Windows 7 for IT Professionals Part 2:
Network and Sharing
Donald Hester
May 11, 2010
For audio call Toll Free 1-888-886-3951
and use PIN/code 450895
Housekeeping
• Maximize your CCC Confer window.
• Phone audio will be in presenter-only mode.
• Ask questions and make comments using the chat window.
Adjusting Audio
1) If you’re listening on your computer, adjust your volume using
the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
Saving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
Emoticons and Polling
1) Raise hand and Emoticons
2) Polling options
Windows 7 for IT Professionals Part 2:
Network and Sharing
Donald Hester
Session Overview
 Windows DirectAccess and Windows
VPN Reconnect
 Windows BranchCache™
 Libraries and Search
DirectAccess and VPN Reconnect
 DirectAccess Overview
 DirectAccess Requirements and
Deployment
 Connection Methods
 VPN Reconnect
DirectAccess Overview
Features
Provides users transparent access to internal network
resources whenever they are connected to the Internet
Enables IT Professionals to manage remote computers
outside of the office
Establishes a bi-directional connection that enables the
client computer to remain current with company
policies and to receive software updates
Does not require a VPN connection
Supports multifactor authentication methods
Configurable to restrict which servers, users, and
individual applications are accessible
DirectAccess Requirements and
Deployment
Requirements
Windows Server® 2008 R2 with two network adapters
One domain controller and DNS server running Windows
Server 2008 or Windows Server 2008 R2
A Public Key Infrastructure (PKI)
IPsec policies
IPv6 transition technologies
Windows 7 Beta Enterprise on the client computers
Optionally, a NAT-PT device to provide IPv4 access
Deployment
IPv6-over-IPsec to encrypt communications
Scalability determined number of Direct Access servers
Multiple ways to install Direct Access
Connection Methods
Configured using DirectAccess console or IPsec policies
Selected Server
Highest level of security:
Deploy IPv6 and IPsec in the
organization
Upgrade application servers
Windows Server 2008 R2
Enable selected server access
Allows end-to-end
authentication and encryption
from the DirectAccess client to
internal resources
Full Enterprise Network
IPsec session is established
between the DirectAccess
client and server
IPsec is not used for
communications across the
internal network
Closely resembles VPN and
can be more straightforward
to deploy
Flexible configuration meets organizational security requirements
VPN Reconnect
 Provides seamless and consistent VPN connectivity

Uses IKEv2 technology to supply constant VPN
connectivity

Automatically re-establishes a VPN connection when
users temporarily lose Internet connections

Users who connect using wireless mobile broadband
will benefit most from this capability
 Transparent to users
Two deployment options
 DirectAccess Deployment Guide
• http://technet.microsoft.com/enus/library/ee649163(WS.10).aspx
 Forefront UAG DirectAccess
• http://go.microsoft.com/fwlink/?LinkId=1799
89
13
BranchCache
 Feature Components
 Deployment Models
 Client and Server Configurations
Check out an Online Video
http://edge.technet.com/Media/Branch-Cache-in-Windows-7/
15
Feature Components
End User Benefits



Helps reduce WAN link utilization
Improves the responsiveness of network applications
when users are accessing main office servers
Improves file transfer time
IT Professional Benefits





Supports commonly used protocols
Provides compatibility with end-to-end security protocols
Supports end-to-end encryption between clients and servers
Optimizes traffic flows between Windows 7 Beta clients and
Windows 7 Beta servers
Remains completely transparent to the user
Deployment Models
Distributed or Cooperative Caching Mode




Cache is distributed across client computers
Peer-to-peer architecture - Windows 7 Beta clients cache content
Additional clients retrieve the same content from the first client computer
Best choice if you do not have a local computer running Windows Server
2008 R2
Hosted Caching




Cache resides on a Windows Server 2008 R2 server deployed in the
branch office
Content is copied to the server
Additional clients retrieve the same content directly from the server
Content is available even when the client that originally requested the
data is offline
Client and Server Configurations


Windows Server 2008 R2 - required either in the main
server location or at the branch office
Windows 7 Beta Enterprise - required on the client PCs
Client Configuration







Off by default
Enable and configure
manually or by Group Policy
Caching mode to
cooperative or hosted
Host name of hosted cache
server
Set client cache size
Set cache location on disk
Firewall rules required
Server Configuration





Not installed by default
Enable and configure manually
or by Group Policy
Enable for all file shares or on a
file share by file share basis
If enabled on a Web server,
must be enabled for all Web
sites
Hosted cache must be equipped
with certificate trusted by client
computers suitable for TLS
Background
Thin, expensive WAN links between
headquarters and branches
• High bandwidth utilization
• Poor application responsiveness
• Data centralization worsens the problem
Distributed Caching
ID
Data
Data
Data
Hosted Caching
ID
Data
ID
ID
Search
Data
ID
ID
ID
Data
Libraries and Search
 Libraries
 Search Federation and Search
Connectors
 Start Menu Search
 Enterprise Search Scopes
 Search, Windows Explorer, and Group
Policy
Libraries

Organize and view the files on local computers and other
computers and servers on the corporate network
 Two types of libraries: search-only and browse
 Automatically indexed for faster viewing and searching

Create new libraries to meet specific business
requirements
 Modify the existing libraries to add or remove locations
 Share with other users or keep private
Defualt
24
I am going to add c:\temp
25
3 locations – 1 view
26
Search Federation and Search
Connectors
Search Federation provides support for searching beyond
the user's PC directly in Windows Explorer.
Search connectors are used to search remote data stores
and respect the security of the remote source.
Features






Supports OpenSearch 1.1 compatible queries
Supports RSS or ATOM feeds for search results
Creates search connectors using an OpenSearch Description
file (.osdx file)
Deploys using push, pull, or imaging
Searches connector files - located in
%USERPROFILE%\Searches
Link files - located in %USERPROFILE%\Links
User Folder\Searches
28
Typical OSDX file
<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com//spec/opensearch/1.1/">
<ShortName>Name of Connector</ShortName>
<Description>Description of Connector</Description>
<Url type="application/rss+xml" template="[RSS Search Feed URL]" />
</OpenSearchDescription>
29
Search Connectors
 Search Connectors
• http://www.microsoft.com/enterprisesearch/
•
30
en/us/search-connectors.aspx
http://www.blogsdna.com/2260/how-tocreate-windows-7-search-connectorsfederated-search.htm
Start Menu Search

Searches look at all the data in existing
libraries

Results appear as normal files
 Search for Control Panel tasks
Recommendations presented at the beginning

of a search

Results within the libraries are sorted by
relevance
Enterprise Search Scopes
 Use Group Policy to deploy

Use scopes to point users to the right data
sources
 Help users find the data they need
 Can appear on the user's Start menu

Can appear at the bottom of a Windows
Explorer search results list
Search, Windows Explorer, and
Group Policy
New Group Policies




Disable Known Folders
Pin Internet search sites
to the “Search again” links
and the Start menu
Pin Libraries or Search
Connectors to the “Search
again” links and the Start
menu
Remove the Search
button from Windows
Explorer
Remove the Search
the Internet “Search
again” link
 Turn off the display of
snippets in Smart
Details view
 Turn off display of
recent search entries
in the Windows
Explorer search box

Session Summary
DirectAccess and VPN Reconnect



Enables management and updating of internet-connected remote PCs,
without a VPN connection, when users are off the corporate network
Key requirements: Windows Server 2008 R2, IPSec, IPv6, and
Windows 7 Beta client
VPN Reconnect enables remote users to retain connection through
internet connectivity interruptions
BranchCache


Reduces WAN bandwidth traffic and latency
Content can be cached either on a Windows Server 2008 R2 or on
individual computers in a peer-to-peer fashion
Libraries and Search



Search enhancements help users instantly find information on local
computers.
Search Federation enables searching of remote document
repositories, SharePoint sites, and the Web.
Libraries make finding, using, and sharing information less difficult and
time consuming.
35
GodMode
 God Mode is easy to set up:
• Create a new folder anywhere.
• Rename the folder by pasting this name
•
36
exactly as it appears (copy it first):
GodMode.{ED7BA470-8E54-465E-825C99712043E01C}
Q&A
Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+
Maze & Associates
@One / San Diego City College
www.LearnSecurity.org
http://www.linkedin.com/in/donaldehester
http://www.facebook.com/group.php?gid=245570977486
Evaluation Survey Link
Help us improve our seminars by filing
out a short online evaluation survey at:
http://www.surveymonkey.com/s/10SpWinIT2
Windows 7 for IT Professionals Part 2:
Network and Sharing
Thanks for attending
For upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/