MCTS Guide to Microsoft Windows 7
Chapter 14
Remote Access
At a Glance
Instructor’s Manual Table of Contents

Overview

Objectives

Teaching Tips

Quick Quizzes

Class Discussion Topics

Additional Projects

Additional Resources

Key Terms
14-1
MCTS Guide to Microsoft Windows 7
14-2
Lecture Notes
Overview
Chapter 14 describes remote access in Windows 7. Students will learn about remote
access and remote control features in Windows 7. Next, students will learn about virtual
private networking features in Windows 7. Chapter 14 introduces DirectAccess
technology as an alternative to virtual private networking. Chapter 14 also explains how
Remote Desktop is used and how Remote Assistance supports users. In addition,
Chapter 14 describes BranchCache technology to minimize WAN traffic for remote
branch users. Finally, students will learn about Sync Center and Mobility Center.
Chapter Objectives
•
•
•
•
•
•
•
•
Understand remote access and remote control features in Windows 7
Understand virtual private networking features in Windows 7
Describe DirectAccess technology as an alternative to virtual private networking
Understand how Remote Desktop is used
Understand how Remote Assistance supports users
Describe BranchCache technology to minimize WAN traffic for remote branch users
Understand Sync Center
Describe Mobility Center
Teaching Tips
Remote Access and Remote Control Overview
1. Explain that remote access consists of a dedicated computer acting as a remote access
server and other computers (the mobile computers) configured to link to the server.
Remote access allows remote access clients to access resources local to the remote
access server.
2. Mention that remote control technologies are different from remote access.
3. Explain that remote client uses remote control software to send keyboard and mouse
commands to the computer being remotely controlled. Commands are processed on the
remote controlled computer. The remote client is sent a visual update of the screen from
the remotely controlled computer.
4. Use Figure 14-1 to explain the differences between remote access and remote control.
5. Use Table 14-1 to describe the main characteristics of remote access and remote
control.
MCTS Guide to Microsoft Windows 7
14-3
Remote Access Dial-Up Connectivity
1. Explain that remote clients connect to a remote access server through a Wide Area
Network (WAN). Windows 7 supports both analog and ISDN dial-up connections.
Teaching
Tip
Read more about Wide Area Network (WAN) at:
http://en.wikipedia.org/wiki/Wide_area_network.
Dial-Up Protocols
1. Explain that Windows 7 supports the industry standard Point-to-Point Protocol (PPP)
for end-to-end communications between a remote client and remote server using dial-up
connections
2. Mention that PPP has the ability to carry different protocols within PPP data packets
including TCP/IP data.
Teaching
Tip
Read more about Point-to-Point Protocol at:
http://www.tcpipguide.com/free/t_PointtoPointProtocolPPP.htm.
Analog Dial-Up Connections
1. Explain that the Public Switched Telephone Network (PSTN), also known as the Plain
Old Telephone System (POTS), is designed to carry human voices from one phone to
another as an analog signal.
Teaching
Tip
Read more about the Public Switched Telephone Network (PSTN) at:
http://communication.howstuffworks.com/telephone-country-codes1.htm.
2. Mention that an analog dial-up modem converts the computer’s digital information into
an analog form that is compatible with delivery over the PSTN.
3. Mention that the main disadvantage of analog dial-up is that it is slow, transferring
below 100,000 bits of data per second.
4. Mention that the remote access server must have one modem per dial-up client that is
connected at the same time. Each modem requires a separate phone line.
MCTS Guide to Microsoft Windows 7
14-4
5. Describe the following requirements to configure dial-up networking in Windows 7:
a. Install an analog dial-up modem in the client computer
b. Configure dialing rules for phone and modem options
c. Create a connection to a remote access server
d. Review dial-up connection properties
e. Configure optional advanced settings
6. Explain that analog dial-up modems must be installed and their supporting hardware
driver must be fully functional before any other configuration steps are performed.
7. Explain that Windows 7 can control the dialing process based on where a user and
computer are physically located by using dialing profiles. You must define at least one
location-based dialing profile. Dialing rules are defined through the Phone and Modem
Options Control Panel applet. Use Figures 14-2 and 14-3 to illustrate your explanation.
8. Explain that creating a connection to a remote access server requires the phone number
and usually a username and password. You must activate the Set up a connection or
network wizard. The remote access server’s dialing information must be known. Use
Figures 14-4 and 14-5 to illustrate your explanation.
9. Use Figures 14-6 and 14-7 to describe the steps to review the dial-up connection
properties, including:
a. Access the Network and Sharing Center from Control Panel and follow the link
to Manage network connections
b. Open the Network Connections window
c. Edit the properties of the dial-up connection
10. Use Figures 14-8 through 14-11 to describe the following dial-up connection properties
window tabs:
a. General tab
b. Options tab
c. Security tab
d. Networking tab
11. Use Figures 14-12 through 14-16 to describe how to configure a dial-up connection’s
optional advanced settings, which are as follows:
a. Remote Access Preferences
b. Operator-Assisted Dialing
c. Interactive Logon and Scripting
Quick Quiz 1
1. ____ consists of a dedicated computer acting as a remote access server and other
computers (the mobile computers) configured to link to the server.
Answer: Remote access
MCTS Guide to Microsoft Windows 7
14-5
2. Remote clients connect to a remote access server through a(n) ____ connection of some
type.
Answer: Wide Area Network (WAN)
Wide Area Network
WAN
3. ____ (PSTN) is designed to carry human voices from one phone to another as an analog
signal.
Answer: Public Switched Telephone Network
4. The “____” option opens a terminal window when the dial-up connection is being
established to allow the user to enter commands and settings directly to the remote
access server.
Answer: Show terminal window
Remote Access VPN Connectivity
1. Mention that data transmitted over the public network can be recorded or modified by
individuals with criminal or mischievous intent.
2. Explain that secure point-to-point connection can be created using VPN technology.
VPN technology is similar to remote access in that a server and client form the two
endpoints of a connection. It is different from a remote access connection in that it
protects the data transferred between its endpoints. Use Figure 14-17 to illustrate your
explanation.
Teaching
Tip
Read more about VPN at: http://technet.microsoft.com/enus/network/bb545442.aspx.
VPN Protocols
1. Explain that communication protocols, called tunneling protocols, manage the virtual
private link and encrypt the data it carries. Use Figure 14-21 to illustrate your
explanation.
2. Explain that Point-to-Point Tunneling Protocol (PPTP) allows IP-based networks to
deliver PPP packets by encapsulating them in IP packets. IP packets can be routed
through public networks. PPTP can be used with TCP/IPv4 and TCP/IPv6 networks.
Teaching
Tip
Read more about PPTP at:
http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol.
MCTS Guide to Microsoft Windows 7
14-6
3. Explain that Layer 2 Tunneling Protocol (L2TP) encapsulates PPP packets to be sent
over IP network connections. It started as a combination of PPTP and Layer 2
Forwarding (L2F) tunneling protocols. IPSec provides encryption for L2TP
connections. L2TP can be used with TCP/IPv4 and TCP/IPv6 networks.
Teaching
Tip
Read more about L2TP at:
http://www.cisco.com/warp/public/cc/pd/iosw/tech/l2pro_tc.htm.
4. Explain that Secure Socket Tunneling Protocol (SSTP) allows IP-based networks to
deliver traffic through firewalls that would otherwise block PPTP and L2TP traffic.
5. Explain that Internet Key Exchange v2 Tunneling Protocol (IKEv2) standardizes the
use of the IPSec protocol to establish a Security Association (SA) between the VPN
client and server.
6. Mention that IKEv2 Mobility and Multihoming Protocol (MOBIKE) allows a VPN
client to lose its network connection and still reconnect to its original SA once network
connectivity is restored.
Creating a VPN Connection
1. Describe the following points to consider before creating a VPN client connection:
a. A VPN server must identify if it is using a PPTP or L2TP connection.
b. Encryption and authentication methods used by the VPN client and server must
be compatible.
c. An IP connection path must exist between the VPN server and the VPN client.
d. A VPN client must know the address of the VPN server on the IP network.
2. Use Figures 14-19 through 14-21 to explain the steps needed to create a VPN
connection.
Configuring a VPN Connection
1. Mention that additional settings are available to refine the VPN connection’s properties.
You can use the Network Connections window to configure these settings.
2. Use Figures 14-22 through 14-28 to explain how to configure a VPN connection.
DirectAccess
1. Explain that Windows 7 can work together with Windows Server 2008 R2 to provide
DirectAccess. Users are provided with the same experience working remotely as they
would have working in the office.
2. Mention that DirectAccess activates itself before the user logs on the computer.
DirectAccess can limit which applications and resources the user is allowed to access.
MCTS Guide to Microsoft Windows 7
14-7
Remote Desktop
1. Explain that Remote Desktop Protocol (RDP) is designed to carry remote control
session data efficiently and securely between the client and server involved in a remote
control session.
2. Define Remote Desktop client as the software that is used to remotely control a
Windows 7 computer. It is available as a stand-alone client application and as a Web
client.
Teaching
Tip
Read more about RDP at: http://support.microsoft.com/kb/186607.
Stand-Alone Remote Desktop Client
1. Explain that the stand-alone form is the most commonly used version of the Remote
Desktop client.
2. Mention that Windows 7 includes a new version designed specifically for Windows 7
and Windows Server 2008 R2.
3. Describe the following improvements of this new version:
a. Support for Network Access Protection client updates
b. Bidirectional audio
c. Remote application task scheduler can automatically start remote applications
d. Ability to support up to 16 multiple monitors
e. Support for Aero glass
f. Ability to redirect Window Media Player to the client computer for decoding
and improved quality
4. Use Figures 14-29 through 14-33 to describe the following settings available for the
stand-alone Remote Desktop client:
a. General
b. Display
c. Local Resource
d. Program
e. Experience
f. Advanced
g. Command Line Options
RemoteApp and Remote Desktop Web Access
1. Explain that RemoteApp allows the publishing of remote applications.
2. Mention that Remote Desktop Web Access presents RemoteApps and remote
connections to the user in one Web-based resource.
MCTS Guide to Microsoft Windows 7
14-8
Remote Assistance
1. Explain that Remote Assistance allows a user to send an invitation to a remote user
using instant messaging or e-mail that invites them to remotely connect to the local
computer. They can establish a secure remote connection to view what is happening on
the desktop.
2. Mention that the local user can electronically chat with the person providing remote
assistance. The remote user can optionally be granted complete keyboard and mouse
control during the remote assistance session.
3. Explain that Remote Assistance can potentially give a remote user the ability to access
sensitive information and settings on a computer. Use Figure 14-34 to illustrate your
explanation.
4. Mention that an invitation to use remote assistance is password protected with a unique
password selected for that specific invitation.
5. Mention that the remote client can be running Windows XP or Windows Server 2003 at
a minimum.
6. Explain that the remote assistance control window has button controls to activate a chat
window, transfer files, and control sharing of the desktop. Use Figure 14-35 to illustrate
your explanation.
Teaching
Tip
Read more about Remote Assistance at:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/remotea
ssist/intro.mspx.
BranchCache
1. Explain that BranchCache allows remote office users to speed up their access to
information.
2. Mention that BranchCache requires that clients interact with servers running Windows
Server 2008 R2 as a minimum.
3. Describe the following two BranchCache operation methods:
a. Hosted Cache mode
b. Distributed Cache mode
4. Explain that servers at head office track the content of cached data using identifiers and
metadata.
MCTS Guide to Microsoft Windows 7
14-9
Sync Center
1. Mention that when a computer is portable, one of the problems is making sure a user
still has access to his/her data.
2. Explain that Windows 7 provides the Sync Center as a central control mechanism. Sync
Center window lists all of the data sources that need to be cached on the local computer.
Use Figure 14-36 to illustrate your explanation.
3. Mention that the resource must be compatible with the Sync Center to be available as an
item to track and synchronize.
Mobility Center
1. Explain that Windows 7 places controls for mobile computer features in one single
window, the Mobility Center.
2. Describe some of the typical controls found in the Mobility Center, including the
following:
a. Battery status and power management
b. Wireless network configuration
c. Display configuration
d. Synchronization settings
e. Presentation settings
Quick Quiz 2
1. ____ (PPTP) allows IP-based networks to deliver PPP packets by encapsulating them in
IP packets.
Answer: Point-to-Point Tunneling Protocol
2. The Remote Desktop ____ client is installed on the computer that will be remote
controlled and shared as a Web page to the Internet.
Answer: Web
3. The ____ feature allows a user to send an invitation to a remote user using instant
messaging or e-mail that invites them to remotely connect to the local computer.
Answer: Remote Assistance
4. Windows 7 places controls for mobile computer features in one single window, the
____ found in the computer’s Control Panel.
Answer: Mobility Center
MCTS Guide to Microsoft Windows 7
14-10
Class Discussion Topics
1. What are the differences between Remote Access and Remote Control? When should
you use each one?
2. What is a VPN? When should you use a VPN?
Additional Projects
1. Use the Internet to read more about Point-to-Point Protocol (PPP) and write a summary
report indicating the most important points.
2. Use the Internet to read more about EAP and Protected EAP and write a report
indicating the most important points. Your report should include the major advantages
and disadvantages of both protocols.
Additional Resources
1. Integrated Services Digital Network (ISDN):
http://www.ralphb.net/ISDN/
2. Point-to-Point Protocol:
http://www.cisco.com/en/US/docs/internetworking/technology/handbook/PPP.html
3. Point to Point Tunneling Protocol (PPTP) Technical Specifications:
http://support.3com.com/infodeli/tools/remote/general/pptp/pptp.htm
4. How Virtual Private Networks Work:
http://computer.howstuffworks.com/vpn.htm
5. Layer 2 Tunnel Protocol (L2TP):
https://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/l2tpT.html
6. IPsec:
http://technet.microsoft.com/en-us/network/bb531150.aspx
7. Remote Desktop Protocol:
http://msdn.microsoft.com/en-us/library/aa383015(VS.85).aspx
8. Frequently Asked Questions About Remote Desktop:
www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx
9. Step-by-Step Guide to Remote Assistance:
http://technet.microsoft.com/en-us/library/bb457004.aspx
MCTS Guide to Microsoft Windows 7
14-11
Key Terms
 analog—Information transmitted in a continuously variable form. Phone systems are an
example of an information system that uses analog data.
 authentication protocols—Routines used by servers to establish the identity of a
remote client attempting to connect and communicate with the server.
 BranchCache—Technology that allows user data from the corporate data center to be
buffered on branch servers or workstations for local client use. Local clients can access
cached data instead of retrieving it over the WAN again.
 certificate—Digital information that describes the identity of a user or computer. A
user or computer can inspect the certificate and decide if its validity can be trusted.
Certificates are issued by special servers called Certification Authorities (CA). If a user
or computer trusts a CA, then they typically trust the certificates issued by the CA.
 Challenge-Handshake Authentication Protocol (CHAP)—A more secure
authentication protocol than PAP. CHAP is used to periodically identify the client
identity without sending the actual password over the client and server data stream.
CHAP passwords are simple by design and do not support strong security methods. This
presents a security risk and therefore this authentication protocol is discouraged unless
the risk from communication eavesdropping is considered low.
 DirectAccess—A replacement for VPN access to corporate intranet data sources and
applications utilizing bidirectional IPv6 communication with a specialized DirectAccess
server. Workstations and users connect separately, allowing corporate IT administrators
to manage both.
 Extensible Authentication Protocol (EAP)—A modular standard for defining
authentication protocols that can be used to validate a computer or user. A product
developer can introduce a custom authentication protocol for their product if it is not
already included with Windows 7. EAP is available as an authentication standard with
dial-up, VPN, and wireless connections.
 hotspot—A geographic area where a Wi-Fi wireless signal from a Wireless Access
Point is available to wireless networking clients to enable network and/or Internet
access.
 HyperText Transport Protocol Secure (HTTPS)—An application protocol
commonly used to transfer TCP data in a secured session between a client and server.
Because this is a common protocol used with Web servers, many firewalls allow this
protocol to pass without blocking it.
 IKEv2 Mobility and Multihoming Protocol (MOBIKE)—A protocol designed to
work together with IKEv2 to allow a host involved in a secure IKEv2 initiated SA to
change its IP address, switch to a different network interface, or recover from a network
outage.
 Integrated Service Digital Network (ISDN)—A direct, digital dial-up connection to a
PSTN that operates at 64 KB per channel over regular twisted-pair cable between a
subscriber and the PSTN office.
 Internet Key Exchange version 2 (IKEv2) —An authentication protocol that
identifies the identity of both the client and server to each other. Once the identity of
both sides is established, one or more IPSec based SAs are established between them
for data transfer. IKEv2 is considered a strong authentication protocol.
MCTS Guide to Microsoft Windows 7
14-12
 IP-HTTPS—A protocol that allows a secure IP tunnel to be established with a secure
HTTP connection for the purpose of transporting IPv6 packets. An IP-HTTPS client
must initiate a connection to a configured IP-HTTPS server. The connection between
client and server is not likely to be stopped by a firewall because the HTTPS protocol is
not commonly blocked.
 IPSec—A protocol that is used to secure and authenticate IP connections.
 Layer 2 Tunneling Protocol (L2TP)—A protocol used to carry PPP packets through
IP networks.
 MOBIKE—See IKEv2 Mobility and Multihoming Protocol.
 MS-CHAP-v1&2—A Microsoft version of the Challenge-Handshake Authentication
Protocol (CHAP). MS-CHAP-v1 adds features to change the password during a session,
as well as limit authentication retries, between a client and server. MS-CHAP-v2 added
the ability for both sides to confirm each other’s identity instead of just the server
confirming the client’s identity.
 Password Authentication Protocol (PAP)—A simple authentication method that
establishes the identity of a remote client with the authentication password sent in the
data stream between the client and server. This presents a security risk and therefore
this authentication protocol is discouraged unless the risk from communication
eavesdropping is considered low.
 Plain Old Telephone System (POTS)—See Public Switched Telephone Network
(PSTN).
 Point-to-Point Protocol (PPP)—A network-layer transport protocol that manages
connectivity over serial or modem lines. PPP can negotiate any transport protocol used
by both systems involved in the link and can automatically assign TCP/IP settings.
 Point-to-Point Tunneling Protocol (PPTP)—A protocol used to carry PPP packets
through IP networks.
 Protected Extensible Authentication Protocol (PEAP)—An enhancement of EAP
that encrypts the entire EAP process. This protects all EAP communication before
authentication is performed.
 Public Switched Telephone Network (PSTN)—Provides a connection to subscribers
for dial-up devices such as analog or ISDN modems. Originally developed to connect
telephones and allow people to make analog phone calls.
 remote access—A system where clients are able to remotely connect to a network and
access resources as though the remote client is connected directly to the network.
 remote control—A system where clients are able to remotely connect to a server to run
applications and access data. Applications and files are accessed at the server and only
screen drawing commands are sent back to the client.
 Remote Desktop Protocol (RDP)—A protocol used to carry remote control data
between the remote control client and the remotely controlled computer.
 Remote Desktop (RD)—Terminal Services has been rebranded as Remote Desktop
Services in Windows Server 2008 R2.
 Routing and Remote Access (RRAS)—A service installed and configured on
Windows Server 2003 to allow remote clients and networks to connect to network
services local to the server. The Routing and Remote Access service must be configured
to support VPN connections, dial-up connections, and routed IP traffic from routers.
 Secure Socket Tunneling Protocol (SSTP)—A protocol that allows secure
communication between a VPN client and server using the SSL based encryption
methods of HTTPS. The connection between client and server is not likely to be
stopped by a firewall because the HTTPS protocol is not commonly blocked.
MCTS Guide to Microsoft Windows 7
14-13
 Security Association (SA)—A connection established between two computers for the
purpose of securely exchanging data. The connection is only allowed if both sides of the
connection know how to find each other on the network, agree on how to authenticate
their identities, and agree on how to encrypt and decrypt the data sent between them.
Any aspect of the SA connection may be renegotiated periodically to ensure that the
other side of the connection is still a valid communication partner.
 Serial Line IP (SLIP)—An implementation of the IP protocol over serial lines. SLIP
has been made obsolete by PPP.
 smart card—A small physical card that contains a processor and memory. The
processor is capable of interacting with a computer in which the card is plugged. The
most common use of a smart card is to store and validate personal security credentials
for a computer or user. The smart card can be physically removed and stored in a small
space, such as a wallet.
 Terminal Services (TS)—A service that can be installed on a computer running a
server-based operating system. Depending on licensing limits, multiple users can
connect to the Terminal Server and run applications on the Terminal Server using only a
remote control client. Each remote user is unaware that other users are also remote
controlling applications on the Terminal Server.
 virtual private network (VPN)—A remote access technology that creates an encrypted
tunnel for communication between the VPN client and a remote access server. VPN
connections are commonly used over the Internet to secure communication when
accessing office data from home.
 Wide Area Network (WAN)—A geographically dispersed network connected by
routers and communication links. The Internet is the largest WAN.
 X.25—A networking technology standard that defines packet switching networks used
for WAN connectivity.