1 / 35

MCTS Guide to Microsoft Windows 7

MCTS Guide to Microsoft Windows 7. Chapter 13 Enterprise Computing. Objectives. Understand Active Directory (AD) Use Group Policy to control Windows 7 Control device installation with Group Policy settings Plan enterprise deployments of Windows 7

terah
Download Presentation

MCTS Guide to Microsoft Windows 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCTS Guide to Microsoft Windows 7 Chapter 13 Enterprise Computing

  2. Objectives • Understand Active Directory (AD) • Use Group Policy to control Windows 7 • Control device installation with Group Policy settings • Plan enterprise deployments of Windows 7 • Describe enterprise deployment tools for Windows 7 • Use Windows Server Update Services (WSUS) to apply updates • Understand Network Access Protection

  3. Active Directory • Active Directory • Expands domain concept by linking: • Domains in logical structures named trees • Multiple trees into forests • Domain controllers • Servers holding a copy of Active Directory information • Authenticate users when they log on to a workstation • Respond to requests for other domain information such as printer information or application configuration • Clients use DNS to locate domain controllers • Member servers

  4. Active Directory Structure • Domain • Central security database used by all computers that are members of the domain • Information about user accounts and computers • Active Directory uses the same naming convention for domains and objects as DNS • Organizational Units (OUs) • Each domain can be subdivided into OUs • Allow you to organize the objects in a domain • Can be used for delegating management permissions • Used to apply Group Policies • Trees and Forests

  5. Joining a Domain • When a workstation joins a domain • Integrated into the security structure for the domain • Administration can be done centrally using Group Policy • Joining a workstation to a domain creates a computer account • After a workstation is joined to the domain • It synchronizes time with domain controllers in domain

  6. Group Policy • Group Policy • Centrally manage the configuration of a Windows 7 computer • Settings you can configure • Desktop settings, such as wallpaper and the ability to right-click • Security settings, such as the ability to log on locally • Logon, logoff, startup, and shutdown scripts • Folder redirection to store My Documents on a network server • Software distribution

  7. Controlling Device Installation • You can prevent/control device installation in Windows 7 • Example: • Prevent installation of USB-based storage to prevent data from leaving the premises • Types of devices you can control • CD and DVD • Custom Classes • Floppy Drives • Removable Disks • All Removable Storage classes • Tape Drives • Windows Portable Devices (WPD) • All Removable Storage classes

  8. Deployment Planning • Formal process for implementing Windows 7 should include the following steps: • Define the scope and goals of the project • Assess the existing computer systems • Plan the new computer system configuration • Determine a deployment process • Test the deployment process • Deploy Windows 7

  9. Scope and Goals • Organizations should not change computer systems for the sake of change • Must be significant benefits to the organization • Scope for a Windows 7 migration project defines which computers should be upgraded • Also defines the data to be migrated • Existing computer systems in organization must be evaluated • To ensure that they support Windows 7 • Evaluation is composed of two parts • Hardware evaluation • Software evaluation

  10. New Configuration • In some cases, the default configuration of Windows 7 is sufficient for organizational need • In many more cases, the organization customizes the default configuration of Windows 7 • To match its needs • Applications must also be selected as part of the configuration planning

  11. Deployment Process Selection • Can either upgrade existing operating system or do a clean installation • Upgrade retains all existing computer settings • User files, applications, and application settings • Clean installation allows standardized configuration • Rather than using existing settings • Potential installation methods • Boot from DVD • Run unattended setup from a network share or DVD • Imaging • Windows Deployment Services • Systems Management Server

  12. Test Deployment • You must thoroughly test the deployment process • First part of testing should be in a test lab • Then, perform a test pilot to designated users within the organization • Users and computers selected should be representative of the users and computers in the overall organization • In most cases, deployment: • Will not be over a single night or a single weekend • Will be by department, region, building, or floor • Breaking deployment into smaller phases reduces the risk of failure

  13. Enterprise Deployment Tools • Many tools are available to help in the deployment of Windows 7 • ImageX, Sysprep, Windows System Image Manager (WSIM), Windows PE, and Windows Easy Transfer • Additional tools • User State Migration Tool (USMT) and Windows Deployment Services (WDS) • USMT has a command-line interface that is appropriate for scripting in large scale deployments • System Center Configuration Manager (SCCM) and the Microsoft Deployment Toolkit (MDT) • VHD boot

  14. Windows Deployment Services • Windows Deployment Services (WDS) • An updated version of Remote Installation Services (RIS) • Automates the installation of Windows clients • WDS Requirements • Active Directory • DHCP • DNS • An NTFS partition on the WDS server • Windows Server 2003 SP1 with RIS installed • Administrative credentials

  15. VHD Boot • New feature in Windows 7 • Allows the operating system to be installed to and booted from a virtual hard disk (VHD) file instead of a disk partition • Useful for power users in large enterprises with a virtualized desktop environment • VHD boot can also be used to simplify dual booting

  16. Windows Server Update Services • Windows Server Update Services (WSUS) 3.0 • Server component • Contacts Microsoft Update and downloads updates • Rather than each client computer downloading updates • Very efficient for network utilization • Each update is downloaded only once and stored on the WSUS server • Client computers are configured to contact a WSUS server for updates

  17. WSUS Updates • WSUS obtains updates for the following products: • Windows clients and servers (including 64-bit) • Exchange Server • SQL Server • Microsoft Office • Microsoft Data Protection Manager • Microsoft ForeFront • Windows Live • Windows Defender

  18. Network Access Protection • Network Access Protection (NAP) • System that enforces requirements for client health • Before allowing client computers to connect to the network • Client and server components are required for NAP • NAP is not intended to block network intruders or protect the network from malicious users • Enforcement mechanisms integrated with NAP • IPSec; 802.1X; VPN; DHCP; RADIUS

  19. MCTS Guide to Microsoft Windows 7 Chapter 14 Remote Access

  20. Remote Access and Remote Control Overview • Remote access • Consists of: • Dedicated computer acting as a remote access server • Other computers (mobile computers) configured to link to the server • Allows remote access clients to access resources local to the remote access server • Link can be established over a dial-up connection or a TCP/IP network

  21. Remote Access and Remote Control Overview (cont'd.) • Remote control • Remote client uses remote control software to send keyboard and mouse commands • To the computer being remotely controlled • Commands are processed on the remote controlled computer • Remote client is sent a visual update of the screen from the remotely controlled computer

  22. Remote Access and Remote Control Overview (cont'd.)

  23. Remote Access and Remote Control Overview (cont'd.)

  24. Dial-Up Protocols • Windows 7 supports the industry standard Point-to-Point Protocol (PPP) • For end-to-end communications between a remote client and remote server using dial-up connections • PPP has the ability to carry different protocols within PPP data packets • Including TCP/IP data

  25. Analog Dial-Up Connections • Public Switched Telephone Network (PSTN) • Also called Plain Old Telephone System (POTS) • Designed to carry human voices from one phone to another as an analog signal • Analog dial-up modem • Converts digital information into analog form • Compatible with delivery over the PSTN • Main disadvantage of analog dial-up is that it is slow • Transferring below 100,000 bits of data per second

  26. Connections

  27. Remote Access VPN Connectivity • Data transmitted over the public network can be recorded or modified • By individuals with criminal or mischievous intent • Secure point-to-point connection can be created using VPN technology • VPN technology • Similar to remote access in that a server and client form the two endpoints of a connection • Different from a remote access connection in that it protects the data transferred between its endpoints

  28. VPN Protocols • Communication protocols • Called tunneling protocols • Manage virtual private link and encrypt its data • Point-to-Point Tunneling Protocol (PPTP) • Allows IP-based networks to deliver PPP packets by encapsulating them in IP packets • IP packets can be routed through public networks • PPTP can be used with TCP/IPv4 and TCP/IPv6 networks • Layer 2 Tunneling Protocol (L2TP) • Encapsulates PPP packets to be sent over IP network connections • IPSec provides encryption for L2TP connections • L2TP can be used with TCP/IPv4 and TCP/IPv6 networks • Secure Socket Tunneling Protocol (SSTP) • Allows IP-based networks to deliver traffic through firewalls that would otherwise block PPTP and L2TP

  29. Creating a VPN Connection

  30. Remote Desktop • Remote Desktop Protocol (RDP) • Designed to carry remote control session data efficiently and securely • Between the client and server involved in a remote control session • Remote Desktop client • Software that is used to remotely control a Windows 7 computer • Available as a stand-alone client application and as a Web client

  31. Stand-Alone Remote Desktop Client • Most commonly used version of the client • New version designed specifically for Windows 7 and Windows Server 2008 R2 • Improvements include: • Support for Network Access Protection client updates • Bidirectional audio • Remote application task scheduler can automatically start remote applications • Ability to support up to 16 multiple monitors • Support for Aero glass

  32. Remote Assistance • Allows a user to send an invitation to a remote user using instant messaging or e-mail • Invites them to remotely connect to the local computer • They can establish a secure remote connection to view what is happening on the desktop • Local user can electronically chat with the person providing remote assistance • Remote user can optionally be granted complete keyboard and mouse control • During the remote assistance session

  33. Remote Assistance (cont'd.) • Windows Remote Assistance wizard • Accessed by clicking Windows Remote Assistance link in Help and Support • Can give a remote user the ability to access sensitive information and settings on a computer • Invitation to use remote assistance is password protected • Unique password selected for that specific invitation

  34. Sync Center • Sync Center allows mobile users to quickly and easily synchronize network content on the mobile computer • When a computer is portable, one of the problems is making sure a user still has access to his/her data • Windows 7 provides Sync Center as a central control mechanism • Sync Center window lists all of the data sources that need to be cached on the local computer • Resource must be compatible with the Sync Center to be available as an item to track and synchronize

  35. Mobility Center • Windows 7 places controls for mobile computer features in one single window • Mobility Center is a feature available only on Mobile computer • Typical controls found in Mobility Center include: • Battery status and power management • Wireless network configuration • Display configuration • Synchronization settings • Presentation settings

More Related