startup programs on your computer. E. None of the above. 6. Vista’s User Account Control allows the Standard User account to perform which of the following actions?
CHAPTER 3 Configure Windows Security Features
A. Change the time zone of the computer. B. Change the brightness of the screen when the computer is running on battery power. C. Create a Virtual Private Network Connection to the company’s Remote Access Server. D. Use Windows Update to install critical operating system updates. E. All of the above. 7. You are configuring Vista’s Internet Explorer 7 for an employee in your small company where Internet security is a big concern. You have the following goals in mind for this user’s IE7 browser: to prevent a third party from intercepting personal information entered into forms, delete any and all stored passwords so that the user cannot automatically log onto websites, and keep the Desktop free of pop-ups. Which of the following steps should you take to meet your objectives? (Choose all that apply.) A. Use the Internet Explorer Delete Browsing History dialog box to get rid of any existing passwords. B. Use Vista’s Parental Controls to prevent the display of entry forms or chat sessions launched from Internet sites. C. Ensure the Phishing filter is enabled. D. Enable IE7’s built-in Pop-up Blocker. E. These three behaviors are only configurable at the same time using a third-party Internet security suite like Symantec’s Internet Security. 8. Windows Vista includes several new Group Policy settings, some of which can be used to manage behavior of Windows Defender. Which of the following are valid settings for Windows Defender? A. B. C. D.
Turning off Windows Defender Enabling Logging Known Good Detection Checking for New Signatures Before Scheduling Scans Turning on definition updates through both WSUS and Windows Update E. All of the above
151
152
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
9. You are the administrator of a Windows Vista machine that is not part of a domain and have configured a Group Policy Object that restricts the use of removable storage. You want to reserve the right to install software from an external USB drive, however. How can you best accomplish this goal? A. Do nothing. Vista’s User Account Control allows users with administrative credentials to install software and prevents Standard User accounts from doing the same. B. Leverage multiple local Group Policy Objects and configure a removable storage policy that applies to nonadministrators only. C. Configure a Windows Server 2003 domain and deploy multiple Group Policy Objects that apply to the computer in question. You could place your Administrator account in an Organizational Unit, for example, and then configure settings that would allow the use of removable storage. D. Hold down the SHIFT key while logging on. Administrators can bypass any local Group Policy settings when logging in by holding down the SHIFT key while submitting account credentials. E. None of the above. 10. A user in your company reports that they are experiencing problems with the performance of Internet Explorer 7 on their Vista Ultimate computer. Upon a desk-side visit, however, the user confesses that he has been “experimenting” with several IE7 settings and just wants things back they way they were when he was first issued the system to restore basic functionality. What’s the quickest solution to your problem? A. Open the System Restore utility and roll back the computer to a point in time the user recalls good performance of IE7. B. Use the new IE7 Performance Diagnostics tool to run a scan of browser settings. You will be able to identify exactly which ones have changed and when. C. Use Vista’s built-in Volume Shadow Copy feature to select from previous versions of Internet Explorer, access the Properties dialog box for Explorer.exe, and choose the Previous Versions tab. D. Use the Reset Internet Explorer Settings feature to reset all Internet Explorer settings and then restart the browser. E. All of the above are equally effective.
CHAPTER 3 Configure Windows Security Features
REVIEW ANSWERS 1.
Generally speaking, the User Account Control feature prompts for either elevated privileges or administrative credentials whenever making a system-wide change. Standard User accounts are able to make changes to the Power Options, however, without being prompted by UAC.
2.
UAC won’t prevent standard users from performing any of the mentioned tasks. These privileges have been determined to have minimal system impact and potential for risk, though administrators also have the ability to restrict these permissions if they prefer.
3.
By default, Windows Firewall is enabled for all network connections on the system. This can be changed, however, on the Advanced tab of the Firewall Settings dialog box. If you disable for one or more of the connections, the Vista Security Center will notify you.
4.
To ensure that administrators are prompted for user credentials rather than just simply for consent, you should configure the Group Policy security setting called User Account Control: Behavior of the elevation prompt for administrators in Admin Approval mode. From the drop-down menu, change the setting to Always Prompt For Credentials. The default behavior is to prompt for consent.
5.
Kind of a trick question, as all of these steps will help Windows Defender provide a computing environment that’s free from spyware; however, these are Defender’s default settings, so there’s nothing an administrator has to do to change settings.
6.
Even when Vista’s UAC is enabled, standard users still can perform some tasks on the computer that can potentially affect multiple users and that do not require administrative credentials. The tasks such as the ones identified here—changing the time zone, changing power management settings, and installing critical Windows updates—have been determined to have minimal system impact and potential for risk. Administrators can still restrict these permissions if they prefer with the use of a Group Policy Object.
7.
IE7 includes several built-in tools to help secure Internet browsing. Among them is the ability to delete password history using the Delete Browsing History options and to enable both Pop-up Blocker and Phishing filter. Pop-up Blocker and Phishing filter are both enabled by default.
153
154
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
8.
All of the settings mentioned in this question are configurable by Vista’s new Group Policy Windows Defender settings. You can locate these settings by using the Group Policy Object Editor and looking under the following node: Computer Configuration\Administrative Templates\Windows Components\Windows Defender.
9.
You can use Vista’s new Multiple Local Group Policy Objects ability to apply one policy setting for one user or group and another policy setting to another account or group. This is a great way to lock down the computer while still giving administrators the ability to carry out administrative tasks such as installing software from a USB drive.
10.
Internet Explorer 7 includes a new feature called Reset Internet Explorer Settings that lets users easily revert to a browser environment prior to the installation of toolbars and other add-ons. You can access this Reset button from the Internet Options | Advanced tab.
Configure Network Connectivity
4
ITINERARY
•
Objective 4.01
• •
Objective 4.02 Objective 4.03
Configure Networking Using the Network and Sharing Center Troubleshoot Connectivity Issues Configure Remote Access
NEWBIE
SOME EXPERIENCE
EXPERT
5 hours
3 hours
2 hours
155
156
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
You don’t need me to tell you how important networking is to the Vista environment. As much as security threats enter your computer (potentially) from the outside world, one way that these threats are combated, somewhat ironically, is to establish a connection to the Internet so that software updates such as Windows Vista hotfixes and antivirus program definitions can always be brought up to date. This chapter is all about networking. When discussing the chapter’s opening objective, we’ll look at how to establish a network connection using the new Vista utility, the Network and Sharing Center. We’ll look at the new simplified interface this utility provides and see how it can be used to help secure a system. We’ll then examine how to troubleshoot the network connection. Here we will have the option of using the new tools provided by Windows Vista or using some other utilities that have been around for a while. Just because they’re not making their debut with Windows Vista doesn’t make them any less important. This is one of the few objectives where you should focus as much on the old as the new. The chapter will close with a look at two ways Vista users can leverage the network connection—more specifically, connectivity to the Internet—to offer help to friends, family, or even coworkers (many taking this test will be network administrators themselves, naturally) with a built-in tool called Remote Assistance. This same tool can also be used to initiate help requests. Also, we’ll look at how to access our Vista Desktop from the road with Remote Desktop. This tool can be a real life saver when you’re traveling and realize you’ve left an important PowerPoint presentation back on the office computer. We’ll look at how to set it up and at the requirements for use.
Objective 4.01
F
Configure Networking Using the Network and Sharing Center
irst things first. Before you can use the network with utilities such as Remote Desktop and Remote Assistance, you must first establish a network connection. You most certainly won’t get a whole lot of use out of your Vista machine without a network connection, and you almost certainly won’t be able to pass the 620 exam without a complete understanding of the Network and Sharing Center. The Network and Sharing Center is new to Windows Vista and is the hub for configuring all network connectivity behavior. If you have a Windows Vista computer nearby, it would be a good idea right now to stop reading and open this utility before proceeding so that you’re better able to follow along—it’s that vital to the exam. Right away, it’s important to take note of a networking protocol called IP version 6. It isn’t a brand-new protocol—it’s been around for about 10 years—but
CHAPTER 4 Configure Network Connectivity
157
you should probably be aware that Vista now includes native support for this latest version of an Internet Protocol numbering scheme. IP version 6 assigns 128-bit addressees in much the same way that network cards have 128-bit Media Access Control (MAC) addresses. If your computer has an IPv6 address assigned, it might look like this: fe80::5efe:192.168.2.4%19 You won’t need to know anything about configuring IPv6 on the exam other than possibly knowing about autoconfiguration (that’s the thing, by the way—you don’t configure IPv6), but it certainly won’t hurt to recognize an IPv6 address when you see one. MAC addresses, by the way, look like this: 00:11:50:31:db:36 See the difference? One easy giveaway is that a MAC address starts with two hexadecimal values and then includes the colon (:). The IPv6 address begins with a group of four hexadecimal values before the first colon. But even though Vista includes support for this relatively new networking protocol, you’ll probably still end up using the older, 32-bit protocol—version 4—to establish the vast majority of your network connections.
Local Lingo 32-bit There are 32 1s and 0s that comprise an IP version 4 address. (A 128-bit address consists of, yes, 128 1s and 0s.)
While the IP version 4 protocol might be familiar (though if this is your first crack at certification, it may not), you will definitely be using some new bells and whistles when establishing an IP version 4 connection. If that has you rolling your eyes, saying, “But I just got a good feel for the XP networking tools,” I can empathize. But I also think you’ll agree that the new Vista Network and Sharing Center represents a more intuitive way of both setting up and managing network connections. It’s not just the Network and Sharing Center that helps you manage the network. Here are some of the other new Vista networking tools and technologies:
• • • •
The network map Network Discovery Wireless Network Connection Network locations
158
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Many of these tools and technologies are accessed through the Networking and Sharing Center. Let’s start examining each of these, beginning with the main focus of this test objective: the new Network and Sharing Center.
The Network and Sharing Center The new Network and Sharing Center is designed to assist the home user in setting up and sharing their documents and printers securely from one easy location. It’s available on all Vista versions. There are at least three ways to quickly open the Network and Sharing Center, including the following:
• • • •
Choose Network in the Start Menu, and then click the Network and Sharing Center button located in Windows Explorer toolbar. Double-click the Network and Sharing Center icon in the Control Panel. Right-click the Network item on either the Start Menu or the Desktop (if applicable) and choose Properties. Click the little network icon in the System Tray and then choose Network and Sharing Center from the context menu. (A right-click will work as well.)
No matter how you open it, you’ll end up seeing the following dialog box:
CHAPTER 4 Configure Network Connectivity
159
What’s here? As with many Control Panel windows, you’ll immediately notice an extensive Tasks list on the left-hand side. Naturally, the ones in the Network and Sharing Center have to do with connecting to resources and sharing ones on the local machine. Using these links in the Network and Sharing Center, tasks, users or administrators will be able to perform the following actions:
• • • • • • • •
View Computers and Devices Connect to a network Set up a connection or network Get a visual representation of the network with a network map Change the Network Discovery options Change the network name, type, and even icon Manage network connections Diagnose and repair network connectivity issues
Choose the View Computers and Devices link, for example, and you will be taken back to a Vista Explorer view where you’ll see a list of devices found by the Network Discovery mechanism. As will be discussed in further detail in just a bit, this is a Link-Layer Topology Discovery (LLTD) that runs natively within Vista.
From this Vista Explorer page, you can then access other computers and resources the same way you access resources on your own system—by clicking and double-clicking a graphical, hierarchical object and folder list.
160
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory You do need the appropriate user permissions to access resources on these other computers. However, in many cases, you’ll be prompted for user credentials when double-clicking a network resource. These user credentials must define a user who exists on the machine hosting the incoming connection, not the one making it.
There’s a name for this list of network resources: the Network window.
The Network Window This same Explorer screen also shows you devices that are within your network if they have new enough firmware to support Universal Plug and Play (UPnP), including any routers that support UPnP. You can easily access and configure router properties using the Vista Explorer view. All you have to do is right-click and choose Properties from the context menu.
This can really be a time saver when it comes to troubleshooting. By viewing a device’s properties, you will have access to a lot of vital configuration information about the device, often including a link to the device’s configuration web page.
CHAPTER 4 Configure Network Connectivity
161
This is often a starting point for troubleshooting efforts with Internet Service Providers (ISPs), for example, and can save you from either a trip under the desk or rifling through the company’s wiring cabinet. But there’s a reason you can see those other computers in the Network window, and it’s one that you can control through the management of something called network discovery.
Manage Network Discovery This ability to see other computers—and to have those other computers see you—is a function of a new networking feature called Network Discovery. Whether or not Network Discovery is on or off by default depends on which type of network you’re connected to. The first time that you connect to a network, Vista asks you to choose a network location, or type. This selection will cause Vista to then automatically set the appropriate firewall settings based on the network type you just selected. This is a new feature in Windows Vista, and is therefore important test stuff, so pay close attention here. As you can see in the Network and Sharing Center, Vista lets you know what type of network you’re connected to. It will be one of three types:
• • •
Home (Private) Work (also Private) Public Location
If you select either Home or Work, Network Discovery is turned on, and other computers will be able to see your system in the Network window. Further, Microsoft recommends that you choose either of these private network types when you know and trust the people and devices on the network. These network types, and the subsequent discovery that is enabled, are meant for home office or small business networks. If you’re connecting in a coffee shop, on the other hand, you almost always want to use the public network type, as this disables the Network Discovery by default. The public network type is designed to keep your computer from being visible to other computers around you. For example, you generally don’t want a curious individual on a coffee shop wireless network to be able to pull up an Explorer window, see your computer, and then access its shared folders and files with a double-click. Turning off Network Discovery can also help protect your computer from any malicious software looking for a port on which to land. But just because these are the defaults doesn’t mean they are set in stone. You can always turn Network Discovery on or off for a given network type as you please: 1. Open the Network and Sharing Center and look in the Sharing and Discovery section.
162
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Expand the Network Discovery item and use the radio buttons to toggle the feature on or off, as shown next.
Exam Tip If the Network Discovery options are grayed out, the network you’re connected to is set to Public. You must change the network type before making changes to the Network Discovery setting.
Click the Apply button. The Security icon there signals what comes next: you’re prompted for administrative confirmation if User Account Control is turned on. You can easily change the network type from the Network and Sharing Center if you change your mind.
Customize the Network In the Network and Sharing Center, you’ll notice that Vista has automated several network parameters without your intervention. Under the mini network map, you should see the following:
• • •
A name of the network, which is the domain name of the network on a wired LAN or the SSID of whatever wireless network you’re connected to The network type, which usually depends on the type chosen when establishing the connection A network icon, also a function of the network type chosen
Naturally, all of these are configurable options under the network profile. To change any of these settings, click the Customize link to the right of the network
CHAPTER 4 Configure Network Connectivity
163
name. You’ll then see another of Vista’s new networking utilities, the Customize Network Settings dialog box, shown next.
From here, you can set the network type to either Public or Private and even change the Network icon if it helps you differentiate between networks. Vista does a pretty good job of letting you know the significance of the Public versus Private selection. A private network allows you to see computers and devices while at the same time making your computer discoverable to others. A public network is pretty much just the opposite. It will help you immensely in your study efforts if you ensure you have this concept straight in your head. Click Next and then Close to commit the network changes.
Exam Tip In a domain setting, you cannot change these network settings. The domain administrator sets these options.
Finally, don’t confuse the network name with the workgroup name. The workgroup name describes a logical collection and is used to define a security and sharing entity. The network name describes the connection topology. It is possible to have two (or more) workgroups that exist in the same network, and it is also possible to have a single workgroup span multiple networks.
Network Map The Network and Sharing Center provides a link that allows administrators to view a full map of the network. If you click this link, you’ll see other computers
164
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
and devices that have the Link-Layer Topology Discovery (LLTD) responder installed on them. Windows Vista machines have this responder installed by default. In most cases, you can connect to and then perform administrative tasks on these devices. If you’re using a mixed Windows Vista and Windows XP environment, you need to download the LLTD Responder for Windows XP at the TechNet website: http://technet2.microsoft.com/
Local Lingo Link Layer Topology Discovery (LLTD) This specification describes how the LLTD protocol operates over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables device discovery via the data-link layer to help determine the physical makeup of a network.
As shown in Figure 4.1, the network map gives Vista administrators a powerful troubleshooting tool that allows them to see what devices are connected to what other devices—often, this information alone can help pinpoint the source of trouble. Especially because it’s new, you can expect something on the test that will require you to understand how the network map can quickly help isolate a topology problem on the network.
FIGURE 4.1
A sample network map
CHAPTER 4 Configure Network Connectivity
165
Travel Advisory Be aware that LLDP is not a routable protocol. It was designed to assist with home and small business networks. It will only be able to discover devices on the same subnet.
Create a Network Connection The Network and Sharing Center makes it easy to access and manage your computer’s network connections, including any virtual private network (VPN) and personal area connections through Bluetooth. Most Vista-capable laptops today have at least two integrated network interfaces. To get started, click the Manage Network Connections link from the Network and Sharing Center. You will then see the Network Connections dialog box, which is really just another Explorer window. This dialog box displays a list of all of your network cards, VPN connections, and dial-up connections, as shown next.
Notice that all wired Ethernet connections are called Local Area Connections. If your system has more than one wired controller, I recommend renaming these to something a little more user-friendly. To rename a connection, simply right-click its icon and choose Rename from the context menu.
Setting Network Card Options Although Vista does a pretty good job of configuring network connections automatically, administrators—especially in corporate settings—occasionally
166
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
have to adjust settings manually. To do this, open the Properties dialog box for the selected network adapter in one of the following ways:
• •
Double-click the connection, bringing up the status of that network card. From the lower left corner, select Properties. Right-click the connection icon and select Properties.
Either way, you’ll see the properties dialog box shown here. To configure the settings of the network connection, click the Configure button. This opens the same dialog box you’d see if you were using the Device Manager to investigate the card’s configuration. This dialog box will differ slightly depending on the card your system uses, but all should have some or all of the following configuration tabs:
• • • • •
General Advanced Driver Details Power Management (some older cards will not include the Power Management options)
We’ll discuss each of the configuration tabs in the following subsections. General and Advanced Tabs The General tab provides information about the device type, manufacturer, and location, as well as a notification of the status of the device. If you’ve lost product documentation or are dealing with a device you’ve never seen (an integrated wireless adapter, for example), this can provide helpful in troubleshooting information. The Advanced tab provides additional manufacturer-specific information. The properties you see here will vary from device to device. Driver Tab During device troubleshooting, the Driver tab, shown next, is probably the most frequently visited tab. It contains options for viewing, updating, uninstalling, and rolling back the device drivers. For additional information about updating device drivers, please refer to Chapter 1. Driver tab use doesn’t vary much from device to device.
CHAPTER 4 Configure Network Connectivity
167
Travel Advisory To save you a little flipping around (I’m good like that), know that Windows Update will also perform a regular check for the latest drivers by default. Type update from the Start Menu to begin to examine and configure Windows Update.
Remember when using the Driver tab that you can only perform a rollback if the device has not been uninstalled and there has been a previous driver. Details Tab Vista stores lots of information about the network card; the Details tab is where you can retrieve that information. The Details tab provides a drop-down menu of many device properties, such as Manufacturer. The property value will then display in the Value portion of this tab. Power Management Tab The Power Management tab, shown next, provides a few selections that will help the network card save battery life on laptop computers. This is usually most significant for wireless network cards and may configure behavior such as allowing Vista to turn off the card to save power.
168
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Wireless Networking As you’ve seen already, Windows Vista includes a number of specific improvements geared to the mobile user, and few things are more convenient and beneficial to the mobile user than the ability to connect to a wireless network. Vista has introduced several changes to the process of connecting to a wireless network, all geared toward making the experience easier without sacrificing security. After all, just because you connect to a WiFi hotspot while swilling a latte doesn’t mean you want all those other bohemians hacking your personal information (or maybe everyone else is the bohemian; you’re just the person trying to get a little work done). What’s more, many home users don’t realize that when they set up a wireless network, they are also providing free Internet access for neighboring houses. Beware: an open wireless network can provide a means to access personal information. At the very least, folks preparing for the 70-620 exam should be aware of the risks involved when setting up wireless networks and should be able to take a few countermeasures against hackers when necessary. 1. Making a connection to a wireless network is easier than ever with Windows Vista. The connection process begins the same way as in Windows XP: In the System Tray, right-click the Network icon and choose Connect To A Network from the context menu (if you’re not already connected, the System Tray notifies you when Vista detects that a wireless network is available). Alternatively, you can use the Start Menu and click the Connect To item. Either way, you’ll see the dialog shown next.
2. As you can see, the connection process from here is straightforward. All you have to do is select the desired network and click Connect.
CHAPTER 4 Configure Network Connectivity
169
3. If the network is unsecured, you’ll see the yellow shield icon beside it. If the connection is security-enabled, you’ll be prompted for the preshared key, as shown next. This preshared key is like a password for the network.
4. After successful connection, the next dialog box lets you save the network for future automatic connection. If this is a wireless network you frequently use, such as a home or office wireless access point or a favorite coffee shop, leaving this checked will allow Vista to connect without your intervention in the future. 5. Click Close. The first time you establish communication with this network, you should see one last dialog box: the selection of whether the location is Home, Work, or Public. We’ve discussed the significance of these options previously in the section. You will be prompted for administrative confirmation if User Account Control is turned on. One last thing: you will be able to connect to a wireless access point using the just-described method only if the wireless access point is broadcasting its SSID. How do you know whether or not an access point is broadcasting? If you see it listed in the Connect to dialog box, it is. However, some Administrators disable this behavior as a security measure, or you might configure the same on your home wireless access point as an added security measure. In these cases, there are a few other selections that are necessary to connect to a wireless access point whose SSID is hidden: 1. Open the Connect To dialog box using any of the procedures previously introduced.
170
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Choose the Set Up A Connection link at the bottom, then choose Manually Connect To A Wireless Network from the ensuing dialog box, shown next.
3. Provide the following connection information:
• • • •
Network Name
The SSID of the network
Security Type
The security protocol used
Encryption Type
How data is encrypted while in transmission
Security Key/Passphrase
The password needed for a connection
Just as when connecting to a broadcasting network, you can start the connection automatically the next time the Vista computer is in range. A word of caution, however, about the Connect Even If The Network Is Not Broadcasting check box, as its implications can be confusing. A network can broadcast its availability even if it is not broadcasting its SSID. When you enable the Connect Even If The Network Is Not Broadcasting check box, you’re telling Vista to send requests for the network to see if it’s in range. This request is not encrypted, though, and can be read in all its plain text glory by anyone capturing packets sent over the air. For most wireless networks, I’d say that isn’t a terribly big deal, but on networks where the administrator has gone to the trouble of hiding the SSID, this can significantly circumvent this security measure. Best practice says leave this unchecked when connecting to a network where the SSID is not broadcast. When following the steps to connect to a hidden wireless network, you might also have noticed some other connection options. We’ll discuss these next.
CHAPTER 4 Configure Network Connectivity
171
Other Network Connections You have the option of setting up several types of network connections for the first time. Following the Setup A Connection Or Network link generates a list of several network connection choices, including the following:
• • • • • • •
Connect To The Internet Set Up A Wireless Router Or Access Point Manually Connect To A Wireless Network Set Up A Wireless Ad Hoc (Computer- to-computer) Network Set Up A Dial-up Connection Connect To A Workplace Connect To A Bluetooth Personal Area Network (PAN)
The options from here will depend on the selection made, and it’s not necessary to memorize any of the click steps for any particular network connection as you prepare for the test. Just make sure you know the general procedure as outlined in this section. If you select Set Up A Wireless Router Or Access Point, for example, you’ll be taken through a wizard that will try to configure settings for a wireless access point. This wizard will try its level best to do all the heavy lifting on your behalf. It will attempt to detect the wireless access point and automate its configuration for such tasks as sharing files and printers. If the wireless router that supports a technology called Connect Now, the Vista wizard will detect the wireless router and help you set up both it and the wireless network card on the client machine. The wizard will also ask if you want to connect other computers and offer you the ability to save the configuration to a USB key. The advantage to this is that once the configuration is saved on the USB key, you can take it to additional computers that will use the same network configuration and automate network setup.
Travel Advisory You can also take this same USB drive to a Windows XP SP2 machine to set up its wireless connection.
If Vista is unable to detect the wireless router automatically, you will likely have to configure it manually. Refer to manufacturer instructions about how to connect. Once the access point and the wireless connection are configured successfully, they should automatically connect when in range.
172
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
When configuring Wired Equivalent Privacy (WEP) or any of the WiFi Protected Access (WPA) personal settings, Vista can create the passphrase for you automatically. The passphrase is a randomly generated string of 20 characters that can be copied to the wireless access point’s security configuration.
Travel Advisory WEP was meant as a way to secure wireless networks with a security level equal (read: equivalent) to that of traditional wired Ethernet networks. WEP is not considered very secure, however. A WEP connection can be cracked with readily available software in one minute or less. It will prevent casual snooping for an open connection, but for a higher level of security, most network admins turn to WPA.
WPA encompasses several means for securing wireless networks, and implements many of the IEEE 802.11i standards for securing wireless connections (IEEE 802.11 being the set of specifications that define wireless Ethernet networking). WPA was designed to take the place of WEP and is most-often implemented through the use of preshared keys, or passwords, that are needed to establish the wireless connection.
Once all configuration parameters are in place, Vista stores these settings in an executable file, which is in turn saved to a USB flash drive. Administrators can then easily reuse this USB drive on another machine for quick wireless configuration. This is but one example of the kinds of networks that can be quickly configured using Vista’s new Connect To options. Another worth mentioning is an ad
CHAPTER 4 Configure Network Connectivity
173
hoc network, which can be used to allow a few Vista computers (usually wireless-enabled) to quickly form a network for the purposes of conducting a meeting or exchanging files.
Set Up a Virtual Private Network Connection Virtual private networks (VPNs) are a convenient way to connect to a private company network over a public network like the Internet. Once connected, the end user accesses all network resources using the exact same methods they do when physically in the office. What’s more, the data sent over these connections is private even though the network used to transmit that data is public. This is because information sent over a VPN is encrypted, so that only source and destination computers (the end points of the VPN tunnel) are able to decipher what’s being sent. In practice, VPNs are deployed mostly to facilitate telecommuting. Although VPNs have fallen out of vogue over the past few years as alternative technologies with lower administrative overhead have stepped in, this doesn’t necessarily exclude it as the possible subject of a test question. For example, many VPNs were deployed simply to allow e-mail access. Now that same functionality can be deployed natively with a Microsoft Exchange server. Exchange has two built-in features:
• •
Outlook Web Access (OWA) Allows users to use a Web browser like IE7 to view much of what they would normally in Outlook RPC over HTTPS (Remote Procedure Calls over Secure HTTP) Lets the full-featured Outlook client securely connect to the Exchange Server over the Internet. It’s a really nice feature; there’s no difference between using Outlook on the corporate network than when using over an Internet connection.
Microsoft technologies like SharePoint Server and Remote Desktop and third-party utilities like GoToMyPC also provide much of what VPN’s were originally intended for. You can easily grab a file from a SharePoint site, for example, or perform Desktop administration remotely through a Remote Desktop session. In fact, Remote Desktop is the subject of a separate 620 exam objective that will be covered later in this chapter. All that notwithstanding, there are still administrators and companies that opt for a full-fledged VPN, which allows much more comprehensive corporate network access. Let’s say, for example, that you need access to application installation files that are posted to your company’s file server. In that case, a VPN is still probably the best way to go.
174
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Configuring a VPN is very similar to setting up a wireless connection. The Connect To Wizard prompts for all the information needed to establish the connection: 1. From the Start Menu, click the Connect To option and then the Set Up A Connection Or Network link. 2. From the next dialog box in the wizard, choose Connect To A Workplace and then click Next. 3. You’ll have two options. For a virtual private network connection, choose Use My Internet Connection (VPN).
4. Provide the appropriate credentials. You will then be prompted to ask for a username and password and domain if necessary. Note that you can have Vista remember your password. This is not the most secure option, however. Flipping the connection topology around, you can also set up Vista to host an incoming VPN connection: 1. Open the Network Connections Control Panel window. 2. Hold down the ALT key, then choose File | New Incoming Connection. You’ll be prompted for administrative confirmation if User Account Control is enabled. 3. Select who can connect and how they can connect. The wizard will guide you through the process, enabling the appropriate protocols and opening the appropriate ports on the router.
CHAPTER 4 Configure Network Connectivity
175
Other users will now be able to establish a VPN connection to your machine following the steps mentioned in the previous section.
Set Up an Ad Hoc Network A new kind of network that can be easily configured with Vista’s Network and Sharing Center, the ad hoc network lets you set up a roomful of otherwise unrelated computers with a minimum of hassle. Let’s say, for example, that you are conducting a meeting where you want to have a client approve some website artwork or a commercial you’ve been creating or. What are your options? One is to burn the media on CD or DVD and hand the client a copy. Another is to build an FTP site and have them connect and download the artwork or commercial. But neither of these options is terribly personal, and both can involve a lot of background administration. What if your system doesn’t have a DVD burner? What if the file is too large for convenient FTP posting? Another option is to meet the client at just about any convenient location and bring laptops in tow. Once connected to the same network (this can include APIPA), you can use the Connection Option Wizard to quickly set up an ad hoc network: 1. After clicking the Set Up A Connection link, choose the Set Up A Wireless Ad hoc (Computer-to-computer) Network option and click Next. 2. After the informational dialog box, you’ll see another dialog box, shown next. Fill in a temporary network name, security type, and password if desired.
176
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory It can help to understand the difference between a network and a workgroup. To set up an ad hoc network, both machines must be on the same network subnet. They don’t necessarily have to be in the same workgroup or logical collection of computers.
For the least amount of hassle, and consequently the least amount of security, choose the No Authentication option. Any other computer on the network will then be able to join. What’s more, your system will then be connected to that network as well. This may mean that you are part of a network that doesn’t have Internet access.
Exam Tip Ad hoc networks can only be wireless, so you must have a wireless network adapter installed in your computer to set up or join an ad hoc network.
Disconnect from a Network To disconnect from the ad hoc network, or any other network for that matter, open the Connect To A Network dialog box once again, select the network you’re connected to, and choose Disconnect, as shown next. Alternatively, you can use the right-click method on the System Tray Network icon and choose the Disconnect From context menu selection.
CHAPTER 4 Configure Network Connectivity
177
The key to all these Connect To A Network options is to understand which kind of network you want to set up and then simply follow the instructions in the wizard. You should also know that ad hoc networks are automatically deleted under either of the following two circumstances:
• •
After all users disconnect from the network When the person who set up the network disconnects and goes out of range of other users of the administrator hoc network
The only exception to these two rules is if the person who set up the administrator hoc network has selected the option to make it a permanent network. In that case other users can still connect to and use the ad hoc network.
Manage Wireless Networks With all these network connections, keeping track of them can pose a challenge. Because of my travel schedule, in fact, I currently manage over 20 wireless connections. Or at least Vista does. Truth be told, I don’t really have to manage any of them. It’s all pretty much automated for me with the Manage Wireless Networks console. To access the Manage Wireless Networks console, open the Network and Sharing Center, then choose the Manage Wireless Networks link. You’ll see the Manage Wireless Networks console, shown next.
178
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
There are really only two occasions where you might need to access this dialog box and change settings. One is when your system is routinely in range of more than one wireless access point. If, for example, you prefer to connect to network A over network B but don’t want to delete network B altogether, it helps to know that Vista will connect to wireless networks in the order they appear in the list. To always connect to network A first, make sure it appears above network B. To do so, just highlight network A and use the Move Up arrow in the toolbar. The other occasion you might need to change settings in this dialog box is when security settings have changed for one of the wireless access points. If the network’s preshared key has changed, for example, you can update settings by right-clicking the network and choosing Properties from the context menu. In the network’s Properties dialog box, there are two tabs, Connection and Security. Choose the Security tab, select the network authentication type, and then enter the new passphrase (if necessary), as shown next.
Security with the Network and Sharing Center One big change in Vista in the way users connect to networks is the selection of the network type at connection time. As discussed previously and as shown next, when connecting to a network for the first time, you’re asked if you’re connecting to one of three types of networks:
CHAPTER 4 Configure Network Connectivity
• • •
179
Home Work Public Location
The Windows firewall blocks all incoming traffic until you specify a setting. The most secure default choice is to use the public setting. This selection hides your system and turns off automatic discovery protocols so that other computers nearby cannot access your system using a browse list. In any network where you don’t have complete knowledge of the settings or computers that are connected, Microsoft recommends that you use the Public Location network setting. This dialog box provides a big improvement over past connection behavior because in previous Windows versions the firewall and network sharing settings would not adapt to the network. You could open ports on your computer to enable file and printer sharing when connected to work, for example, but those same ports would still be open when using the network at a hotel. Now, Vista lets you change network configuration with a single click. You can still modify the default behavior very easily with just a few clicks in the Network and Sharing Center. Under the Sharing And Discovery section, expand the Public folder sharing button. You will see three options for governing public folder behavior:
•
Turn On Public Folder Sharing So Anyone With Network Access Can Open Files Allows others connecting across the network to read and view any documents or pictures in the public folder.
180
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Turn On Sharing So Anyone With Network Access Can Open, Change, And Create Files Opens up more security risks because it allows systems to write to your system. If by chance a computer that has a virus on it connects to this share, it can pass the virus, which will be transferred to your computers.
•
Turn Off Sharing (People Logged On To This Computer Can Still Access This Folder) Stops systems on the network from seeing the public folder; however, anyone logged on the PC will still have access to the public folders.
Other sharing options appear below these options in the dialog box and are fairly self explanatory. Printer sharing is either on or off, for example, and can be secured with the password options that appear just below the Printer Sharing option. When you use password protection, the option will affect all accounts accessing the printers and any public or file shares. Any time a user connects to a shared resource, they will be prompted for an account and password for the local computer. Keep in mind the main reason computer networks are set up in the first place: they share resources, including the data housed in the many files and folders stored on our hard drives. Some of this file and folder sharing behavior can be configured through the Network and Sharing Center as well.
Sharing Files and Folders The focus of this chapter—and of the entire book so far—has been on what can be described as the client capabilities of Windows Vista. But the terms “client” and “server” describe what a computer is doing in the network, not what the name of the operating system is. It’s very possible, for example, for a small business (or home) to have all of its file and print server capabilities met by a single Windows Vista machine. In fact, there are several sharing capabilities included with Windows Vista, more than in any previous version of the Windows Desktop operating system. Again, it starts with the Network and Sharing Center. There are now five different file sharing types that can be enabled and then managed:
• • • • •
File sharing Public folder sharing Printer sharing Password-protected sharing Media sharing
CHAPTER 4 Configure Network Connectivity
181
To configure any of the options shown here, just expand the option using the down arrow button on the right, then enable/disable with the appropriate radio buttons which then appear.
For example, the Public folder sharing option lets users quickly share files by dragging them to a special folder called—what else?—Public. As shown next, there are three options configurable for Public folder sharing:
•
Turn On Sharing So Anyone With Network Access Can Open Files Shares out the Public folder, but users can only read files within. This lets a user play a music file or movie, for example, and users can also leverage a series of subfolders in the Public folder for easy organization.
•
Turn On Sharing So Anyone With Network Access Can Open, Change, And Create Files Also shares the Pubic folder, but users have much more control over the files within. Use this option, for example, to facilitate easy collaboration within the confines of a workgroup or when setting up an ad hoc network.
•
Turn Off Sharing
Disables Public folder sharing.
Other sharing options in the Network and Sharing Center are fairly straightforward, as they are meant to be. The options are designed to let users easily share resources without any of the background knowledge presented in this
182
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
chapter. (The Printer Sharing Options, for instance, allows other people on the network to access the Printers folder on your machine.)
Travel Advisory Remember the difference between the workgroup and the network. Users connecting to your Printers folder don’t have to be a part of the workgroup, they only have to be part of the network.
For this reason, we won’t spend any more time on the other sharing options here; like setting up a network connection, there’s no reason to go though the click steps of each and every option as they’re all roughly the same. What is a little more relevant as you prepare for the exam is to understand the implications of more traditional Server Message Block (SMB) sharing. This traditional folder sharing should be review to folks upgrading their XP certifications and is discussed next mostly for the benefit of those whose first experience with folder sharing is with Windows Vista.
Traditional Windows Folder Sharing As you’ve just seen, Vista facilitates very simple resource sharing by allowing users to share out public folders and/or printers. But administrators want more robust choices for network sharing than just the ability to turn it on or off for a single folder. Fortunately, Vista has carried forward almost all of the technologies of previous versions, allowing you to share out other folders on an individual basis using traditional folder sharing: 1. To share out using traditional Windows folder sharing, first ensure that File Sharing is enabled in the Network and Sharing Center. Expand the File Sharing selection and choose the Turn On File Sharing radio button. 2. Use Windows Explorer to navigate to the folder you want to make available: right-click and choose Share from the context menu. 3. Select the user or group you want to share the folder with using the drop-down selection, as shown next. You also have the ability to create a new user from here (assuming appropriate user rights).
CHAPTER 4 Configure Network Connectivity
183
4. Click Share. You’ll be prompted for administrative confirmation if User Account Control is turned on. After the sharing has been enabled, you’ll see a confirmation dialog box that displays the full Universal Naming Convention (UNC) path to the share. There are links here that let you e-mail a link to the share to facilitate an easy connection. You can also copy the link onto the Windows clipboard for use in other applications.
Exam Tip You can now share individual files rather than the entire contents of a folder: just navigate to the file, right-click, and choose Share to get started.
Advanced Sharing Although the last section provided the steps to perform the function of “traditional” Windows folder sharing, you can still use the familiar interface as well: 1. Right-click the folder you’d like to share (or one that’s already been shared using the new method) and choose Properties from the context menu. 2. From the folder’s Properties dialog box, click the Share tab to see the following two buttons: Share Launches the Sharing Wizard, taking you to the file sharing dialog box that was discussed in the previous section
•
184
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Advanced Sharing Opens the Advanced Sharing dialog box, shown here. Click the Share This Folder check box. The additional options let you give the share a name and set the number of simultaneous connections. As the security shield on this button indicates, you’ll be prompted for administrative confirmation if User Account Control is enabled.
You can get very granular with the folder permissions from the Advanced Sharing dialog box by clicking the Permissions button. This will open the more traditional Windows folder sharing dialog box, shown next.
Again, this dialog box will look familiar to administrators who have used previous versions of Windows, and the Allow and Deny behaviors will be the same. You can add individual users and groups and then assign appropriate permissions as you see fit. You can also configure the Offline Files options by clicking the Caching button from the Advanced Sharing dialog box and choosing from the following three options:
• •
Only Files And Programs That Users Specify Will Be Available Offline All Files And Programs That Users Open From The Share Will Be Automatically Available Offline
CHAPTER 4 Configure Network Connectivity
•
185
Files Or Programs From The Share Will Not Be Available Offline
In addition, you can access the advanced sharing options with or without the Sharing Wizard turned on, but it can reduce confusion to turn it off. To do so, access the Folder and Search Options from any Vista Explorer window (Organize | Folder and Search options), click the View tab and uncheck the Use Sharing Wizard option. Since establishing a network connection is a valuable skill that is vital to passing the 620 exam, it probably doesn’t seem too great a leap of deductive reasoning to guess at what follows: keeping that connection running. This issue is explored in the next objective on network troubleshooting.
Objective 4.02
A
Troubleshoot Connectivity Issues
s with so many other troubleshooting procedures, network connectivity troubleshooting usually begins with an investigation of the physical layer. If that sounds a little highbrow, consider the decidedly low-tech questions you generally ask while troubleshooting the physical layer: Is it plugged in? Is it attached properly? Usually, the answer is yes, but it doesn’t hurt to double-check. I‘ve seen several occasions where a laptop “just stopped being able to get on the Internet,” for example. The problem? The user had inadvertently hit a button that disabled the network card. On one of my laptops, for example, there is a little button that is flanked by the power switch and a USB port. This button toggles on or off the wireless networking card, and it’s dreadfully easy to hit this thing accidentally when either
186
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
resuming from a sleep session or plugging in a USB device. The only indicator I have (besides loss of connectivity) is a little blue light on the front of the laptop housing that is easy to overlook. Another potential gotcha is the uninstall procedure that can be launched using the Drivers tab of the network card’s properties dialog box. One network engineer I know (okay, it’s me) has replaced a network card without uninstalling the drivers first. This usually isn’t a problem when IP addresses are assigned dynamically, but it can definitely cause problems if addresses are assigned statically. In this instance, the IP address will “stick,” resulting in an error message: “The IP is already assigned to another NIC. Do you wish to continue?” You can sometimes proceed past this without incident, but if the other NIC is ever plugged back in, there will be a conflict. It is therefore recommended that you uninstall any device prior to removing it from your computer. This ensures that there will not be any compatibility issues or conflicts with other drivers.
Troubleshooting Logical Connections Once you determine that everything is physically attached, it’s time to start your logical networking investigation. This will make up the bulk of your network troubleshooting and is what you should concentrate on as you prepare for the exam. There’s no right or wrong in how to go about this investigation, but a good place to start is with a check of the Device Manager. I recommend visiting this first to make sure the device driver is still installed and operational. If everything checks out, you can then start the process of checking the settings in Vista’s default network protocols, TCP/IP. TCP/IP includes several complementary troubleshooting utilities such as IPCONFIG.EXE, PING.EXE, PATHPING.EXE, and TRACERT.EXE. Each one is run from the command prompt, each has its place in the troubleshooting process, and each is discussed briefly in the sections that follow.
IPCONFIG TCP/IP troubleshooting usually begins here, with answers to questions like the following:
• • • •
What’s my IP address? Do I have a static or dynamic IP address? What is my assigned DNS server? How many network cards are configured with an IP address?
The answers to these questions and more can be provided by IPCONFIG. Its job is straightforward: it displays IP configuration information. When it is run
CHAPTER 4 Configure Network Connectivity
187
without any switches (just ipconfig at the command prompt), it will provide four pieces of basic information:
• • • •
The IP address The subnet mask The default gateway The connection-specific DNS suffix
This is sometimes all you need. If you see an IP address of 169.254.x.y, for example, you know that the DHCP component in the network is down, and you’ve been assigned an address from the APIPA space. Your troubleshooting can then focus on the DCHP server (the wireless access point in many cases) rather than on the Vista machine. IPCONFIG can also be used with one of several switches that can be listed by running the /? (help) switch, as in ipconfig /? Table 4.1 shows a few of the more common switches.
Exam Tip TCP/IP utilities need to be run from a command prompt with administrative privileges. To do so, right-click the Start Menu command prompt icon and choose Run as Administrator from the context menu.
TABLE 4.1
Common IPCONFIG Switches
Switch
What It Does
/all
Shows information about your IP connection, including any DNS and WINS servers used, whether the address is dynamic or static, and the host name. Releases the IP address that has been assigned through DHCP. You cannot release a leased IP address through the TCP/IP Properties dialog box. Renews a DHCP address. Not possible through the TCP/IP Properties dialog box. Reregisters the DNS name with the configured DNS server. Can be useful for troubleshooting name resolution problems. Clears the contents of the DNS resolver cache located on the workstation. A client will check its DNS resolver cache before checking a DNS server. This will clear out an incorrect entry made by an improperly configured DNS server.
/release
/renew /registerdns /flushdns
188
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
PING Once you have a valid IP address, the next step is usually to test connectivity to another computer. The Packet Internet Groper (PING) utility is used to do just that. PING works by sending a packet of information that behaves much like sonar does for submarines. If a PING is successful, the receiving computer responds, and you’ve confirmed that both systems can send and receive TCP/IP packets. Thus, other communication should work as well. Typical PING syntax goes like this: ping IP Address or ping computername
If you’re not able to PING using the IP address, for example, something’s amiss in the network in between source and destination (assuming the target computer is on). If you can PING using the IP address and not the computer name, the problem lies with name resolution. Further, PING can be used with a series of modifiers that change the default behavior of sending four 32-byte packets out to the designated host for response. Some of these can change the size of the PING packet, others can modify the duration of the ping test. Again, use the /? (help) switch to see a list of these modifiers.
Travel Advisory Firewalls can (and often are) also set to deny or drop PING requests, as PING attacks are an unsophisticated way to tamper with a server by tying up its resources responding to PING requests. For example, you won’t be able to ping www.microsoft.com even though it can be reached. PING is best used to troubleshoot in a private, corporate environment.
When communication is failing, the general flow to PING to verify TCP/IP connectivity from a computer is as follows:
• • • •
PING the loopback address of 127.0.0.1. PING the local computer’s IP address. PING the default gateway. PING the remote computer you are trying to reach using first the IP address (if known) and then the computer name.
This can also be done in reverse order to try to isolate the cause of broken network communication.
CHAPTER 4 Configure Network Connectivity
189
TRACERT.EXE How does a packet of information get from point A to point B? The TRACERT utility addresses this very question. It works by employing PING packets, albeit with slight modifications. If you test a connection using a normal PING packet, each packet has a time-to-live (TTL) value of 128, meaning that it can stop at up to 127 different routing points along its way. (When the TTL value reaches 0, the packet is dropped. Without this characteristic, all undelivered traffic on the Internet would still be out there, passing from one router to the Net in a never-ending attempt to find a destination.) The TRACERT utility uses this same PING packet, but it has an initial TTL value of 1, meaning that the packet will die at its first stop. When it dies, TRACERT notes the IP address of the device that dropped the packet. The next PING packet sent to the destination has a TTL value of 2. This packet dies two hops away from its source, and TRACERT logs where it dies. And so on and so on, until the PING reaches its destination, at which time the route from source to destination has been reconstructed. Because it steps through the complete path taken by information, it can be very helpful in identifying slow or broken links in the information chain. The syntax is very similar to PING: tracert IP Address or computername
PATHPING PATHPING sounds like it would do what TRACERT does, but PATHPING actually combines features of TRACERT and PING to provide information about problems at a router or a network link. It does so by providing information about network latency (slowness) and network loss (dropped packets) at all points between a source computer and a destination computer. PATHPING has no functionality without parameters, which are essentially used to specify the network path you are trying to diagnose. Again, using pathping /? can help get you started with these parameters. Also, PATHPING generates a report that will take some time to create. The first results you see list the route taken from source to destination, which is the same information you can generate with TRACERT. You will then see a busy message displayed for approximately 90 seconds, although it can be longer on larger networks. During this time, PATHPING gathers information from all routers between source and destination. At the end of this “busy” period, PATHPING displays test results that look something like the
190
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
example shown next. You can now use this information to determine where problems lie in the network infrastructure.
NSLOOKUP NSLOOKUP is a handy utility that can be used to troubleshoot Domain Name System (DNS) infrastructure problems. There are two modes of NSLOOKUP:
• •
Interactive Where you are at an NSLOOKUP command and can enter a series of commands Noninteractive Where you enter a single command and then are returned to the command prompt
Which one is appropriate? It depends on the kind of information you’re trying to gather. As always, use the /? command switch to retrieve exact syntax. If you need to look up only a single piece of data, for example, use the noninteractive mode. For the first parameter, type the name or IP address of the computer that you want to look up. For the second parameter, type the name or IP address of a DNS name server. If you omit the second argument, NSLOOKUP uses the default DNS name server. Here’s what the syntax looks like in practice if you want to find out what IP address a DNS server called SERVER1 has for a computer called GROY, for example: nslookup groy –server1
CHAPTER 4 Configure Network Connectivity
191
If, you need to look up more than one piece of data, you should use interactive mode. To enter interactive mode, type nslookup at the command prompt. You will then see a prompt without the directory pathname as the default, and you can enter the NSLOOKUP commands without specifying the -nslookup part first.
Travel Advisory If you use NSLOOKUP, a Reverse Lookup zone must be properly configured at the DNS server. This is needed because you’re looking up the name of the DNS server based on the IP address gathered from your client’s TCP/IP properties information.
But who really likes to work with a command-line utility? Looking up syntax and then typing a command into a black screen harkens back to 1980s-era computing. Yuck. You can perform lots of Vista management tasks with a graphical interface, after all. Certainly, there must be an equivalent for troubleshooting the network? There is. Read on for details.
Network Status and Repair Although not quite as multifaceted as the command-line utilities, Vista includes a simplified, graphical interface for viewing the status of a network connection. This same interface can be used to automatically run many of the network troubleshooting steps that were introduced in the previous sections. 1. To get to this interface, follow these steps: Open the Network and Sharing Center. 2. Under the network name section, click the View Status link. You’ll see the Connection Status dialog box. From this dialog, there are several options. You can click the Details button, for example, to call up a dialog box that displays much of the same information you can get by using the IPCONFIG utility.
192
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
However, the most significant network connectivity troubleshooting tool from an exam perspective is the Diagnose button. II It’s wonderfully easy to remember and even easier to use. It might not get you very far when you’re hired as a network administrator, but it does automate a whole lot of Vista network troubleshooting. Don’t go into the test without knowledge of Vista’s ability to self-diagnose network card problems. The Diagnose button carries out each of the following tasks and commands while a status window is shown. Note also that these are all a part of normal troubleshooting resolution.
• • •
Disables and enables the network card.
• • •
Runs Nbtstat -r, which reloads the NetBIOS name cache.
Runs ipconfig /renew, which automatically renews the IP address from a DHCP server or service. Runs arp -d, which flushes the Address Resolution Protocol (ARP) cache, which in turn resolves IP addresses to physical network card addresses (aka MAC addresses). Any incorrect entries in the ARP cache can cause information to be sent to the wrong destination, even if other name resolution services in the network are working properly. Runs ipconfig /flushdns, which reloads the DNS cache. Runs ipconfig /registerdns, which registers the computer name at the configured DNS server.
These tasks and commands are essentially startup behavior, by the way—they are the equivalent of what previous Windows users accomplished by rebooting the system. With the Vista Diagnose graphical utility, on the other hand, you reboot the network card instead.
Exam Tip The Diagnose utility can solve a lot of common networking problems. And it’s new. You can take it from there.
Objective 4.03
T
Configure Remote Access
wo other valuable troubleshooting resources available for Vista computers are Remote Assistance and the Remote Desktop. Both features have been available on previous version of Windows, and their purpose under Windows Vista is the same:
CHAPTER 4 Configure Network Connectivity
•
Remote Assistance Lets other people you trust—family members, friends, support personnel, and so on—connect to your computer and either demonstrate how to perform a certain (troubleshooting) task or perform the task themselves. It is available on all editions of Windows Vista and can be deployed in mixed Windows Vista and XP environments.
•
Remote Desktop Lets you access your office or home computer from a remote location and use it as though you were right in front of it. As was the case with Windows XP, this feature is not available on all editions of Windows Vista, but it can still be used in mixed Vista and XP environments. The details will be fleshed out later in this objective.
193
Each of these utilities falls under the larger umbrella of Remote Access, but other Remote Access scenarios were discussed earlier in this chapter. Microsoft considers both Remote Assistance and Remote Desktop a vital component of the Vista operating system and expects you to know how to set up and manage connections for each utility. We’ll begin with a look at the Remote Assistance feature.
Using Remote Assistance As the name “Remote Assistance” suggests, the person helping you troubleshoot doesn’t have to be in the next room—they can connect from anywhere in the world provided there’s an Internet connection between the two computers and the firewalls in between allow the traffic. After the Remote Assistance connection has been established, the support person can view your computer screen, exchange instant messages, and even take control over your computer—but only if you grant the support person permission to do so. Although Remote Assistance has been around for a while, it is not available on every version of Windows. You can use it on the following operating systems:
• • • •
Windows Vista (all versions) Windows XP Windows Server 2003 Any version of Windows subsequent to Windows Vista
In other words, you won’t be able to use Remote Assistance from your Windows Vista machine to help out a friend using Windows 2000, but you will be able to lend a hand to someone using Windows XP. Once the prerequisite operating systems are in place, the next part is setting up a Remote Assistance session. The next section looks at some of the considerations involved.
194
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Setting up a Remote Assistance Connection The Remote Assistance process starts in one of two ways:
• •
The person in need of help (the user) can initiate a Remote Assistance session by requesting help from a support person. A support person can initiate the session by offering help.
What’s more, there are two methods whereby the Remote Assistance request—either for help or offering help—can be generated:
•
E-mail The Remote Assistance invitation in an e-mail is sent as an attachment to a standard e-mail message. The session is initiated when the attachment is opened. In an enterprise environment, it might be good practice to create a dedicated support e-mail so that support personnel can more efficiently respond to Remote Assistance requests.
•
File Invitation A file invitation is saved as a Microsoft Remote Control incident file and given the file extension .MSRCINCIDENT. It can be treated like just about any other file on your computer such as a Word document or Excel spreadsheet. Like the e-mail invitation, the file has to be received and opened by the recipient for it to be useful. It can be attached to an e-mail, yes, but in that case why not use the e-mail invitation? More practically, in an enterprise where file invitations are used rather than e-mail requests, administrators might consider setting up a share where all Remote Assistance file invitations can be saved. Support personnel can then connect to the share and open the invite.
From there, the click steps are little more than a matter of stepping through a wizard that does a pretty good job laying out the necessary steps. Requesting Assistance ple, follow these steps:
If requesting help from a support person, for exam-
1. Open the Remote Assistance tool by typing remote at the Start Menu. Windows Remote Assistance should appear at the top of the screen. 2. The first Windows Remote Assistance dialog box has two paths. To request help, choose the Invite Someone option. 3. You’ll see a dialog box where you will either send the invite as an e-mail or save the invite as a file, as shown next. What’s more, you will be able to reuse an existing invitation if sending to the same support person. Let’s say, for instance, that you invited someone to help, but they got tied up before they were able to respond. If they’re now available, you don’t have to generate a new invitation again. Just use the old one instead.
CHAPTER 4 Configure Network Connectivity
195
The instructions from there will depend on what you’re doing with the invite. Under either option, you’ll be creating a password for the Remote Assistance session. Click Finish to complete the Remote Assistance request. You’ll then see a narrow dialog box, as shown next, until the Remote Assistance request is received and acted upon.
By default, the Remote Assistance invitation will be valid for six hours, but this can be changed using the System Properties dialog box. Use the Remote Settings task to configure these defaults. Offering Assistance The other Remote Assistance option is to offer help. You might want to use this option on the heels of a phone call during which the other person was confused by your instructions, or when it will save time, effort, and a car ride to perform a quick fix. To offer help, follow these steps: 1. Open the Remote Assistance tool as shown in the previous section and choose the second option, Offer To Help Someone. 2. You will see a dialog box, shown next, where you can choose how to connect. If the user has sent out a request, you can use this dialog box
196
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
to locate that invitation (you don’t have to, however; just opening the invitation file is enough). If making an “unsolicited” offer, you have to type the IP address or computer name in the second entry box.
3. Choose Finish. Assuming there’s someone on the other end waiting to accept the offer, the remote session should now commence. If you don’t get a response, it could be because the user you’re offering assistance to is not using a compatible operating system. These considerations will be discussed in more detail later. No matter how the Remote Assistance session is established, its use should be fairly intuitive, even for the user who sends out the Remote Assistance request. If they can figure out how to send the Remote Assistance invitation, they will probably have little trouble with actual use. Even if the user can’t send the invitation, they can always be walked through the process over the phone. They can then be walked through the process of allowing remote control, and they won’t have to do a thing. I’ve just made an excellent business case for upgrading the sullen 19-year-old computer whiz’s PC to Windows Vista—they can help the rest of the family for the price of the new OS and possibly a copy of Halo 3.
Remote Assistance and Security As mentioned in the click steps, you have to create a password that will be used to control the Remote Assistance session. This is a new feature to the Windows Vista version of Remote Assistance, and it provides an additional layer of security to the session. It ensures that only authorized people are able to open a Re-
CHAPTER 4 Configure Network Connectivity
197
mote Assistance invitation—they have to know the Remote Assistance session password to do so. Another security consideration is whether or not the target computer is configured to accept incoming Remote Assistance offers. To make sure your Vista computer is even capable of hosting a Remote Assistance connection, perform the following steps: 1. Open the System Control Panel application by typing system at the Start Menu or by right-clicking the Computer Desktop icon (if applicable) and choosing Properties. 2. Follow the Remote Settings task link on the dialog box’s left side. You will be asked to provide administrative confirmation if User Account Control is turned on. 3. You’ll see the System Properties dialog box, as shown next. The Remote tab should be selected, and you want to confirm that the Allow Remote Assistance Connections To This Computer check box is selected.
More configuration settings are available if you click the Advanced button. This will open the dialog box, shown here, where you can adjust the six-hour de-
198
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
fault expiration of the Remote Assistance request or specify that the invites only be used from Windows Vista or later systems.
More interesting, though, is the first check box, which can toggle the Remote Control feature. If you’d like to be able to have your system seen remotely but not controlled remotely by support technicians, you can always uncheck the option here. Remember, though, that Remote Assistance’s security allows the user ultimate control; you can always decline an offer to take over remotely. Remote Assistance and Group Policy As was discussed in the previous chapter, Windows Vista offers a host of Group Policy settings that have the potential to control a vast range of computer behavior. As you might expect, Remote Assistance is just one of these behaviors that can be managed with a Group Policy Object that’s linked to the local machine. To configure a Group Policy to set more universal and flexible Remote Assistance options, follow these steps: 1. Open the Group Policy Object Editor and add the local policy object. Refer to Chapter 3 for full instructions. Alternatively, you can type gpedit.msc from the Start Menu. 2. Navigate to the folders to Computer Configuration\Administrative Templates\System\Remote Assistance. 3. You will now be able to work with six settings that can further control the use and behavior of Remote Assistance, as shown next. If an administrator wants to configure the system so that it can never accept a “solicited” offer (that is, one that is not in response to a request for assistance), use the fifth setting in the list, Solicited Remote Assistance. By default, none of the Remote Assistance settings are configured.
CHAPTER 4 Configure Network Connectivity
199
Remote Assistance and User Account Control It’s very likely that the support person will perform an administrative task while remotely controlling your computer, which then leaves you with the quandary of how to handle the User Account Control (UAC) behavior. One method, of course, is to disable UAC before initiating the Remote Session. But there’s another way that’s built into Remote Assistance that doesn’t require such drastic steps. When the support person asks to take control of the Desktop, the user sees a message asking whether or not the helper can “respond to User Account Control prompts.” Selecting this check box permits the support person to respond to requests from UAC for administrator consent or administrator credentials.
Travel Advisory Two additional characteristics of granting UAC permission to the support person are worthy of mention: (1) the user is asked for consent before handing over such control, and (2) the user can only grant this permission if they have rights themselves to run administrative level programs.
Remote Assistance and the Windows Firewall With Remote Assistance, you’re allowing traffic into your computer—just the opposite of what Windows Firewall is configured to do. The firewall’s job, for
200
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
the most part, is to keep traffic out. In order for these two features to work in harmony, then, it’s necessary to make sure the proper exceptions are configured on Windows Firewall. Because Windows Firewall restricts communication between your computer and the Internet, you might need to change settings for Remote Desktop Connection so that it can work properly: 1. Open Windows Firewall. To do this, you could open the Control Panel’s Security Center first, but I prefer typing fire at the Start Menu. Windows Firewall will appear in the program list. 2. In the firewall console’s left pane, follow the Allow A Program Through Windows Firewall link. You will be prompted for administrative confirmation if User Account Control is turned on. 3. You should be taken directly to the Firewall Settings dialog box with the Exceptions tab selected, as shown next. In the list, select the check box next to Remote Assistance and then click OK.
Now, a look behind the scenes: for Windows Firewall to work its magic and allow Remote Assistance traffic, it will open TCP port 3389. On two computers directly connected to the Internet, Windows Firewall will handle this just fine. By setting it up with a single click as just described or allowing Remote Assistance when asked, Vista will manage the connection just fine.
CHAPTER 4 Configure Network Connectivity
201
But when other firewalls sit between the two computers, they may prevent the Remote Access traffic. This is not only a consideration for businesses who might have users in one office building and support personnel in another, but also must be on the mind of the home user who is sharing out a broadband Internet connection to his house’s three computers with a wireless router. Oftentimes, port 3389 will not be open by default. I can offer few pointers here other than to read the documentation that came with your router about how to open certain ports, and certainly the Microsoft exam won’t ask you any questions about the specifics of router configuration. I suggest being able to identify the significance of TCP port 3389, though. Fortunately, most Small Office/Home Office (SOHO) wireless routers today come with an HTML-based configuration utility that allows router changes via a webpage. In most cases, you just open a web browser and enter the router’s IP address in the address bar, as in: http://192.168.1.1 You should then be prompted for a use, as shown next.
You can also just disable the firewall capability for the duration of the session and let Windows Firewall monitor all incoming and outgoing traffic.
Remote Assistance and Compatibility As mentioned earlier, this isn’t the first rodeo for Windows Remote Assistance, and you can happily use the Vista version in combination with other Windows operating systems that support Remote Assistance. You can use Remote Assistance from your Vista machine, for example, to provide help to users still running Windows XP. There are a few considerations when performing this particular task, however:
•
In Windows XP and Server 2003, you can’t pause a Windows Remote Assistance session. If you are using Vista to help an XP user and you pause the session, the person running XP won’t be notified. There’s no stopping you from using the chat function to say, “I’ve got to step away for a bit,” however.
202
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
There is no voice support in this version of Remote Assistance. Under Windows XP and Windows Server 2003, you can transmit voice over the Remote Assistance session. If you’re using Windows XP to help someone running Windows Vista and you click the Start Talk button, nothing will happen.
•
You cannot offer Remote Assistance help from your Vista computer to users running either Windows XP or Server 2003. You can, however, respond to Remote Assistance requests.
Besides the Remote Assistance function, there’s another vestige of Windows XP that requires you know a thing or two about establishing a remote connection: Remote Desktop. You might not be using it on your copy of Windows Vista, mind you, but that doesn’t excuse you from not having knowledge of it as you sit down in front of the testing computer. But hey, why else did you purchase this book?
Remote Desktop There’s another troubleshooting tool built into Windows Vista that is a very close cousin of Remote Assistance: the Remote Desktop. You can think of it as Remote Assistance except that no one has to be at the other end of the connection requesting that a remote session be established. The Remote Desktop can be a huge benefit for network administrators or any other professional who needs to access their office (or home) computer from a remote location. Think hotel, think coffee shop, think about remotely administering a Vista machine in your underwear. Think convenience. Of course, there are a few setup considerations before you can implement a Remote Desktop session, but this section walks you through everything you need to get started. Also, as with Remote Assistance, there have been some improvements in Vista’s implementation of this feature. Essentially, this means that you will be able to mix and match Remote Desktop in a mixed XP and Vista environment. Before you even begin, you should know that the Remote Desktop is not available on every version of Windows Vista. Because it’s mostly meant for companies where Remote Access to office computers is a must, you can only host a Remote Desktop connection on these versions:
• • •
Business Enterprise Ultimate
The Windows Vista Home Basic and Home Premium versions can be deployed in a Remote Desktop scenario, but these two versions will only allow for
CHAPTER 4 Configure Network Connectivity
203
the creation of outgoing connections. In other words, you can use a Vista Home Premium machine to connect to your Enterprise computer back in the office, but not the other way around. In addition, while the Remote Desktop is available on XP computers as well, it’s only available on systems running XP Professional; you can’t connect to computers running Windows XP Home Edition.
Deploying Remote Desktop Now that you know what Remote Desktop is used for and a few of the usage constraints, it’s time to delve into the implementation steps. First, a discussion about the computer that will be connected to. In the Remote Desktop nomenclature, this is known as the “host” machine. In most cases, this will be your office system. In order to establish a Remote Desktop connection, the host must first be configured to allow such connections. (We’ll deal with the other end of the equation, the client machine, in just a bit.) To prepare the host machine for a Remote Desktop session, follow these steps: 1. Open the System Control Panel application by typing system at the Start Menu or by looking in the System and Maintenance Control Panel grouping. 2. Follow the Remote Settings link on the left side. You will be prompted for administrative credentials if User Account Control is turned on. 3. You’ve seen this dialog box previously in the Remote Assistance discussion. This time, the focus is on the bottom half. There are three choices here, as shown next:
•
Don’t Allow Connections To This Computer Prevents connections to this system from remote computers.
204
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Allow Connections From Computers Running Any Version Of Remote Desktop The best choice in a mixed XP/Vista environment, as it allows connections from previous versions of Remote Desktop.
•
Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication More secure (the parenthetical will tell you this as well); checks to see if the connecting computer supports Network Level Authentication, which is a protocol that identifies the user before the remote session is established.
Exam Tip Only a user with a password-protected account can establish a Remote Desktop connection. Also, you can restrict the connection to Vista-only machines by using the third option in the Remote Assistance dialog box.
By default, Vista will not allow any Remote Desktop connections.
Establishing the Remote Desktop Connection Now that you’ve seen Remote Desktop from the hosting machine, let’s turn the focus to the remote computer making the connection—in this context, the client computer. Good news: all the necessary software needed to establish this client connection is built into Windows Vista. This was not the case under Windows XP, as will be detailed in just a bit. The example to follow assumes that you’re utilizing a Vista-to-Vista connection. So if you’re at home on a Sunday night and desperately need to update a file that’s sitting on your work machine, follow these steps to establish a remote session: 1. Open the Remote Desktop Connection dialog box by typing remote at the Start Menu. It’s also under All Programs | Accessories if you’re not into the whole brevity thing. 2. You see the Remote Desktop Connection dialog box. From here, type either the name (usually the Fully Qualified Domain Name) of the remote computer or the IP address.
CHAPTER 4 Configure Network Connectivity
205
Click the Connect button and Vista will ask you for your security credentials. The next screen you should see, assuming the credentials are valid, is the Desktop of the remote machine. This can be a lot more complicated if you’d like it to be. Click the Options button to see what I mean. You get a new Remote Desktop Connection dialog box that looks like this:
As you can see, there are six tabs here, which present you with a wide variety of Remote Desktop options to choose from. While not necessary for many everyday connections (think modern computers using relatively fast broadband-class Internet connections), the options here can further govern behavior of the Remote Desktop session. General buttons:
On the General tab, under Connection Settings, you will see three
•
Save Tells Vista to remember your connection settings so that you won’t have to retype them next time you make a connection to the same host. If you find yourself using Remote Desktop to connect to the same computer (your office machine, for example), this can be useful.
•
Save As Saves your connection settings to a RDP file that can be used later on. The best use for this option is to save typing when connecting to multiple computers, such as when an administrator uses Remote Desktop to administer multiple machines.
•
Open
Opens a saved RDP file.
206
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Display Three options on the Display tab control the Remote Desktop window look and feel:
•
Remote Desktop Size The slider sets Remote Desktop screen resolution. Dragging all the way to the right will configure Remote Desktop to use the entire client screen.
•
Colors Sets the number of colors. Vista uses the least amount of colors available at either the host or client, so there are times when the color setting has no effect.
•
Display The Connection Bar When In Full Screen Mode A default setting that, when active, displays a Remote Desktop bar that lets you minimize, restore, and close the session. I recommend you leave this option enabled.
Local Resources There are three options on the Local Resources tab, as shown next, that control specific interaction between client and host:
•
Remote Computer Sound Determines how Vista handles the sounds on the host computer. By default, the client hears sounds from the host, such as a chime when an error message is displayed.
•
Keyboard Determines which computer receives special keyboard commands. When you press CTRL-SHIFT-ESC to bring up the Task Manager, for example, you can set whether it shows activity on the host
CHAPTER 4 Configure Network Connectivity
207
or the client machine. (By default, keyboard combinations such as CTRL-SHIFT-ESC will only apply to the host when in full screen mode.)
•
Local Devices and Resources Determines whether the client’s printers are displayed in the host’s list of printers and whether to use the client’s clipboard during the session to cut and paste data from client to host.
The More button lets you specify even more options. The options available by clicking the More button will determine the level of interaction of other client devices and peripherals such as smart cards, serial ports, and drives. For example, if you choose the Drives check box, then any drives you select here will also be available in the host’s Remote Desktop window. This can be very useful if the purpose of the connection is to transfer files from client computer to host, or vice versa. It can also be useful to review these settings if your purpose is to get Remote Desktop questions correct. Supported plug and play devices make items such as digital cameras, printers, and media players available as well. Programs With the Programs tab, you can specify a particular program to run on connection. The caveat is that selecting a program to run in this dialog box pretty much sets the parameters for the entire Remote Desktop session. Once connected, the remote administrator can work only with the program specified, and when the program ends, so too does the Remote Desktop session. Experience There are several options on the Experience tab that govern the Remote Desktop session itself. Some or all might be selected by default, depending on the choice of the Connection Speed.
• • • • • • •
Desktop Background Font Smoothing
Turns the host background on when enabled
Smoothes the fonts of the host machine
Desktop Composition
Turns the Desktop composition engine on
Show Contents Of Window While Dragging content in a window that’s being moved Menu And Windows Animation Themes
Enables the display of
Enables the menu animations
Turns on or off the host Desktop theme
Bitmap Caching Improves performance by storing host images on the client computer (the only Experience feature that is enabled in all speed configurations)
208
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
For example, the Desktop Background and Font Smoothing options are both turned off if c onnecting over modem connection speeds (56kbps or lower). If the remote connection is over a 10Mbps LAN, on the other hand, all experience options are on. Advanced As seen in the next illustration, the choices on the Advanced tab allow you to specify warning options if authentication fails and also let you configure a connection to a Terminal Services (TS) Gateway server.
So just what is a Terminal Services Gateway? A TS Gateway can make it easier to allow Remote Desktop connections to a corporate network using an Internet connection. TS Gateway servers use the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a more secure, encrypted connection. A TS Gateway server provides the following benefits:
• •
It enables Remote Desktop connections over the Internet without setting up a virtual private network (VPN) connection. It better enables connections across firewalls.
Exam Tip You’ll thank yourself if you at least follow the first step of the Remote Desktop Connection procedure and familiarize yourself with the options presented in the six tabs. You don’t have to actually make the Remote Desktop connection to become comfortable with these.
CHAPTER 4 Configure Network Connectivity
209
Remote Desktop and Windows XP It’s very possible that network administrators will use Vista’s Remote Desktop to remotely connect to computers running Windows XP. For example, the XP machine may be the host machine. In that case, the setup instructions will differ somewhat. It’s probably best to have them handy: 1. Insert the Windows XP installation disk and wait for AutoRun to present you with the Welcome to Microsoft Windows XP screen. 2. Follow the Perform Additional Tasks link. 3. Choose the Set Up Remote Desktop Connection option. If you don’t have the Windows XP installation disk handy, you can visit the Microsoft download center and search for Remote Desktop Connection. It should appear at the top of your search results.
Travel Assistance For your “believe it or not” file: you can even connect to a Vista computer hosting a Remote Desktop session from a Mac. And no, I’m not talking about a Mac running Parallels or Boot Camp with Vista as the operating system. I mean a Mac running OS X. For more information, visit microsoft.com/downloads. You can also connect to a Remote Desktop session or Terminal Services server from Linux using the Open Source utility, desktop. It can be downloaded from http://sourceforge.net/projects/rdesktop/.
Making the Remote Desktop Connection Actual use of the Remote Desktop connection is very straightforward, because you’re just using the computer on the other end of the connection. All you’re really doing is substituting one keyboard, mouse, and monitor that are a long way away for another set that’s closer at hand. The only thing to focus on in the Remote Desktop session is the connection bar at the top. This lets you perform such tasks as minimizing the Remote Desktop window, restoring it, and closing the session. There are two ways to end a session: clicking the Close button on the connection bar or using the host’s Start Menu. Choose Start | Disconnect to end the remote session, and the window will close.
Remote Desktop and Windows Firewall Like its cousin Remote Assistance, the Remote Desktop will not be able to pass data back and forth across Windows Firewall until allowed to do so. If you
210
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
remember the steps discussed already, you’re in good shape. If not, you’ll need to tweak settings with these steps: 1. Open Windows Firewall and choose Allow A Program Through Windows Firewall. (If you open the Control Panel, there’s a link under the Security grouping as well.) 2. Supply administrative confirmation, and you’ll see the Exceptions tab of the Windows Firewall Settings dialog box. 3. In the list of programs, place a check mark next to the Remote Desktop box, as shown next.
Make sure you take these steps on the remote host before attempting the connection. You can’t remote in and then try to set things up.
Remote Desktop and NAT Often, the system you want to Remote Desktop into is living behind a router. This router is usually configured with what’s known as Network Address Translation, or NAT. This is especially true on most SOHO networks where three or four computers, maybe ten, are all sharing a single broadband Internet connection. If you’re curious, you can type ipconfig from a command prompt window right now. If you see an address that starts with 192.168, you’re using NAT. NAT translates a public IP address like 64.151.x.y into a private IP address like 192.168.2.1 during both outgoing and incoming communications. Can Remote Desktop work when NAT is in place? Absolutely. You do have to know the public IP address of the router that’s between the client computer and host computer, however. There are thousands, if not millions, of computers that have Internet access with a private IP address of 192.168.2.1, but there’s only one device connected to the Internet with a public IP address of 64.151.x.y. You can’t remote into 192.168.2.1; you need to send the Remote Desktop request to the public location. How do you figure out what the public address is? There are many ways. You can use the router utility as just discussed above. The utility will often display the router’s public address. You can also leverage one of several free website services (there are many others; these are just a few of the more well known services):
CHAPTER 4 Configure Network Connectivity
• • • •
211
http://whatismyip.com http://broadbandreports.com http://checkip.dyndns.org http://whatismyipaddress.com
Once you know the public IP address of the router connected to the Remote Desktop host, use that address to connect. There’s one more thing to remember: just because you’ve configured Windows Firewall correctly doesn’t mean the router will let the Remote Desktop traffic pass. You still need to configure either one of the following:
• •
An exception on your router as discussed previously Port forwarding, where you configure the router to forward specific port requests to a specific private IP address such as 192.168.2.1
Again, you’ll have to refer to the router’s documentation for full instructions, as they vary from device to device. Because of its reliance on Terminal Services as its underlying connection technology, Remote Desktop exchanges information on TCP port 3389 by default. The problem with this advice and instructions is that just about the time you feel comfortable that you understand how Remote Desktop works and all the configuration details needed to get it up and working, you realize that every hacker in the world is well aware of the same information already, and those who aren’t can pick up a book as easily as you. Using freely available software, they can sit at their computer (in their parent’s basement, no doubt) and scan the Internet for open 3389 ports. With an open port in hand, they will have found a doorway into your computer. So what’s the answer? First, take comfort in the fact that just because someone finds a door doesn’t mean that they have a key. The best way to “lock your doors,” as it were, is to use a sound password strategy. If you’re doing this, chances are that most hackers will look for easier prey. If, on the other hand, you’ve allowed a Remote Desktop connection to a user called “Admin” with a password of “password,” or worse, no password at all, you may have what I call “issues.” For an even more secure Remote Desktop strategy, you can change the port used by Remote Desktop from the default of 3389. It’s just a number, after all, and RD doesn’t care which one you use. Follow these steps to change the Remote Desktop listening port: 1. Open the Registry Editor by typing regedit at the Start Menu and navigate to the key HKLM\System\CurrentControlSet\Control\ TerminalServer\WinStations\RDP—Tcp.
212
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. You’ll see a PortNumber setting. Open this setting and replace the 3389 value with any number between 1024 and 65536, as shown next.
To make the connection, specify the public IP address (discovered using one of the techniques just described) and the port number. Using the value just mentioned, type the following into the Remote Desktop Connection’s Computer entry box: 65.43.123.98:10012 Remote Desktop. What could be simpler?
CHECKPOINT ✔Objective 4.01: Configure Networking Using the Networking and Security Center The lynchpin of the modern computing environment is the ability to connect to other computers, whether to other computers in your own office building or across the globe. To assist users and administrators in this endeavor, Microsoft has reconfigured its main networking configuration utility. It’s now called the Networking and Security Center, and no test preparation will be very thorough without opening it up, connecting to a wired and wireless network, and enabling and disabling services such as file and printer sharing.
✔Objective 4.02: Troubleshoot Connectivity Issues
If it’s important to connect to a network in order to take advantage of the full power of Windows Vista, it’s also equally important—for both real-world use and exam prepa-
CHAPTER 4 Configure Network Connectivity
213
ration—to be able to troubleshoot a connection that is not working. You should go into the test with a full knowledge of what built-in tools can help automate network troubleshooting, but don’t forget about TCP/IP command-line utilities such as PING, TRACERT, and NSLOOKUP.
✔Objective 4.03: Configure Remote Access
At some point, you’re likely going to use Windows Vista on a laptop computer. At some point, you’re going to want to access your Vista desktop computer from your Vista laptop computer. At some point, someone’s going to lean on your superior Vista understanding and ask you to connect to their Vista desktop from your Vista laptop and fix something on their computer. At least, these are the scenarios that Microsoft envisions for your remote connections, and you should be able to configure them in Windows Vista. To address these scenarios, you should understand the use of two tools, Remote Assistance and Remote Desktop.
REVIEW QUESTIONS 1. You have recently upgraded the administrator’s machine on your network to the Windows Vista Business Edition. All of the other 12 computers in the company workgroup are running Windows XP. You are trying to troubleshoot a problem with one of the XP machines and want to use Vista’s Network Map capability to see if there could be a problem with the network connectivity of that machine. You cannot see the XP system on the network map, however. What is the best explanation for this? A. The XP computer does not have IP version 6 installed. B. Network Map will detect only Windows computers running Windows Vista. XP computers are not discoverable with Vista’s Network Map utility. C. The XP computer does not have the Link Layer Topology Discovery Responder installed. D. In order to be seen in a network map, all devices must belong to the same logical workgroup. Vista computers do not broadcast this logical grouping information by default. E. The router does not support the Link Layer Topology Discovery. Vista utilizes the LLTD protocol to query the router for a list of connected devices in order to generate the network map.
214
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Which of the following are security measures that can be deployed on a wireless network? (Choose all that apply.) A. Using a Group Policy object to require that all connections to the wireless access point use Vista’s new User Account Control B. Using the Network and Security Center to access the Properties dialog box for the wireless access point, then limiting the number of inbound connections C. Configuring the wireless access point not to broadcast the network SSID D. Requiring a passkey in order to connect to the wireless network E. All of the above 3. You have a Windows Vista Ultimate laptop computer, and a friend with Windows XP has asked you to connect to their XP Home system in order to provide instructions on a Microsoft Office task. Which of the following will be considerations as you connect to the remote system? (Choose all that apply.) A. B. C. D. E.
Sending a Remote Assistance invitation Having a user account on the remote system Using Remote Desktop Opening TCP port 3389 on the router All of the above
4. A friend joins you for a lunch meeting at a café that has free Internet access. You have a multimedia presentation stored on your computer that is too big to e-mail, so you place it in a shared folder on your Vista Business Edition laptop and tell your friend to grab it from the network share. The friend reports, however, that he is unable to see your computer on the network, yet you are both getting Internet access from the same wireless access point. What is the most likely explanation of the problem? A. You have been assigned IP addresses that are located on different subnets and are therefore unable to route the SMB file-sharing requests. B. The Network Discovery setting is set to Off. You need to change this setting using the Network and Sharing Center. C. The network type is set to Public. Computers attached to public networks are unable to share folders, leaving the computer wide open to hacking. D. Windows Firewall is preventing file and print sharing traffic from the computer making the file request. E. None of the above.
CHAPTER 4 Configure Network Connectivity
5. You are administering a small Windows Vista–based workgroup environment and one of the computers cannot seem to access the network’s file server using the UNC path of \\beanlakeserver. Which of the following are troubleshooting steps you could take to determine the root cause of the problem? A. Run the Diagnose utility to flush the ARP cache entries. B. Run the ipconfig /all utility to determine which name servers are being used to resolve the computer name to an IP address. C. Open a command prompt and type ipconfig /all to determine the trouble computer’s IP address. D. Try to PING another computer on the network using first the computer’s IP address and then the computer name. E. All of the above. 6. You have a Windows Vista Home Premium desktop computer at home, and use Windows Vista Ultimate on a laptop computer. You are on the road and want to use Vista Remote Desktop capability to remotely connect to the desktop computer to retrieve a file. When trying to establish the connection, however, the Remote Desktop Connection dialog box reports a connection error. What is the likely source of the problem? A. You can only conduct a remote session on a Windows Home Premium computer using a tool like GoToMyPC. B. You do not have port 3389 opened on the router between the Vista Ultimate and the Vista Home Premium system. C. The account you’re using from your Vista Ultimate computer does not exist on the Vista Home Premium system. D. You must first establish a Virtual Private Network Connection to the Vista Home Premium computer before conducting the Remote Desktop session. E. All of the above. 7. The new Vista Network and Sharing Center includes options for public folder sharing. Which of these options are security options for this public folder? (Choose all that apply.) A. B. C. D. E.
Open and read files Open, read, change, and create files Turn off public folder sharing Share only to local users All of the above
215
216
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
8. You are the administrator of a Windows Vista Ultimate computer and are configuring it as the file server for a small workgroup. You are setting up the \Data folder hierarchy for sharing, but when you right-click the root folder, you don’t see a Share option when accessing the folder’s Properties dialog box. What is the most likely cause of the problem? A. There is a corrupted Registry entry under the \Local Machine registry key. B. File and Print Sharing has been disabled by a setting in the Windows Firewall. C. There is a Windows File Protection Group Policy Object setting that is preventing the system from acting as a file server. D. The File and Print Server Windows System Component needs to be installed. Open the Control Panel and then use Add/Remove Windows Components to install the necessary server service. E. Vista Ultimate edition cannot be configured with traditional file sharing unless it is a part of a Windows Server domain. 9. You have a Windows Vista Ultimate desktop computer at home and use Windows XP Professional on a laptop computer that does not meet the hardware requirements for Windows Vista. You are on the road and now want to use the Remote Desktop capability to remotely connect to the desktop computer to retrieve a file. When trying to establish the connection, however, the Remote Desktop Connection dialog box on the XP Professional computer reports a connection error. What is the likely source of the problem? A. You can only conduct a Remote Desktop–type session in a mixed XP-Vista environment using a tool like GoToMyPC. B. Using the System Control Panel application, you have configured the Vista Ultimate system to only allow connections that use Network Level Authentication (NLA). C. The account you’re using from your Windows XP Professional computer does not exist on the Vista Ultimate system. D. You must first establish a Virtual Private Network Connection to the Vista Ultimate computer before conducting the Remote Desktop session from a Windows XP computer. E. All of the above. 10. You have a coworker who uses Windows Vista Business at their work computer. You use Windows XP Professional on a laptop computer that does not meet the hardware requirements for Windows Vista. You are on the road and your coworker requests help with a configuration
CHAPTER 4 Configure Network Connectivity
task. Because you have Internet access at your hotel, you decide that the easiest way to handle it is to use Vista’s Remote Assistance feature so that you can lead the coworker through the configuration change. You find that you cannot start your Remote Assistance session, however. What is the most likely cause of this connection problem? A. You can only conduct a Remote Desktop-type session in a mixed XP-Vista environment using a tool like GoToMyPC. B. There is a problem with network connectivity between the hotel and the office location. C. Vista Business does not support inbound Remote Assistance sessions from XP clients. You need to have Windows Vista Home or Home Premium to complete the task. D. There is a Group Policy Object Setting that is preventing Remote Assistance connections from Windows XP. E. None of the above.
REVIEW ANSWERS 1.
In order to see a Windows XP computer using the Vista Network Map, you need to first download and install the LLTD Responder for Windows XP. You can download this update from the Microsoft Technet website.
2.
Network administrators have a wide array of technologies at their disposal to safeguard wireless networks. They can configure the access point not to broadcast the network SSID so that clients have to manually set up connections. They can also require an encrypted passkey when connecting, but the options mentioned in answers A and B are not options.
3.
Remote Assistance is the tool that allows a Windows Vista user to connect to an XP Home system and remotely offer assistance. In order to establish a Remote Assistance session, TCP port 3389 must be opened on the remote system’s firewall. Remote Desktop is available with XP Professional, but not XP Home, and Remote Assistance does not require a local account on the remote system.
4.
The Network Sharing and Discovery can be toggled on and off, and a computer with the Network and Sharing option set to Off cannot be seen in a browse list by other computers in the same network.
5.
All of these are excellent troubleshooting steps when trying to determine the cause of a network communication problem. Don’t forget about the physical connections as well.
217
218
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
6.
Windows Vista Home Premium does not support Remote Desktop Connection; it is only available on the Vista Business, Enterprise, and Ultimate editions.
7.
With Vista’s new public folder sharing, administrators of the local machine can make files available to users with network access. All network users can be restricted to read only access of the public folder or can have the ability to change and create new files. Alternatively, administrators can use the public folder to make files available to all users of the Vista computer but only when logged on. Finally, administrators can shut off public files sharing altogether.
8.
The most likely explanation is that the File and Printer Sharing service has not been added as an exception in Windows Firewall.
9.
There are three levels of security when configuring a computer that will host a Remote Desktop session: Don’t Allow Connections To This Computer, Allow Connections From Computers Using Any Version Of Remote Desktop (Less Secure), and Allow Connections Only From Computers Running Remote Desktop with Network Level Authentication (more secure). The NLA-only option will prevent Remote Desktop sessions initiated from computers running Windows XP.
10.
There are several Group Policy Object settings with Windows Vista, and some of these can configure behavior of Remote Assistance connections. There is one called Allow Only Vista Or Later Connections which, as the name suggests, will not allow Windows XP Remote Assistance connections if enabled.
Configure Applications Included with Windows Vista
5
ITINERARY
•
Objective 5.01
• • • • •
Objective 5.02 Objective 5.03 Objective 5.04 Objective 5.05 Objective 5.06
Configure and Troubleshoot Media Applications Configure Windows Mail Configure Windows Meeting Space Configure Windows Calendar Configure Windows Fax and Scan Configure Windows Sidebar
NEWBIE
SOME EXPERIENCE
EXPERT
3 hours
2 hours
1 hour
219
220
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
As you’ve seen in previous chapters, Windows Vista introduces a host of features that were previously separated from the operating system or, in cases such as Tablet PC functionality, included with an entirely different operating system product altogether. The focus of this chapter is on other bundled applications that ship with Windows Vista that will help users manage their time and their digital entertainment. Chapter 5 starts with the fun stuff—a look at the many applications that are dedicated to handling all of your digital entertainment. Some of these applications—the Media Player 11 comes to mind—are included with every edition of Windows Vista, while others such as the Media Center are available only with the Home Premium and Ultimate editions. The test objectives grouped in this chapter move toward what can be described as productivity applications such as the Windows Calendar and Windows Mail programs. As you might guess, the former helps you manage your day’s appointments and to-do list, while the latter manages the huge pile of e-mail in your Inbox. Finally, the chapter wraps up with a tour of the new Windows Sidebar, which is a docking station for the new Windows Gadgets. We’ll look at the role of a gadget in placing timely information at the user’s fingertips as well as how to configure and manage the Gadget Gallery.
Objective 5.01
Configure and Troubleshoot Media Applications
W
indows Vista helps users manage digital media with a bundle of applications—some new and some revised—that can put a Vista computer front and center in a home entertainment system. There isn’t time to go into detailed use of each here, but there are five applications that you should be aware of:
• • • • •
Windows Media Center Windows Media Player 11 Windows Photo Gallery Windows Movie Maker Windows DVD Maker
Each one gets a brief overview in the following sections.
CHAPTER 5 Configure Applications Included with Windows Vista
221
Windows Media Center Treated as a separate operating system by Windows XP, Windows Media Center serves as a “digital dashboard” for easy access to home entertainment content. The behavior under Vista is essentially the same as it was in Windows XP, however. Windows Media Center is a portal that provides a single interface to all of the multimedia applications installed on your computer. When minimized, you see the Windows Desktop just as when conducting any other computer task. This dashboard makes it easy to perform such tasks as calling up a movie, creating a slideshow of photos, or recording and then watching a TV show, all using a remote control from your couch. Windows Media Center is optimized to make looking at your photos, home movies, and TV a more enjoyable experience than ever before, supporting widescreen and HD formats. Further, Windows Media Center lets you organize digital entertainment in many ways. As shown here, Windows Media Center includes options such as thumbnail pictures to help you quickly identify which CD, photo, movie, or TV show you’re looking for.
Another nice feature of Windows Media Center is its capability to handle multiple media sources at once. For example, you can easily search through your
222
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
digital photo collection or change the selected MP3 playlist while continuing to view the movie, TV show, or other photos already on your screen. (Again, Windows Media Center is really just the dashboard; Windows Media Player is the engine that handles the files.) What’s more, you can extend the Windows Media Center experience to multiple rooms. Vista’s version lets you enjoy all your digital entertainment not only on your PC, but also on up to five TVs through the use of Media Center Extenders. That means you can be working on your PowerPoint presentation for the next day in your home office while the rest of the family is watching a movie on the 42-inch plasma display in the living room. The cool part is that both the PowerPoint and movie are being served from the same computer. In my mind, this represents the most compelling reason to use Home Premium over Home Basic whenever possible. You can even extend this Media Center Extender to the Xbox 360 as well. If it’s all set up correctly, you can sit down at any TV in your house and see the same Media Center digital dashboard, and thus have easy access to your entire digital universe.
Exam Tip I’d be surprised if you saw a question about the Windows Media Center on the 620 exam, but you never know. For exam preparation, make sure you’re familiar with the Vista versions that include the Media Center (Home Premium and Ultimate) and then open up Media Center and get somewhat familiar with the Settings page, where you can dictate general Media Center behavior and configure connections to media sources.
Windows Media Player 11 Windows Media Player has been around ever since I can remember, but it gets a dramatic facelift in terms of features and functionality in Windows Vista. So much so that Microsoft expects you to have some working knowledge of its use for the 70-620 exam. When most people think of the Windows Media Player, they think of playing MP3s. I know I do. I also know that because of the previous Media Player interfaces, most people steered away from the Windows Media Player and toward more user-friendly applications like Apple’s iTunes. While it’s too early to tell if Windows Media Player 11 is much of a game-changer, the interface has been radically simplified. What’s more, it now
CHAPTER 5 Configure Applications Included with Windows Vista
223
does a better than average job at managing all of your digital media—pictures, videos, and of course, music. Use of the Media Center is pretty straightforward, just as it is designed to be. Along the top of the interface, you’ll see five big buttons, as shown in Figure 5.1, each one with several options that can be accessed by clicking the down arrow underneath:
• • • • •
Now Playing Library Rip Burn Sync
Each of the buttons does roughly what you would expect it to: Now Playing shows what’s currently playing, Library provides a look at your media files, Rip rips CDs into your music collection, Sync syncs with a removable media player, and Burn burns a playlist to a CD. You should also see another button that connects to an online store where you can purchase music. The default for Media Player 11 is the Urge Online Store from MTV. You should not see much on the test about these buttons, however, and there are too many options on each to explain each and every one.
FIGURE 5.1
The Media Player 11 interface
224
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Syncing won’t work with a Zune. This is old news to the four people who own Zunes, but Microsoft’s portable media player won’t work with Microsoft’s Media Player. There’s yet another media application that syncs with a Zune called Zune Marketplace. You can buy songs from the Zune Marketplace, except that they don’t take money, only Microsoft points, which you can purchase using your Xbox 360. Once you figure out that 79 points equals about 99 cents, you’re good to go with your purchase of 400 points, which will buy you Lord knows how many songs. Then you can get in touch with Microsoft support to figure out what to do with the points you’ll have left over because 79 doesn’t divide evenly into 400—that is unless you want a Zune Pass, which, because it’s charged to your credit card, doesn’t use Microsoft points. Yes, using the Zune is just that intuitive. But hey, these are the folks who have brought you 15 different versions of one operating system. Simplicity isn’t exactly their game.
In general, you should know how to change default Media Player options by accessing the Options dialog box, shown next. To call up this dialog box, click any of the Media Center buttons and choose More Options from the drop-down menu.
CHAPTER 5 Configure Applications Included with Windows Vista
225
You can also access this dialog box using the Tools | Options menu commands if the traditional menus are turned on. This Options dialog box is the one aspect of the Media Player with which you should have some working knowledge. The Options dialog box lets you configure a host of Media Player behaviors, such as what happens when a CD is inserted into the computer. Will Media Player automatically start ripping the CD, and if so, at what quality? You can specify the answers on the Rip Music tab as seen in the Options dialog box. More specifically, there are two tabs here that wise exam takers will familiarize themselves with: the Security and Privacy tabs. The Security tab will allow administrators to configure behaviors when the Media Player encounters scripts within streaming media content. Also, you can configure whether or not to display Web content within Media Player using the Internet Explorer zones. On the Privacy tab are several options that define the Enhanced Playback and Device Experience. Among the options here are settings that will do the following:
• • • • •
Display media information from the Internet. Update music files by retrieving media info from the Internet. Download usage rights automatically when you play or sync a file. Automatically check if protected files need to be refreshed. Set the clock on devices automatically.
All options should be selected by default, and each can have a significant impact on whether or not a media file is played in the first place. When you try and play a protected media file using Media Player, for example, the player performs a check of media usage rights. The usage rights determine what actions may be done with a media file and can affect whether the files plays or is able to sync with a mobile device. Under most circumstances, users won’t need to do anything to manage usage rights, as the check boxes in the preceding list take care of that automatically. If the Media Player is unable to media usage rights, the player typically displays a message indicating what options are available. Users need only follow onscreen instructions to address the issue. If the player directs you to an online store, you might be required to enter your account name and password to proceed. The online store might require you to update your billing information or to pay a fee to download additional usage rights, such as the right to burn a song to an audio CD.
226
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Just below the big Media Player buttons is the Media Player toolbar, which also lets you navigate through your media library with the integrated Search (discussed later on) and configure View options using the buttons just to the left of the Search bar. Using the Layout Options button in particular, you can display the classic menus such as File, View, Play, Tools, and Help. (The View Options button lets you change the views of whatever’s selected, much like the Views button does in Windows Explorer.)
One option that’s not available: Media Player can’t play a slideshow of pictures while listening to a song, which should be possible by now. Alas, you need Media Center to pull that one off.
Exam Tip Microsoft recommends that you enable both the Download Usage Rights Automatically When I Play Or Sync A File and the Automatically Check If Protected Files Need To Be Refreshed options. By default, both are turned on. These two options will cause Media Player to periodically scan your library for purchased and subscription files that are missing or have expired media usage rights. It will also identify files whose rights are about to expire. Media Player will then try to download the rights from the Internet, keeping the playback, burn, and sync experiences with all of your purchased and subscription media trouble-free.
Media Sharing with Windows Media Player Windows Media Player introduces yet another welcome feature that lets users take a single store of digital media and share it out with other computers and devices on the network. If your home has more than one Vista computer (or XP; this is a feature of Windows Media Player 11, not of the operating system), for example, this will greatly enhance the media management experience for all. The Media Sharing works just as you would share any other folder from your computer, but the Media Player version of sharing hides the underlying file structure—you just pick what you want and share it out. Here’s what to do: 1. From any of the tab menus, choose More Options.
CHAPTER 5 Configure Applications Included with Windows Vista
227
2. Select the Library tab. 3. Click the Configure Sharing button. You’ll see the Media Sharing dialog box, shown next. To share media, make sure the Share My Media check box is selected.
With this option enabled, users of Windows Media Player on other computers are able to access and play files from your library just as though the files were on their system. Computers that connect will cause a System Tray Notification that gives you the option of Allowing or Denying the connection.
Travel Advisory You can also configure Windows Media Player Sharing by rightclicking the Library folder from any category and choosing Media Sharing from the context menu.
Integrated Instant Search Another nice little feature of the Windows Media Player 11 is the integrated Instant Search feature. To explore just the items in your media library, place the mouse cursor in the Search bar in the upper right-hand side of the Media Player window and type what you’re looking for. My suggestion: switch to the Songs
228
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
view before conducting the search. Browsing the Genre view is also an option, as shown next.
If you switch to the Songs view before conducting the same search, however, the results are much more helpful. Figure 5.2 shows the results of the same search you just saw but in Songs view. Of course, the Instant Search means that you don’t have to be exact with your search term. If I was looking for the song Dirty Harry by the Gorillaz, for example, I wouldn’t necessarily have to remember the entire song name, or even the artist. I just type har and the list of songs with matching information is immediately narrowed.
FIGURE 5.2
Looking through the Songs view will help you find what you need.
CHAPTER 5 Configure Applications Included with Windows Vista
229
When searching for songs especially, you can even use metadata search criteria. The metadata is information about a file, which in the case of a music track includes the Track Name, Artist, Album Name, and even Composer, if applicable. What’s more, you can add metadata information about a particular track by giving it a right-click and choosing Advanced Tag Editor from the context menu. You will then see the dialog box shown next, where you can edit information about the track that might help you in a search later on.
Travel Advisory You can edit the metadata about a song using the Advanced Tag Editor dialog box, but you don’t have the same ability with Pictures and Videos.
Windows Photo Gallery The Windows Photo Gallery makes it easy to manage your digital photography collection. Included are several organization choices so that you can set up a filing system that best suits your needs. It would be beyond the scope of this book to delve into every aspect of the Photo Gallery in detail, but one feature I’d like to specifically point out is the Im-
230
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
port Pictures and Videos Wizard. It lets you add keywords or (metadata) tags to your photos. These keywords can be an absolute godsend when you’re trying to locate your pictures later on. For example, say you’re looking for pictures of the ocean in a directory that contains 2,000 pictures. You can make this chore a heck of a lot easier by adding a tag or two to each picture when you first import the pictures into Windows Photo Gallery. Then, instead of sifting through your entire collection one photo at a time, you can perform a search for “ocean” and quickly narrow down your search results. You can add a tag to the picture by following these steps: 1. Right-click the photo and choose Add Tags from the context menu. (Alternatively, you can select the photo from the library.) 2. The Info pane, shown next, lists any existing tags and lets you add more tags using the Add Tag link. You can also edit the picture’s title using the bottom of this Info pane. Searching using a word in the title will work as well.
3. If you don’t see the Info pane, click Info on the Windows Photo Gallery toolbar. 4. The Photo Gallery also lets you add keywords during the import process. To start the Import Pictures and Videos Wizard, choose File | Import from a camera or scanner. The wizard runs, letting you add words about a specific picture’s subject, scene, or event. You can also add tags later by double-clicking a picture and adding the tag in the Details pane.
CHAPTER 5 Configure Applications Included with Windows Vista
231
Additionally, the Photo Gallery now lets you search for photos using the date taken as a search criterion. Enter Sept 2005, for example, to quickly bring up images from—when else?—September of 2005, or enter March 2007 to locate pictures of the snowboarding trip where you made a fool of yourself trying to follow your son over snow ramps. Notice that the Date Taken category is automatically grouped by year and then by month on the left-hand side of the Photo Gallery. One last cool feature of the Photo Gallery is the way you can quickly adjust the thumbnail size, another tool which can make finding pictures easier. Just click the magnifying glass icon at the bottom of the Photo Gallery window and adjust using the slider control.
Windows Movie and DVD Maker Another nice addition to the Home Premium bundle is the Movie Maker and DVD Maker applications. I’m treating them as a single Vista feature because they will work hand in hand on most occasions. In other words, you’ll first edit a movie in Movie Maker and then burn it to a DVD using the DVD Maker. As with the Photo Gallery application, a full discussion of Movie Maker and DVD Maker capabilities is beyond the scope of this book. It’s fairly easy to get started creating a home movie, but it will probably take a few trips to the help files to gather a full understanding of the tools available. As you can see in Figure 5.3, I was able to get a movie of Vegas snapshots thrown together with little trouble, adding music and transitions between the photos.
FIGURE 5.3
Create a movie using Windows Movie Maker.
232
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Once you’re done creating the movie, you have the opportunity to see how easily Movie Maker and DVD Maker work together. When you choose the DVD option in the list of Publish To tasks, Vista will immediately open the DVD Maker application with your movie loaded up and ready to burn. Once the media have been added, all that’s left is to choose the menu style and click Burn. Naturally, you’ll need a DVD burner attached to your system in order to create a new DVD.
Objective 5.02
Configure Windows Mail
I
’m guessing that you don’t need me to tell you the purpose of Vista’s Windows Mail application. I’ll bet you can even guess what application it replaced in Windows XP. If you were just thinking: “Windows Mail is the built-in e-mail application, and if it replaced something in Windows XP, it must have been Outlook Express,” then I was right. But while anyone with a modicum of computing experience could probably deduce the function of Windows Mail, they don’t hand out exam certifications to folks with only a modicum of Windows knowledge. Your job is to get the program out, kick its tires, and figure out how the thing actually works. More specifically, there are five Windows Mail tasks and technologies that you should review before taking the 620 exam:
• • • • •
Setting up and editing e-mail accounts Using Instant Search Configuring the Junk Mail filter Understanding the Phishing filter Using a newsgroup
Each of these is detailed further in the sections that follow.
Set Up and Edit an E-mail Account Yes, Windows Mail can be used to send and receive e-mail. But how do you set that up? As it turns out, you get to figure that one out for yourself the very first time you open the application. Windows Mail prompts you for account information so that it can get started with its main function: managing e-mail. The first screen presented after the Windows Mail splash screen will prompt the currently logged-on user for a display name, shown next. This dis-
CHAPTER 5 Configure Applications Included with Windows Vista
233
play name doesn’t necessarily have to be the same as the e-mail account or the user’s real name; it’s just what mail recipients will see when they get an e-mail from this account.
In the next window, the user is prompted for the account’s e-mail address. After clicking Next, Windows Mail plays one of its dirtier tricks. If the user selects HTTP as the e-mail server type, as shown next, Windows Mail disallows the operation. One of the feature “enhancements” of Windows Mail is that it no longer supports integration with HTTP-based e-mail accounts like Hotmail.
234
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Windows Mail and HTTP E-mail Accounts There are no HTTP e-mail accounts in Windows Mail. HTTP support for e-mail accounts is now included in something called Windows Live Desktop, the best documentation for which you will find right here, not by searching for anything Microsoft has produced on the subject. For example, if you click the link Windows Mail “head fake” page where it looks like you can set up a Hotmail account, you will then be taken to a page where you can sign up for a Hotmail account. Huh? Isn’t that what you were trying to do in the first place, set up a Hotmail account with Windows Mail? Why are you taken there? Even assuming you don’t have one already, what good would it be to sign up for one? To add something that doesn’t work to Windows Mail? There’s also a really helpful link called “Here’s Why” on that page (as in, “Here’s why Windows Mail doesn’t support HTTP e-mail”). That link will take you to a support page that will tell you…that Windows Mail doesn’t support HTTP e-mail. (A page designed by the Microsoft redundancy division, no doubt, and there’s nary a mention about why.) There’s a link on that page that will help you fix the issue by linking you to a page that will help you get started with a web-based e-mail account from—are you sitting down, Steve Ballmer?—Google. To briefly recap: the problem is that Windows Mail cannot integrate with an HTTP e-mail account. The solution as iterated by Microsoft: get a web-based e-mail account such as Gmail, which integrates with Windows Mail, but only because of Google’s efforts, not Microsoft’s. (You can set up Gmail to work with POP/SMTP and can thus manage the Gmail account via Windows Mail.) Then you must get a Windows Mobile device from your cell phone provider. Yeah, I don’t follow the logic, either. The real solution, as I mentioned, is supposedly something called Windows Live Desktop, which as of this writing is in beta and will supposedly let you manage multiple HTTP e-mail accounts in one place, much like Outlook Express did five years ago. Apart from the procedure for setting up one or more e-mail accounts with Windows Mail, there are four other Mail features of which careful test candidates should be aware: the Instant Search, Junk Mail filter, Phishing filter, and newsgroup features.
Instant Search There might not be a single better instance of Instant Search’s usefulness than when dealing with an Inbox. Where’s that e-mail message from your boss with the directions to the meeting site? Since she sent the message three weeks ago, why not just look through all of your messages from three weeks ago?
CHAPTER 5 Configure Applications Included with Windows Vista
235
Because you’re looking for a needle in a haystack, that’s why. You may have received 300 e-mails three weeks ago and aren’t about to consume an hour of your time sifting through every one of those e-mails. Your boss sends or CCs you on about 15 e-mails per day, so even sorting the Inbox to go through just her messages isn’t going to be much help, either. And you aren’t even sure it was three weeks ago. It could have been four, or maybe only two weeks ago. This is where Instant Search comes in. Windows Mail includes a built-in Instant Search that behaves just like the one in the Windows Vista operating system. In fact, Vista’s Instant Search can help you track down a specific message as well. The advantage to using the Search field in the Windows Mail program is that it limits the scan to only e-mail and lets you do so without leaving Windows Mail. To pinpoint the needle in the haystack, just start typing what you’re looking for—you don’t have to remember the message subject, who it was from, or when it was sent. If there’s a word anywhere in the message that matches your search string—whole words are not necessary—Instant Search will track it down, well, instantly. Using the example here, you could type directions or even the location of the meeting. If it was mentioned in the message, it will be displayed by the Instant Search results, as shown in Figure 5.4. In the figure, I typed successor in the Search field. As you can see, the only message in my Inbox with the word “successor” in it is the welcome message from Microsoft.
FIGURE 5.4
Using the Integrated Instant Search
236
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Can you see where this would be a huge benefit when trying to locate messages that are older than the example just given? Try finding that one message you know you received a year ago without the Instant Search, and I think you’ll agree: nowhere is Instant Search more valuable than when trying to find an old message.
Junk Mail Filter Windows Mail also includes a Junk Mail filter that helps protect the Inbox from unwanted spam. The Junk Mail filter includes some automatic behavior that will screen e-mail, looking for telltale behavior to identify and separate out junk e-mail, sending it to a special folder called—what else?—Junk E-mail. The nice thing about the Windows Mail Junk filter is that it starts identifying and separating junk mail right away; there is no need for any initial configuration on the users’ part. But you can still train the filter and customize settings. As you prepare for the 620 exam, you should learn about the default behavior of the Junk Mail filter and how it can be modified. The steps are fairly easy: 1. From the Windows Mail window, choose Tools | Junk E-Mail Options. 2. You’ll see the Junk E-mail Options dialog box, as shown next. There are five tabs: Options, Safe Senders, Blocked Senders, International, and Phishing.
CHAPTER 5 Configure Applications Included with Windows Vista
237
The Options tab that is shown here lets you configure the standard filtering level. You have four options:
• • •
No Automatic Filtering Disables the Junk Mail filter but still moves mail from the Blocked Senders list to the Junk E-mail folder.
•
Safe List Only Blocks all e-mail except for mail from people or domains in your Safe Senders list. This forces you to go through your junk mail and scan for legitimate mail from new senders but ensures that all e-mail hitting your Inbox is legitimate.
Low The default setting; it moves obvious junk mail to the Junk E-mail folder. High A more stringent test for e-mail; it catches more junk mail but can also send some regular e-mail to the Junk E-mail folder as well, especially mail that is sent to distribution lists.
There’s a fifth selection on this Options tab that can work in conjunction with any of the default filtering levels just described. It’s the Permanently Delete Suspected Junk E-mail Instead Of Moving It To The Junk E-mail Folder check box and, as it says, if you check the box, Windows Mail will permanently delete any mail identified as junk rather than steer it into the Junk E-mail folder. This rather draconian option is not enabled by default, and I recommend that you think twice before turning it on.
Safe and Blocked Senders The Safe Senders and Blocked Senders tabs will let you either block or allow all messages from a given sender or domain. To add a sender to either list, click the tab in the Junk E-mail Options dialog box and then click the Add button. You’ll then see a little dialog box where you can enter the e-mail address of the sender. Alternatively, you can enter the entire domain. If you want to add any e-mail address from the brianculp.com domain, for example, you just type brianculp.com in the entry box and click OK. There’s actually a better way to do this, however. Most of your everyday Safe and Blocked Senders lists will be created from within the Inbox itself (or Junk E-mail folder, for that matter). All you have to do is right-click a message and
238
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
choose the Junk E-mail item from the context menu. You’ll then get the options shown next.
The options here are essentially the same: you can block or allow the sender and block or allow the entire domain. The same procedures are available when dealing with mail that’s already been moved into the Junk E-mail folder, in which case the choice will be to add the sender to the Safe Senders list.
Exam Tip The Junk E-mail filter options should look pretty familiar. Besides the Phishing filter, there’s really nothing different about Windows Mail’s Junk E-mail filter than the one used by Outlook Express under Windows XP. If you’ve dealt with the Outlook Express filter in the past, you really know all you need to know.
Phishing Filter Phishing e-mails look like this: “You’ve just won!! Click here to verify your address and claim your prize!!” Or, “Your PayPal account was just accessed!! If this was not you who accessed the account, click here to confirm your account and update information!!” Or some such breathless claim. In any case, you’re taken to a website that can look legitimate but is really trying to obtain personal infor-
CHAPTER 5 Configure Applications Included with Windows Vista
239
mation (such as your PayPal account information and password) that can be used to steal your money or, worse, your identity. Put simply, phishing e-mail messages attempt to trick you into entering your personal information so it can be captured and used by criminals. Windows Mail includes a Phishing filter that analyzes e-mail to detect many of these fraudulent links and help protect you from this online deception. There isn’t much in the way of Phishing filter configuration that you need to do. As you can see from the Phishing tab shown next, it’s either on or it’s off. The only other decision is whether to move e-mail that has been marked as phishing e-mails to the Junk E-mail folder rather than leaving them in the Inbox.
Exam Tip Remember the default Phishing filter options. Your Inbox is (1) automatically scanned for suspected phishing links within e-mails and (2) such e-mail is moved to the Junk Mail folder automatically.
If you do receive an e-mail that the Windows Mail Phishing filter detects as such, you should see a big red (more like pink) banner across the Windows Mail reading pane, as shown in Figure 5.5. The message is also flagged in red in the message list—the big red shield should draw your attention to the potentially fraudulent e-mail right away.
Newsgroup Features Newsgroups are not new to Windows Mail, but Vista does include a new wrinkle or two that will help users get more out of their newsgroups. It is now easier to post newsgroup questions and answers, and Windows Mail also introduces a new ability to rate how help information posted by other people has been.
240
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
FIGURE 5.5
An e-mail that has been identified as a phishing attempt
But before you can post questions to newsgroups, you must locate and subscribe to an existing group. Here’s how to subscribe to a Microsoft newsgroup: 1. Open Windows Mail, then choose Tools | Newsgroups. 2. There should already be a Microsoft Communities news server configured for Windows Mail. If this is your first time accessing the list of newsgroups hosted on this Microsoft Communities server, you should see the dialog box shown next as the list of newsgroups is retrieved.
CHAPTER 5 Configure Applications Included with Windows Vista
241
3. If you seen multiple news servers in the Accounts dialog box, choose the news server that contains the newsgroup to which you’d like to subscribe. 4. Select the newsgroup you want to subscribe to and click Subscribe. The subscribed newsgroup will then appear in the Subscribed tab. To unsubscribe, select it again in the Subscribed tab and click Unsubscribe. Newsgroup servers can sometimes host hundreds of newsgroups, for example, Microsoft’s own Microsoft Communities newsgroup server. If this is the case, you can narrow down the field of selections dramatically using the search box. The search box shown next is not the Instant Search that you see in other places, but the functionality is virtually identical. Just type what you’re looking for and the list will shrink with every letter typed.
Once you’ve subscribed to the desired newsgroup, a folder icon will appear next to any newsgroup name. Click OK to save your changes. When you subscribe to the first newsgroup, you should see a dialog box with three options, as shown next:
•
Show Available Newsgroups And Turn On Communities
242
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
• •
Show Available Newsgroups, But Don’t Turn On Communities Don’t Download Newsgroups Now
Using Communities will unlock the new newsgroup features that are available within Windows Mail. Once you subscribe to newsgroups within Communities, the subscription appears under the Microsoft Communities grouping in the folder pane of Windows Mail. Within the Communities, you can rate the usefulness of message posts and replies, as shown next. This information can help steer others directly to that information. Like the Instant Search capability with the Inbox, the rating can help you quickly locate the one message that is most relevant to your query.
Exam Tip Of all the information about newsgroups, perhaps the most relevant for the exam is going to be knowledge that joining a Community will unlock additional newsgroup functionality.
Objective 5.03
D
Configure Windows Meeting Space
espite the relative ease with which a Windows computer can share information in a network, true real-time collaboration can still be a challenge. For example, what would you do if you were preparing a PowerPoint presenta-
CHAPTER 5 Configure Applications Included with Windows Vista
243
tion, and you wanted to do a dress rehearsal so you could solicit a few last-minute comments from several coworkers? If you’re like most small- and even medium-sized companies, you might save the PPT (or PPTX) file to a flash drive and hand it to one coworker at a time. Or you could send your coworkers the file using e-mail or Instant Messenger. Paper handouts are not uncommon either. But what if you could just set up a shared virtual meeting space for those same coworkers, allowing them to easily see what’s on your computer and offer comments and/or edits? What if you could pull this off without having to set up an overhead projector, and without having to purchase or configure additional software? You can do just this with Windows Meeting Space. It’s a new feature that’s available on these Vista flavors:
• • • •
Home Premium Business Enterprise Ultimate
If you’re familiar with Windows Live Meeting (or have attended one), then a good way to conceptualize Windows Meeting Space is that it’s Windows Live Meeting on the Desktop. Whereas Windows Live Meeting is designed for large meetings over large geographical areas and requires both a server resource to host the meeting and Internet connectivity for everyone joining, Windows Meeting Space requires only a Vista machine to host the meeting and some network connectivity. It works best for face-to-face meetings where everyone’s in the same room. For testing purposes, you should be familiar with Windows Meeting Space uses, the process for setting up and hosting a meeting using, and troubleshooting steps that can be taken when people are unable to take advantage of this new feature. We’ll start by looking at the steps to set up a meeting that will be hosted on your computer.
Conduct a Meeting Here’s how to set up a meeting: 1. From the Start Menu, choose Windows Meeting Space. It’s listed under the All Programs section, but just type meet in the Search bar if you don’t immediately see it in the Start Menu. 2. If this is the first time you’re using Windows Meeting Space, you’ll be asked whether you want to enable People Near Me and File Replication.
244
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
3. Select Yes, Continue Setting Up Windows Meeting Space, and you’ll be prompted for your People Near Me screen name. Now you can start a meeting session using the dialog box shown next.
4. The Windows Meeting Space session gives you several meeting options. For starters, you can simply share your Desktop or a specific application with other meeting participants. Click the Share button on the meeting session’s window to get started. Participants will then be able to see your Desktop without leaving their computers. You can also “project” an application or Desktop to any Windows Vista-compliant Network Projector. Or, you can share a file with the meeting group by creating a handout. Creating a handout allows meeting participants to make edits on the fly, eventually leading to a collaborated version of the file. The original handout item will not be changed.
Travel Advisory You can use Windows Meeting Space with Vista Home Basic, but not all features will be available. Vista Basic users can only view meetings. XP Professional computers (and XP Home, for that matter) cannot use Windows Meeting Space in any way.
CHAPTER 5 Configure Applications Included with Windows Vista
245
Generally speaking, it’s a good idea to open the Windows Meeting Space and try hosting a meeting in order to get a feel for what the application can do. The three buttons at the top give you the following options:
• • •
Share Your Desktop Invite Others To The Meeting Add Handouts
There are big buttons on the right of the Windows Meeting Space window that do the same things—they’re hard to miss. When working with handouts, only one person at a time can edit the file, and this will be a new copy of that file. The original will not be affected.
Exam Tip All data exchanged during a Windows Meeting Space session is encrypted, so that only authorized participants (that is, only the ones who know the Meeting password) will be able to view the handouts you make available.
Firewall and Other Network Considerations In order to join a meeting using the People Near Me option, all computers signing in must be located on the same subnet. If a static IP address has been assigned to a system, for example, it is entirely possible for the computers to be able to communicate with one another yet not be able to see each other in People Near Me. If this is the case, the person hosting the meeting should consider sending out manual invitations using the Invite People option. Keep in mind also that Windows Meeting space is a network-dependent application and therefore won’t work unless any and all firewalls have been configured to allow the Windows Meeting Space traffic. To ensure the Windows Firewall has configured the appropriate connections, follow these steps: 1. Open the Windows Firewall using your preferred method: type fire at the Vista Start Menu, or open the Vista Security Center from the System Tray. 2. In the Windows Firewall configuration window, follow the Change Settings link. 3. In the Windows Firewall Settings dialog box, choose the Exceptions tab. Scroll down the list of programs and place a check next to the Windows
246
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Meeting Space and the Windows Peer to Peer Collaboration Foundation entries, as shown next.
The good news is that you shouldn’t have to configure either of these program exceptions; the Windows Firewall sets all of this up automatically whenever you host a meeting for the first time. The bad news is that other firewalls might be present on either your computer or others’ who are joining the meeting, and you may have to configure firewall exceptions on these firewall products as well. Moreover, there are a host of services Windows Meeting Space depends on. Administrators troubleshooting Windows Meeting space shouldn’t overlook the possibility that any of these services might not be running on the machine that is either hosting the meeting or is trying to connect:
• • • •
Peer Name Resolution Protocol Peer Networking Grouping Peer Networking Identity Manager DFS Replication
CHAPTER 5 Configure Applications Included with Windows Vista
247
To check on the status of these and other Vista services, access the Services application. My favorite method: right-click the Computer button on the Start Menu, choose Manage, and expand the Services and Applications node and choose Services. You should then see the exhaustive list of Vista services in the Details pane. As with the firewall exceptions, each of these services should start automatically, and there will be little need to check the Service status of each of these in day-to-day usage. I’m not saying you’ll see this on the test for sure, but the exam is there to test what you would do if things like Windows Meeting Space is not working.
Exam Tip The People Near Me setting can be disabled by a Group Policy Setting. For a full discussion of Group Policy Objects, turn to Chapter 3.
Objective 5.04
T
Configure Windows Calendar
he Windows Calendar is a very simple time management application that allows Vista users to quickly get an overview of their day, create new appointments, and create a to-do list of upcoming tasks. To open the Windows Calendar, click the Start Menu, choose All Programs, then choose Windows Calendar. You can always type cal in Vista’s Instant Search and quickly locate the Windows Calendar that way, too. However you open it, you’ll then see the Windows Calendar. Most of the configuration part of this test objective will be achieved with the Windows Calendar’s View, Share, and Options selections, all of which get attention here. We’ll start with the View options, which let you view the following ranges of time:
• • • •
Day Work Week Week Month
248
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
The default view is the seven-day week, with the week starting on Sunday and ending on Saturday. This can be modified, however. To locate other Calendar options, go to File | Options, which calls up the dialog box shown next.
If you want your work week to start on Tuesday and end on Saturday, for example, you can configure these options here. Your job as test candidate is just to know about the possibilities of the Windows Calendar options dialog box.
Add an Appointment or Task Calendar’s job is to manage two main lists: your list of appointments and your list of tasks. You should probably practice adding an appointment and task as well. To add a new appointment, simply click the New Appointment button from the Windows Calendar toolbar. By default, Calendar creates the appointment using the current time. If it’s 1 A.M. at the time you create the appointment, you get an appointment starting at 1 A.M. and running until 2 A.M. The way around this is to right-click: choose the day on which you want to create the new appointment and then right-click on or near the appointment time. The new appointment should then appear next to where you right-clicked.
CHAPTER 5 Configure Applications Included with Windows Vista
FIGURE 5.6
249
Setting up a new appointment
After creating the new appointment, you should see the appointment details in Calendar’s Details pane, as shown in Figure 5.6. Using the appointment details, you can specify appointment options such as the start and end times, whether it’s an all-day appointment, and the reminder time. You can even send invitations to other meeting attendees using the Participants section. To finish the procedure, click out of the Details pane somewhere else in Calendar. The procedure for creating a task is almost identical: click the New Task toolbar button and then enter the Task details. Although you can configure a due date and enter notes for the task, all that’s required is a name for the new task.
Calendar Publishing One of the most noteworthy features, at least from a testing standpoint, is Windows Calendar’s ability to publish personal calendar information: 1. From the Windows Calendar Share menu, choose Publish.
250
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. From the Calendar Name box, type the calendar name you want to share. Then select where the calendar will be published using the location entry, as shown next.
Why publish calendar information? In a word, collaboration. Others in a company—even one small enough not to merit more traditional solutions like Microsoft Exchange Server—might need to know your schedule. Also, you can create a company- or family-wide calendar of important events and deadlines and share it out with the entire group. You can also include additional calendar information such as tasks, reminders, and notes. When you’re done with the option selections, click Publish to complete the procedure.
Travel Advisory If you’re publishing a Windows Calendar, it’s a good idea to enable the Automatically Publish Changes Made To The Calendar option. This way, any new tasks or appointments added to the published calendar are automatically reflected in the published location as well. Users subscribing to the published calendar will receive these changes automatically.
Calendar Sharing and Subscription Once you’ve shared out a calendar, other network users might want to connect to it and subscribe. People who subscribe to your calendar will have access to your free and busy times and can plan meeting requests accordingly.
CHAPTER 5 Configure Applications Included with Windows Vista
251
It only takes a single step to subscribe to an alternate calendar. From either the Share menu or the Calendar toolbar, choose Subscribe to open the Subscribe to a Calendar dialog box, as shown next.
Even if no one else in the network has published a calendar to a network share, you still have access to a huge variety of publicly available calendars from the Windows Calendars website. From there, you can easily access the iCalShare.com website, where hundreds upon hundreds of calendars have been published in the ICS standardized file format. You can even use this website to publish your own personal calendar. The really cool part of calendar subscription is when you view two or more calendars side by side. This is an easy way to quickly identify time conflicts between two schedules and move appointments accordingly. The ability to color code your Windows Calendars makes it easy to keep multiple calendars separate. To change the color of a calendar, just select it in the Navigation Pane and use the drop-down list in the Details pane.
Exam Tip The Sync All command under the Share menu synchronizes the latest changes from all subscribed calendars.
252
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Objective 5.05
Configure Windows Fax and Scan
Y
ou already know what the Windows Fax and Scan does—it’s right there in the title. What you’re interested in is how to set up and send a fax, and what on earth about the Fax and Scan might be on the 620 exam. I’ll get right to it. But before I do, I should pass this along: Windows Fax and Scan is only available on three Windows Vista versions (in the U.S., anyway):
• • •
Business Enterprise Ultimate
That in and of itself might be enough for you to skate by with in terms of Windows Fax and Scan knowledge. But you should also take note of what you see in the following dialog box: in order to send or receive a fax, you need to have an account.
The next section looks at this process in a little more detail.
Set Up a Fax Account To launch the Windows Fax and Scan, from the Vista Start menu, click All Programs and choose Windows Fax and Scan. Of course, you can always type fax from the Start Menu’s Search. You’ll see the Windows Fax and Scan window shown next.
CHAPTER 5 Configure Applications Included with Windows Vista
253
You will notice right away that the Fax and Scan window looks a whole lot like the Windows Mail interface. (It actually looks more like Outlook than Windows Mail, but you get the idea.) I’ve taken a shot or two at Microsoft previously in this chapter, so let me pause to give a wholehearted pat on the back for this redesign. The new Fax and Scan interface will make the chore of faxing and scanning much more user friendly than in previous iterations (for the curious, it was called the Windows Picture and Fax viewer under Windows XP). Now, you’re ready to jump right in and send that first fax, but first you need to specify how the fax will be sent. To do so, make sure the Fax button is selected at the bottom of the left pane, then follow these steps: 1. Select the Tools menu, and then click Fax Accounts. 2. From the Fax Accounts dialog box, click Add, and then follow the instructions in the Fax Setup Wizard. As shown next, you can either Connect To A Fax Server On My Network or use a modem attached to (or integrated with) the computer as the outgoing port for the fax.
254
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Sending and Receiving a Fax Now that the fax account has been created, you can go ahead and send that fax: 1. From the Vista Fax and Scan toolbar, click New Fax. 2. You’ll see a This Is a New Fax window dialog box shown next. It looks similar to the window shown when composing a new e-mail; the big difference is that when you send an e-mail the destination is an e-mail address; when you send a fax the destination is a phone number.
3. Use the options here to create a new fax, and then click Send. Of course, the flip side of sending a fax is receiving one using the same device. To configure the Vista computer to automatically receive incoming faxes, follow these steps: 1. From the Windows Fax and Scan Tools menu, click Fax Settings. You may be prompted for administrative confirmation. 2. Choose the General tab and then look at the Send/Receive options. 3. Choose the Allow Device To Receive Fax Calls check box, and click Automatically Answer After X Rings.
CHAPTER 5 Configure Applications Included with Windows Vista
255
4. Set the number of rings after which the modem can answer incoming phone calls to try to receive a fax. Once you’ve followed these steps, any incoming faxes will be delivered to the Fax and Scan Inbox, where they can then be perused just like e-mail.
Travel Assistance Faxing via computer isn’t a terribly relevant skill anymore, especially when you can just fax something using a good old fax machine and be done with it. If you need specific help with the Vista Fax and Scan, feel free to drop me an e-mail at [email protected].
Objective 5.06
Configure Windows Sidebar
A
lso new to Windows Vista is the Sidebar. The Sidebar by itself has no functionality; rather, it serves as docking station for one or more gadgets. Gadgets are little applications that can perform a wide variety of functions. They can display information gathered from your computer, such as memory/ CPU usage and song playlists; the Internet, such as stock, weather, and RSS feed information; user-supplied information, such as the very handy Notes application; or none of these, as is the case with puzzle and games. By default, Vista ships with 13 gadgets. In alphabetical order, they include the Calculator, Clock, CPU Meter, Currency Conversion, Feed Viewer, Feed Watcher, Notes, Number Puzzle, Picture Puzzle, Recycle Bin, Slide Show, Stocks, and a Timer. You can download additional gadgets at the Microsoft Live Gallery website, which can be easily found by following a hyperlink in Vista’s Gadget Gallery as detailed later on. Companies and individuals can also develop and submit their own gadgets. Does IT need a way to quickly update staff about network status? Gadgets might be the perfect solution. Do you want to keep abreast of your fantasy baseball team during day games? Go ahead and write the gadget yourself. (All that work time devoted to your fantasy team will likely earn you a promotion.) Of course, you don’t have to use the Sidebar if you prefer not to. Fortunately, configuring Sidebar behavior won’t present much of a challenge.
Travel Advisory Gadgets are also leveraged when using something called the Windows SideShow, discussed later in this section.
256
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
You should keep the following in mind about the new Vista Gadgets:
• • • •
They are installed locally. You can launch multiple instances of a single gadget. They respond to user interaction. You cannot interact with Desktop shortcuts or anything else that’s behind either a gadget or the Sidebar. Both gadgets and the Sidebar can be moved or closed, however.
Changing Sidebar Behavior Changing the Sidebar behavior is pretty easy. For the most part, just remember the right-click. If you right-click the Sidebar and choose Properties, for example, you’ll see the Properties dialog box shown next. This dialog box allows you to stop the Sidebar (and thus the gadgets) from loading when Windows starts by clearing a single check box.
Note the options here that allow you to move Sidebar display to the left or right of the monitor and choose which monitor the Sidebar appears on. What if you’ve told the Sidebar to go away and now have a change of heart? No big deal. There are two easy ways to get it back:
•
Right-click the Taskbar notification icon for Windows Sidebar (it looks like a tiny little Desktop) and choose Open.
CHAPTER 5 Configure Applications Included with Windows Vista
•
257
Open the Control Panel, choose the Classic View, and open the Windows Sidebar Properties application. Look under the Appearance and Personalization grouping if using the Standard view.
Exam Tip You cannot display a gadget without the Sidebar running. You can remove a gadget from the Sidebar to the Desktop and then hide the Sidebar, but the engine that the gadget relies on—the Sidebar—remains idling in the background.
Add a Gadget You won’t find a lot of heavy lifting when adding gadgets to the Sidebar: 1. Right-click the Sidebar and choose Add Gadget from the menu. The Gadget Gallery displays, as shown next.
2. Choose which gadget to add. You can either double-click or drag and drop to start using a gadget. You can always get more gadgets online by following the link in this dialog box. You’ll be taken to the Microsoft website where you can grab one or more of the hundreds of available Vista Gadgets. Finally, gadgets don’t even have to live on the Sidebar at all. If you want to see a gadget on the Desktop, just click and drag it off the Sidebar and place it wherever you want. When you bring a gadget to the Desktop, it usually grows in size as well (which can be especially helpful with certain gadgets that display lots of information, such as the RSS feed watcher or the stock tracker).
258
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory If you use gadgets regularly, commit this keypress to memory: Windows key + G. If your gadgets are hidden by program windows, pressing this key combo immediately brings the gadgets to the top. This is great for when you’ve moved a gadget from the Sidebar to the Desktop. It can also be used simply to display the Sidebar if it’s hiding behind other windows.
The way you modify individual gadget behavior varies depending on the gadget. Generally speaking, though, right-click the gadget itself and choose Options to begin the process. As mentioned previously, each gadget is installed locally on the user’s computer and is therefore available for all users of the system. Gadget files are saved with the GADGET file extension and can be e-mailed or distributed on the Web. A company can easily write a gadget to meet a specific purpose—displaying network status, for example—using HTML skills that should be old hat to most Web developers.
Windows SideShow Another interesting new feature of Windows Vista that’s worth a mention is something called the Windows SideShow. SideShow is a little tricky to explain; it clicks once you see a SideShow-enabled device. For instance, you won’t see the Windows SideShow on your laptop or desktop computer per se, but rather you’ll configure it there using the dialog box shown next. To launch the SideShow window, just type side in the Start Menu’s search box. Windows SideShow should appear in the list of programs.
CHAPTER 5 Configure Applications Included with Windows Vista
259
You can get a hint of what the SideShow is used for by looking at this configuration window. From here, you’ll tell one of the installed gadgets to send information to a SideShow-enabled device that will be listed on the right. (Note that I don’t have a SideShow-enabled device at this time.) So just what is a SideShow-enabled device, and why would you want one? Well, imagine reading your last few e-mails using a remote control. I’m not talking about pointing the remote at a Vista computer with Media Center, mind you; I’m talking about checking e-mail on a little screen in the remote control while the Vista computer is turned off. That’s just one thing you can do with a SideShow-enabled device. They also let you perform simple little tasks like scrolling through a list of contacts or looking through photos on your Vista machine even while the machine where these files reside is powered off. SideShow-enabled devices include laptops, remotes, mobile phones, and even messenger bags with little external LCD screens built right in. A SideShow-enabled messenger bag in development from a company called Eleksen, shown here, is an example of this.
That’s right. With a contraption like this, you could look up a contact’s mobile phone number without opening the laptop or get the latest weather information courtesy of a Vista gadget that’s sending information to the SideShow. As of this writing, there aren’t too many Windows SideShow-enabled devices. They should start arriving in stores around the middle of 2007. As a result, I can’t really give a lot of setup instruction about configuring SideShow devices; steps will vary from device to device. Even the Microsoft help pages on the subject will tell you to refer to manufacturer documentation for installation steps. You won’t be expected to know how to set up a SideShow device when sitting for the 620 exam. As long as you understand what the technology is and how it integrates with Windows Gadgets, you should be on solid footing. Now let’s review the discussion.
260
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
CHECKPOINT ✔Objective 5.01: Configure and Troubleshoot Media Applications
There are several media applications that ship with Windows Vista, and you are expected to have at least a working knowledge of each as you prepare for the exam. For this test objective, we looked at the Media Center, the Media Player, Photo, Movie, and DVD applications. Taken together, they can help Vista become the centerpiece of a home entertainment system.
✔Objective 5.02: Configure Windows Mail
Another new offering with Windows Vista is the Windows Mail program, which replaces Window XP’s Outlook Express. The basic functionality remains the same—it helps users send and receive e-mail using any number of e-mail accounts. It also includes new features that will help users find old e-mails and relevant newsgroup messages faster than ever before.
✔Objective 5.03: Configure Windows Meeting Space
The Windows Meeting Space brings the ability to conduct collaborative meetings with a minimum of configuration hassle. With Windows Meeting Space, a user can share out a single handout and quickly solicit feedback or share out their entire Desktop to facilitate a brainstorming session. You should be familiar with the procedure for setting up a Windows Meeting Space meeting as you prepare for the exam.
✔Objective 5.04: Configure Windows Calendar
Another new Vista application, the Windows Calendar lets users manage appointments and to-do lists using a very intuitive, streamlined interface. This application is meant for users to get up and running with simple time management tasks without the need for a more robust (and more expensive) solution like Microsoft’s Office Outlook.
✔Objective 5.05: Configure Windows Fax and Scan
Windows Fax and Scan lets you fax and scan documents without a dedicated fax machine. All you need is access to either a phone line or a fax server. Windows Fax and Scan is also a new application, and the interface has been redesigned to more closely match that of other Windows applications, thus reducing the learning curve needed to simply send and retrieve a facsimile.
CHAPTER 5 Configure Applications Included with Windows Vista
✔Objective 5.06: Configure Windows Sidebar
261
The Windows Sidebar provides a little “home base” for the many gadgets available with Windows Vista. These gadgets are mini applications that provide information, usually updated in real time with information from either the local computer or the Internet. As you prepare for the 620, you should familiarize yourself with the configuration steps needed to control Sidebar behavior, and also understand that the gadgets rely on the Sidebar service, even if the gadgets aren’t physically docked there.
REVIEW QUESTIONS 1. The Windows Media Player can contact Internet data services to update information about the media files that are stored in the library. You want to use this feature but notice that it seems to be overwriting all information you have manually added about files, and this is information you would like to keep. What is the best explanation of this behavior? A. You have forgotten to enable the Ask Before Overwriting check box under Media Player’s Retrieve Additional Information From The Internet link while configuring More Options. B. The Media Player is currently configured with the Automatic Media Information Updates For Files’ Setting, and this setting will update the player with any available information. C. The Media Player is currently configured to Only Add Missing Information to files. D. The Media Player is currently configured to Overwrite All Media Information. E. You have enabled the Automatically Fix Media Information check box under Library’s More Options. This setting will correct errors that you have made in entering information, even if the errors are a character or two. 2. You are the administrator for a small company who needs to coordinate the calendars of three workers who are collaborating on a marketing project. The office secretary needs to be able to see all three calendars at once to keep a master schedule for the client. All computers on the network are running Windows Vista Business edition. What is the least expensive way to implement the objective?
262
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
A. Install a Windows Small Business Server. Make a separate project resource in Microsoft Exchange and then have all three workers update this project calendar using the Exchange client, Microsoft Outlook. B. Use a Group Policy object that mandates that each of the three workers e-mail every calendar appointment to the company secretary. The secretary can then simply open the e-mail attachment and import the appointment into his calendar. C. Have each of the three workers publish their Windows Calendars to a server location provided by the Internet Service Provider, and then have the secretary subscribe to each of the calendars. D. Install a dedicated project management solution like Microsoft Project Server and create a resource pool for the entire company. All bookings of time should then be scheduled via the resource pool. E. None of these will work without Windows Enterprise edition. 3. Which of the following are true about the Windows Fax and Scan? (Choose all that apply.) A. To send a fax using Windows Fax and Scan, your Windows Vista computer must be attached to either an internal or external modem. B. You can use Windows Fax and Scan to fax a picture that someone brings to your office. C. Windows Fax and Scan will work in conjunction with stand-alone fax machines so that you can take advantage of the fax queue capabilities of Windows Fax and Scan and still use the hardware of your choosing. D. The Windows Fax and Scan is unchanged from its implementation under Windows XP. E. All of the above are true. 4. You have a Hotmail-based e-mail account and want to manage that mail using the Vista application of Windows Mail. What considerations should you keep in mind as you create this account? A. Your account credentials must include the full e-mail address, not just the account name. B. You must validate your copy of Vista as Genuine Software before attempting to set up the Hotmail account in Windows Mail. C. You must configure a program exception in the Windows Firewall since Hotmail uses a different port for e-mail delivery than normal SMTP and POP e-mail servers. D. All of the above. E. None of the above.
CHAPTER 5 Configure Applications Included with Windows Vista
5. You are setting up an e-mail account from your ISP to use with Vista’s built-in mail application. Which of the following best describes the correct procedure for configuring this account? (Choose all that apply.) A. Open the Mail application from the Vista Control Panel. From the Tools menu, click Add Account. Click Next, and follow the onscreen instructions. B. Open the Outlook Express application found under All Programs. From Outlook Express’s Tools menu, choose Add New User and follow the onscreen instructions. C. Open the Windows Mail application found under All Programs. From the Tools menu, choose Accounts. Click Add E-mail Account, and then follow the onscreen instructions. D. Launch the Vista Welcome Center and choose Other Tasks from the list of options there. Double-click the New User option and then follow the onscreen instructions. To create the Windows Mail account, make sure the Automatically Configure E-mail Settings option is selected on the New User Wizard’s Finish page. E. None of the above. 6. You have been asked to configure a Windows Mail account so that the user e-mail receives messages only from people or domains that have been added to the Safe Senders list. The user reports, however, that they still seem to be receiving significant amounts of junk mail in the Inbox. What settings should you investigate? A. Check the Junk E-mail Options in Windows Mail. From the Options tab, choose the Safe List Only protection level as the default. B. Check the Firewall settings and make sure that the File and Print Sharing option is disabled; many spammers take advantage of this open Firewall port. C. Check the Parental Controls to make sure that the Junk Mail setting is enabled for the user. D. Check the Junk E-mail Options in Windows Mail. From the Safe Senders tab, remove all entries. The Safe Senders list must be configured only by the allowing an exception from the Junk Mail folder. E. None of the above.
263
264
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
7. You have a relative who subscribes to several “joke of the day” websites that he says do not get delivered to his Inbox. What should you do to make sure the change Junk E-mail protection level in Windows Mail can fulfill this request? A. From the All Programs folder, open Windows Mail. Choose the Tools menu, then Junk E-mail Options. Select the Safe Senders Only protection level. B. From the All Programs folder, open Windows Mail. Choose the Tools menu, then Junk E-mail Options. Add the domain of the joke websites to the Safe Senders. C. From the Windows Security Center, open the Windows Firewall settings. From the Exceptions tab, choose Add Program. Select Windows Mail, and then enter the joke website domain names to the Other Settings list. D. From the All Programs folder, open Windows Mail. Choose the Tools menu, then Junk E-mail Options. Choose the Blocked Senders tab and ensure that the joke website domains are not listed there. E. All of the above. 8. Which of the following is not a capability of the Windows Sidebar and gadgets? A. The ability to always show gadgets on top of other windows B. The ability to display your recent e-mails on a SideShow-enabled remote control C. The ability to detach gadgets from the Sidebar and move them around the Desktop D. The ability to not show the Sidebar at all E. None of the above 9. Which of the following are capabilities of the Windows Media Center? (Choose all that apply.) A. On a Vista Business edition machine, it can be configured to prevent any logging off or shutting down of the system through the Windows Media Center interface. B. On a system that is connected to a large screen television, it can be configured to start up automatically so that it will be the main interface for that television.
CHAPTER 5 Configure Applications Included with Windows Vista
C. You can select the type of media application used by the Media Center to handle files—QuickTime can handle movies, Media Player can handle music, and Microsoft Office Picture Manager can handle JPEGs, for example. D. You can select from multiple folder locations to define your Media Center Library. E. You can use the Parental Controls as a way to filter certain TV shows from being viewed. 10. You have reserved a conference room to conduct a meeting with several salespeople so that you can give them an overview of a new product and solicit feedback about the pitch. You decide to facilitate the meeting with Vista’s Meeting Space, but the other users report that they are unable to join your meeting. Further, you open the Invite People dialog box but do not see any names listed under People Near Me. What are some possible reasons they cannot join your session? A. The laptops of the other workers have 512MB RAM and are running either XP Professional or Windows Vista Home edition. B. When you set up the meeting, you had the Do Not Allow People Near Me To See This Meeting option selected. C. The other workers have not configured their Windows Firewalls to allow Windows Meeting Space through the firewall. D. The People Near Me feature has been turned off by a Group Policy setting. E. All of the above.
REVIEW ANSWERS 1.
The Media Player can automatically scan the files in your library and download missing media information or attempt to fix incorrect media information. There are two options available: Overwrite All Media Information and Only Add Missing Information. You should have the latter selected if you don’t want information to be overwritten.
2.
The way to do this with the least amount of administrative hassle and expense is to leverage the Windows Calendar’s publishing and subscribing capabilities. After the calendars have been published, any updates will automatically be published as well, so the secretary will always have current calendar information. All you will need is a location to publish the calendars, typically on a web server.
265
266
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
3.
Only these two statements are true of the Windows Fax and Scan. It will not work with external stand-alone fax machines. These devices are controlled by the software that ships with the device. Also, the Windows Fax and Scan is an improvement over the Windows XP implementation, which was called the Fax Console.
4.
Unlike with previous versions of the bundled e-mail applications, Vista’s Windows Mail does not include support for HTTP accounts.
5.
The Vista e-mail application is called Windows Mail. To create an account, you should follow the procedure outlined in answer C.
6.
The Safe Senders tab works in conjunction with the default level of protection configured for the Inbox. To set this level to block all e-mail except for mail from Safe Senders, make sure the default protection level is configured as Safe List Only.
7.
You should ensure that e-mail from the domain gets through no matter what the default filtering level by adding the domain to the Safe Senders list, and also double-check to ensure the site wasn’t listed on the Blocked Senders list. The user might have inadvertently added the site to the Blocked Senders list with a right-click procedure.
8.
The Windows Sidebar and gadgets are capable of all of these behaviors. The ability to show gadget content on a remote control is dependent on Windows SideShow.
9.
With the Media Center options, you can configure the Media Center to start automatically, define multiple folder locations for the media Library, and set up Parental Controls so that parents can block certain TV programming.
10.
All of these are potential hindrances to use of Windows Meeting Space. In particular, answer A makes Windows Meeting space an impractical choice for meeting collaboration on all but the most up-to-date small business networks, especially since Vista does not support earlier solutions like NetMeeting.
6
Maintaining and Optimizing Systems that Run Windows Vista ITINERARY
• • • •
Objective 6.01 Troubleshoot Performance Issues Objective 6.02 Troubleshoot Reliability Issues Using Built-in Tools Objective 6.03 Configure Windows Update Objective 6.04 Configure Data Protection
NEWBIE
SOME EXPERIENCE
EXPERT
4 hours
2.5 hours
1.5 hours
267
268
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
So far, we’ve taken a wide-ranging tour of many of the most significant features of Windows Vista, and you are now equipped with a lot of information that will allow you to better configure and administer this newest version of the Windows operating system—and also to pass the 70-261 exam. There’s just a little ways to go now in covering all of Microsoft’s certification objectives. As you’ll soon see, this chapter deals mostly with methods, tools, and technologies that will help keep Windows Vista running in top form long after you’ve been running the computer for several months, if not years. The problem is a familiar one, after all: the system works great when you first pull it out of the box, but what about a month from now, when you’ve gotten all of your business apps finally installed and configured, when you’ve added and deleted several gigabytes worth of data? How will things be running then? Will you even be able to measure the effect of all this activity, or is system performance simply anecdotal in nature? The answer is that you can absolutely measure system performance. In fact, gathering empirical information about actual Vista performance is an important skill both in real-world administration and for the test. And Chapter 6’s first three objectives look mainly at this ability. In the chapter’s last section, we’ll shift our focus from protecting the operating system to protecting data and look at two technologies that will encrypt data on a hard drive. One has been around for a while in the Windows operating system world; the other is making its debut.
Objective 6.01
T
Troubleshoot Performance Issues
his chapter begins with a look at the test objective of troubleshooting performance issues, which of course begs the question: when it comes to fixing computer problems, what isn’t a performance issue? But despite the rather nebulous definition of what a performance issue might be, Vista places some valuable tools at the administrator’s disposal that will help them gather vital information. Understanding these tools should be your objective as you prepare for the test. Before optimizing performance on a Windows Vista machine, you generally need some way of measuring current conditions. Further, you should be able to measure and quantify your performance observations, if not solely for your benefit, then at least for the people who are responsible for releasing the funds so that a system can be upgraded.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
269
This practice of gathering performance information commonly goes by one of two names:
• •
Benchmarking a system Establishing a baseline
But as with Shakespeare and his roses, the purpose of this information gathering is the same no matter what name you choose: it helps quantify what is normal use on a system so that you can later measure improvements. In real-world use, there is probably no great need to establish baselines for each and every one of your enterprise’s computers. Network administrators can instead take snapshots of just one or two of the machines that are used for the similar purposes. When baselines are set is a more important consideration than how many. In fact, Microsoft recommends as good practice that you measure baselines during either of these two occasions:
• •
When the computer is first brought online and begins operation; this lets you accurately state what users should expect from a system. When any changes are made to the hardware or software configuration; this lets you measure the effect made by any upgrades.
The reason that baselines are useful for these situations is self-evident: when any changes are made to the system, you will have something to which you can compare the changes. Now that you understand the whys of setting a baseline, it’s time to turn your focus to the tools included with Windows Vista that help make this possible. To address the next Exam Objective, the next sections examine the Vista utilities that help administrators take the “before” and “after” snapshots of system performance.
The System Application You can both view performance parameters and, more importantly, manage those parameters, by using the System application. You can open it in a number of ways, including the following:
• • •
From the Start Menu, right-click the Computer button and choose Properties. Type System (or just sys) in the Start Menu’s instant Search entry box. From the Control Panel, look under the System and Maintenance grouping.
270
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Once open, you’ll see that the System application provides quick access to several performance tools in the Tasks pane on the left-hand side:
• • • •
Device Manager Remote Settings System Protection Advanced System Settings
Each of the links to these tools has a security “shield” next to it, indicating that Vista will prompt for administrative credentials if User Account Control is enabled. With the exception of the Device Manager link, which opens the Device Manager MMC Console, all of the links open the same System Properties but on different tabs. When you click the System Protection link, you’ll see the following results, with the Remote and Advanced tabs flanking the System Protection tab.
Each of these System application tools is discussed elsewhere in this book. Also notice that the System application has four basic areas that provide links for performing common tasks and a system overview (as shown in Figure 6.1):
• •
Windows Edition
The operating system edition and version
System The processor, memory, performance rating, and type of operating system installed (32-bit or 64-bit)
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
• •
Computer Name, Domain And Workgroup Settings name, description, domain, and workgroup details
271
The computer
Windows Activation Whether the operating system is activated, and the product key, if activated
The Windows Task Manager Press CTRL-SHIFT-ESC. A window opens and presents you with six tabs. As most Windows administrators already know, you’ve just opened the Windows Task Manager, which presents a graphical display of open programs, processes, and services that are currently running on your computer. It’s been available for many years on various Windows operating systems and has now been updated with a few new features for the release of Vista. In short, it can do everything the Windows XP Task Manager could, and it includes additional functionality that makes it more powerful than ever before. In the following couple of sections, we’ll examine many of the troubleshooting tasks that can be handled with Vista’s Task Manager. We’ll examine one tab at a time and look at a specific instance or two of a troubleshooting task that can be performed on each.
FIGURE 6.1
An overview of Vista performance with the System application
272
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Applications Tab The Applications tab is one of the more simple tabs visually; it simply displays a list of any open applications in alphabetical order and includes a Status column to indicate whether or not the application is Running or, worse, Not Responding. There are three buttons at the bottom of the Applications tab:
•
End Task The most commonly used command on the Applications tab, this button is used for just what the button name suggests. More later about ending a task.
•
Switch To This button can act as the equivalent of the Windows Flip or Windows Flip 3D. To use it, select the application in the program list and click the Switch To button. The selected application becomes active.
•
New Task This button launches a new application using a dialog box called, appropriately, Create New Task, which looks and behaves exactly like the Run dialog box.
For testing purposes, you should be familiar with a few specific troubleshooting techniques that use the Task Manager. Recover a Frozen Application One of the main reasons you visit the Applications tab during the course of troubleshooting is to close out an application that has stopped responding. The click steps are minimal and have not changed in this current iteration of the Task Manager. Here’s what to do: 1. Open Task Manager. Either use the keyboard shortcut introduced previously (CTRL+SHIFT+ESC), or right-click the Taskbar and choose Task Manager from the context menu. 2. Choose the Applications tab. The Applications tab is the default, but note that the Task Manager always opens with the previously selected tab. 3. Select the program with a Not Responding status and click the End Task button. This is fairly easy stuff, a task that is essentially unchanged from the days of Windows XP and earlier. Because you usually do not get any kind of confirmation before the application closes using this technique, it’s usually a good idea to give the frozen application a minute or two to try and resolve the issue on its own. Closing a program this way might result in the loss of unsaved data. Troubleshoot a Frozen Application Okay. You know how to close an application that’s freezing, but wouldn’t it be even better if the Task Manager could help you figure out why the application was freezing in the first place?
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
273
Guess what? Now’s a good time to point out one of the new features of Vista’s Task Manager and, since it’s new…you know the drill. Windows administrators now have the ability to create a dump file for a specific application that’s frozen. You can then use this dump information in a debugging application to determine the root cause of the problem. To create a dump file for a frozen application, right-click it from the Applications tab and select Create Dump File from the context menu. When the procedure completes, you’ll see a dialog box: This will help you retrieve the dump file for later parsing in the debugging application of your choosing. Naturally, interpreting debugging files is something of an art unto itself and requires a good understanding of the various operating system mechanisms that govern how data is used and executed.
Travel Assistance You don’t need to have any debugging skills to pass the Windows Vista certification exam, but it is a valuable real-world skill. More information about how to use Windows debugging tools can be found here: www.microsoft.com/whdc/devtools/debugging/debugstart.mspx.
Processes Tab The Processes tab is another Task Manager tab that existed in previous releases of Windows, but there are a few noteworthy improvements. One of these is the ability to access a Properties dialog box for a particular process. To do so, right-click the process in the list and choose Properties from the context menu to see a dialog like this: The nice thing about this ability is that Vista allows you to now set specific compatibility options for an application’s process. Try this if you can’t get a program to run as well as you’d like.
274
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Alternatively, you can select an application on the Application tab, right-click, and then choose Go To Process from the context menu.
Exam candidates should also brush up on their understanding of how processor affinity might help troubleshoot or enhance an application’s performance. Set Processor Affinity Another helpful task that can be performed from the Processes tab is setting processor affinity for a particular process. Setting processor affinity should not be something that is commonly done, but it can be especially helpful in optimizing performance in Vista systems that are running either two processors or single processors with a dual core (Intel’s Core 2 Duo, for instance). What exactly is a processor’s affinity, you ask? Essentially, it’s a set of commands that specify that either one processor or another carries out application instructions in a multiprocessor system. It is used to avoid performance problems that may occur when moving an application’s instructions between two (or more) processor caches. To set processor affinity, right-click the process on the Processes tab and choose Set Affinity from the context menu, and you’ll see this dialog:
Set Processor Priority If you were following along on your Vista computer (you can carry out the same task on an XP computer just as easily, however), you may have noticed the menu command just above the Set Affinity selection called Set Priority. This menu command highlights one other function that can be carried out using the Processes tab, although its usage is something that you might only come across while preparing for a certification exam. It’s the ability to configure the priority of a process. Vista executes an application or service process according to a ranking system. There are six priorities that can be assigned, presented in order of highest to lowest:
• •
Realtime High
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
• • • •
275
Above Normal Normal Below Normal Low
Obviously, a process with a higher priority will have its instructions carried out by the processor(s) before those with lower priorities. Be especially mindful of configuring a process with the Realtime priority: it all but takes Vista’s process scheduling capabilities out of the picture, and it is a great way to quickly make your computer almost unusable as one application’s instructions are processed to the exclusion of all others. It bears repeating, then, that you shouldn’t ever have to tweak a process priority: Vista handles all of the scheduling of processes and services on your behalf. The discussion of process priority is mostly an academic one. It’s just good to know (especially if you’re brushing up for the 620 exam) that this ability exists. Troubleshoot Excessive CPU Usage Another huge benefit of the Processes tab is the ability to see how much processing horsepower a particular process is using. Obviously, a process that is taking between 50 and 100 percent of the processing cycles is most likely going to cause problems for anything else running on the system. Vista tries its level best to manage processing time so that all applications and background processes get their instructions processed, but often you’ll notice an application hogging more than its share. Sometimes it’s easy to tell where the problem lies—the application’s process is taking up a lot of time; killing the process fixes the problem. At other times, the problem is with related processes such as svchost.exe. Services such as these can sometimes be responsible for hosting multiple child processes, and killing the svchost.exe process can cause a lot of cascading problems. In this case, there are two different tools that can help. One is the Task Manager. The other is the Tasklist command, which can be run from the command prompt. With these two tools in hand, Vista administrators can quickly pinpoint the problem and correct it. Here’s an example of how to use these two applications to fix an excessive CPU usage issue: 1. Launch the Task Manager and choose the Processes tab. Add the Process Identifier column—you’ll need this later on—by choosing View | Select Columns, and then check the PID item. 2. Sort the list of processes by CPU time by clicking the CPU column heading. Obviously, you’re looking for the highest number. Also, make
276
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
sure you’re seeing processes from all users by using the button at the bottom of the Processes tab. 3. You have identified the process that’s taxing system performance and have the Process ID in hand. Now it’s time to open a command prompt. From the command line, type in the following: Tasklisk /svc /fo list
4. You should now see a rather extensive list of all processes, their PIDs, and the services that each one is controlling. Using the information gathered from the previous steps, make note of all the services running under the PID with the excessive CPU usage. 5. Now you can use the Services MMC snap-in (from the Start Menu, type services.msc or open the Computer Management tool). You can find out the actual service name by right-clicking the service and choosing Properties—the service name is listed at the top. 6. Alternatively, you can use the Services tab on the Task Manager. Again, you can sort the Services using the PID column heading. You can even right-click the process on the Processes tab and choose Go To Process from the context menu. Now simply stop the services listed under your PID in the Tasklist one at a time, using either the Services MMC or the Services tab on the Task Manager (see the next section for more information on the Services tab), checking each time with the Task Manager to see the results. If the processor usage remains high, restart the service and try another. If the CPU usage drops dramatically, you’ve discovered the source of the problem.
Services Tab Similar to the Processes tab, the Services tab lists all services currently running on the computer and lets you sort them according to column headings. The Status column can be used to quickly locate a service that is not running. The Services button on the bottom launches the Services MMC console just as running services.msc from the Start Menu does. What’s more, the Services tab also allows you to start and stop any of the services listed with a simple right-click, saving you a trip to the Services MMC console in the first place. Administrators can also use the Services tab to pinpoint any applications that are running under the service by using the Go To Process context menu selection.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
277
Exam Tip In addition to right-clicking on the Services tab to use the Go To Process menu, the opposite is also possible: you can right-click a running process and see the service it depends on by right-clicking and choosing Go To Service(s) from the context menu.
Performance Tab The Performance tab, shown next, provides a quick peek into Vista system performance, listing several critical performance parameters and a graph of CPU and processor usage.
Here are a few things to look for:
•
A flat memory graph A flat physical memory usage history usage graph means that open applications aren’t continuously asking for more system memory, also known as a “memory leak.” A graph that looks like a ramp will lead to poor performance as running applications contend for available memory.
278
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
•
Physical memory free As the value approaches zero, memory runs low. You might want to close an application or two, especially one that’s using large amounts of memory.
•
Physical memory cached If the value is less than half of the total available memory, Vista is having trouble storing recently used information in memory. Again, the solution is to close out applications you aren’t actively using. Vista gives up some of the system cache when it needs RAM, so losing the programs should alleviate this problem by reducing the demand for RAM.
Networking Tab The networking tab provides another graphical representation of performance, this time on the network adapters on your system. On a desktop computer, you might see only one adapter. On a laptop, there may be three or more network connections displayed—a local area connection, wireless network connection, and a Bluetooth network connection. The information here will help the administrator see if there’s a networking connection that is being stressed. This would be very rare and could be addressed by disabling the network connection before determining the root cause—that is, what’s sending all that traffic. For troubleshooting specific types of network traffic, use the View menu to change the columns shown in the graph. You can use the Select Columns dialog box, shown next, to display just the Unicast or multicast traffic or the total number of bytes sent and received rather than the default view, which is the percentages of bandwidth capacity used by each network card.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
279
Users Tab The Users tab is another one that is not new to Windows Vista, and it is used for the same purposes as in Windows XP. With the Users tab, the administrator can see who is currently logged on or otherwise connected to the Vista machine and can force such users to either disconnect or log off. You can also send messages to the other users displayed on this tab. It’s often a good idea to send a message to a user before forcibly disconnecting them. This allows the user to close any open work in an orderly fashion rather than risk losing data when the connection is abruptly terminated. Because this is the least changed of all the Task Manager’s tabs, I consider it the least likely to crop up on the exam. There are yet other tools that help administrators gather performance information. The Reliability and Performance Monitor, covered next, will almost certainly be covered on the test, as it has the ability to gather much more comprehensive information than its relative the Task Manager.
Reliability and Performance Monitor The most comprehensive way you can gather information about the performance of your Windows Vista machine is with the Reliability and Performance Monitor. While Windows has offered Performance Monitor in the past (it was called System Monitor), this Vista update includes many new enhancements that make it better than ever.
Resource Overview It all starts with the Resource Overview, which you can think of as the “home page” for the Reliability and Performance tool. When opening the Reliability and Performance tool for the first time (and every time thereafter, for that matter), this is the first thing you’ll see. As shown in Figure 6.2, Resource Overview might be the most often used part of the Reliability and Performance Monitor for day-to-day usage. (Unfortunately, you might actually need it every day.) It displays a real-time graphical overview of CPU, disk, network, and memory usage, and also includes a section just below where you can obtain further information about each of the four subsystems tracked. For example, you can easily obtain information about which programs are using the most system memory by expanding the Memory heading. Under previous versions of Windows, a real-time look at performance data was only available in the Task Manager, and even then it was in a very limited form.
280
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
FIGURE 6.2
Real-time performance information with the Reliability and Performance Monitor home page
The Reliability and Performance Monitor also earns the first part of its name by including a new tool called the Reliability Monitor. In the past, it was very difficult for administrators to determine how often programs were crashing and how many times the system required a reboot. Now all that information is tracked by Vista’s Reliability and Performance Monitor. As seen in Figure 6.3, the tool even gives your system’s reliability a grade. In addition to the new Reliability portion of the Reliability and Performance Monitor, this utility includes several other advances that will help the administrator optimize performance. The most useful of these are covered in the following sections.
Data Collector Sets Exam candidates should take careful notice of Figure 6.3, specifically, the expanded Data Collector Sets node. This node groups data collectors into reusable elements that are useful in a number of different circumstances. The grouping of data collectors works much like grouping of user accounts into groups: a single change to the collector set, such as scheduling when the Data Collector Set runs, will apply to the entire set. Also, the Data Collector Sets work as templates, helping administrators collect performance data immediately rather than having to manually configure a number of performance counters for a specific monitoring scenario.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
FIGURE 6.3
281
How reliable is your system? Use the Reliability Monitor to assign a rather arbitrary number (my computer gets a failing grade, it seems).
Wizards and Templates for Creating Logs The wizards and templates for creating logs make gathering performance information more intuitive than in previous versions of Performance Monitor. Rather than having to learn and understand the data collected by each performance counter, administrators can add counters or data collector sets by answering questions about their monitoring goals. What’s more, administrators can save time by saving a manually created data set as a template that can be used on other systems without having to regenerate the data collection set. To start the data collection set Wizard, expand the Reliability and Performance Monitor’s Data Collector Sets node and follow these steps: 1. Right-click the User Defined node and choose New | Data Collector Set. 2. The Create New Data Collector Set Wizard launches. From this first dialog box, you give the new Data Collector Set a name and then choose whether to create the Set from a template or to manually specify settings. Since the idea is to give you a feel for the new templates, choose the first option and then click Next.
282
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
3. The Reliability and Performance Monitor comes with three Data Collector Set templates: Basic, System Diagnostics, and System Performance. As seen in Figure 6.4, each one includes extensive explanation about its function. Just choose one of the templates from the list to see the full explanation. 4. After choosing one of the templates, you are shown two additional dialog boxes. One lets you set the data file location (my advice: leave this alone), and the other lets you specify a different account for running the data capture (again, you probably want to leave this as , which will cause the DCS to run in the context of the built-in System account). 5. Finally, you can select whether to run the capture now, to save and close the DCS, or to open the Properties dialog box for the DCS. If you want to continue to fine-tune the Properties for the Set you just created, choose the third option. You should now see your new Data Collector Set ready to go under the User Defined node. Unless you chose to run the DCS immediately, you will now need to start it for it to capture data about your system.
FIGURE 6.4
Leverage a template in creating a new Data Collector Set.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
283
To do so, just give the new DCS a right-click and choose Start from the context menu (you can use the Reliability and Performance Monitor toolbar to start and stop the counters as well). The same goes for any of the System predefined counter logs, which in turn serve as the templates used when creating a new User Defined Set: they won’t run unless started, although they can be configured to run on a pre-set schedule. Additionally, a carefully constructed Data Collector Set can be saved as a template. Again, all it takes is a right-click. If you want to use one of the User Defined DCSs as a starting point for additional DCSs, just follow these steps: 1. Right-click the desired Data Collector Set and choose Save Template from the context menu. 2. In the ensuing dialog box, choose the file location, give the template a name, and then click Save. Note that the DCS definition template is saved as an .xml file. You will now be able to use this Template while stepping through the Data Collector Set Wizard by choosing Browse when asked, “Which template would you like to use?”
Reliability Monitor Although the Reliability Monitor was previously introduced, it deserves further discussion here. The reliability score generated by this tool has a name: it’s called the System Stability Index, and it reflects whether unexpected problems have compromised the reliability of the system. This index score also helps generate the graph to the left called, appropriately enough, the System Stability Chart. This graph is particularly helpful for answering the question of when the problems started. The graph can easily be rolled back to a particular point in time using the drop-down calendar in the upper right-hand side. Below the System Stability Chart is a System Stability Report, shown next, which provides additional troubleshooting details. You can see exactly what crashed and when and compare this information to any other reported changes to the system.
284
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
This information can include any of the following changes:
• • •
Installation or removal of applications Updates to the operating system Addition or modification of drivers
With this information in hand, the administrator can often connect the dots that help get to the root cause of the problem.
User-friendly Diagnosis Reports Administrators can use a data collector set to generate a diagnosis report that can then be shared with other system administrators or archived for the purposes of establishing a baseline. It also helps determine how efforts to optimize Vista have impacted performance. This reporting capability is the same as can be deployed with the Server Performance Advisor under Windows Server 2003.
Performance Monitor As you have just seen, the Reliability and Performance Monitor’s home page does a pretty good job of providing basic information about the current performance of your Vista system. But this is just basic information. The Performance Monitor part of the Reliability and Performance Monitor also lets you collect data about a huge range of computer behavior from both the hardware and the software. In fact, the sheer number of computer performance counters available in Performance Monitor tool is too numerous to list here. For example, there are no less than 17 different performance measures you can gather that provide information about what data is being executed by a system’s processor and how fast. So while the Reliability and Performance Monitor’s home page provides much of the day-to-day graphing of system performance, Performance Monitor allows administrators to gather more specific info when necessary. It also includes a few additional options that the Reliability and Performance Monitor home page does not. To set up a real-time Performance Monitor graph, follow these steps: 1. From the Start Menu, type per. The Reliability and Performance Monitor should appear in the list of programs. (It can also be found in your Accessories program group, or by typing perfmon.msc in the Start Menu’s search.) 2. With the Reliability and Performance Monitor open, choose the Performance Monitor node.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
3. You now see the Performance Monitor graph. By default, the %Processor Time counter is displayed. 4. Right-click anywhere in the graph and choose Add Counters from the context menu. 5. You now see the Add Counter dialog box, as shown next. Click the down arrow to use the Available Counters selector and pick from one of the counter categories.
6. Each category has multiple individual counters. Select the counter that will provide the information you’re trying to gather. For example, a common counter of memory performance is Page Faults/sec. This is a measurement of how often Vista is utilizing virtual memory, which is much slower than physical RAM. 7. Click Add. Repeat steps 4, 5, and 6 for each counter you want to add (or you can click the “+” button in the Performance Monitor task bar). You can also add all counters for a particular category (subsystem) by selecting the category heading and choosing Add.
285
286
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Advisory Some of the counters will have instances, such as when dealing with multiple hard disks, network cards, or processors. This lets you gather performance information about processor 1 independently of processor 2, for example. (You’ll see them as processor 0 and 1 in the Reliability and Performance Monitor tool.)
Now you see why the data collector sets can be so valuable. Adding individual counters can be a painstaking process, but whether you’re using a data collector set or configuring a manual tracking of performance information, you’ll end up with a graph of information similar to what you see in Figure 6.5. One of the big advantages of Performance Monitor over the Task Manager is that you can generate graphs of logged data rather than real-time information. To graph the same information about something that has occurred in the past,
FIGURE 6.5
A Reliability and Performance Monitor graph
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
287
right-click the Performance Monitor graph and choose Properties, then use the Source tab to specify a log file instead of current activity.
Share Performance Monitor Information Another handy feature of Performance Monitor is the ability to save and share performance graphs. To do so, you first need to save the display in a format that is easily shared, like a web page or as a picture that can be either e-mailed or pasted into other documents. To save a Performance Monitor graph as a picture, follow these steps: 1. Right-click in the Performance Monitor graph and choose Save Image As from the context menu. 2. Choose a directory and name for the saved image. Sometimes the Performance Monitor graphs are hard to read. A bar graph (histogram) might better suit your purposes, or maybe the occasion calls for sheer numbers alone. Fortunately, Performance Monitor allows you to change the appearance of the graphical elements.
288
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
To change the appearance of the graph, follow these steps: 1. Right-click the Performance Monitor graph and choose Properties from the context menu. 2. Choose the Graph and Appearance tabs to make any desired changes. 3. Click Apply to change the graph without closing the properties dialog box. Click OK when you’ve made the changes to your satisfaction. 4. You can use a highlighting feature to call attention to a particular counter in the display. Select the counter, then toggle on the highlight of that counter by clicking the highlight taskbar button shown here.
So, how do you put all of this information to use? By identifying a subsystem bottleneck and then optimizing performance of that subsystem. As you looked at how to gather information about performance in the previous sections, you probably noticed that much of the information gathering keeps coming back to the same core components: memory, processor, disk, and network. In the past, it was possible to gather system information using both of the main tools mentioned in this section, the Task Manager and the Reliability and Performance Monitor. However, gathering this information was not the same as acting on it. Windows administrators had to manually configure and deploy solutions to the problems they detected with these tools. Now, however, Vista includes many utilities that help make the system behave like one of those self-cleaning ovens—you just set it in motion, walk away (or more specifically, reboot), and Windows does the rest. What’s more, some of these tools will offer themselves automatically whenever Vista encounters repeated reliability issues, something we explore in the chapter’s next objective.
Objective 6.02
T
Troubleshoot Reliability Issues Using Built-in Tools
here are lots of tools that could fall under this test objective’s umbrella—the Task Manager just discussed, for example, is one such built-in tool that will help users troubleshoot reliability issues. Rather than try to cover each and every utility that can help troubleshoot a reliability issue, this section focuses instead on a new set of tools called Windows Vista Diagnostics.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
289
This feature—or, more accurately, set of features—is available in all editions of Windows Vista. The intent of these tools is to automatically detect and diagnose common support problems and then help users resolve the problems themselves. They provide automatic correction for common errors such as hard drive failures, startup issues, and memory problems. In other words, Vista works harder than ever to protect vital data so you won’t have to. What’s more, these Vista Diagnostics tools automatically launch themselves when a problem is detected. If Vista’s built-in diagnostics detects a faulty RAM module, for example, it will automatically display a notification asking if you’d like Vista to try to diagnose the problem. You don’t have to curse your computer while guessing at what could be going on. You can also run the Memory Diagnostics Tool any time you want launching an application called mdsched.exe. Better yet, type memory in the Start Menu Instant Search dialog box. The Memory Diagnostics Tool should appear at the top of the list. Once you launch the Memory Diagnostics Tool, everything else is pretty much automated. You will be prompted to reboot your computer, as shown here, and then the Memory Diagnostics will commence.
The Memory Diagnostics Tool will check for both memory leaks and failing memory, working in concert with the new Microsoft Online Crash Analysis tool. Together, this dynamic duo prompts users to schedule a memory test when detecting that a system crash occurred possibly due to failing memory. To run Memory Diagnostics from the command prompt, type mdsched.exe. You’ll see the same dialog box from which you can choose to immediately restart the computer and run the test during the restart.
290
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Note that the command prompt must be launched in Administrator Mode in order to carry out this task. To set the mode to Administrator, follow these steps: 1. Type command at the Start Menu. The command prompt should appear. 2. Right-click and select “Run As Administrator” from the shortcut menu. 3. When the UAC dialog box appears click the Continue button or provide administrative credentials if logged on as a standard user. Vista Diagnostics also launches automatically when Vista detects problems with any other subsystems that affect computer behavior: networking, processor, and the hard drive. There are even diagnostic tools built into applications such as Office 2007 that provide the same functionality. The goal of all of the Vista Diagnostics tools is the same: to reduce the amount of troubleshooting needed by typical users and administrators, thus lowering Vista’s Total Cost of Ownership (TCO). There’s another Vista tool that takes this one step further that is meant to automate troubleshooting efforts while still providing the flexibility to launch the tool manually. It’s called Problem Reports and Solutions, and because it’s a new Vista offering, it’s worth exploring before sitting for the exam.
Problem Reports and Solutions To open the Control Panel application called Problem Reports and Solutions, look for the System and Maintenance grouping if using Standard view. (It’s a standalone icon when using Classic view.) You’ll get a dialog box that looks like Figure 6.6. In the left-hand side of this interface, the Reports and Solutions center presents users with a variety of tasks that help you identify problems and, more importantly, locate their solutions without clicking all over the Internet. Fortunately, using the Problem Reports and Solutions application is pretty straightforward. As you can see in Figure 6.6, all you have to do is follow an informational or solution link, and a page opens with instructions on how to address the problem. Often, you’ll be taken to a website where a patch or hotfix is available.
Hard Disk Reliability If a hard drive is a filing cabinet for all the information you want to work with, then it stands to reason that a full hard disk will perform poorly, just as a file cabinet operates poorly when too much stuff is crammed into it.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
FIGURE 6.6
291
Fix issues automatically with the Problem Reports and Solutions.
This is especially true of the system volume that, as we discussed in Chapter 2, typically holds the page file. Furthermore, adding more disk space just because you’ve filled up what’s there is sometimes not an option. In particular, this affects laptop computers, which rarely have space to add more fixed storage. Besides, you generally end up with much more stuff than you need. Hundreds, if not thousands, of files can safely be removed without altering computer performance in the least (and indeed, deleting unused files usually improves performance).
Disk Cleanup For these and other reasons, it’s important that administrators know how to use the Disk Cleanup utility. It presents an easy graphical interface to help you get rid of unused files, including the following:
• • •
Temporary files that have not been removed Downloaded program files Offline files (you can get the offline files back by reconnecting to the server where they reside)
292
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
By default, the Disk Cleanup utility also empties the Recycle Bin and compresses files that haven’t been opened recently. To use Disk Cleanup, follow these steps: 1. From the Start Menu, type clean. The Disk Cleanup utility appears in the list of available programs. Choose it, and you’ll see a Disk Cleanup dialog box, as shown here, asking you which files to clean up. You have two choices: your files or files for all users.
2. If the selection is All Users, the Security Shield icon hints at the next action: you’ll be asked for administrative confirmation if User Account Control is enabled. 3. The utility may take a while to launch; it’s checking how much space can be freed up if you allow it to do its magic. After it calculates, the Disk Cleanup dialog box appears:
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
293
From here, it’s just a matter of using the check boxes to control exactly what gets deleted. The interface also lets you see how much disk space will be freed by each chore. The More Options tab lets you delete more than mere files; you can use the Programs and Features section or the System Restore section to free up even more disk space. Clicking the Clean Up button of the Programs and Features, for example, opens the Programs and Features Control Panel application, which lets you remove a program that’s stayed a little too long past its welcome. In order to keep your hard disk free of too many unnecessary files, Microsoft recommends that you run the Disk Cleanup at least once a year. Make it a part of your spring cleaning program.
Exam Tip You need to run Disk Cleanup for each logical drive on your computer. The utility examines only the logical space, not the physical drive.
Disk Defragmenter Another familiar tool that can help with hard drive performance and reliability is the Disk Defragmenter utility. As most are well aware by now, the Disk Defragmenter utility reorganizes files on a disk drive. When files are initially stored on a drive, or over the course of time, data from the files can become fragmented, with parts of a single file stored in different locations on a drive. This leads to sluggish performance and instability of both the file and the drive. Disk Defragmenter corrects this problem by reuniting all data from files, in addition to combining most free space on the drive. When choosing to run the Defrag utility in previous versions of Windows, users could watch as colored sections of the files were realigned in a contiguous manner. However, disk defragmentation was an action that had to be initiated by the user. What’s new with Windows Vista, and what you therefore should pay special heed to, is that Microsoft has since altered course on that requirement. Under Vista, the Disk Defragmenter is now automatically scheduled to run once a week, with the default time being 4:00 A.M. on Sunday. Users can adjust this schedule or elect to run the utility at any time manually. (The instructions on how to perform each of these tasks are discussed in the following sections.) What’s more, the Vista Defragmentation interface is unlike previous versions, where users were supplied with a visual representation of the fragmented nature of their drive. Now users merely elect to run the Disk Defragmenter utility and then wait for confirmation from the system that the process is both done and successful.
294
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
A slightly annoying feature of the new interface is that there is no “current status” or “estimated time remaining” provided while defragmenting. This can cause a real problem for some users because, as you know and as the Vista interface reminds you while defragmenting, the process can take “between a few minutes and a few hours.” While Windows tells users that they can continue to use their computer while defragmenting, this is often a risky proposition. Allowing the defragmenting process to finish without any interruptions is always a good idea. Manually Run Disk Defragmenter As with most of Windows’ utilities, users can opt to manually run the Disk Defragmenter utility in many different ways:
• • •
Choose Start | All Programs | Accessories | System Tools | Disk Defragmenter Choose Start | Computer, right-click a disk, and choose Properties | Tools tab | Defragment Now Choose Start | Search box, type command and press ENTER to access the command prompt, type dfrgui, and press ENTER
Because the Disk Defragmentation procedure will affect all users of the system, you are prompted for administrative confirmation if User Account Control is enabled. After starting the utility, you will see a dialog box, as shown next. If a defragment is unnecessary, Windows will display the message, “You do not need to defragment at this time.” Translation: your drive is less than 3 percent fragmented.
If you don’t receive this kind notice, start the defragment process by clicking Defragment Now, and go get a latte. While Windows claims that the process can
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
295
be as short as “a few minutes,” I have yet to experience a defragmentation session that completed in less than 30 minutes. Should you start to defragment your drive and find that it’s taking too long or that some other action needs to be performed immediately, all is not lost. The Cancel Defragmentation option is available throughout the process. Modify/Cancel Scheduled Defragmentation As mentioned earlier, it is possible to modify or cancel either the default defragmentation schedule or any other scheduled defragmentation. Assuming the user has administrative privileges, modification/cancellation can be achieved by following these steps: 1. Choose Start | Computer, right-click a disk, and choose Properties | Tools tab | Defragment Now. This displays the Disk Defragmenter dialog box. 2. To cancel the automated defragmentation, clear the Run On A Schedule box and click OK twice to save changes. 3. To modify the defragmentation schedule, click the Modify Schedule button, located to the right of the Run On A Schedule box. Use the Modify Schedule dialog box to set the new run schedule. Within the schedule options, users can enter the How Often, What Day, and What Time dialogs to specify the appropriate run schedule options. When done, click OK twice to save changes.
Other Vista Performance Enhancements Vista not only does its level best to help steer you away from trouble, it also includes a few new built-in tools/technologies that will help keep your system performing at top speed. Candidates for the 620 exam should be familiar with the enhancements known as Windows ReadyBoost, ReadyDrive, and SuperFetch.
Windows ReadyBoost One of the really cool things about Windows Vista is how easy it can be to add memory (RAM). That’s because you don’t even have to “crack the case” to add more. How’s that? A technology called Windows ReadyBoost makes it possible to take a flash drive—yes, like the one around your neck and/or on your keychain right now—and use it as Vista system RAM. Told you it was cool.
296
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
ReadyBoost allows a flash memory device—a.k.a., a thumb drive—to serve as additional space for memory addresses. It’s not quite as fast as system RAM, mind you, but it’s a lot better alternative than the hard drive. The Windows ReadyBoost technology relies on the intelligent memory management of Windows SuperFetch and is supposed to significantly improve system responsiveness. Oh, it can also work with Secure Digital (SD) memory cards as well. Many of today’s laptops come with SD ports built in. There is a caveat, however. While almost any flash drive can be used with Windows Vista for storage, not all can work with ReadyBoost. Certain performance requirements must be met for Vista to be able to use the device as memory. Look for an “Enhanced for Windows ReadyBoost” tag when you’re looking for a flash drive to ensure its use for this purpose. Using ReadyBoost is a breeze. Here’s all you have to do: 1. Insert the memory device of choice—again, a USB flash drive or an SD memory card will do—into the appropriate port. 2. Vista now runs a check to see whether its performance is fast enough to work with Windows ReadyBoost. 3. If the device is a match, you are then asked whether you want to use this device to speed up system performance, as shown here. I’ve heard anecdotes about folks who have tried this last step and have received a dialog box stating that the memory stick was not capable of being used as memory. They then retested and were able to use the device as RAM. Beyond that, your experience with ReadyBoost should be hassle-free. Here are a few items of note to pass along:
•
You can use a USB drive to improve performance even if it’s already being used for file storage. Note in the preceding illustration how you can configure device usage with the sliding scale in the middle of the Memory tab.
•
ReadyBoost technology is durable, meaning that you can remove the memory device at any time without loss of data or any other negative impact to system stability. The Vista memory manager detects when the flash drive is removed, and it turns virtual memory storage over to the hard drive without any user action required.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
•
297
ReadyBoost keeps data safe. The data stored by ReadyBoost on the flash device is encrypted. A stolen USB key will reveal no secrets from its virtual memory store; at least none that were part of virtual memory. Any other unencrypted files stored on the drive are fair game.
Even if you don’t use the new ReadyBoost technology, Vista also includes a new way to improve the performance of existing system RAM. It’s called SuperFetch, which will be discussed in the next section.
Windows SuperFetch Here’s the issue: you boot up your computer first thing in the morning, and programs work fine. System response is snappy, and you’re cruising through your day’s work. Then it’s lunchtime, and when you get back to your desk, programs have noticeably slowed. You click a taskbar item and it takes several seconds for the window to appear. What’s the deal? The problem lies in the way memory is managed, a problem that has, according to Microsoft, been largely addressed by Windows Vista. Vista now includes a new memory management technology called SuperFetch, which helps the system to use physical RAM more efficiently. Essentially, it all comes down to math. To wit: Most existing memory management schemes utilize an algorithm known as Most Recently Used (MRU). The MRU memory management technique dictates that the content last accessed remains in RAM until it’s replaced by something else. The problem with MRU is that when users leave their machines for an extended period of time—say, 15 minutes or more—background applications often use this as a chance to execute actions such as indexing, virus scans, or system management. Under the MRU algorithm, the data that these background applications use remains in memory. The user now comes back to the computer after lunch and wants to check e-mail, but the information used by the e-mail program has been tucked away to the hard disk by the MRU algorithm. This explains the sluggish-return-from-lunch thing. Vista’s SuperFetch aims to improve system responsiveness with a new memory management algorithm that assists in two ways:
• •
It prioritizes user applications over background tasks. It adapts to how each user works. It can even anticipate usage demands based on factors such as time of day and day of the week.
The SuperFetch technology still allows background tasks to run on system idle. The difference between SuperFetch and the MRU algorithm, though, is that once the background task is done with its work—Windows Defender runs its
298
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
system scan for malware, for example—SuperFetch will put things back in order, as it were. Whereas MRU will leave the Windows Defender malware definitions, search results, and so forth in physical RAM, SuperFetch will retrieve the user’s e-mail data, placing it into RAM. What’s more, SuperFetch also tries to learn from your computer usage patterns so that it can better retrieve the data you need to work with before you’re at your computer, asking an application to carry out a task (meaning that it should get better over time). So how do you configure SuperFetch behavior, then? You don’t. SuperFetch is, after all, an algorithm, and there’s really no way—at least through Windows Vista—to trick it out. That leads us to the last performance-improving technology that 620 exam candidates should be aware of. Like SuperFetch, though, there really isn’t all that much to configure when it comes to ReadyDrive.
Vista ReadyDrive ReadyDrive is a technology that essentially lets Vista utilize systems equipped with a new kind of hard disk called a hybrid hard disk. What’s a hybrid hard disk, you ask? Here’s how the technology works: the hybrid drive works in much the same way as hybrid cars—it combines two technologies to offer better overall performance. In the case of hybrid cars, of course, the performance boost is in fuel efficiency. In the case of hybrid hard drives, the boost comes in the form of greater I/O speed. A hybrid hard disk combines a standard hard disk with a relatively large amount of what’s called non-volatile RAM (NVRAM). NVRAM is used by motherboards to store BIOS information; it’s RAM that won’t lose its information when it loses power. Think a gigabyte or more on the typical hybrid drive. As you might suspect, this NVRAM provides a host of speed-related benefits because much of the drive’s frequently used information ends up getting cached on the NVRAM. With ReadyDrive, you can expect to be able to boot up and resume from various sleep and hibernation states much faster than before. Computer performance in general should be snappier with a hybrid drive. Hybrid drives also provide the less-obvious benefit of improved battery life. Why? Because the most-often-used information is stored in NVRAM, the computer doesn’t have to spend as much time—and thus, power—spinning the hard drive’s platters when accessing data. It can even improve hard drive reliability. One common way that drives can become damaged is when they are moved while spinning. Because data is stored on NVRAM, it reduces the likelihood that the disks will be spinning the next time you’re working and have to be on the move quickly.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
299
So because this hybrid hard drive stuff is a hardware component, any old system can put it to use, right? Well, no, at least not for now. Prior versions of Windows won’t be able to use these hybrid hard drives unless drive manufacturers include drivers that enable such support. That’s where Vista’s advantage really shines: with ReadyDrive, there’s nothing to add or configure. If you have such a drive, Vista ReadyDrive will just plain-old work. One problem, though: there really aren’t any PCs at the time of this writing that actually use the new hybrid drives. Reports are that Samsung will be the first manufacturer to release hybrid drives commercially, and you should start seeing new laptops with Samsung hybrids by the first quarter of 2007.
Objective 6.03
Configure Windows Update
A
s with several of the features and tools mentioned in this chapter, Windows Update is nothing new to Windows Vista, but the interface and some of the configuration options certainly are. You can access Windows Automatic Updates using a couple of methods:
•
Use the Windows Security Center. Note, however, that there isn’t a link for Automatic Updates on the left side of the window. Instead, you need to open Automatic Updating by clicking the down arrow, then clicking the Change Settings link.
•
Use the Control Panel, under the System and Maintenance grouping. You can also type update at the Start Menu. Either way, you’ll see the Automatic Updates window, as shown in Figure 6.7.
In order to modify the Windows Update settings, choose the Change Settings link which is located on the left side of the dialog box under the list of Tasks. Once you’ve opened the Change Settings dialog box, note that Microsoft’s default is for updates to be installed automatically. If you don’t want to bother with the details of updates, this option is fine. If you want more control over when and how patches are installed, choose the third selection in the list, the Let Me Choose option. You’ll then see a dialog box like the one shown in Figure 6.8. While the subject of this Exam Objective is to “configure” Windows Update, there’s not a whole lot that needs to be configured. If you keep the default option of installing automatically, the only thing to configure is the schedule. A popular choice for administrators and power user types is the second option in the Change Settings dialog box. This option will cause updates to be downloaded to your computer but installed at a time of your choosing.
300
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
FIGURE 6.7
Automatic Updates lets you determine how new patches are installed on your Windows system.
FIGURE 6.8
You can choose how updates are installed on your system.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
301
Exam Tip There are three categories of Windows Updates, and not all of them are installed automatically. Important updates provide significant benefits, such as improved security and reliability. Recommended updates can address noncritical problems and help enhance your computing experience. Both of these kinds of updates are installed automatically. Optional updates, such as additional applications and driver updates for peripherals, may enhance performance but are not downloaded or installed automatically.
When updates are available for installation, a new System Tray icon appears; if you hover over the icon, you’ll see the text “New updates are available.” If you click the icon, you’ll see the Windows Update window that shows updates that are available for installation.
Hiding and Restoring Updates As part of configuring Windows Update, you can instruct Vista not to install or notify you about an available update by hiding the update. But what if you change your mind and want to install a hidden update? In that case, you must first restore the hidden update. The procedure is relatively simple: 1. Open Windows Update and, from the list of tasks in the left pane, choose the Restore Hidden Updates link. 2. Choose the updates that you want to install, then click Install, as shown next.
Windows will check for updates and then prompt you to install the updates that you have restored and any new updates that might be available. To make
302
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
sure that you’ve selected all important and recommended updates, check the information in the Type column. As you have seen, 70-261 exam takers will definitely need to know what to do to keep the Windows Vista operating system running with a maximum reliability. But what is more important than the operating system itself? What about ensuring the reliability—and safety—of the data? The next objective looks at this very issue.
Objective 6.04
Configure Data Protection
E
ncryption is a means of scrambling information to prevent unwanted persons from being able to read it. It has been used to transmit information for thousands of years or so, but as it applies to computers, it describes a mathematical process of transforming blocks of data using an encryption algorithm. Examples of well-known encryption algorithms in use today are DES, AES, CAST, and Blowfish. Why encrypt? It’s especially valuable if your computer is ever lost or stolen—because unless the thief knows your username and password, files that are encrypted will not be readable. Now Windows Vista provides two methods for encrypting files: EFS (Encrypting File System) and BitLocker Drive Encryption (BitLocker is one of the big changes). EFS has been around since Windows 2000, while BitLocker is brand new. The differences between EFS and BitLocker are listed in Table 6.1. In everyday use, EFS is “visible” to computer users (as will be detailed in a bit), whereas BitLocker is largely invisible to the end user and is also almost completely automated. TABLE 6.1
EFS and BitLocker Comparison
EFS
What is encrypted Encryption’s association with user accounts
Individual files and folders
BitLocker
All personal and system files on the hard drive Encryption is performed Encryption is associated with the user who encrypts at the system level and is not associated with any files or directories. When one user encrypts a file, no user accounts. other user will be able to read it. This can be a problem when a user wants to share files with another user but still provide the protection that encryption provides.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
TABLE 6.1
EFS and BitLocker Comparison (continued)
EFS
BitLocker
Hardware support required
None
Administrator status
Any user, whether standard or administrator, can use EFS. Users can selectively encrypt and decrypt files as they wish.
BitLocker uses the Trusted Platform Module (TPM), a special chip found in newer computers Only administrators can manage BitLocker.
User control
303
Users cannot turn off BitLocker unless they are an Administrator user.
File Encryption with EFS EFS permits users to encrypt and decrypt any files or directories, as desired, any time. Standard users and Administrator users may each encrypt any files and directories that they own. To encrypt files or directories, follow this procedure: 1. Open Windows Explorer and navigate to the directory that contains the directories or files that you wish to encrypt. 2. Right-click the file(s) or directory(ies) you wish to encrypt. Click Properties | Advanced. The Advanced Attributes window appears, as shown here.
3. Check the Encrypt Contents To Secure Data check box. Click OK. 4. In the Security Properties window, click Apply.
304
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
5. The Confirm Attribute Changes window appears, as shown here, and asks whether only the current folder should be encrypted or whether all files and subfolders should also be encrypted. The default, Apply Changes To This Folder, Subfolders and Files, is usually what you will choose. Click OK.
6. Windows will encrypt the file(s) and directories you selected. This can take quite a while if you have selected a large amount of data to encrypt. You’ll see a window that shows the progress of the encryption.
7. If you are using EFS for the first time, a System Tray balloon will appear that reminds you to back up your encryption key, as shown here. After the balloon disappears, the System Tray icon will remain.
8. Click the EFS System Tray icon. The EFS key backup window appears.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
305
9. Click Back Up Now. The Certificate Export Wizard appears and will guide you through the steps to export your EFS encryption key, which is really a digital certificate. Click Next. 10. The next window asks which format you want to use. The only available format is Personal Information Exchange - PKCS #12 (.PFX). The other options are grayed out. You may check the Include All Certifications and Export All Extended Properties if you wish—it’s not required that you do so. Click Next. 11. You must type in a password to protect your exported certificate. You should use a good, strong password that others cannot guess. You should write down the password and keep it in a safe place. 12. Next, you must choose the name and location of the file where you want your certificate written. This must be a new file—if you choose an existing file, it will be overwritten. Navigate to the directory where you want your certificate saved. Click Next, then click Finish.
Exam Tip You should copy your exported certificate to a CD-ROM or a folder on a different computer in case you ever need to recover your certificate.
You can easily tell if a file or directory has been encrypted: Windows Explorer will show the name of the file or directory in green text or black text.
Travel Advisory Windows permits you to either compress your data or encrypt it, but not both.
EFS permits you to encrypt files or entire directories. If you need to encrypt your entire hard drive, you should consider using BitLocker.
Encryption with BitLocker Drive Encryption Vista is the first Windows OS to offer full drive-level encryption, meaning that all files on the drive are encrypted, instead of just selected files and directories. The mechanism? BitLocker.
306
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
BitLocker even encrypts all of the Windows operating system, including logon information, installed programs, and all other files on your computer. Once set up, BitLocker is fully automatic.
Travel Advisory BitLocker is only available on the Vista Enterprise and Ultimate editions. It isn’t available on even the Vista Business edition. The Encrypting File System, on the other hand, is available on all Windows Vista editions, as it is a function on the NTFS file system. Don’t get tripped up by this information if it’s incorporated into a question!
BitLocker requires a small (about 1GB) partition on your computer. If you have upgraded from an earlier version of Windows, you probably do not have this extra partition. Do not fear: BitLocker will create it for you. Before BitLocker encrypts your hard drive, you will be prompted to set up a Startup Key and a Recovery Key. When you start your computer, you will be prompted for the Startup Key before your computer will start. If you lose your Startup Key, you must provide the Recovery Key to recover your data. If you lose both the Startup Key and the Recovery Key, your data will be irretrievably lost (which is the whole idea of BitLocker, by the way—no one without the proper keys can access the data).
Setting up BitLocker (no TPM) To set up an encrypted drive with BitLocker, follow these steps: 1. Open the Control Panel, choose the Security grouping, then choose BitLocker Drive Encryption. 2. On many systems, especially those upgraded from a previous version of Windows, you’ll see a warning message that says that your drive configuration is unsuitable for BitLocker. If your disk doesn’t have the necessary second partition, you will have to create one. Click the Set Up Your Hard Disk For BitLocker Drive Encryption link, as shown in the next illustration. This will display a help page that contains instructions on how to shrink your main volume and create a new 1.5GB volume for BitLocker. See Chapter 2 for information about managing hard drives.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
307
Once you’ve set up your hard disk for BitLocker, continue the BitLocker setup procedure: 1. Once again, choose Control Panel | Security | BitLocker Drive Encryption. You will now see the BitLocker Drive Encryption window, as shown here:
308
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Click Turn On BitLocker. BitLocker will prompt you for a startup key or PIN, as shown next. If your system does not have a TPM (Trusted Platform Module, a hardware encryption chip), you will have to create a startup key on a USB drive. You are required to insert a USB key. Select it from the list and click Save a Startup Key On A USB Drive.
3. Next, you will be asked to type in a 4- to 20-digit PIN. Note that in a domain environment, administrators may disable a PIN creation.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
309
4. Now you will be required to create a recovery password. 5. When you create the password, you have four options. You may save it to a USB drive or a network folder (it makes no sense to save it on this computer!), you can print it, or you can display it on the screen. Select one of the options and continue. 6. The recovery password is set for you—you don’t have the option of typing it in. It’s a long string that you are not likely to remember. If you chose the Show option, you’ll see the following window:
7. After creating the PIN on a USB key and creating the recovery password, BitLocker is ready to encrypt your drive. 8. BitLocker will now encrypt your hard drive. How long this takes depends upon the size of your hard drive and your computer’s performance. Encryption will take place in the background.
Travel Advisory If you have recently purchased a new laptop, it will likely contain a Trusted Protected Module chip. On older systems, this is much less likely.
Booting with BitLocker (No TPM) Once BitLocker is set up on your system, your bootup sequence will look a little different. You will be required to have that USB key, and you’ll have to remember your PIN. If you have neither, then your only option will be to type in the Recovery Password. When your system boots, you’ll see the following message: If the Startup Key is not present (screen 1): “The key required to unlock this volume was not found. Please insert removable storage media containing the Startup Key or the Recovery Key. Then press ENTER ENTER to reboot.” Insert your USB key and you’ll see the message, “You may now remove the media.”
310
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
If you are required to type in your PIN, you’ll see the following message instead: “To start this computer, type its BitLocker Drive Encryption startup PIN and then press ENTER. Use function keys F1 through F9 for 1 through 9, and F10 for 0. Use the TAB, HOME, END, and arrow keys to move the cursor. If you do not have the correct startup PIN, press ESC. If you have neither the USB key nor the PIN, you’ll have to reboot and try again.” Recover Data Encrypted with BitLocker If you do not have the USB key or the PIN, the only option available to you is to recover your data using your Recovery Password. When the system boots, you can type in the Recovery Password at the initial prompt, or insert a USB key that contains the Recovery Password: If the Startup Key is not present (screen 1): “The key required to unlock this volume was not found. Please insert removable storage media containing the Startup Key or the Recovery Key. Then press ENTER to reboot.” You should then create a new PIN and Startup Key using BitLocker’s key management program in the Control Panel.
Manage a TPM Environment If your system has the new TPM (Trusted Platform Module) hardware, bully for you. Life with BitLocker drive encryption is much less of a hassle; you can implement very stringent data protection with a minimum of headaches. With a TPM-enabled system you can opt to utilize the TPM when setting up BitLocker. With TPM present you have three implementation options:
•
TPM-only encryption The user does not need to provide a USB key or PIN on startup. The end user will not be required to enter a password on startup.
•
Two-factor protection PIN and TPM. The user will be required to type in a PIN each time the user starts. A Recovery Password is still created when BitLocker is set up and is required if the user cannot remember their PIN.
•
Two-factor protection USB and TPM. The user will be required to insert the USB key containing the Startup Key at system boot time. The Recovery Password can be used to recover the volume if the USB key is lost.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
311
Exam Tip At first glance, TPM-only encryption might seem a moot point. After all, if a user is not required to enter a PIN or a key to boot the system, won’t any intruder also be able to boot the system? This is true; however, the intruder will not be able to put the computer’s hard drive onto another computer in order to extract files from your hard drive, as they’re all encrypted. One potential weakness is a weak password. If the user used a weak password on the computer, and if an intruder guesses the password, then the intruder will have full access to all of the information belonging to the user (and everything else on the computer, if the user account is Administrator level).
CHECKPOINT ✔Objective 6.01: Troubleshoot Performance Issues
In this objective, we examined how to gather information that can help administrators establish a system performance baseline. Specifically, we looked at the Task Manager and Reliability and Performance Monitor tools to help with this task.
✔Objective 6.02: Troubleshoot Reliability Issues Using Built-in Tools Rather than focusing on each and every tool that can help troubleshoot reliability issues, this objective focused on a specific subset of new tools called Vista Diagnostics. As you learned, these tools usually launch automatically and try to take proactive steps to prevent issues from becoming full blown computer disasters. We also discussed the Problem Reports and Solutions tool here.
✔Objective 6.03: Configure Windows Update
Another piece of the reliability and performance puzzle is an operating system that is always up to date. A Windows Vista system that installs updates automatically is the best defense against malware, poorly written hardware drivers, and other threats to your system’s performance and reliability.
✔Objective 6.04: Configure Data Protection
Finally, this chapter examined two main Vista tools that are available to help secure data: the Encrypting File System and BitLocker technology. It is important for test takers to understand the differences between these two technologies and be able to cite instances where one would be a better data security choice over the other.
312
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
REVIEW QUESTIONS 1. You are studying the performance of a Vista Business edition computer on your corporate network. The user reports that he has experienced a lot more problems in the past week, especially when compared to when he first received the computer six weeks ago. How can you quickly generate a graph of system stability to double-check the accuracy of the claim? (Choose all that apply.) A. Use the Task Manager and then click the Performance tab, where you can get a graph of current system performance. From the View menu, choose the CPU History option and then select a date range rather than real-time information. B. Open the Reliability and Performance Monitor and then click the Reliability Monitor node. C. Open the Reliability and Performance Monitor and then expand the Reports node. Now select the System Diagnostics reports, right-click, and select Generate Chart from the context menu. D. Use the Task Manager and then choose the Performance tab. Open the Resource Monitor and then expand the Reliability button. E. All of the above. 2. Which of the following are tasks that can be carried out using Vista’s new Problem Reports and Solutions utility? (Choose all that apply.) A. Discover which application on your computer is having the most instability problems. B. Automatically detect and install application patches and fixes that have been released by the application vendor. C. See what computer problems were most prominent immediately following an application update three weeks ago. D. Install critical Windows Updates that might fix a problem with Internet Explorer 7. E. Set a Restore Point to a date before a given problem that was reported to Problem Reports and Solutions. 3. You are trying to troubleshoot slow performance on a Windows Vista computer and want to isolate the problem to a specific application that you think is taxing the processor time. What is the best starting place for your troubleshooting? A. Use the Task Manager and look at the Performance tab. Look under the System section and then at the number of threads versus the
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
B.
C. D.
E.
313
number of processes. A ratio of more than 10 to 1 means that a single application is producing many more processor requests than it should. Open the Computer Management MMC console and then open the Services and Applications node. From there, investigate the Status column and look for Services whose status shows as Realtime. Use the Task Manager’s Applications tab, and then right-click one of the open applications. Choose Go To Process from the context menu. Use the Performance Information and Tools Application and follow the Learn How You Can Improve Your Computer’s Performance link. If an application is causing a performance problem, you will be notified here. Use the Memory Diagnostics utility and reboot. Any applications that are causing memory leaks will be reported by this tool.
4. Which of these technologies are new introductions with the Vista release of the Reliability and Performance Monitor? (Choose all that apply.) A. The Performance Monitor B. The Reliability Monitor C. The ability to generate system performance graphs using logged data taken over a week-long period of system usage D. The ability to add performance counters to the data collector set using a wizard-based interface E. All of the above 5. You are a system administrator in need of the following information on one of the company’s Windows Vista Business computers while on a Microsoft Product support call: the processor speed, memory, and Windows Activation Product ID. What is the easiest way to gather this information? A. Use the System Control Panel application. B. From the Control Panel, open the Device Manager. C. Open the Run (Start | Run) dialog box and type msconfig to launch the Windows Configuration utility. D. Open the Computer Management MMC by right-clicking the Computer item from the Start Menu and then run the Windows Experience Index scan. E. None of the above.
314
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
6. You are using a laptop with Windows Vista Ultimate and have not changed the default Windows Update settings after installation. You know that the Dream Scene desktop background is an available update, but you do not see the options to use the Dream Scene when opening the Personalization Control Panel application. What is the best explanation for this? A. The update was not digitally signed and you have a Group Policy setting that prevents unsigned software from being installed. B. Downloaded updates are only installed during scheduled installation times, and you turn your computer off at night so you must change the settings of Windows Update to adjust the scheduled install time. C. Optional updates are not downloaded automatically. Only important and recommended updates are automatically downloaded and installed. D. Automatic updates still require UAC authentication before performing the install. You have not been present at the computer at the time of install, and the procedure has timed out. E. The Ultimate computer is joined to a Windows Server 2003 domain. In a domain environment, Automatic updates are controlled through domain Group Policy settings only. 7. The Windows Update utility has just completed a scan of hardware and recommended a driver update for the video card. After completing the update, however, you experience problems with one of your applications. What’s the best way to troubleshoot the driver update and run the application the way it was performing before the update? A. Open the Vista Device Manager. Open the Properties dialog box for the video card and select the Driver tab. Choose the Use Restore Point option, then choose a date before the driver update. Choose Yes to proceed. B. Open the Vista Device Manager. Open the Properties dialog box for the video card and select the Driver tab. Choose the Roll Back Driver option, then click Yes to proceed. C. Open the Windows Update Utility again and choose the Restore Hidden Updates option. Hidden Updates contain all previously used drivers, so you can choose any of the hidden updates and choose the Restore toolbar button. D. Download a free copy of Virtual PC 2007 and install a second instance of Vista inside the Virtual PC. Use the original video card
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
driver in this new Vista instance and then launch the application from within the virtual machine. E. Run the application in Application Compatibility Mode using Windows XP as the selected operating system. 8. Unlike the Encrypting File System, BitLocker Drive Encryption stores its encryption key on a device that is separate from your hard disk. Where can this encryption key be stored? (Choose all that apply.) A. B. C. D. E.
On a removable USB flash drive On an optical disc such as DVD-R On a Trusted Platform Module 1.2 chip On a Trusted Platform Module 1.0 chip On a Bluetooth-enabled Windows Mobile 5.0 device
9. Windows Update configures itself to automatically download and install Important Windows Updates. If you don’t want to accept the default settings, what other options do users have? A. Download updates automatically, but the user chooses whether to install them. B. Check for updates, but the user chooses whether to download and install them. C. Manually check for updates with the Windows Update website. D. Check for recommended updates along with important updates and install these automatically as well. E. All of the above. 10. You are the administrator for a small legal firm working on injury claims. As a result, attorneys regularly carry around hundreds of patient records, and you want to secure these TPM-enabled laptops with BitLocker Drive Encryption. All laptops run the Vista Business edition. However, you go to configure it on one of your systems and are unable to set up BitLocker. What is the best explanation for your experience? A. B. C. D.
The TPM chip is older than version 1.2. The hard drive you wish to encrypt does not have two partitions. The BIOS is not compatible with Trusted Platform Module chips. The drive you wish to encrypt is not formatted with the NTFS file system. E. BitLocker Drive Encryption is not available on Windows Vista Business edition.
315
316
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
REVIEW ANSWERS 1.
The best way to tackle this situation is to simply open the Reliability and Performance Monitor. There you will have access to one of Vista’s new features, the Reliability Monitor. This tool automatically generates a line graph of system reliability over time.
2.
The new Problem Reports and Solutions utility is configured to automatically report problems and check for solutions by default. You can use the tool to look back in time, as all reported problems are time-stamped. There is also a link that lets you check for any recently available solutions.
3.
The best way to begin troubleshooting efforts is to investigate the processes being spawned by the running applications. Once you identify the process, you can see if that process is taxing system performance by looking at the CPU column. A high number will indicate a process that is putting a lot of stress on the processor.
4.
In Windows XP, the Reliability and Performance Monitor was simply the Performance Monitor, and the tools available with the Performance Monitor—namely, the ability to view logged data—remain essentially unchanged. What is different with Vista’s Reliability and Performance Monitor is the ability to create and amend data collector sets, using a wizard interface if desired. Also, the Reliability Monitor is a new tool.
5.
The System application will provide all of this information, and also places other helpful information at your fingertips such as the Workgroup or Domain membership. The System application is located in the Control Panel under System and Maintenance.
6.
Optional updates are not downloaded and installed automatically by Windows Update, and software such as language packs and desktop background enhancements are considered optional.
7.
The Device Manager in Windows Vista creates a restore point for an individual driver before updating. You can use this restore point by clicking the Roll Back Driver button on the Properties dialog box for the device.
8.
BitLocker Drive Encryption stores the encryption (and decryption) key on one of two devices: either a TPM version 1.2 chip or higher, or on a removable USB flash memory device, which in turn would be necessary to boot up the computer.
CHAPTER 6 Maintaining and Optimizing Systems that Run Windows Vista
317
9.
Each of these is an option when configuring the Windows Updates utility. Manually checking for updates with the Windows Update website means that the Windows Update service will be disabled, but it is an option.
10.
The Vista Business edition does not support BitLocker drive encryption. It is only available on Vista Enterprise or Ultimate editions. All of the other answers here are reasons that TPM configuration might fail and should thus be a good review, but none are relevant on Vista Business edition.
This page intentionally left blank
7
Configuring and Troubleshooting Mobile Computing ITINERARY
• • • •
Objective 7.01 Objective 7.02 Objective 7.03 Objective 7.04
Configure Mobile Display Settings Configure Power Options Configure Tablet PC Software Configure Mobile Devices
NEWBIE
SOME EXPERIENCE
EXPERT
3 hours
2 hours
1 hour
319
320
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
As you have seen throughout the course of this Exam Guide, many of the new features built into Windows Vista are focused on enhancing the experience for mobile computing. These enhancements improve the use of laptop computers, of course, but also include features that help you set up and use other mobile computing devices, such as Windows Mobile–based smart phones. In this book’s final chapter, we’ll concentrate on the exam objectives that are most specific to mobile computing. We’ll start with a look at something relatively simple: getting the mobile display to look and behave exactly as you’d like and what to do when multiple monitors are attached. This can be especially significant when performing one of the core tasks of the mobile computer: giving a presentation on an external display. The middle part of this chapter then moves to the many new power management features available with Windows Vista. As you’ll see, these new features—especially a new shutdown option called Sleep—can mean a significant savings to the bottom line. You’ll also learn about the new Group Policy changes that enable Vista administrators to configure power management for their end users. We’ll then look at a mobile computer’s potential use as a Tablet PC. Simply put, Tablet PC computing is the ability to use handwriting as the main source of input rather than a keyboard and mouse. This can be more accurately described as a technology platform, where hardware and software have to work in harmony. It is not a new technology, but as the platform has evolved so too has the software that supports it. Unlike with previous versions of Windows, Tablet PC functionally is built into Windows Vista, rather than being treated as a separate operating system. Finally, the chapter wraps up with a look at how to set up and configure a mobile device. Specifically, we’ll examine a new Vista feature called the Sync Center, which serves as a central hub where users can set up and manage all attached mobile devices and synchronization relationships.
Objective 7.01
S
Configure Mobile Display Settings
ure, the Vista computer you’re using makes a lot of calculations and handles a lot of tasks that make modern life and business possible. But you don’t spend all day looking at the CPU and chipset, do you? Of course not. Humans stare at the monitor for feedback, and controlling what output is displayed and how it looks is a very important part of computer use. On a mobile computer, controlling where the output displays can be an important part of your job; it will almost certainly be the subject of a question on the exam.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
321
Change Screen Resolution One of the most critical factors that affects Vista display is the screen resolution. The screen resolution is defined as the number of pixels (picture elements) that are shown on the monitor, represented in a reading of the number of pixels horizontally by the number of pixels vertically. Most monitors today have screen resolution capabilities of at least 1024 × 768, with fallback settings of 800 × 600 and 640 × 480. Higher-end monitors can use resolutions of 1280 ×1024, 1600 ×1200, and even 2048 ×1536. The higher the screen resolution, the more screen area the user sees. Users who work with a lot of open windows tend to gravitate towards higher resolutions. There’s a trade-off however. At higher resolutions, text becomes smaller and harder to see, especially for those with vision problems. For those with perfect vision, high resolutions can lead to eyestrain, eventually leading to associated eyestrain problems (headache, tired eyes, etc.—there’s the definition of irony you needed to get through the day). But this book also gives you the tools to adjust text size, which is just one of the reasons why the title is so good. Even a rather mundane discussion of screen resolution contains valuable information that will help you get the most out of your computer. To adjust Vista text size, follow these steps: 1. Open the Personalization Control Panel application. Type per from the Vista Start Menu or right-click the Desktop and choose Personalize from the context menu. 2. Click the Adjust Font Size (DPI) link on the list of tasks to the left. 3. From here, you can choose from one of two defaults, or click the Custom DPI button to open the Custom DPI Setting dialog box, shown here. The idea here is to use a screen resolution that will help users keep as many windows open at once to suit their usage needs (or at least as much information in the window that suits them) while still allowing them to see the text on the screen without the aid of a Hubble telescope.
322
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
There is no ideal screen resolution; it’s just whatever works best for the individual user and what kind of work they want to perform. One thing’s for sure, though: using a higher resolution requires more hardware horsepower than lower resolutions, including both the display adapter and the monitor itself. Also affecting computer display is the color depth, which represents the number of colors that can be simultaneously displayed. Color depth can range from 16 colors for standard VGA monitors to 4 billon simultaneous colors for most monitors in use today. (4 billion = 232, or 32-bits worth of distinct colors.) And, as you might guess, higher color depths place higher demands on computer hardware. A video card capable of 32-bit color depth at one screen resolution may only be capable of 16-bit depth at a higher resolution. In other words, the two performance benchmarks are interrelated. At installation time, Vista tries to detect the video adapter and monitor and then configures the screen resolution and color depth at optimal settings. Moreover, Vista will use a set of generic “plug and play” drivers as a fallback just in case the correct video adapter drivers cannot be found. After Vista installation or after a hardware/driver update, you can change both screen resolution and color depth from the same dialog box: 1. Open the Personalize application in the Control Panel by right-clicking the Desktop and choosing Personalize. Follow the Display Settings link. 2. In the Display Settings dialog box, shown next, choose the monitor you want to configure if multiple monitors are detected.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
323
3. Use the Resolution slider to specify screen resolution, and use the Colors drop-down menu to specify color depth. 4. Click OK to apply your changes and exit. In addition to setting the optimal screen resolution for the particular user and work tasks, another important setting is the monitor’s refresh rate. A high refresh rate can improve user comfort when sitting in front of a computer all day.
Changing Display Refresh Rate The light emitting diodes (LEDs) that make up your computer’s display don’t hold their image forever; in fact, they can only keep an image up for a fraction of a second. After that, the image needs to be redrawn for another fraction of a second. The monitor’s refresh rate, then, determines how often the screen is redrawn by your video card each and every second you’re at your computer. Here’s how it works: the lower the refresh rate, the more the image will flicker, and even though you might not notice it when staring at the screen, flicker can cause eyestrain over time. The converse is also true: the more the screen redraws itself, the less strain on your eyes. You should therefore strive to set a refresh rate as high as your video card’s settings will allow. To configure Windows Vista’s display refresh rate, follow these steps: 1. Open the Control Panel’s Personalization application and click the Display Settings link. 2. Select the monitor you want to configure (if multiple monitors have been detected) and choose the Advanced Settings button. 3. On the Adapter tab, choose the List All Modes option. A list of all resolution/ refresh rate modes supported by the monitor should appear in the List All Modes dialog box. 4. Choose the desired refresh rate on the Monitor tab’s drop-down menu, as shown here. Not every refresh rate will be available for every screen resolution.
324
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Now that we’ve gotten some of the basics out of the way, let’s move on to some more advanced display settings, such as having Windows Vista utilize multiple monitors at once.
Use Multiple Monitors Thanks to the magic of plug and play and the generally standardized interfaces between video card and monitors (either VGA or DVI connections), using a second monitor for Vista output is usually just a matter of hooking up the second monitor to your computer and turning it on. Vista then does its level best to detect the new monitor and apply the video settings best suited for it, guessing at an ideal screen size, screen resolution, and color depth for the new monitor. Additionally, you should see a handy little dialog box the first time you connect that lets you choose how you want this second monitor to handle the Vista Desktop, as shown next.
As you can see, you have three choices about what to do in the New Display Detected dialog box:
•
Mirrored This option simply duplicates the existing Desktop on each display you connect; it is the default option. This is the likely choice for presentations, for example, when you need to connect an external projector to a laptop or use another fixed display such as a flat screen monitor in a conference room.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
•
Extended This option extends the Vista Desktop across all displays, retaining just the single logical Desktop, increasing overall Desktop area. Once selected, you can move program windows between the displays.
•
External Display Only This selection displays the Vista Desktop only on the external display and not on the laptop’s native LCD. Why would you choose this option? If you were using the Media Center capabilities from a laptop, for example, this would likely be the best choice for playing a DVD or recorded TV program. Additionally, this option conserves battery power by turning off the mobile PC display.
325
Once you make your choice from the New Display Detected dialog box, you get the chance to preview your selection. Click Apply to preview the newly connected monitor; choose OK to commit the display configuration changes. Again, the default is to mirror the newly attached display. If you cancel out of the New Display Detected dialog box, Vista will use the default setting.
Exam Tip You will see the New Display Detected dialog box only when you’re using two displays. If you’re trying to set up three or more displays, you must manually designate your primary display and apply display settings to all monitors manually using the Display Settings dialog box.
What’s especially nice about the New Display Detected dialog box is that Vista remembers the settings you choose here and uses them as the default the next time that you connect that same monitor. Once you disconnect the recently added monitor, Vista reverts back to the original display settings.
Travel Advisory I have no scientific evidence to back this up, but I’d guess that most multiple monitor use happens on laptops, which usually come configured with an external video port somewhere in the back. Laptops can easily be attached to docking stations that send output to a bigger, better monitor. In other words, using multiple monitors is a little more prevalent on laptops because nothing has to be added. This isn’t the case on most desktops, however. Roughly 98 percent or so (by my highly anecdotal count) are configured with a single video card. Some video cards have the ability to connect multiple monitors, yes, but usually a second video card is needed to send Desktop output to a second monitor.
326
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Travel Assistance More information about video cards that support multiple monitors can be found at either nvidia.com or at ati.com.
Use Multiple Monitors Manually If you don’t see the New Display Detected dialog box when attaching an external display, don’t worry: Vista makes it pretty easy to manually create a single logical Windows Desktop: 1. Open the Control Panel’s Personalization application and click the Display settings link. 2. In the Display Settings dialog box, select the secondary monitor. Usually, it is displayed as 2 in the dialog box. 3. Choose the Extend The Desktop Onto This Monitor option, as shown next.
4. Click either Apply or OK to commit your changes. You should now see the Start button on the lower left side of your primary monitor and a whole lot of desktop real estate on your second monitor. If you’re using the Vista sidebar, these should appear on the right side of the second monitor by default.
Multiple Monitor Considerations If you’re setting up a desktop computer with multiple video cards in order to support output to multiple monitors, take note of one important caveat regarding multiple monitor use on Windows Vista: if you want to take advantage of the Aero user interface across multiple displays (one desktop, multiple monitors), Vista requires that all video cards use the same driver. In most circumstances, you can’t even mix and match different cards from the same manufacturer.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
327
I highly recommend visiting one of the major video card manufacturer websites before making a purchase. Furthermore, I suggest you consider a single card with multiple video-out ports if using multiple monitors is the objective. If using two separate cards, try to make sure that both come from the same manufacturer. Why? You will receive the best performance when both cards use the same drivers. Although it’s possible to use video cards from different manufacturers in a multiple monitor configuration, you will not be able to use the Vista Aero interface. You’ll be limited to the Vista Basic interface.
Exam Tip Support for multiple monitors even extends to the use of Remote Desktop. A RDP client that is using one logical desktop will still get the Terminal Services session over multiple monitors.
Working with a monitor—or two—is just one of the many considerations that Vista administrators have to contend with when managing the mobile computing environment. Another big factor is how laptops will handle and conserve power. After all, the portability of a laptop won’t be of much use to anyone if it’s always running low on batteries. Good news, though: Vista introduces many new power management features to stretch battery life as never before.
Objective 7.02
F
Configure Power Options
or every beginning, there is an ending. Or something like that. Shutting down a Vista machine is every bit a part of computer use as starting it up. System shutdown is necessary both for altruistic purposes, such as saving energy, and reasons that are of more immediate concern to the end user and administrator. Proper shutdown helps ensure working data is safe and secure. It also helps your system start quickly the next time you use it. Because it’s a task that is done so frequently, it’s important to understand what occurs at shutdown time, what options are available, and how these options affect system performance. The button-pushing part of shutting a system down is very easy. Just click the Vista Start Button; the shutdown buttons appear just to the right of the Windows Desktop Search box. From left to right, the first button is called the Power
328
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
button—it will either shut down your system or put it to sleep, which is not nearly as drastic as it sounds. In fact, putting a mobile computer to sleep is usually a great thing. The Power button can even switch between the two functions depending on circumstance, as you’ll see detailed in just a bit. To the right of the Power button is the Lock button. As the name suggests, the Lock button enforces a security measure that locks down the system. User credentials are required to unlock it again. The third is a simple arrow that brings up your full menu of shutdown options.
Shut Down and Other Power Options As seen in Figure 7.1, there are as many as seven shutdown options that can be triggered, some of which don’t really shut the computer down at all:
• • • • • • •
Switch User Log Off Lock Restart Sleep Hibernate Shut Down
Each of the different shutdown options affects a mobile computer’s power consumption in different ways, and each can be deployed as a best choice to meet a particular shutdown scenario where you’ll be walking away from the computer (or putting it in your bag) for a little while. In the subsections that follow, we’ll look at each option individually.
Switch User Switching users lets two (or more) people share the same computer with a minimum of hassle. Each user can have a completely separate Desktop, with different programs running that access, two completely different sets of data.
FIGURE 7.1
The multiple Vista Shut Down options
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
329
The advantage of Switching Users over logging off is that nothing has to be closed before making the switch. User A can be working on a rather lengthy Word document, for example, and let User B (quickly) check their e-mail by switching users. Upon switching back, User A will then see their Desktop—and thus all open applications and files—exactly as it was prior to the switch. To switch users, choose the Switch User option from the Start Menu shutdown options, and then select the user who wants to use the computer.
Travel Advisory Even though switching users does not require saving data before making the switch, it’s always a good idea to do so. Another user with the rights to shut down the system could do so and wipe out unsaved work in the other user’s session. Vista will warn them of this before proceeding, though.
The Switch User feature is a byproduct of something called Fast User Switching, which was also available in Windows XP and could be enabled or disabled by the computer administrator. In a domain environment, Fast User Switching was disabled by default, but it was enabled in a Workgroup. The difference in the Vista environment is that this feature is always enabled no matter what and cannot be toggled on and off. Under Windows Vista, you should always have the ability to switch users.
Log Off and Lock Logging off a session is a very orderly method of changing users and was the default method of switching users under Windows XP when joined to a domain. From either platform, the Log Off option forces any open programs to close and should provide the user the option to save any unsaved work. The computer remains powered up, and other users can log in and begin a new session. The main advantage of logging off is that you don’t need to worry about another user shutting down the computer and losing your data. Logging off causes the data you’re working on to be tucked away safely to the hard drive. It also serves as a security measure: logging off means that anyone else trying to access the machine will be forced to present account credentials before accessing the Vista Desktop. In many corporate environments, logging off is required behavior when the user is going to be stepping away. To log off, click the Start button, then use the menu and choose Log Off. Locking a computer is another security measure meant for brief departures from the system. It prevents access to the Desktop until the currently logged-on user (or the administrator) comes back and unlocks the computer with the appropriate credentials.
330
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Especially in secure environments, it should be common practice to lock the machine when leaving it unattended. Administrators can even configure Group Policy Objects that lock the computers automatically after a given idle time. To lock the computer, just click the Start button and select Lock.
Restart Restart performs what’s known as a “warm” or “soft” reboot of the machine. During a Vista Restart, the operating system software controls the Restart process, and power to the machine is never severed. The Restart represents an orderly shutdown and restart of the Vista operating system. Restarts are (still) often necessary after software installations, especially those that involve a hotfix or patch of the operating system. Some utilities, such as the Memory Diagnostics Tool, also require a system restart. Users with the appropriate user rights (including both Standard and Administrative accounts) can initialize a restart at any time. To do so, click the Start button and choose the Restart menu option.
Sleep Here’s where the Vista power options get more interesting and where you should find the most fertile ground as far as certification testing goes. The ability to put a computer to sleep represents a new feature of Windows Vista. “Sleep,” at least when speaking about a Vista machine, is a new power state that offers two great benefits. These benefits are essentially a combination of two power states that were available with Windows XP (and which are still available under Vista). By putting a computer to sleep, users and network administrators alike receive:
• •
The quick shutdown procedure of Standby, although the computer doesn’t really do this; the working environment is stored in memory The data protection of Hibernate
When your computer sleeps, Vista automatically manages memory using Windows SuperFetch, a new memory technology discussed in Chapter 6. In fact, the work of SuperFetch is highly noticeable when resuming from Sleep, as users can get their entire working environment back in what is usually just a matter of seconds.
Travel Advisory Sleep’s real-world performance is a highly debatable issue. I’ve used a “Vista Capable” laptop that had insomnia, apparently—it absolutely wouldn’t Sleep—and this is one of my milder complaints. For more, type Vista sleep problems into a search engine and see the fun that ensues.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
331
As you might guess, Vista’s sleep benefits are especially noticeable on laptop computers, where frequent interruptions of the working environment (an hour here or there in the hotel room, airport, or coffee shop—make that two hours in the coffee shop) are the norm. This last point is worth drawing out in more detail, both to help you associate some raw cost savings numbers with this new technology and better underscore the reasons you are likely to see this mentioned on the exam. Power Savings in Sleep Mode Placing a laptop in Sleep mode—or configuring the power options so that it goes to sleep after a brief idle period—can have a dramatic impact on battery life. (The new Power Options Control Panel application is detailed later in this section.) This power savings can be put to use on a desktop as well. Whether deployed on a desktop or laptop system, the Sleep option will help you save time and battery life when dealing with a laptop system, and money when dealing with a Desktop. Why? Because while in Sleep mode, a Desktop uses only a fraction of the power it uses when running under full power. If your company’s users typically leave their computers on when leaving the office, for example, a policy that puts them to Sleep can save a significant amount of power. And electricity, as anyone who’s ever written a check to the power company knows, isn’t exactly free. Multiply this power savings by the numbers of computers in the network, and Sleep mode can mean a huge cost savings as well. Jim Allchin has a white paper summarizing power consumption and the Sleep mode this way: A typical Pentium 4 PC with a 17" LCD monitor draws about 102.6 watts of power (think about a 100-watt light bulb). That same PC and display in a sleep state draws only 5.6 watts, or 97 fewer watts. If you figure that a PC is used for active work for 10 hours a day, 5 days a week, 52 weeks per year, that is 2,600 operating hours. With 8,760 hours in a year (365*24), there are actually 6,160 potential idle hours per year. Since sleep mode uses 97 fewer watts than full power mode, the total savings is 597 kWh per year—and by the way, the impact is obviously even greater (760 kWh) if you use a CRT monitor since they draw more power than LCDs. …The paper [Allchin is referring here to a much longer White Paper on Vista’s energy consumption] uses an estimate of $0.0931 per kWh from the U.S. Department of Energy, so for a home user with one PC, the savings amounts to $55.63/year (more if the PC is used less than 10 hours a day). While that is great savings for a home user, think about an enterprise with 10,000 desktops where the potential cost savings would be $556,300/year.
332
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
…Each PC that moves to Windows Vista generates 926 fewer pounds of carbon dioxide or about 8 percent of what the EPA estimates that a typical car generates in the course of a year—so for every 12 and a half PCs that are running with Windows Vista’s new power management capabilities, it’s like having one less car on the road. My emphasis is on the numbers here, because seeing the actual numbers behind Sleep mode behavior is much more powerful than simply describing what it is and how it works. You can, of course, scale this cost savings to fit your particular situation. A company with one thousand PCs, for example, can expect savings of roughly $56,000 U.S. Meanwhile, a hundred-person firm might realize a $5,600 U.S. net benefit. This is to say nothing of the possible air conditioning costs that could also be factored in—computers and monitors produce heat. These kinds of cost savings in power consumption alone can go a long way toward justifying the Vista investment to a CFO. Will there be some expense associated with an upgrade to Windows Vista? Yes. Might this upgrade pay for itself in terms of electric bill savings? Here also the answer might be yes. Keep in mind that Sleep mode requires at least some draw on power, however. On a mobile system, Sleep typically uses one to two percent of battery power per hour. Even at this reduced rate, it will eventually drain the battery completely. However, there’s a failsafe for even this. To prevent loss of data, Vista automatically transitions into Hibernate mode before the battery dies. So, even if you put your system to Sleep, place it into your laptop bag, and then head out on vacation for a week or two, Vista will still make sure that work that was open when you put the system to Sleep is not missing upon your return. But I Don’t See Sleep on My Computer You may not see Sleep on your computer. Sleep’s availability depends on several factors. If you don’t have the Sleep option available, it could be due to one of these limiting factors:
•
The video card doesn’t support it. In order to sleep, the video card must support this feature. But if it doesn’t right now, don’t despair. Sleep is new, and all that could be standing between you and Sleep is a driver update.
•
Your system administrator isn’t allowing sleep. Vista Business, Enterprise, and Ultimate computers can join a Windows domain. This means they can also be managed by Group Policy Objects (GPOs), and GPOs can enforce restrictions about usage, including the ability to use Sleep mode.
•
Sleep is disabled in the computer’s BIOS. Your BIOS may have the Sleep function disabled, preventing Vista from utilizing it as well. The good
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
333
news, though, is that this is usually the easiest problem to fix. To enable Sleep, restart your computer and enter the BIOS setup program. (Refer to manufacturer instructions about how to launch BIOS setup. Usually, you just press a key such as F10 or DELETE.) Change the necessary BIOS setting, save, and exit. Note that a lot of desktop computers, especially older ones, do not support the Sleep option. You should also know that on a mobile computer that supports it, Sleep is the default action for both the Power button on the Start Menu and when you simply close the lid of your computer. When the Sleep Button Doesn’t Put the Computer to Sleep The only exception to the default Start Menu power button behavior—that is, putting the computer to Sleep—is when Vista has recently downloaded and installed operating system updates. In this case, the Power button changes to a Shut Down button, except there’s the Security Center shield icon over it, as shown here. This indicates that updates have been installed and that the computer needs to be shut down and restarted for these changes to take effect. Clicking the Power button in this instance does just that.
Hibernate Hibernate is another power saving state that allows a user to come back to the work environment just as they left it. The difference between Hibernate and other low-power options like Standby and Sleep, though, is that the computer is actually turned off, so there’s no drain on power. You can use Hibernate on a Friday at 5 P.M., for example, and come back to the exact same workspace the following Monday at 8 A.M. without spending a moment’s worth of your battery life. How so? Hibernate writes the entire contents of working memory to a file called hiberfil.sys. This file is then stored on the hard disk. When resuming from Hibernate mode, Vista retrieves the contents of hiberfil.sys and regenerates the Desktop just as it was. That is, if you hibernated while in the middle of a Word document, you get the exact same document when resuming, down to the cursor’s insertion point. It’s a great feature and can save a lot of time re-creating your work environment compared to a full shutdown. The drawback to Hibernate is speed. Hibernate writes a file and stores it to hard disk, and it can take a minute or so. In Windows Vista, though, much of the Hibernate functionality has been replaced by Sleep. In fact, Hibernate is not even available anymore as a default option—users who still want to use Hibernate must first enable it by configuring some of the Advanced Power settings, as will be discussed later in this chapter. Why isn’t it available? Because Sleep mode is (purportedly) much faster at restoring the user’s session.
334
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
To put a computer into Hibernate mode, simply choose it from the Shut Down menu options. And speaking of the Shut Down menu, there’s also the Shut Down option.
Shut Down Shut Down describes not one single option, but more accurately a series of shutdown processes. When a computer shuts down, it first closes all open programs, then closes Windows Vista, then turns off your monitor, and finally, kills the power to your computer. Shutting down a computer does not automatically save all open files, although many programs ask you to save before they are force-closed by Vista’s shutdown procedure. The advantages to Shut Down lie in both power savings and in data protection. Obviously, a system that is off isn’t going to draw power. And, short of outright theft, it’s all but impossible to access data on a system that’s not on. To shut down, select the bottom option on the Shut Down menu. Remember that even though Sleep is Vista’s preferred method of power management, it might not be your preferred Shut Down scenario. It’s possible that your system’s Start Menu features the Power button instead. Why would you see a Power button rather than a Sleep button? There are three possible explanations:
• • •
Your system does not have Sleep capability, or the option was disabled in the system BIOS. Your system is being governed by a Group Policy setting that forces you to always shut down the computer. Your computer needs a restart to finish installing software updates. In that case, the Power button looks like this:
If you’re using a modern laptop computer, these should be the only times you see the Shut Down button on the Start Menu unless you’ve configured the Vista power options so that the default behavior of the button is changed. How do you change the Start Menu’s power button behavior? The answer is provided in the following section, which discusses Vista’s new Power Management options.
Vista Power Management As mentioned at least a couple of times in this book, Vista has focused much of its reengineering efforts to make it a significantly better choice for laptop computers. Putting the computer to Sleep rather than in Standby or Hibernate modes is just the tip of the iceberg, though. There are several other improve-
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
335
ments in how Vista handles power options, and users now have much more control over what options are configured and when. This power management capability extends to administrators as well, of course. Not only can administrators specify power options on an individual computer basis as will be discussed in this section, but there are also several new Group Policy settings that can manage power options for entire groups of computers. We’ll touch on the Group Policy options in just a bit. For now, we’ll concentrate on the options that can be configured on an individual machine. To get started, open the Power Options console from the Control Panel. It can be found under the Hardware and Sound grouping, but the easiest way to locate this console is to simply type power at the Vista Start Menu. The Power Options should appear at the top of the Programs list. The three possible power plans, as shown next, represent a starting point for governing mobile computer power consumption, and other plans can be added and removed as needed:
• • •
Balanced weight.
Gives battery life and computer performance equal
Power Saver Uses processing power at as low a rate as possible in order to extend battery life as long as possible. High Performance Maximizes computer performance without regard to battery life. The computer should perform almost as speedily as it does when plugged in.
336
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Vista chooses the Balanced plan as the default. As you can see in the illustration, some manufacturers will rename the Balanced power plan as part of their Original Equipment Manufacturer (OEM) setup. In this case, the Balanced plan is called the “Dell Recommended” plan. If you’ve performed a clean install of Vista, your default power plan should be called “Balanced.”
Travel Advisory Another way to quickly access the Power Options console is to rightclick the battery icon in the System Tray and choose Power Options.
Choosing one of these three preconfigured power plans is just the tip of the iceberg. Each of these plans is comprised of numerous individual power behavior settings that can be adjusted to exactly your liking by following the Change Plan Settings link. Or, you can create your own power plan from scratch. The best way to proceed is to use one of the three preconfigured power plans as starting points. To get started, follow these steps: 1. Open the Power Options console using the steps previously described. On the left side of the console, click the Create A Power Plan link. 2. In the Create A Power Plan dialog box, choose the template plan and give your new power plan a name. Click Next. 3. Now you need to configure these options for when the computer is running on battery and when it is plugged in:
•
Turn off the display Most power plans specify that the system turns off the display when on batteries sooner than when plugged in.
• •
Put the computer to sleep The interval when the system automatically goes into Sleep mode. Adjust screen brightness Dimming display brightness on battery power will conserve battery life.
4. Click Create to save your new plan; you should now see the Power Options console once again. 5. To really get into the inner workings of the plan, you’ll want to click the Change Plan Settings link and then the Change Advanced Power Settings in the ensuing dialog box.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
337
6. You will see the Advanced Settings Power Options dialog box, as shown next.
This dialog box presents you with an additional 12 power management categories, but these are just those you can see at the outset. To see all possible power options, click the Change Settings That Are Currently Unavailable link. You’ll be asked for administrative confirmation if User Account Control is turned on. Once you get to this Advanced settings dialog box, it’s just a matter of expanding an option and then configuring with a drop-down menu. For example, if you want to change the Start Menu power button so that the laptop shuts down rather than sleeps, expand the Power Buttons and Lid selection and then the Power Button action. For most actions, such as the lid close and Power button options, there are choices about behaviors both when plugged in and on battery power.
Travel Advisory I recommend that you not modify any of the three default plans. That way, they can still be used as templates for creating your custom plans, and you give yourself a chance to hit the reset button when you’ve made several changes to a customized power plan without having to back out of each individual change.
Change Sleep Options on Mobile Computers Because Sleep is a new Vista power management option, you can be sure to see at least some mention of it on the 620 exam. And because the Power Manage-
338
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
ment Control Panel application is also new, you can almost rest assured that you will see a question that will draw on knowledge of where these two new technologies intersect. You can configure Sleep behavior by changing Vista’s Power Options: 1. Open the Power Options Control Panel application. One easy method is to right-click the power meter in the System Tray and choose Power Options. 2. From the Select A Power Plan page, follow the Choose What Closing The Lid Does link. 3. In the Define Power Buttons And Turn On Password Protection page, look at the third option in the list of possible actions, as shown next.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
339
The drop-down choices let you specify what happens when you close your laptop’s lid. You can configure different options for when the system is on batteries and for when it is plugged in. Click Save changes to complete the procedure. Earlier in this section, I mentioned that certain power management options such as Sleep behavior can sometimes be governed by Group Policy Objects. Because the test focuses mainly on Windows Vista administration, not end user features, it’s crucial to understand how Power options can be set with this administrative lever.
Configure Power Settings with Group Policy Administrators have the ability to configure power options with Group Policy Objects. As discussed earlier, the new Vista power options such as Sleep can save a considerable chunk of money per year on a single machine. Implemented across an enterprise, this can have a substantial impact on the bottom line. Prior to Windows Vista, companies had to enforce Hibernate and other power management edits with third-party tools such as Desktop Standard and Full Armor.
Travel Assistance Group Policies can only be deployed on the Vista Business, Enterprise, and Ultimate editions, so what follows won’t be applicable in many situations. For a full discussion of Group Policy on Windows Vista, please see Chapter 3.
To configure and deploy a Group Policy power management setting, follow these steps: 1. Open the Group Policy Object Editor for the Local Machine. There are lots of ways to accomplish this, but one of the easiest is to type gpedit.msc from the Start Menu Quick Search dialog box. 2. The Local Group Policy editor appears in the list of programs (it should be the only thing listed, in fact). Launch the application. You’ll be asked for administrative confirmation if User Account Control is enabled.
340
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
3. As shown next, navigate to the following Group Policy node: Computer Configuration | Administrative Templates | System | Power Management.
From this parent node, you will now see several subfolders of individual power options settings, including the following:
• •
Button Settings Specifies what will happen when one of the system’s power buttons is pushed.
• • •
Notification Settings Configures notification behavior when the battery reaches low or critical levels.
Hard Disk Settings Governs the hard disk shutdown interval when plugged in and when on battery power. A lower timeout when on battery power will maximize battery life.
Sleep Settings Contains the most individual settings, all revolving around when and how sleep occurs, if at all. Video and Display Settings Specifies display settings that can help conserve power by turning off when the computer is not being used.
There is also a single setting, called Prompt For Password On Resume From Hibernate/Suspend, that’s located under the User Configuration settings. This is more of a security setting, however, and doesn’t technically have anything to do with how the computer uses power. The Power Management settings govern
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
FIGURE 7.2
341
Choosing the active power plan
computer behavior, not user behavior, so remember to look for your power management settings in the Computer Configuration node. In short, pretty much every power management action that can be configured with the Power Options Control Panel application can also be set by an administrator with the new Group Policy power management settings. To get started with the configuration, double-click the setting to bring up its Properties dialog box. For example, an administrator can configure the power plan for a user rather than leaving this choice up to the individual. To do this, double-click the Select An Active Power Plan setting from the Power Management root node (it’s one of only two available settings there). You’ll see the dialog box shown in Figure 7.2. One very important feature of this setting is that it’s only supported on At Least Windows Vista computers. If you’re administrating a large enterprise with a mixed Windows Vista and XP client base, you can configure the Power Management settings at the domain level, but settings such as these will only be applied on Windows Vista or later operating systems. The test shouldn’t cover this particular aspect, but it doesn’t hurt to know. What will undoubtedly be covered, however, are the new enhancements to the mobile computing platform that have affected Tablet PC usage. The next objective looks at these changes.
Objective 7.03
C
Configure Tablet PC Software
omputers are great at handling typed text: typing is neat, clean, and easily digitized. This in turn means that text can easily be saved, reproduced, and transmitted to others.
342
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
So in the twenty-first century, there’s no longer any need for handwriting, right? Every time a human needs to write something down, they can just look for their nearest laptop computer. Countless trees can be saved, and you’ll never lose that important phone number you scored last night when doing a load of laundry. Not so fast. Humans are tactile creatures, and there are still lots of instances where nothing beats grabbing a pen and sheet of paper to scribble down a thought or two. Besides the mission-critical task just referenced, handwriting usually trumps keyboard and mouse in these situations:
• • • • • •
A doctor visits a patient and writes a prescription or notes about care. A mother takes notes while on the phone with her child’s teacher. A husband jots directions to a florist he’ll visit on the way home. A foreman updates project information while visiting a construction site. A student takes notes on a professor’s lecture. A secretary takes notes at a company meeting.
What’s more, many of these tasks can be enhanced by the ability to leverage a computer’s ability to save, recall, and transmit that handwriting. Would it be easier for the student to refer to class notes if they were stored on a computer rather than in a spiral notebook? How about the foreman with his notes on construction progress? Would it be easier to e-mail notes to a supplier, or travel back to the office, transpose, and then do the same? What about those directions? Maybe you don’t have time to run that errand today. How likely are you to find that Post-it note a week later? The answer to many of these quandaries and more is a Tablet PC, of course, which seeks to bridge the gap between the digital and analog worlds of communication. This bridge attempts to make computer use as effortless as possible because Tablet PCs conform to humans and the way we first learned to write—with a pen and handwriting—rather than the other way around. Further, as you’ve already noticed, there’s no longer a separate Tablet PC edition of Windows Vista as there was in Windows XP. Instead, all Tablet PC functionality is bundled into the Vista operating system itself and enabled automatically when Setup detects that the computer it’s installing on is tablet-capable. Why is this a big deal? Because in the Windows XP world, businesses that wanted to deploy both laptop and Tablet PC computers had to maintain at least two different images for deployment: one image for the laptops running Windows XP Professional and one for the Tablet PC devices running Windows XP Tablet PC edition. Now corporations need only maintain one image and can deploy no matter what the platform.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
343
However, you should know that Home Basic is excluded from the discussion of Tablet PC functionality. All other Vista versions support use as a Tablet PC, but not Home. Furthermore, the Tablet functionality in Windows Vista has changed in several ways over Windows XP, as discussed in the next sections.
The Tablet PC Input Panel For starters, consider the Tablet PC Input Panel (TIP). It’s now out of the way until you need it. Move the TIP anywhere on the left or right side of the screen and it will remain hidden there with just enough of the edge showing so you can open it when needed. Figure 7.3 shows the TIP hidden. The TIP still shows on the screen automatically when the pen is in a text input area. As you might expect, however, this is a configurable behavior. To modify how the TIP appears, follow these steps: 1. Select the Preferences from the Tablet Input Panel options dialog box. 2. Choose (or tap; it’s a Tablet after all) on Tools, and then choose Options on the TIP Toolbar. 3. Select the Opening tab of the Options dialog box, as shown next. You’ll see several options governing TIP behavior under the Input Panel icons and tab section.
344
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
FIGURE 7.3
The Tablet Input Panel remains hidden until you call for it.
If you leave the defaults alone, you can also drag the Tablet Input Panel to the location of your choosing with a simple click and drag operation.
Travel Advisory The ability to write on your computer improves as Vista becomes more adept at recognizing your particular style of handwriting.
Back of Pen Erase and Scratch-Out Gestures Some Tablet PC pens have erasers on one end of the pen. Why would a manufacturer put an eraser on the end of a digital pen? Same reason that Faber-Castell puts erasers on the end of their Number 2s. Assuming your Tablet PC has the right hardware, you should be able to delete writing in the writing pad, character pad, and correction area with the pen’s “eraser.” What’s more, Vista introduces new scratch-out gestures to allow you to delete handwriting or recognized text in the Input Panel. The Tablet scratch-out lets you use a more personal style of crossing out text. The new scratch-out gestures include the following options:
• • • •
Strikethrough
A horizontal line drawn across a word
Vertical A mark in the pattern of an M or W Circular Angled
Circling around a word or letter A diagonal hash through deleted text
If you’re used to making deletions using the Z-shaped gesture in vogue with Windows XP Tablet PC edition, you are able to use that as well. In fact, you can instruct Vista to recognize only the Z-shape as the deletion command. I’ll detail the steps later on in this section.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
345
Changing Screen Orientation You may have already noticed another handy Tablet PC feature when you opened the Windows Mobility Center: the Screen Orientation feature. There are four possible settings here that help users get the most out of their Tablet PC writing area:
•
Primary Landscape The default orientation; the Taskbar appears at the bottom of the screen, with the top of the Desktop positioned at the top of the display.
• •
Secondary Landscape Reverses the primary landscape orientation, placing the Taskbar at the top of the display instead.
•
Secondary Portrait
Primary Portrait Configures the Tablet PC display more like a traditional sheet of writing paper, moving the Taskbar to the left edge of the display. The inverse of the primary portrait orientation.
Other General Tablet PC Settings When you start using a pen rather than a keyboard, you’ll probably want to configure handwriting settings. Vista offers quite a few more of these options than XP Tablet PC version. Your starting point will likely be Control Panel’s Mobile PC console. Once here, choose the Tablet PC Settings link (in XP, it was the Tablet And Pen Settings), which will open the dialog box shown next.
346
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Another way to quickly locate the Tablet PC settings dialog box is to use the Start Menu’s integrated Instant Search feature—just type tab at the Start Menu, for example. The Tablet PC Settings should appear at or near the top of the list of programs. In this dialog box, previous Tablet PC users will likely notice that the General tab is essentially the same as the old Settings tab found in Windows XP. The Display tab is also identical to its predecessor. However, there is a new Handwriting Recognition tab that contains two sections:
•
Personalization You can provide Vista with samples of your handwriting. This increases the accuracy of the handwriting recognizer (the feature that converts handwritten text into typed text) but only when the Use The Personalized Recognizer check box is activated.
•
Automatic Learning This feature collects information about your handwriting, including the words you write and the style in which you write them. This applies not only to your handwriting—the ink you write in the Input Panel, the recognized text, and the corrected text—but also to your typing, including e-mail messages and web addresses typed into Internet Explorer. To use this feature, activate the Use Automatic Learning option.
Travel Advisory The Automatic Learning feature stores information on your computer as part of the user profile. If you’re concerned that this will expose sensitive data to people who might hack or steal your system, you should turn off this feature.
Pen Cursors When using a Tablet PC, it can be a challenge knowing if you’ve clicked, double-licked, or right-clicked. Pen cursors provide crucial feedback to help lessen the confusion. For example, when you hover the pen above the screen, a small dot appears. This little dot helps you point to exactly the button you want to—otherwise, selecting something with your pen can involve more than a little guesswork. Also, once you make the tap (equivalent to the left click), a small ripple appears. Right-clicking produces an even stronger ripple, bordered in white. To configure these pen cursor options, follow these steps: 1. Open the Control Panel and then open the Pen And Input Devices applet. If using the Standard view, it’s located in the Mobile PC grouping.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
347
2. Next, follow the Change Tablet Pen Settings link, and you’ll see the Pen And Input Devices dialog box, shown next.
By default, all pen cursor actions are selected, but any or all of these can be changed by unchecking the appropriate boxes.
Pen Flicks Next to the Pointer Options tab in the Pen And Input devices dialog box is the Flicks tab. Flicks are natural, “handwritingesque” motions that help you use your pen more effectively by essentially transforming it into a magic wand. Using pen flicks, you can scroll a window up or down or navigate forward and backward on the web with a quick little wave of the pen. With the second option, Navigational Flicks And Editing Flicks, you can also perform tasks such as paste, delete, and undo. What’s more, these pen flicks are completely customizable to better suit your Table PC usage needs. In fact, you can use a pen flick to perform any action you can carry out as a keyboard shortcut. Just tell Vista what the pen flick means, and then use the flick to make Tablet PC usage more efficient than ever. To tailor pen flick behavior to your liking, follow these steps: 1. Open the Control Panel and open Pen and Input Devices. Choose the Flicks tab.
348
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
2. Choose the Navigational Flicks And Editing Flicks link, and then click the Customize button. 3. The Customize Flicks dialog box, shown next, lets you select from several drop-down menus of predefined flick actions. Alternately, you can choose Add to associate any key combination with a particular flick.
4. On the same tab, adjust the sensitivity of your flicks to get the best performance without triggering a flick accidentally. During normal Tablet PC usage, you might perform an action that can be performed more quickly using pen flicks. If so, you should receive notification from a learning wizard regarding help with the pen flicks. Vista will only send such notices once in a 24-hour period. If you don’t use the help, this reminder will go away after the third notification.
Objective 7.04
A
Configure Mobile Devices
modern computing environment, even for the single user, usually involves data being stored across multiple devices. But the end user wants a single set of working data, not multiple versions of working data on each device or storage location.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
349
Home users, for example, might want to hook up a smart phone and keep e-mail, contacts, and maybe even an Excel spreadsheet or two on the phone. They also might want to attach removable drives to both expand storage and back up data. Enterprise users have similar data synchronization needs. They might want to connect their laptop to a Personal Digital Assistant (PDA) to keep sales leads at their fingertips wherever they go. Applications such as Microsoft’s Customer Relationship Manager (CRM) make this possible and address a crucial mobile sales force need. An administrator may have redirected their Documents folder to a network location and to make use of offline files and keep server-based data on the laptop at all times. How is all this data synchronized? In the past, each data storage device had a separate synchronization routine. Users were faced with configuring separate sync relationships using separate utilities. Now, however, Vista offers the Sync Center, shown in Figure 7.4, where sync relationships can all be managed from a central location.
The Sync Center The Sync Center’s job is to let users initiate a manual sync, stop a sync that’s already in progress (such as when a device is first connected and syncs automatically), view the status of current sync activities, and receive notifications about sync conflicts.
FIGURE 7.4
The Vista Sync Center
350
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Note that the Sync Center doesn’t replace the actual synchronization utilities themselves. Most of the Sync Center’s duties are informational. Offline files, for instance, still synchronize using the offline files mechanism—copies are pulled down from the network share and stored locally under the Windows directory. If you want to specify which data sets of Outlook are synchronized to your Windows Mobile Device—Contacts, Calendar, and so on—the Sync Center will direct you to the Windows Mobile Device Center. Alternatively, in the case of a partner device, you’re steered to a third-party utility (such as for Palm or Blackberry devices). In this way, the Sync Center behaves much like the Windows Security Center; the utility serves as a dashboard that directs you to the underlying utilities themselves. The Windows Firewall, for example, is a separate application from whatever antivirus program you’re using, but the Windows Security Center can provide the status of each and let you launch the Windows Firewall configuration utility. There are a few behaviors and relationships that are configured with the Vista Sync Center, as discussed in the following section.
Set Up a Mobile Device Partnership with the Sync Center Under most circumstances, you’ll configure your sync relationships elsewhere. The Sync Center is where you will go to either view the status of or perform manual syncs with your mobile devices. There are certain kinds of sync relationships that can be initiated using the Sync Center, however. One such relationship is Offline Files. To configure an Offline Files relationship, follow these steps: 1. Open the Control Panel and then the Sync Center. If using the Standard view, look under the Mobile PC grouping. (You can also use the Vista Mobility Center.) 2. In the list of Tasks, click the Set Up New Sync Partnerships link. 3. Now you can choose from the list of possible sync relationships. Choose the Offline Files relationship. 4. A Setup button appears above the list. Click it and a dialog box appears, as shown next, providing instructions about how to establish the Offline Files partnership.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
351
Follow the instructions on this page to complete the sync relationship.
CHECKPOINT ✔Objective 7.01: Configure Mobile Display Settings
In this objective, we examined how to configure the Vista display. Although many of these topics apply to the Vista environment whether or not you’re configuring a laptop, we focused mostly on mobile display considerations such as sending the display to an external monitor.
✔Objective 7.02: Configure Power Options
This objective covered the many power configuration settings now available with Windows Vista. Of these, you should focus mostly on understanding the Sleep shutdown feature; you should also know how to manually configure a new Power Options plan.
352
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
✔Objective 7.03: Configure Tablet PC Software
Another important aspect of the mobile computing platform under Windows Vista is the built-in support of Tablet PC functionality. In this section, we examined how to use handwriting, but the main goal here from a testing perspective is how to tailor the handwriting options to meet the needs of the individual user. We looked at the Pen And Input Devices dialog box and the Tablet PC Settings options.
✔Objective 7.04: Configure Mobile Devices
Configuring mobile devices is not going to be a huge day-to-day administrative task, and you shouldn’t see it brought up on the 70-620 exam a whole lot, either. If you understand the function of the Windows Vista Sync Center, you can consider yourself one question closer to passing the test.
REVIEW QUESTIONS 1. You have a relative who just purchased a new Windows Vista Home Premium Desktop computer. The new machine has a 256MB graphics card and Vista configures the default screen resolution at 1200 × 800 pixels. Your relative reports, however, that they cannot read the words on the screen. How can you best address this problem while still leveraging the capabilities of the graphics card? A. Open the Personalization Control Panel application and change the screen resolution to a larger setting like 800 × 600. B. Open the Personalization Control Panel application and use the Adjust Font Size (DPI) dialog box to increase the size of Vista’s fonts. C. Open the Personalization Control Panel application and use the Themes link to change the Vista theme to the High Visibility theme. D. Open the Personalization Control Panel application and access the Windows Color And Appearance settings, and then click the Classic Appearance For More Options link. Choose the Advanced options, select the Message Box item, and increase font size. E. None of the above. 2. You are preparing for a presentation from your Vista Business edition laptop computer and have just connected an external projector. What options will you have in the dialog box presented by Vista when the projector is detected? (Choose all that apply.) A. Mirrored B. Duplicate On This Display
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
C. Virtual Desktop D. Extended E. External Display Only 3. You have connected an external LCD screen to your Vista Ultimate laptop for the purpose of showing Media Center content on the larger screen. The external LCD monitor is a widescreen monitor and uses a different screen resolution. When you project the laptop screen, however, you are unable to take advantage of the higher resolution supported by the external LCD. How should you address this situation? A. Open the Windows Mobility Center and choose the Connect Display button. Vista will then present a dialog box that allows you to manually configure the external monitor. B. Open the Windows Device Manager. Right-click the computer object and select Scan For Hardware Changes. Then manually install the drivers for the external display and adjust display settings such as screen resolution. C. Open the Personalization Control Panel application and choose the Display Settings link. In the Display Settings dialog box, choose the external monitor and then adjust display settings. D. Disconnect and reconnect the external display. In the New Display Detected dialog box, select the Extended option to create a single logical desktop, and then adjust settings for the display using the Personalization Control Panel application. E. None of the above. 4. You are considering an upgrade of Windows XP Tablet PC edition to Windows Vista Home Premium. Which of the following features will you be able to use in Windows Vista Home Premium that you could not use with the XP Tablet PC edition? A. B. C. D. E.
Auto Complete in the Input Panel Back of pen eraser Enhanced scratch-out gestures The Input Panel tab All of the above
5. You are using a Vista Home Basic edition on a laptop computer and are now getting ready to give an hour-long presentation. You know that your system’s power options dictates that the computer’s monitor will go off after 5 minutes of inactivity, and that the computer will sleep
353
354
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
after 20 minutes. What can you do to make sure these things don’t happen during the presentation? (Choose all that apply.) A. Open the Group Policy Object editor and configure a Computer Configuration Power Management setting that will enable applications and services to prevent the system from sleeping. B. Just before giving the presentation, use the Windows Mobility Center and click the I Am Currently Giving A Presentation check box. C. Open the Power Options Control Panel application and configure the Turn Off Display After setting to Never. D. Open the Power Options Control Panel application and configure the Sleep After setting to Never. E. All of the above. 6. You have a laptop computer that is running Vista Business edition, and you are investigating the new Mobility Center. Which of the following can be configured using the Windows Mobility Center? A. B. C. D. E.
Battery status Screen brightness and rotation External Display settings Presentation settings All of the above
7. You are using a laptop running Windows Vista Ultimate edition that is part of a Windows Server 2003 domain and are logged on as an administrator of that laptop. You want to configure a new power plan that does not dim the display when running on battery power, but you are unable to make changes to the power plans. What is the most likely cause of this behavior? A. The system’s power plans are being configured using a Group Policy setting that has been configured at the domain level. B. Vista Ultimate edition automatically adjusts power plans to optimize both battery life and performance depending on what the user is doing. This is one of the features that is only available with the Ultimate edition. C. There is a Multiple Local Group Policy setting that has been configured so that all non-Administrators are prevented from making changes to Vista’s power plans. User Account Control behavior prevents even administrators from making system-wide changes until proper credentials are supplied.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
D. Display brightness is not a configurable setting with the power plans. This is a setting that is governed by the hardware manufacturer, not by software. E. None of the above. 8. Windows Vista includes a new Power Management utility with three preconfigured power plans that determine how power is consumed by components such as hard disks and monitors. It can govern processor performance to adjust power comsumption. The power plans also specify when and how power-saving modes like Sleep and Hibernation are used. Which of these is not one of the default plans? A. B. C. D. E.
Balanced Power Saver Let Windows Decide High Performance Best Battery Life
9. You have configured a mobile device to synchronize contact and calendar information along with some music files with your Windows Vista Home Premium computer. You now attach the device and perform a sync operation but are informed that errors have occurred. What should you do to resolve the conflict? (Choose all that apply.) A. Open the Vista Sync Center. In the left pane, choose the View Sync Conflicts item, select a conflict and then choose Resolve. B. Back up your mobile device information using the Vista Backup And Restore Center, then perform a hard reset of the mobile device using manufacturer instructions and re-establish the sync relationship. C. Use the Vista Sync Center and establish a second instance of the computer/mobile device partnership. After performing a full synchronization, delete the original relationship in which conflicts were being reported. D. First isolate the source of the problem by running the Vista Memory Diagnostics Utility (mdsched.exe). If there are no problems with the Vista computer, you know that the problem lies with corrupted memory in the mobile device. E. Do nothing. Vista automatically resolves all sync conflicts but can only resolve them during system idle time. 10. You have just purchased a mobile phone running Windows Mobile 5 in order to synchronize contact, calendar, and e-mail information with
355
356
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
your Windows Vista Ultimate computer. You attach the Windows Mobile for the first time. What is the next step to take? A. Open the Vista Sync Center and choose the Set Up New Partnership link from the list of Tasks. B. Open the Device Manager. Right-click the Computer object and perform a Scan For Hardware Changes. C. You don’t need to take any action until the Vista Sync Center opens automatically upon detection of the Windows Mobile 5 phone. You can then use the Sync Center to determine what information will be synchronized. D. Open the Control Panel and add a new network connection for the Windows Mobile 5 phone using the Network and Sharing Center. This will allow you to synchronize without having to physically connect the phone to the computer. E. None of the above. Windows Mobile devices don’t work with the Vista Sync Center. There is a separate application that handles Windows Mobile 5 sync relationships.
REVIEW ANSWERS 1.
The best way to handle this situation is to use the Personalization application to adjust the DPI Scaling setting. Changing to a larger scale makes all text generated by Windows Vista easier to read.
2.
The Vista New Display Detected dialog box presents the user with three options upon attaching the external display: Mirrored, Extended, and External Display only. You can toggle between the three options on most laptops using the FN-F5 key combination.
3.
If you have an external display attached, it should appear in the Display Settings dialog box. Once there, all you have to do is select the external monitor and then adjust settings just as you do for your primary screen.
4.
All of these features are new enhancements to the Tablet PC experience under all editions of Windows Vista with the exception of Windows Vista Home Basic, which does not include support for Tablet PCs.
5.
You can use any or all of these possibilities to prevent the computer from either turning off the display or going to sleep during a presentation. The Windows Mobility Center is not available on a Vista Home edition computer.
CHAPTER 7 Configuring and Troubleshooting Mobile Computing
6.
All of these can be configured using Vista’s new Mobility Center.
7.
The most likely cause of this behavior is that a power plan setting has been configured at the domain level that is preventing changes for the computer. Power Management settings are just one of the many new setting groups available with the release of Windows Vista.
8.
Part of Vista’s appeal is its better management of battery life on laptop computers. The Vista power plans control hard disk behavior, monitors, sleep mode, hibernation, and system performance when on battery power. Three are configured by default: Balanced, Power Saver, and High Performance. Some computer manufacturers rename these power plans, however, to plans such as Dell Recommended.
9.
This is the only solution you will need. When you click Resolve, the Sync Center opens the Conflict Resolution dialog box, where you can resolve each conflict one at a time or resolve multiple conflicts simultaneously.
10.
Believe it or not, the Vista Sync Center doesn’t work with Windows Mobile 5 devices. You will have to install the Windows Mobile Device Center instead. The Windows Mobile Device Center enables you to set up new partnerships and synchronize content with any Windows Mobile device, and the Windows Mobile Device Center is only supported on Windows Vista (in Windows XP, the application was ActiveSync).
357
This page intentionally left blank
About the CD-ROM
A
The CD-ROM included with this book comes complete with MasterExam, the electronic version of the book, and Session 1 of LearnKey’s online training. The software is easy to install on any Windows 98/NT/2000/XP/Vista computer and must be installed to access the MasterExam feature. You may, however, browse the electronic book directly from the CD without installation. To register for LearnKey’s online training and a second bonus MasterExam, simply click the Online Training link on the Main Page and follow the directions to the free online registration.
System Requirements The software requires Windows 98 or higher, Internet Explorer 5.0 or above, and 20MB of hard disk space for full installation. The electronic book requires Adobe Acrobat Reader. To access the Online Training from LearnKey you must have RealPlayer Basic 8 or Real1 Plugin, which will be automatically installed when you launch the online training.
LearnKey Online Training The LearnKey Online Training link will allow you to access online training from Osborne.Onlineexpert.com. The first session of this course is provided at no charge. Additional sessions for this course and other courses may be purchased directly from www.LearnKey.com or by calling (800) 865-0165. The first time that you run the Online Training, you will be required to register with the online product. Follow the instructions for a first-time user. Please make sure to use a valid e-mail address. Prior to running the Online Training you will need to add the Real Plugin and the RealCBT Plugin to your system. This will automatically be facilitated to your system when you run the training the first time.
Installing and Running MasterExam If your computer CD-ROM drive is configured to autorun, the CD-ROM will automatically start upon inserting the disk. From the opening screen you may install MasterExam by pressing the MasterExam button. This will begin the in-
359
360
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
stallation process and create a program group named “LearnKey.” To run MasterExam, use Start | Programs | LearnKey. If the autorun feature did not launch your CD, browse to the CD and click the LaunchTraining.exe icon.
About MasterExam MasterExam provides you with a simulation of the actual exam. The number of questions, the type of questions, and the time allowed are intended to be an accurate representation of the exam environment. You have the option to take an open book exam, including hints, references, and answers; a closed book exam; or the timed MasterExam simulation. When you launch MasterExam, a digital clock display will appear in the upper left-hand corner of your screen. The clock will continue to count down to zero unless you choose to end the exam before the time expires.
Removing Installation(s) MasterExam is installed to your hard drive. For best results, remove the program by choosing Start | Programs | LearnKey | Uninstall. If you want to remove Real Player, use the Add/Remove Programs icon from your Control Panel. You may also remove the LearnKey training program from this location.
Electronic Book The entire contents of the Study Guide are provided in PDF. Adobe’s Acrobat Reader has been included on the CD.
Help A help file is provided through the Help button on the main page in the lower left-hand corner. Individual help features are also available through MasterExam and LearnKey’s Online Training.
Technical Support For questions regarding the technical content of the electronic book or MasterExam, visit www.osborne.com or email [email protected]. For customers outside the United States, email international_ [email protected].
LearnKey Technical Support For technical problems with the software (installation, operation, removing installations), and for questions regarding LearnKey Online Training content, please visit www.learnkey.com or email [email protected].
Career Flight Path
B
The Microsoft Windows certification program that you will be joining when you take the 70-620 exam includes an extensive group of exams and certification levels. Passing the Microsoft Windows Vista Client, Configuring exam is all that is required for Microsoft’s baseline certification—the Microsoft Certified Technology Specialist (MCTS). Microsoft has recently added several new premier certifications to their professional credential program. There are three new certification levels meant to validate job skills at the technology, professional, and architect levels. The MCTS and the 70-620 exam are a great place to start on your path toward gaining more advanced Microsoft certifications. Only one exam is required to reach your MCTS. One to three exams are usually required for the professional level credential, Microsoft Certified IT Professional (MCITP), including prerequisites, and the new Microsoft Certified Architect is meant to identify top industry professionals by requiring extensive previous experience and by submitting candidates to peer review and approval. The 70-620 exam will count toward the new MCITP Enterprise Support Technician certification, which requires two exams. For the latest information on the requirements of the MCTS and MCITP certifications, please refer to the Microsoft Learning website and browse the Certification section.
MCTS Exams Every MCTS candidate must pass one exam. The exams offered test your ability and depth of knowledge in specific technologies. At the time of the publication of this book, there were 19 MCTS exams:
• •
Technology Specialist: Managing Projects with Microsoft Office Project 2007 Technology Specialist: Enterprise Project Management with Microsoft Office Project Server 2007
361
362
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
• • • • • • • • • • • • • • • • •
Technology Specialist: .NET Framework 2.0 Web Applications Technology Specialist: .NET Framework 2.0 Windows Applications Technology Specialist: .NET Framework 2.0 Distributed Applications Technology Specialist: SQL Server 2005 Technology Specialist: SQL Server 2005 Business Intelligence Technology Specialist: BizTalk Server 2006 Technology Specialist: Microsoft Office Live Communications Server 2005 Technology Specialist: Microsoft Exchange Server 2007, Configuration Technology Specialist: Microsoft Office SharePoint Server 2007, Configuration Technology Specialist: Microsoft Office SharePoint Server 2007, Application Development Technology Specialist: Windows Mobile 5.0, Applications Technology Specialist: Windows Mobile 5.0, Implementing and Managing Technology Specialist: Windows Server 2003 Hosted Environments, Configuration, and Management Technology Specialist: Windows SharePoint Services 3.0, Application Development Technology Specialist: Windows SharePoint Services 3.0, Configuration Technology Specialist: Windows Vista and 2007 Microsoft Office System Desktops, Deploying and Maintaining Technology Specialist: Windows Vista, Configuration
MCITP Certification The Microsoft Certified IT Professional credential allows you to clearly distinguish yourself as a professional in database administration, database development, business intelligence, or support. The MCITP credential is more comprehensive than the MCTS credential, and certifies a more experienced skill-set in addition to on-the-job competency. At the time of publication, there were five different MCITP credentials available:
• • • • •
IT Professional: Enterprise Project Management with Microsoft Office Project Server 2007 IT Professional: Database Developer IT Professional: Database Administrator IT Professional: Business Intelligence Developer IT Professional: Enterprise Support Technician
APPENDIX B Career Flight Path
363
Windows Vista and Beyond One thing to remember, of course, is that computer technologies change rapidly, and most certifications therefore require you to regularly update your certifications. With the Windows Vista MCTS, Microsoft is seeking to make their certifications relevant to both IT workers and the companies that hire them. You have a variety of different certification tracks to choose from depending on your current job role or the position you are working your way towards. Take the time to consider your options carefully. If you already have an MCP, MCSA, MCSE, MCDBA, MCAD, MCSD, or one of Microsoft’s other existing credentials, Microsoft has published the reasons why they have created a new generation of certifications on the Microsoft Learning website. Your skills as an IT Professional continue to be in demand and the new generation of Microsoft credentials is designed to help you better showcase your expertise.
This page intentionally left blank
Index 32-bit address, 157 128-bit address, 157
A Above Normal priority, 275 account policies, 141 accounts administrator. See administrator accounts domain, 42–43 e-mail, 232–234 live, 22 migrating, 41–43 activation, 9, 16 Active Directory, 114–120 components, 117–120 domains, 117–118 forests, 119, 126 objects managed by, 115–117 organizational units, 119–120 overview, 114–115 trees, 118–119 Activity Reports, 68–69 ad hoc networks, 175–176 ADM files, 146–147 Admin Approval mode, 96, 129 administration Administrative Templates, 124–125, 139–142 elevation prompt, 129 Group Policy Objects and, 120–122 power management and, 341 administrative rights, 92–93 Administrative Templates, 124–125, 139–142
administrator accounts credentials, 94–95, 150, 152 described, 94 password for, 69 ADMX files, 146–147 Advanced System Settings tool, 270 Advanced Tag Editor, 229 Aero, 52–62 enabling, 53–55 Live Thumbnails, 56 overview, 5, 52–53 performance and, 54, 57 system requirements, 2, 4, 5–6, 53 themes. See themes window elements, changing, 55–58 Windows Flip 3D, 56–58 Allchin, Jim, 331–332 antivirus programs, 23–24 Antivirus setting, 143 applications, 219–266 Flip 3D feature, 56–58 frozen, 272–273 information about, 272 Live Thumbnails feature, 56 media management, 220–232 offline, 184–185 “projecting,” 244 recovering, 272 restricting access to, 66, 141 troubleshooting, 272–273 Windows Calendar, 247–251 Windows DVD Maker, 231–232 Windows Fax and Scan, 252–255 Windows Mail, 232–242 Windows Media Center, 5, 221–222 Windows Media Player, 222–229
365
366
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Windows Meeting Space, 242–247 Windows Movie Maker, 231–232 Windows Photo Gallery, 5, 229–231 Windows Sidebar, 255–259 applications Personalization, 55, 59 Applications tab, 272–273 appointments, 248–249 Automatic Learning feature, 346 Autorun feature, 8
B Background Intelligent Transfer Service (BITS), 143 basic disks, 46–47 batteries computer performance and, 335 conserving power, 167, 325, 335 display and, 325, 327 Hibernate mode and, 333 low levels, 340 power plans for, 335–337 settings for, 335–337, 340 Sleep mode and, 331, 332 BCD (Boot Configuration Data), 12, 13 Below Normal priority, 275 benchmarking, 269 BitLocker encryption, 302–311 BITS (Background Intelligent Transfer Service), 143 Boot Configuration Data (BCD), 12, 13 bootup with BitLocker, 309–310 changes to, 12 browsers. See Internet Explorer burning CDs/DVDs, 223, 231–232 Button Settings, 340
C calendar publishing, 249–250 calendar software, 247–251 CD transfer method, 44–45 CDs burning, 231–232 collections of, 221–222 ripping, 223–226 Certificate Export Wizard, 305 Classic View, 257
clean installation, 7–13, 17 Client Help setting, 143 color Desktop, 56 window, 54–55 color depth, 322–323 color scheme, 55 compression, 292, 305 computer Hibernate mode, 332, 333–334, 340 information about, 271 limiting use of, 63 locking, 329–330 logging off, 329–330 mobile. See mobile computing name, 271 policy settings for, 61 restarting, 330 shutdown options, 327–334 sleep options, 330–333, 337–339 Standby mode, 330, 333, 334 Computer Configuration settings, 123 computer objects, 115–116 Computer settings, 61 Config.xml file, 40 Connect Directly via Network option, 45 Connect To options, 168–172, 177 connections cable, 23 Ethernet, 165 local area, 165 logical, 186–190 network, 165–167, 171–177 Remote Assistant, 193–202 Remote Desktop, 173, 193, 202–212 terminating, 279 troubleshooting, 185–192, 278 Control Panel, 131, 139, 299, 351 cookies, managing, 102–105 copying files, 23–24 CPU. See processors credentials, 94–95, 150, 152, 160 Custom settings dialog box, 106–107
D data compressed, 292, 305 encrypted. See encryption
Index
recovering, 310 synchronizing, 348–351 Data Collector Sets node, 280–281 data collectors, 280–283 data protection, 302–311 debugging tools, 273 defragmentation, 293–295 deleting ad hoc networks, 177 with Disk Cleanup, 291–293 files, 291–293 Group Policy Objects, 137–138 junk mail, 237 themes, 59 Deployed Printers Connections setting, 143 Deployed Printers node, 123 Desktop. See also Windows Aero changes to, 52–53 color, 56 gadgets, 255–259 preventing modifications, 59–62 “projecting,”244 Device Experience option, 225 Device Installation setting, 143 Device Manager, 30–31, 270 devices mobile, 348–351 in networks, 160–166 removable storage, 127–128 SideShow-enabled, 258–259 Diagnose button, 192 diagnosis reports, 284 diagnostic tools, 282, 288–299 digital entertainment content, 221–222 digital locker, 21–22 directories domain, 114 encrypted, 302–311 installation, 94 root, 8 Disk Cleanup tool, 291–293 Disk Defragmenter tool, 293–295 Disk Failure Diagnostic setting, 143 Disk Management tool, 50 “Disk read error has occurred”error message, 12 disks. See hard disks
display. See monitors DNS (Domain Name System), 190–191 DNS server, 186–187, 190–191 domain accounts, migrating, 42–43 domain controller, 118 domain directory, 114 Domain Name System. See DNS domain objects, 117–118, 122 domains Active Directory, 117–118 Server, 117–118 System application, 271 DoubleClick, 103 drive letters, 46, 48, 49 drivers conflicts, 186 information about, 166–167 rollbacks, 167 updates to, 25–31, 167 video adapter, 322 drives BitLocker encryption, 302–311 DVD, 7, 12, 23 flash, 295–297 floppy, 48 hard. See hard disks optical, 23 USB, 295–297, 308 dual boot issues, 12–13 dump files, 273 DVD drives problems with, 23 Windows Vista installation, 7, 12, 23 DVD Maker, 231–232 DVD transfer method, 44–45 DVD Video Burning setting, 143 DVDs, 143, 231–232
E e-mail account setup, 232–234 blocked senders, 237–238 checking with SideShow, 259 Gmail, 234 HTTP-based, 233, 234 Junk Mail filter, 236–237, 238 newsgroups, 239–242
367
368
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
phishing and, 108–109, 238–239 safe senders, 237–238 Windows Mail, 232–242 Easy Transfer tool, 19, 43–46 EFS (Encrypting File System), 302–305 elevation prompt, 129 Encrypting File System (EFS), 302–305 encryption, 302–310 BitLocker, 302–311 EFS, 302–305 TPM, 306–311 Windows Meeting Space sessions, 245 Encryption Type setting, 170 End Task button, 272 Enhanced Playback option, 225 Enterprise Quality of Service (QoS) setting, 143 Ethernet connections, 165 Explorer, Vista, 49, 159–160
F Fast User Switching option, 329 FAT file system, 51 FAT32 file system, 51 Favorites, 20, 72–73 fax/scan software, 252–255 file server, 4 file systems, 51–52 files ADM, 146–147 ADMX, 146–147 compressed, 292, 305 Config.xml, 40 copying, 23–24 deleting, 291–293 dump, 273 encrypted, 302–311 log. See logs MigApp.xml, 39, 40 MigSys.xml, 39, 40 MigUser.xml, 39, 40 offline, 184–185, 291, 350–351 problems copying, 23–24 program, 291 Registry.pol, 146
removing unused, 291–293 security, 52 setup.exe, 8, 33 sharing, 179–182, 183 temporary, 291 XML, 39–40 finding items e-mail messages, 234–236 Instant Search, 227–229 Internet Explorer, 78–79 media, 227–229 photos, 230–231 firewall policies, 128, 141–142, 144 firewalls. See also Windows Firewall configuring, 109–112, 141–142 exceptions to blocked traffic, 111–112 logs, 142 overview, 109–110 PING requests and, 188 Remote Assistance and, 199–201 Remote Desktop, 209–210 security settings, 109–112, 128, 141–142 Windows Meeting Space and, 245–247 flash drives, 295–297 Flip 3D, 56–58 floppy disks, 48 floppy drives, 48 Folder Redirection node, 124 folders encrypted, 302–311 hierarchy, 20 permissions, 184 public, 179–181 security, 52, 180–185 shared, 116–117, 179–185 SYSVOL, 146–147 folders redirection, 124 font size, 321 forests, 119, 126 formatting volumes, 49–51 fragmentation, 293–295 frozen installation, 24–25
Index
G gadgets, 255–259 games, limiting availability of, 67–68 Genre view, 228 Gmail, 234 Go To Process menu, 274, 276, 277 GPO settings changes to, 127–130 disabling, 138 loopback processing mode, 132–134 power management, 127–128, 139–140, 339–341 printer assignment, 129 removable storage devices, 127–128 security, 124, 128, 140–142 User Account Control, 129–130 GPOs (Group Policy Objects), 113–147 administration and, 120–122 configuring, 120–130 deleting, 137–138 domain, 131 local, 120–121, 131–138 multiple, 134–138 new features, 126–130 organization unit, 131 performance and, 138 preventing Desktop changes, 59–62 settings. See GPO settings site, 131 vs. Control Panel changes, 139 graphics cards, 4, 6, 53 group objects, 116 Group Policies. See also GPOs account, 141 Active Directory object, 114–115 ADM/ADMX files, 146–147 Administrative Templates, 124–125, 139–142 components, 122–125 firewall policies, 128, 141–142, 144 inheritance, 132 IP Security, 128, 141 local, 141 overview, 113–114 processing, 130–134 public key, 141
Remote Assistance and, 198–199 settings, 123–130 software restrictions, 141 uses for, 125–127 Group Policy Object Editor, 120–130 Group Policy Objects. See GPOs groups, 116, 119. See also workgroups
H handouts, 244 handwriting, 320, 342–347. See also Tablet PC handwriting recognition, 344, 346 Hard Disk Reliability tool, 290–291 Hard Disk Settings, 340 hard disks basic, 46–47 Disk Cleanup utility, 291–293 Disk Defragmenter tool, 293–295 Disk Failure Diagnostic setting, 143 dynamic, 47 encrypted, 305–311 formatting, 49–51 fragmented, 293–295 hybrid, 143, 298–299 partitions, 11, 47–49 power settings, 340 ReadyDrive, 298–299 reliability issues, 290–295, 298 troubleshooting, 291–295 Vista installation, 10–11 hardware requirements, 3–7 Hibernate option, 332, 333–334, 340 High priority, 274, 275 home entertainment content, 221 Home network, 161–162, 179–180 Hotmail, 233, 234 HTTP-based e-mail, 233, 234 hybrid hard disk, 143, 298–299 Hybrid Hard Disk setting, 143
I IANA (Internet Assigned Numbers Authority), 110 IEEE 802.11 standard, 172
369
370
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
IEEE 802.11i standard, 172 Import Pictures and Videos Wizard, 229–230 Info pane, 230 Install Windows dialog box, 15–16 installation. See also post-installation issues; updates; upgrades activation, 9, 16 antivirus programs and, 23–24 clean, 7–13, 17 drive options, 10–11 dual boot issues, 12–13 DVD drives, 7, 12, 23 graphics card issues, 6 hardware requirements, 3–7 memory requirements, 6 optical drives, 23 overview, 2 product key, 9, 10, 16, 21–22 profiles, 19–20 troubleshooting, 22–25 types of, 16 updates for, 8–9, 15 viruses and, 23–24 Vista editions, 2–3 installation directory, 94 Instant Search feature, 227–229 Internet. See also websites described, 105 limiting use of, 64–66 settings, 102–109 Internet Assigned Numbers Authority (IANA), 110 Internet Explorer configuring, 68–84 cookies, 102–105 Favorites, 20, 72–73 History panel, 72 navigation/viewing enhancements, 71 new/changed features, 70–84 Page Zoom feature, 79–80 Phishing filter, 108–109, 238–239 pop-ups, 97, 105 printing capabilities, 83–84 privacy settings, 101, 102–105
RSS feeds, 72, 80–83 search feature, 78–79 security features, 100–109 tabbed browsing, 73–78 Internet Explorer 7 setting, 144 Internet Options settings, 102–109 Internet zone, 105, 107 intranet, 106 IP addresses determining, 210–211 errors, 186 Network Address Translation, 210–212 troubleshooting and, 186–192 IP Security (IPSec) policies, 128, 141 IP version 6 (IPv6), 156–157 IPCONFIG switches, 187 IPCONFIG utility, 186–187, 191 IPv6 (IP version 6), 156–157
J Junk Mail filter, 236–237, 238
K keys preshared, 169, 172, 178 product, 9, 10, 16, 21–22 recovery, 306 security, 170, 178 startup, 306, 308–310 upgrade, 21 USB, 171, 297, 308–310 Knowledge Base (KB) article, 28
L laptop computers. See also mobile computing batteries. See batteries data synchronization, 348–351 display settings, 324–327 locking, 329–330 power management, 334–339 shutdown options, 327–334 Sleep mode, 330–333, 337–339 Library, 223, 226, 227 licensing terms, 10, 16–18
Index
memory adding via flash drive, 295–297 adding via memory cards, 296–297 cached, 278 diagnostic tools for, 289–290 failures, 289 free, 278 managing with SuperFetch, 297–298 MRU algorithm, 297–298 NVRAM, 298 performance and, 277–278 physical, 278, 285 ReadyBoost, 295–297 usage, 277–278 virtual, 285, 296–297 memory cards, 296–297 Memory Diagnostics tool, 289–290 memory leaks, 277, 289 memory requirements, 6 metadata, 229 Microsoft Communities news server, 240–242 Microsoft Update service, 29. See also updates MigApp.xml file, 39, 40 migration domain accounts, 42–43 side-by-side, 18 tools for, 19 M user accounts, 41–42 MAC (Media Access Control) addresses, with Windows Easy Transfer, 43–46 156–157 migration data, 19 Mail application, 232–242. See also e-mail migration targets, 19 malware, 93, 97–98 MigSys.xml file, 39, 40 Master Boot Record (MBR), 12 MigUser.xml file, 39, 40 media mirrored monitors, 324 managing, 222–227 MLGPOs (Multiple Local Group Policy searching through, 227–229 Objects), 134–138 sharing, 226–227 mobile computing, 319–357 synchronizing, 223–226 battery issues. See batteries Media Access Control (MAC) addresses, display settings, 320–327 156–157 Hibernate mode, 332, 333–334, 340 Media Center, 5, 221–222 locking computer, 329–330 Media Center Extenders, 222 logging off, 329–330 media management applications, 220–232 power management, 334–339 Media Player, 222–229 power options, 327–341 meeting software, 242–247 restarts, 330 Meeting Space, 242–247 Link Layer Topology Discovery (LLTD), 164, 165 Live account information, 22 Live Desktop, 234 Live Meeting, 243 Live Thumbnails, 56 LLTD (Link Layer Topology Discovery), 164, 165 LoadState command, 41–43 local area connections, 165 Local Computer Policy, 61 local GPOs, 120–121, 131–138 Local Intranet zone, 106, 107 local policies, 61, 141 Lock button, 328 locking computer, 328–334 Log Off and Lock option, 329–330 logging off, 329–330 logical connections, 186–190 logoff scripts, 123 logon scripts, 123, 131 logs firewall, 142 Performance Monitor graph, 287 templates for, 281–283 wizards for, 281–283 Low priority, 275
371
372
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
shutdown options, 327–334 Sleep mode, 330–333, 337–339 smart phones, 320, 349 Standby mode, 330, 333, 334 switching users, 328–329 synchronizing data, 348–351 text size, adjusting, 321 mobile devices, 348–351 monitors color depth, 322–323 display settings, 320–327 mirrored, 324 mobile computing, 320–327 multiple, 324–327 power settings, 340 refresh rate, 323–324 resolution, 321–323 text size, adjusting, 321 Most Recently Used (MRU) algorithm, 297–298 movie collections, 221–222 Movie Maker, 231–232 movies, 221–222, 231–232. See also video MP3 collections, 221–223 MRU (Most Recently Used) algorithm, 297–298 Multiple Local Group Policy Objects (MLGPOs), 134–138 music, 222–229
N NAT (Network Address Translation), 210–212 network adapters, 278 Network Address Translation (NAT), 210–212 Network and Sharing Center, 158–185. See also networks ad hoc networks, 175–176 customizing networks, 162–163 disconnecting from networks, 176–177 network card options, 165–167 network connections, 165–167, 171–177 Network Discovery, 161–162 network map, 163–165
network status/repair, 191–192 Network window, 160–161 opening, 158 overview, 156–160 security, 178–185 sharing items, 178–185 virtual private networks, 168–170 wireless networks, 168–170, 177–178 network cards bandwidth capacity, 278 setting options, 165–167 Network Discovery, 161–162 network icon, 158, 162, 163 network map, 163–165 Network Name setting, 170 Network Settings dialog box, 163 Network window, 160–161 Networking tab, 278 networks, 155–218. See also Network and Sharing Center ad hoc, 175–176 Connect To options, 168–172, 177 connections, 165–167, 171–177 connectivity issues, 185–192 customizing, 162–163 devices within, 160–166 Diagnose button, 192 disconnecting from, 176–177 discovery, 161–162 forests and, 126 gathering settings from, 45–46 Home, 161–162, 179–180 information about, 278 map of, 163–165 names, 162, 163, 170 overview, 156–158 private, 161, 163, 173–175 public, 161–162, 163, 179–180 Quarantine setting, 144 remote access to. See remote access security, 178–185 sharing items over, 178–185 status/repair of, 191–192 troubleshooting, 164, 185–192, 278 viewing computers/devices in, 161–165 virtual private networks, 173–175
Index
vs. workgroups, 176 Wired Wireless setting, 144 wireless. See wireless networks Work, 161–162, 179–180 New Task button, 272 newsgroups, 239–242 non-volatile RAM (NVRAM), 298 Normal priority, 275 notebook computers. See also mobile computing batteries. See batteries data synchronization, 348–351 display settings, 324–327 locking, 329–330 power management, 334–339 shutdown options, 327–334 Sleep mode, 330–333, 337–339 Notification Settings, 340 NSLOOKUP utility, 190–191 NTFS file system, 51–52 NVRAM (non-volatile RAM), 298
O objects. See also GPOs (Group Policy Objects) Active Directory, 115–117 computer, 115–116 domain, 117–118, 122 group, 116 printer, 116 shared folder, 116–117 user account, 116 offline files, 184–185, 291, 350–351 Offline Files relationship, 350–351 optical drives, 23 optimization. See performance organizational units (OU), 119–120, 131 Outlook client, 173 Outlook Web Access (OWA), 173
P Packet Internet Groper. See PING packets, 187–189 Page Zoom feature, 79–80 Parental Controls, 62–69 Activity Reports, 68–69 applications, restricting access to, 66
games, limits on, 67–68 Internet use, limiting, 64–66 overview, 62–69 partition-based storage, 46 partitioning hard drives, 11, 47–49 partitions, 47, 48. See also volumes passphrase, 170, 172, 178 passwords administrator account, 69 BitLocker, 308, 309 exported certificates, 305 Hibernate mode, 340 recovery, 309 shared items, 180 Sleep mode, 338 TPM environment, 310–311 patches, 342, 351, 352 PATHPING utility, 189–190 PDA (Personal Digital Assistant), 349. See also mobile computing pen cursors, 346–348. See also Tablet PC pen erase gestures, 344 pen flick behavior, 347–348 People Near Me option, 244, 247 performance baselines/benchmarks, 269, 284 CPU usage, excessive, 275–276 diagnostics, 282, 288–299 enhancing, 295–299 GPOs and, 138 information about, 277–278 logged data, 286–287 logs/reports, 281–283 managing parameters for, 269–271 memory usage and, 277–278 power usage and, 335 real-time data, 279–280, 284–286 Reliability and Performance Monitor, 279–288 reliability issues, 288–299 resource overview, 279–280 sharing data, 287–288 Sleep mode and, 330 System application, 269–271 System Stability Chart, 283–284 System Stability Report, 283–284 Task Manager, 271–279
373
374
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
troubleshooting, 268–288 Windows Aero and, 54, 57 performance counters, 284–286, 288 performance graphs, 286–288 Performance Monitor, 284–288 Performance tab, 277–278 permissions, 93, 116, 117, 160, 184 Personal Digital Assistant (PDA), 349. See also mobile computing Personalization application, 55, 59 Personalization feature, 346 Phishing filter, 108–109, 238–239 phones, smart, 320, 349. See also mobile computing Photo Gallery, 5, 229–231 photos, 5, 221–223, 229–231 pictures. See photos PID (process ID), 275–276 PING (Packet Internet Groper) utility, 188–190 PING packets, 187–189 playlists, 222–223 policies. See also GPOs; Group Policies account, 141 computer, 61 firewall, 128, 141–142, 144 IP Security, 128, 141 local, 61, 141 public key, 141 software restriction, 141 users, 61 Policy-based QoS settings, 124 Pop-up Blocker, 105 pop-ups, 97, 105 portable computers. See also mobile computing batteries. See batteries data synchronization, 348–351 display settings, 324–327 locking, 329–330 power management, 334–339 shutdown options, 327–334 Sleep mode, 330–333, 337–339 ports described, 109, 110 IANA, 110 SD, 296
specifying, 144 TCP, 110 post-installation issues, 38–52 FAT file system, 51 FAT32 file system, 51 formatting disks, 49–51 NTFS file system, 51–52 overview, 38 partitioning disks, 47–49 tools for, 38–46 Power button, 327–328, 333–334, 337, 338 power management GPO settings, 127–128, 139–140, 339–341 mobile computers, 327–341 network card settings, 167 performance and, 335 reducing consumption, 335 Select An Active Power Plan setting, 341 Sleep options, 330–333, 337–339 Power Management setting, 144 Power Management tab, 167 preshared keys, 169, 172, 178 print server, 4 printer objects, 116 printers assignment, 129 Deployed Printers node, 123 deployed via Active Directory, 116 sharing, 179–182 printing, 83–84 privacy settings, Internet Explorer, 101, 102–105 Privacy tab, 225 private networks, 161, 163, 173–175 privileges, 93, 95, 144 Problem Reports and Solutions tool, 290, 291 process ID (PID), 275–276 processes, 273–276 Processes tab, 273–276 processor affinity, 274 processor priority, 274–275
Index
processors excessive usage, 275–276 usage graph, 277–278 product key, 9, 10, 16, 21–22, 271 profiles, 19–20 program files, 291 programs. See applications Prompt for Password on Resume option, 340 Properties dialog box, 166–167 Protected Mode, 107 public folders, 179–181 public key policies, 141 Public Location network, 161–162, 179–180 public networks, 161–162, 163, 179–180
Q QoS (Quality of Service), 124 QoS setting, 143
R RAM. See memory ReadyBoost, 295–297 ReadyDrive, 298–299 Really Simple Syndication (RSS) feeds. See RSS Realtime priority, 274, 275 Recovery Key, 306 Recycle Bin, 292 refresh rate, 323–324 Registry, 124–125 Registry.pol file, 146 release-to-manufacturer (RTM) time, 2 Reliability and Performance Monitor, 279–288 reliability issues, 288–299 Reliability Monitor, 280, 281, 283–284 remote access, 192–212 Remote Assistance, 193–202 Remote Desktop, 173, 193, 202–212 Remote Settings tool, 270 removable storage devices, 127–128 Removable Storage setting, 144 reports Activity Reports, 68–69 diagnosis, 284
performance, 281–284 System Stability Report, 283–284 Reports and Solutions center, 290, 291 resolution, screen, 321–323 Resource Overview section, 279–280 resources information about, 279–280 sharing, 180–183 usage of, 279–280 Restart option, 330 Restricted Sites zone, 106, 107 ripping CDs, 223–226 roaming profiles, 20 routers Remote Assistance and, 201 Remote Desktop and, 210–211 wireless, 171, 201 RPC over HTTPS (Remote Procedure Calls over Secure HTTP), 173 RSS feeds, 72, 80–83 RSS filters, 83 RTM (release-to-manufacturer) time, 2
S scan/fax software, 252–255 ScanState command, 41–43 scratch-out gestures, 344 screen. See also monitors orientation, 345 refresh rate, 323–324 resolution, 321–323 text size, adjusting, 321 scripts logon, 131 startup, 130 Scripts node, 123 SD (Secure Digital) memory cards, 296 searches e-mail messages, 234–236 Instant Search, 227–229 Internet Explorer, 78–79 media, 227–229 photos, 230–231 Secure Digital (SD) memory cards, 296 security, 91–154. See also Group Policies data protection, 302–311 encryption. See encryption
375
376
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
files, 52, 180–182 firewalls. See firewalls folders, 52, 180–185 GPOs, 124, 128, 140–142 Internet Explorer, 100–109 local, 52 malware, 93, 97–98 networks, 168–170, 178–185 permissions, 93, 116, 117, 160, 184 phishing, 108–109, 238–239 pop-ups, 97, 105 Remote Assistance, 196–199 sharing and, 180–185 spyware, 97–99, 103 User Account Control, 92–97 Windows Defender, 97–100 Windows Security Center, 350, 351 wireless networks, 168–170, 172 Security Key/Passphrase setting, 170, 178 Security Protection setting, 144 Security settings, 124, 128, 144 Security Shield icon, 270, 292 Security tab, 225 Security Type setting, 170 security zones, 105–107 Select An Active Power Plan setting, 341 Server domains, 117–118 servers DNS, 186–187, 190–191 file, 4 news, 240–242 print, 4 TS Gateway, 208 Windows 2000 Server, 114–115 Windows 2003 Server, 115 Windows 2008 Server, 115 services, information about, 276–277 Services button, 276 Services tab, 276–277 setup.exe file, 8, 33 sharing advanced techniques, 183–185 calendars, 250–251 files, 179–182, 183 folders, 116–117, 179–185 media, 226–227 meeting handouts, 244
passwords for, 180 performance data, 287–288 printers, 179–182 resources, 180–183 security, 180–185 traditional Windows sharing, 182–183 Shell Application Management setting, 144 Shell First Experience, Logon, and Privileges setting, 144 Shell Sharing, Sync, and Roaming setting, 145 Shell Visuals setting, 145 Shut Down option, 334 shutdown options, 327–334 shutdown scripts, 123 Sidebar, 255–259 SideShow, 258–259 Sleep button, 333, 334 Sleep mode, 330–333, 337–339 Sleep Settings, 340 slideshows, 221, 231, 255 smart phones, 320, 349. See also mobile computing software restriction policies, 141 Software Settings node, 123 songs, 222–229 Songs view, 227–229 spam filter, 236–237, 238 SpyNet community, 98–99 spyware, 97–99, 103 SSID identifier, 169–170 Standard User accounts, 93, 94–95, 129 Standby mode, 330, 333, 334 Start button, 326, 327, 329, 330 starting computer dual boot issues, 12–13 startup keys, 306, 308–310 startup scripts, 130 Vista Start button, 326, 327, 329, 330 Startup and Recovery dialog box, 13 Startup Key, 306, 308–310 startup scripts, 123, 130 SuperFetch, 297–298, 330 Switch To button, 272 Switch User option, 328–329
Index
Sync All command, 251 Sync Center, 349–351 synchronization calendars, 251 data, 348–351 laptop computers, 348–351 media, 223–226 System application, 269–271 system diagnostics, 282 System Protection tool, 270 system requirements, 3–7, 53 System Stability Chart, 283–284 System Stability Report, 283–284 %Systemroot% folder, 94, 95 SYSVOL folders, 146–147
T Tablet PC functionality, 5, 341–348 Tablet PC Input Panel (TIP), 343–344 Tablet PC setting, 145 Tablet PC software, 341–348 Task Manager, 271–279 Tasklist command, 275, 276 tasks, 248–249 TCP/IP, troubleshooting, 186–190 TCP ports, 110 templates, log, 281–283 temporary files, 291 Terminal Services setting, 145 Terminal Services (TS) Gateway, 208 text size, 321 themes deleting, 59 described, 52 disabling changes to, 59–62 restoring default, 58–59 vs. color schemes, 55 Through a Network option, 45 time management application, 247–251 TIP (Tablet PC Input Panel), 343–344 ToolTips, 56 TPM (Trusted Platform Module), 306–311 TRACERT utility, 189 trees, 118–119 troubleshooting applications, 272–273
377
cables/connections, 23 Diagnose button, 192 Disk Defragmenter tool, 293–295 DVD drives, 23 excessive CPU usage, 275–276 file copy problems, 23–24 hard disks, 291–295 IPCONFIG, 186–187 logical connections, 186–190 network problems, 164, 185–192, 278 performance issues, 268–288 PING utility, 188–190 post-installation issues, 38–52 Problem Reports and Solutions application, 290 TCP/IP, 186–190 viruses, 23–24 Vista installation, 22–25 Troubleshooting and Diagnostics setting, 145 Trusted Platform Module (TPM), 306–311 Trusted Protected Module chip, 309 Trusted Sites zone, 106, 107 TS Gateway server, 208 TS (Terminal Services) Gateway, 208 TV show collections, 221–222
U UAC. See User Account Control Universal Plug and Play (UPnP), 160 Update Driver Settings option, 29–30 update settings, 28–30 updates. See also installation; upgrades categories of, 353 checking for, 15, 25–29 configuring settings for, 28–30 downloading automatically, 351 drivers, 25–31 hiding, 301 high-priority, 29 important, 353 for installations, 8–9, 15 installing automatically, 28, 299 Microsoft Update service, 29 optional, 353 recommended, 353
378
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
restoring, 301–302 uninstalling, 27–28 Windows Update Driver Settings option, 29–30 Windows Update tool, 28–29 Upgrade Advisor, 14–15 Upgrade disk, 21 upgrade key, 21 upgrades, 13–22. See also installation; updates compatibility report, 15, 16 digital locker, 21–22 existing Vista computer, 21–22 limitations/restrictions, 17–18 options for, 17–18 tools for, 14–15, 18–20 to Windows Vista, 13–20 Windows Vista Anytime Upgrade website, 21 UPnP (Universal Plug and Play), 160 Urge Online Store, 223 usage rights, 226 USB drives, 295–297, 308 USB key, 171, 297, 308–310 User Account Control (UAC) behavior, 92–97 GPO settings, 129–130 Remote Assistance and, 199 user account objects, 116 User Account Protection setting, 145 user accounts. See also User Account Control; users administrative rights and, 92–93 described, 116 migrating, 41–42 objects, 116 privileges, 93, 95, 144 Standard User, 93, 94–95, 129 User Configuration group, 124 User Configuration settings, 123 user permissions, 160 User settings, 61 User State Migration Tool (USMT), 19, 39–43 users. See also user accounts information about, 279 policy settings. See policies
profiles. See profiles sending messages to, 279 switching, 328–329 terminating connections, 279 Users tab, 279 USMT (User State Migration Tool), 19, 39–43
V video. See also movies importing, 229–231 power settings, 340 Windows Media Player, 222–229 Windows Movie Maker, 231–232 video adapters, 322 Video and Display Settings, 340 video cards, 6, 325, 326–327, 332 virtual memory, 285, 296–297 virtual private networks (VPNs), 173–175 virus protection programs, 23–24 viruses, 23–24 Vista. See Windows Vista Vista Backup, 5 Vista Diagnostics, 288–299 Vista Explorer, 49, 159–160 Vista ReadyDrive, 298–299 Vista Start button, 326, 327, 329, 330 Vista Upgrade Advisor, 14–15 volumes. See also partitions basic, 46–47 described, 47 dynamic, 47 formatting, 49–51 VPNs (virtual private networks), 173–175
W web browsers. See Internet Explorer websites. See also Internet Favorites, 20, 72–73 phishing, 108–109, 238–239 printing, 83–84 WEP (Wired Equivalent Privacy), 172 WiFi Protected Access (WPA), 172 windows color, 54–55 customizing, 55–62 Windows 2000 Server, 114–115
Index
Windows 2003 Server, 115 Windows 2008 Server, 115 Windows activation, 271 Windows Aero, 52–62 enabling, 53–55 Live Thumbnails, 56 overview, 5, 52–53 performance and, 54, 57 system requirements, 2, 4, 5–6, 53 themes. See themes window elements, changing, 55–58 Windows Flip 3D, 56–58 Windows Anytime Upgrade disk, 21 Windows Calendar, 247–251 Windows debugging tools, 273 Windows Defender, 97–100 Windows Desktop, 52–53. See also Windows Aero Windows DVD Maker, 231–232 Windows Easy Transfer tool, 19, 43–46 Windows Error Reporting setting, 145 Windows Fax and Scan, 252–255 Windows File System (WinFS), 49 Windows Firewall. See also firewalls configuring, 109–112, 141–142 enabling/disabling, 110–111 exceptions to blocked traffic, 111–112 logs, 142 overview, 109–110 Remote Assistance and, 199–201 Remote Desktop, 209–210 security settings, 109–112, 128, 141–142 Windows Meeting Space and, 245–247 Windows Flip 3D, 56–58 Windows Live account information, 22 Windows Live Desktop, 234 Windows Live Meeting, 243 Windows Mail, 232–242. See also e-mail Windows Media Center, 5, 221–222 Windows Media Player, 222–229 Windows Meeting Space, 242–247 Windows Movie Maker, 231–232 Windows NT systems, 51, 114 Windows Photo Gallery, 5, 229–231 Windows ReadyBoost, 295–297
Windows Security Center, 350, 351 Windows settings node, 123–124 Windows Sidebar, 255–259 Windows SideShow, 258–259 Windows SuperFetch, 297–298, 330 Windows systems. See also specific versions baseline, 269, 284 benchmarking, 269 editions, 2–3, 270, 271 information about, 269–270 upgradability of, 18 Windows Task Manager, 271–279 Windows Update configuring, 299–302 driver updates, 25–30 hiding updates, 301 restoring updates, 301–302 update categories, 353 update settings, 28–30, 299–302 updating driver software, 25–28 Windows Update Driver Settings option, 29–30 Windows Vista dual boot issues, 12–13 editions, 2–3, 270, 271 hardware requirements, 3–7 installing. See installation licensing terms, 10, 16–18 migrations, 18, 19 performance issues. See performance reliability issues, 288–299 system information, 270, 271 troubleshooting. See troubleshooting upgrading to, 13–22 versions, 2–3, 18, 21–22 Windows Vista Anytime Upgrade website, 21 Windows Vista Business, 4, 6 Windows Vista Diagnostics, 288–299 Windows Vista Enterprise, 6 Windows Vista Home Basic edition, 4–5 Windows Vista Home Premium edition, 4, 5–6 Windows Vista N (European version), 3 Windows Vista Starter edition, 3 Windows Vista Ultimate, 4, 6 Windows Vista Upgrade advisor, 14–15
379
380
MIKE MEYERS’ MCTS WINDOWS VISTA CLIENT CONFIGURATION PASSPORT
Windows XP systems dual boot issues, 12–13 Remote Desktop and, 193, 209 WinFS (Windows File System), 49 Wired Equivalent Privacy (WEP), 172 wireless access point, 169–170, 178 wireless networks ad hoc, 175–176 connecting to, 168–169 hidden, 169–170 managing, 177–178 passphrase, 170, 172, 178 security issues, 168–170, 172 setting up, 168–170 WEP (Wired Equivalent Privacy), 172
Wired Wireless setting, 144 WPA (WiFi Protected Access), 172 wireless routers, 171, 201 Work network, 161–162, 179–180 workgroup settings, 271 workgroups, 117, 121, 132, 163, 176 WPA (WiFi Protected Access), 172
X XML files, 39–40
Z Zune, 224 Zune Marketplace, 224
FROM MIKE MEYERS The Leading Authority on CompTIA A+ Certification Training
a National Bestseller
CompTIA A+ Certification All-in-One Exam Guide, Sixth Edition
“The most comprehensive publication on the market.” —Certification Magazine
Mike Meyers’ CompTIA A+ Certification Passport, Third Edition
CompTIA A+ Specializations Certification All-in-One Exam Guide
A quick review of the CompTIA A+ Essentials exam and exam 220-602.
Complete coverage of exams 220-603 and 220-604.
Visit MHPROFESSIONAL.COM to read excerpts and learn more about these books.
AVAILABLE EVERYWHERE BOOKS ARE SOLD.
LICENSE AGREEMENT THIS PRODUCT (THE “PRODUCT”) CONTAINS PROPRIETARY SOFTWARE, DATA AND INFORMATION (INCLUDING DOCUMENTATION) OWNED BY THE McGRAW-HILL COMPANIES, INC. (“McGRAW-HILL”) AND ITS LICENSORS. YOUR RIGHT TO USE THE PRODUCT IS GOVERNED BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. LICENSE: Throughout this License Agreement, “you” shall mean either the individual or the entity whose agent opens this package. You are granted a non-exclusive and non-transferable license to use the Product subject to the following terms: (i) If you have licensed a single user version of the Product, the Product may only be used on a single computer (i.e., a single CPU). If you licensed and paid the fee applicable to a local area network or wide area network version of the Product, you are subject to the terms of the following subparagraph (ii). (ii) If you have licensed a local area network version, you may use the Product on unlimited workstations located in one single building selected by you that is served by such local area network. If you have licensed a wide area network version, you may use the Product on unlimited workstations located in multiple buildings on the same site selected by you that is served by such wide area network; provided, however, that any building will not be considered located in the same site if it is more than five (5) miles away from any building included in such site. In addition, you may only use a local area or wide area network version of the Product on one single server. If you wish to use the Product on more than one server, you must obtain written authorization from McGraw-Hill and pay additional fees. (iii) You may make one copy of the Product for back-up purposes only and you must maintain an accurate record as to the location of the back-up at all times. COPYRIGHT; RESTRICTIONS ON USE AND TRANSFER: All rights (including copyright) in and to the Product are owned by McGraw-Hill and its licensors. You are the owner of the enclosed disc on which the Product is recorded. You may not use, copy, decompile, disassemble, reverse engineer, modify, reproduce, create derivative works, transmit, distribute, sublicense, store in a database or retrieval system of any kind, rent or transfer the Product, or any portion thereof, in any form or by any means (including electronically or otherwise) except as expressly provided for in this License Agreement. You must reproduce the copyright notices, trademark notices, legends and logos of McGraw-Hill and its licensors that appear on the Product on the back-up copy of the Product which you are permitted to make hereunder. All rights in the Product not expressly granted herein are reserved by McGraw-Hill and its licensors. TERM: This License Agreement is effective until terminated. It will terminate if you fail to comply with any term or condition of this License Agreement. Upon termination, you are obligated to return to McGraw-Hill the Product together with all copies thereof and to purge all copies of the Product included in any and all servers and computer facilities. DISCLAIMER OF WARRANTY: THE PRODUCT AND THE BACK-UP COPY ARE LICENSED “AS IS.” McGRAW-HILL, ITS LICENSORS AND THE AUTHORS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE RESULTS TO BE OBTAINED BY ANY PERSON OR ENTITY FROM USE OF THE PRODUCT, ANY INFORMATION OR DATA INCLUDED THEREIN AND/OR ANY TECHNICAL SUPPORT SERVICES PROVIDED HEREUNDER, IF ANY (“TECHNICAL SUPPORT SERVICES”). McGRAW-HILL, ITS LICENSORS AND THE AUTHORS MAKE NO EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT TO THE PRODUCT. McGRAW-HILL, ITS LICENSORS, AND THE AUTHORS MAKE NO GUARANTEE THAT YOU WILL PASS ANY CERTIFICATION EXAM WHATSOEVER BY USING THIS PRODUCT. NEITHER McGRAW-HILL, ANY OF ITS LICENSORS NOR THE AUTHORS WARRANT THAT THE FUNCTIONS CONTAINED IN THE PRODUCT WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE PRODUCT WILL BE UNINTERRUPTED OR ERROR FREE. YOU ASSUME THE ENTIRE RISK WITH RESPECT TO THE QUALITY AND PERFORMANCE OF THE PRODUCT. LIMITED WARRANTY FOR DISC: To the original licensee only, McGraw-Hill warrants that the enclosed disc on which the Product is recorded is free from defects in materials and workmanship under normal use and service for a period of ninety (90) days from the date of purchase. In the event of a defect in the disc covered by the foregoing warranty, McGraw-Hill will replace the disc. LIMITATION OF LIABILITY: NEITHER McGRAW-HILL, ITS LICENSORS NOR THE AUTHORS SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS BUT NOT LIMITED TO, LOSS OF ANTICIPATED PROFITS OR BENEFITS, RESULTING FROM THE USE OR INABILITY TO USE THE PRODUCT EVEN IF ANY OF THEM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL APPLY TO ANY CLAIM OR CAUSE WHATSOEVER WHETHER SUCH CLAIM OR CAUSE ARISES IN CONTRACT, TORT, OR OTHERWISE. Some states do not allow the exclusion or limitation of indirect, special or consequential damages, so the above limitation may not apply to you. U.S. GOVERNMENT RESTRICTED RIGHTS: Any software included in the Product is provided with restricted rights subject to subparagraphs (c), (1) and (2) of the Commercial Computer Software-Restricted Rights clause at 48 C.F.R. 52.227-19. The terms of this Agreement applicable to the use of the data in the Product are those under which the data are generally made available to the general public by McGraw-Hill. Except as provided herein, no reproduction, use, or disclosure rights are granted with respect to the data included in the Product and no right to modify or create derivative works from any such data is hereby granted. GENERAL: This License Agreement constitutes the entire agreement between the parties relating to the Product. The terms of any Purchase Order shall have no effect on the terms of this License Agreement. Failure of McGraw-Hill to insist at any time on strict compliance with this License Agreement shall not constitute a waiver of any rights under this License Agreement. This License Agreement shall be construed and governed in accordance with the laws of the State of New York. If any provision of this License Agreement is held to be contrary to law, that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.