Windows 7 Resource Kit- P25

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

lượt xem

Windows 7 Resource Kit- P25

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows 7 resource kit- p25', công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:

Nội dung Text: Windows 7 Resource Kit- P25

  1. n High Similar to the severe rating, but slightly less damaging . You should always remove this software . n Medium Assigned to potentially unwanted software that might compromise your privacy, affect your computer’s performance, or display advertising . In some cases, software classified at a Medium alert level might have legitimate uses . Evaluate the software before allowing it to be installed . n low Assigned to potentially unwanted software that might collect information about you or your computer or change how your computer works but operates in agree- ment with licensing terms displayed when you installed the software . This software is typically benign, but it might be installed without the user’s knowledge . For example, remote control software might be classified as a Low alert level because it could be used legitimately, or it might be used by an attacker to control a computer without the owner’s knowledge . n Not yet classified Programs that haven’t yet been analyzed . Understanding Microsoft SpyNet Microsoft’s goal is to create definitions for all qualifying software . However, thousands of new applications are created and distributed every day, some of which have behaviors unwanted by some people . Because of the rapid pace of newly released software, people can possibly encounter potentially unwanted software that Microsoft has not yet classified . In these cases, Windows Defender should still warn the user if the software takes a potentially undesirable action such as configuring itself to start automatically each time the computer is restarted . To help users determine whether to allow application changes (detected by real-time protection) when prompted, Windows Defender contacts Microsoft SpyNet to determine how other users have responded when prompted about the same software . If the change is part of a desired software installation, most users will have approved the change, and Windows Defender can use the feedback from SpyNet when informing the user about the change . If the change is unexpected (as it would be for most unwanted software), most users will not approve the change . Two levels of SpyNet participation are available: n Basic Windows Defender sends only basic information to Microsoft, including where the software came from, such as the specific URL, and whether the user or Windows Defender allowed or blocked the item . With basic membership, Windows Defender does not alert users if it detects software or changes made by software that has not yet been analyzed for risks . Although personal information might possibly be sent to Microsoft with either basic or advanced SpyNet membership, Microsoft will not use this information to identify or contact the user . Using Windows Defender CHapTER 24 1153 Please purchase PDF Split-Merge on to remove this watermark.
  2. note For more information about what information might be transferred and how Microsoft might use it, view the Windows Defender privacy statement online at n Advanced Advanced SpyNet membership is intended for users who have an understanding of the inner workings of the operating system and might be able to evaluate whether the changes an application is making are malicious . The key difference between basic and advanced membership is that with advanced membership, Windows Defender will alert users when it detects software or changes that have not yet been analyzed for risks . Also, advanced membership sends additional information to SpyNet, including the location of the software on the local computer, filenames, how the soft- ware operates, and how it has affected the computer . You can configure your SpyNet level by clicking Microsoft SpyNet on the Windows Defender Tools page . In addition to providing feedback to users about unknown software, SpyNet is also a valu- able resource to Microsoft when identifying new malware . Microsoft analyzes information in SpyNet to create new definitions . In turn, this helps slow the spread of potentially unwanted software . Configuring Windows Defender Group policy You can configure some aspects of Windows Defender Group Policy settings . Windows De- fender Group Policy settings are located in Computer Configuration\Administrative Templates \Windows Components\Windows Defender . From that node, you can configure the following settings: n Turn On Definition Updates Through Both WSUS And Windows Update Enabled by default, this setting configures Windows Defender to check Windows Update when a WSUS server is not available locally . This can help ensure that mobile clients, who might not regularly connect to your local network, can receive all new signature updates . If you disable this setting, Windows Defender checks for updates using only the setting defined for the Automatic Updates client—either an internal WSUS server or Windows Update . For more information about WSUS and distributing updates, read Chapter 23, “Managing Software Updates .” 1154 CHapTER 24 Managing Client Protection Please purchase PDF Split-Merge on to remove this watermark.
  3. diReCt FRoM tHe SoURCe Analysis of Potentially Unwanted Software Sterling Reasor, program Manager Windows Defender K eeping up to date with the current malware definitions can help protect your computer from harmful or potentially unwanted software. Microsoft has taken several steps to create definition updates, including gathering new samples of suspicious files, observing and testing the samples, and performing a deep analy- sis. If we determine that the sample does not follow our criteria, its alert level is determined and the software is added to the software definitions and released to customers. For more information, visit /software/msft/analysis.mspx. n Turn On Definition Updates Through Both WSUS And The Microsoft Malware Protection Center Provides similar functionality to the previous Group Policy set- ting, but clients download updates from a different site . You should set these two policies to the same value unless the computer has no access to the Internet and relies only on an internal WSUS server . n Check For New Signatures Before Scheduled Scans Disabled by default, you can enable this setting to cause Windows Defender to always check for updates prior to a scan . This helps ensure that Windows Defender has the most up-to-date signatures . When you disable this setting, Windows Defender still downloads updates on a regular basis but will not necessarily check immediately prior to a scan . n Turn Off Windows Defender Enable this setting to turn off Windows Defender real-time protection and to remove any scheduled scans . You should enable this setting only if you are using different anti-malware software . If Windows Defender is turned off, users can still run the tool manually to scan for potentially unwanted software . n Turn Off Real-Time Monitoring If you enable this policy setting, Windows Defender does not prompt users to allow or block unknown activity . If you disable or do not con- figure this policy setting, by default Windows Defender prompts users to allow or block unknown activity on their computers . n Turn Off Routinely Taking Action By default, Windows Defender will take action on all detected threats automatically after about ten minutes . Enable this policy to configure Windows Defender to prompt the user to choose how to respond to a threat . Using Windows Defender CHapTER 24 1155 Please purchase PDF Split-Merge on to remove this watermark.
  4. n Configure Microsoft SpyNet Reporting SpyNet is the online community that helps users choose how to respond to potential spyware threats that Microsoft has not yet classified by showing users how other members have responded to an alert . When enabled and set to Basic or Advanced, Windows Defender will display information about how other users responded to a potential threat . When enabled and set to Basic, Windows Defender will also submit a small amount of information about the poten- tially malicious files on the user’s computer . When set to Advanced, Windows Defender will send more detailed information . If you enable this setting and set it to No Member- ship, SpyNet will not be used, and the user will not be able to change the setting . If you leave this setting Disabled (the default), SpyNet will not be used unless the user changes the setting on his local computer . The Microsoft Malware Protection Center recommends that this setting be set to Advanced to provide their analysts with more complete infor- mation on potentially unwanted software . Windows Defender Group Policy settings are defined in WindowsDefender .admx, which is included with Windows 7 . For more information about using Group Policy administrative templates, read Chapter 14, “Managing the Desktop Environment .” Configuring Windows Defender on a Single Computer Besides the settings that you can configure by using Group Policy, Windows Defender in- cludes many settings that you can configure only by using the Windows Defender Options page on a local computer . To open the Options page, start Windows Defender by searching the Start menu, selecting Tools, and then selecting Options . Some of the settings you can configure from this page include: n Frequency and time of automatic scans n The security agents that are scanned automatically n Specific files and folders to be excluded from scans n Whether non-administrators can run Windows Defender Because you cannot easily configure these settings with Group Policy settings, Windows Defender might not be the right choice for enterprise spyware control . How to Determine Whether a Computer Is Infected with Spyware Several signs indicate whether a computer is infected with spyware . You should train users in your environment to notice these changes and call your Support Center if they suspect a malware infection: n A new, unexpected application appears . n Unexpected icons appear in the system tray . n Unexpected notifications appear near the system tray . 1156 CHapTER 24 Managing Client Protection Please purchase PDF Split-Merge on to remove this watermark.
  5. n The Web browser home page, default search engine, or favorites change . n The mouse pointer changes . n New toolbars appear, especially in Web browsers . n The Web browser displays additional advertisements when visiting a Web page, or pop-up advertisements appear when the user is not using the Web . n When the user attempts to visit a Web page, she is redirected to a completely different Web page . n The computer runs more slowly than usual . This can be caused by many different problems, but spyware is one of the most common causes . Some spyware might not have any noticeable symptoms, but it still might compromise private information . For best results, run Windows Defender real-time protection with daily quick scans . Best practices for Using Windows Defender To receive the security benefits of Windows Defender while minimizing the costs, follow these best practices: n Teach users how malware works and the problems that malware can cause . In particular, focus on teaching users to avoid being tricked into installing malware by social engi- neering attacks . n Before deploying Windows 7, test all applications with Windows Defender enabled to ensure that Windows Defender does not alert users to normal changes the application might make . If a legitimate application does cause warnings, add the application to the Windows Defender allowed list . n Change the scheduled scan time to meet the needs of your business . By default, Windows Defender scans at 2 A .M . If third-shift staff uses computers overnight, you might want to find a better time to perform the scan . If users turn off their computers when they are not in the office, you should schedule the scan to occur during the day . Although the automatic quick scan can slow computer performance, it typically takes fewer than 10 minutes, and users can continue working . Any performance cost typically is outweighed by the security benefits . n Use WSUS to manage and distribute signature updates . n Use antivirus software with Windows Defender . Alternatively, you might disable Windows Defender completely and use client security software that provides both antispyware and antivirus functionality . n Do not deploy Windows Defender in enterprises . Instead, use Microsoft Forefront or a third-party client security suite that can be managed more easily in enterprise environments . Using Windows Defender CHapTER 24 1157 Please purchase PDF Split-Merge on to remove this watermark.
  6. How to Troubleshoot problems with Unwanted Software A spyware infection is rarely a single application; most successful malware infections automat- ically install several, even dozens, of additional applications . Some of those applications might be straightforward to remove . However, if even a single malicious application remains, that remaining malware application might continue to install other malware applications . If you detect a problem related to spyware and other potentially unwanted software, follow these steps to troubleshoot it: 1. Perform a quick scan and remove any potentially unwanted applications . Then, imme- diately perform a full scan and remove any additional potentially malicious software . The full scan can take many hours to run . Windows Defender will probably need to restart Windows . 2. If the software has made changes to Internet Explorer, such as adding unwanted add- ons or changing the home page, refer to Chapter 20 for troubleshooting information . 3. Run antivirus scans on your computer, such as that available from . Often, spyware might install software that is classified as a virus, or the vulnerability exploited by spyware might also be exploited by a virus . Windows Defender does not detect or remove viruses . Remove any viruses installed on the computer . 4. If you still see signs of malware, install an additional antispyware and antivirus applica- tion from a known and trusted vendor . With complicated infections, a single anti- malware tool might not be able to remove the infection completely . Your chances of removing all traces of malware increase by using multiple applications, but you should not configure multiple applications to provide real-time protection . 5. If problems persist, shut down the computer and use the Startup Repair tool to per- form a System Restore . Restore the computer to a date prior to the malware infection . System Restore will typically remove any startup settings that cause malware applica- tions to run, but it will not remove the executable files themselves . Use this only as a last resort: Although System Restore will not remove a user’s personal files, it can cause problems with recently installed or configured applications . For more information, see Chapter 29, “Configuring Startup and Troubleshooting Startup Issues .” These steps will resolve the vast majority of malware problems . However, when malware has run on a computer, you can never be certain that the software is removed completely . In particular, malware known as rootkits can install themselves in such a way that they are dif- ficult to detect on a computer . In these circumstances, if you cannot find a way to confidently remove the rootkit, you might be forced to reformat the hard disk, reinstall Windows, and then restore user files using a backup created prior to the infection . 1158 CHapTER 24 Managing Client Protection Please purchase PDF Split-Merge on to remove this watermark.
  7. Network Access Protection Many organizations have been affected by viruses or worms that entered their private net- works through a mobile PC and quickly infected computers throughout the organization . Windows Vista, when connecting to a Windows Server 2008 infrastructure, supports Network Access Protection (NAP) to reduce the risks of connecting unhealthy computers to private networks directly or across a VPN . If a NAP client computer lacks current security updates or virus signatures—or otherwise fails to meet your requirements for computer health—NAP blocks the computer from having unlimited access to your private network . If a computer fails to meet the health requirements, it will be connected to a restricted network to download and install the updates, antivirus signatures, or configuration settings that are required to comply with current health requirements . Within minutes, a potentially vulnerable computer can be updated, have its new health state validated, and then be granted unlimited access to your network . NAP is not designed to secure a network from malicious users . It is designed to help administrators maintain the health of the computers on the network, which in turn helps maintain the network’s overall integrity . For example, if a computer has all the software and configuration settings that the health requirement policy requires, the computer is consid- ered compliant, and it will be granted unlimited access to the network . NAP does not prevent an authorized user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behavior . NAP has three important and distinct aspects: n Network policy validation When a user attempts to connect to the network, the computer’s health state is validated against the network access policies as defined by the administrator . Administrators can then choose what to do if a computer is not compliant . In a monitoring-only environment, all authorized computers are granted access to the network even if some do not comply with health requirement policies, but the compliance state of each computer is logged . In an isolation environment, computers that comply with the health requirement policies are allowed unlimited access to the network, but computers that do not comply with health requirement policies or are not compatible with NAP are placed on a restricted network . In both environments, administrators can define exceptions to the validation process . NAP also includes migration tools to make it easier for administrators to define exceptions that best suit their network needs . n Health requirement policy compliance Administrators can help ensure compli- ance with health requirement policies by choosing to automatically update noncom- pliant computers with the required updates through management software, such as Microsoft System Center Configuration Manager . In a monitoring-only environment, computers will have access to the network even before they are updated with required software or configuration changes . In an isolation environment, computers that do not comply with health requirement policies have limited access until the software and Network Access Protection CHapTER 24 1159 Please purchase PDF Split-Merge on to remove this watermark.
  8. configuration updates are completed . Again, in both environments, the administrator can define policy exceptions . n limited access for noncompliant computers Administrators can protect network assets by limiting the access of computers that do not comply with health require- ment policies . Computers that do not comply will have their network access limited as defined by the administrator . That access can be limited to a restricted network, to a single resource, or to no internal resources at all . If an administrator does not configure health update resources, the limited access will last for the duration of the connection . If an administrator configures health update resources, the limited access will last only until the computer is brought into compliance . NAP is an extensible platform that provides an infrastructure and an application program- ming interface (API) set for adding features that verify and remediate a computer’s health to comply with health requirement policies . By itself, NAP does not provide features to verify or correct a computer’s health . Other features, known as system health agents (SHAs) and system health validators (SHVs), provide automated system health reporting, validation, and remediation . Windows Vista, Windows Server 2008, and Windows 7 include an SHA and an SHV that allow the network administrator to specify health requirements for the services monitored by the Windows Security Center . When troubleshooting client-side problems related to NAP, open Event Viewer and browse the Applications And Services Logs\Microsoft\Windows\Network Access Protection Event Log . For more information about configuring a NAP infrastructure with Windows Server 2008, read Chapters 14 through 19 of Windows Server 2008 Networking and Network Access Protec- tion by Joseph Davies and Tony Northrup (Microsoft Press, 2008) . Forefront Forefront is enterprise security software that provides protection from malware in addition to many other threats . Whereas Windows Defender is designed for consumers and small businesses, Forefront is designed to be deployed and managed efficiently throughout large networks . Forefront products are designed to provide defense-in-depth by protecting desktops, laptops, and server operating systems . Forefront currently consists of the following products: n Microsoft Forefront Client Security (FCS) n Microsoft Forefront Security for Exchange Server (formerly called Microsoft Antigen for Exchange) n Microsoft Forefront Security for SharePoint (formerly called Antigen for SharePoint) n Microsoft Forefront Security for Office Communications Server (formerly called Antigen for Instant Messaging) n Microsoft Intelligent Application Gateway (IAG) n Microsoft Forefront Threat Management Gateway (TMG) 1160 CHapTER 24 Managing Client Protection Please purchase PDF Split-Merge on to remove this watermark.
  9. Of these products, only FCS would be deployed to client computers . The other products typically would be deployed on servers to protect applications, networks, and infrastructure . Enterprise management of anti-malware software is useful for: n Centralized policy management . n Alerting and reporting on malware threats in your environment . n Comprehensive insight into the security state of your environment, including security update status and up-to-date signatures . Forefront provides a simple user interface for creating policies that you can distribute automatically to organizational units and security groups by using GPOs . Clients also centrally report their status so that administrators can view the overall status of client security in the enterprise . With Forefront, administrators can view statistics ranging from domain-wide to specific groups of computers or individual computers to understand the impact of specific threats . In other words, if malware does infect computers in your organization, you can easily discover the infection, isolate the affected computers, and then take steps to resolve the problems . Forefront also provides a client-side user interface . Similar to Windows Defender, Forefront can warn users if an application attempts to make potentially malicious changes, or if it detects known malware attempting to run . The key differences between Defender and Forefront are: n Forefront is managed centrally Forefront is designed for use in medium-sized and large networks . Administrators can use the central management console to view a summary of current threats and vulnerabilities, computers that need to be updated, and computers that are currently having security problems . Windows Defender is designed for home computers and small offices only, and threats must be managed on local computers . n Forefront is highly configurable You can configure automated responses to alerts, and, for example, prevent users from running known malware instead of giving them the opportunity to override a warning as they can do with Windows Defender . n Forefront protects against all types of malware Windows Defender is designed to protect against spyware . Forefront protects against spyware, viruses, rootkits, worms, and Trojan horses . If you use Windows Defender, you need another application to protect against the additional threats . n Forefront can protect a wider variety of Windows platforms Forefront is de- signed to protect computers running Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 . Windows Defender can protect only computers running Windows XP, Windows Vista, and Windows 7 . Like Windows Defender, Forefront supports using Microsoft Update and WSUS to distribute updated signatures to client computers, but Forefront also supports using third-party software distribution systems . For more information about Forefront, visit . Also, explore the Microsoft TechNet Virtual Labs at . Forefront CHapTER 24 1161 Please purchase PDF Split-Merge on to remove this watermark.
  10. note Microsoft offers a third client security solution: Windows Live OneCare. Windows Live OneCare is designed to help protect home computers and small businesses with antivirus protection, antispyware protection, improved firewall software, performance monitoring, and backup and restore assistance. For more information, visit Summary Windows 7 is designed to be secure by default, but default settings don’t meet everyone’s needs . Additionally, the highly secure default settings can cause compatibility problems with applications not written specifically for Windows 7 . For these reasons, it’s important that you understand the client-security technologies built into Windows 7 and how to configure them . One of the most significant security features is UAC . By default, both users and administra- tors are limited to standard user privileges, which reduces the damage that malware could do if it were to start a process successfully in the user context . If an application needs elevated privileges, UAC prompts the user to confirm the request or to provide administrator creden- tials . Because UAC changes the default privileges for applications, it can cause problems with applications that require administrative rights . To minimize these problems, UAC provides file and registry virtualization that redirects requests for protected resources to user-specific locations that won’t impact the entire system . AppLocker provides similar functionality to Software Restriction Policies available in earlier versions of Windows . However, AppLocker’s publisher rules provide more flexible control and enable administrators to create a single rule that allows both current and future versions of an application without the risks of a path rule . Additionally, AppLocker includes auditing to en- able administrators to identify applications that require rules and to test rules before enforc- ing them . Microsoft also provides Windows Defender for additional protection from spyware and other potentially unwanted software . Windows Defender uses signature-based and heuristic antispyware detection . If it finds malware on a computer, it gives the user the opportunity to prevent it from installing or to remove it if it is already installed . Windows Defender isn’t de- signed for enterprise use, however . For improved manageability and protection against other forms of malware (including viruses and rootkits), use Forefront or another similar enterprise client-security solution . Additional Resources These resources contain additional information and tools related to this chapter . n Chapter 2, “Security in Windows 7,” includes an overview of malware . 1162 CHapTER 24 Managing Client Protection Please purchase PDF Split-Merge on to remove this watermark.
  11. n Chapter 4, “Planning Deployment,” includes more information about application compatibility . n Chapter 20, “Managing Windows Internet Explorer,” includes more information about protecting Internet Explorer . n Chapter 23, “Managing Software Updates,” includes information about deploying WSUS . n Chapter 26, “Configuring Windows Firewall and IPsec,” includes more information about Windows Service Hardening . n Chapter 29, “Configuring Startup and Troubleshooting Startup Issues,” includes infor- mation about running System Restore . n “Behavioral Modeling of Social Engineering–Based Malicious Software” at 8785-689cf6a05c73 includes information about social engineering attacks . n “Windows 7 Security Compliance Management Toolkit” at /fwlink/?LinkId=156033 provides detailed information about how to best configure Windows 7 security for your organization . n “Microsoft Security Intelligence Report” at /details.aspx?FamilyID=aa6e0660-dc24-4930-affd-e33572ccb91f includes information about trends in the malicious and potentially unwanted software landscape . n “Malware Removal Starter Kit” at /details.aspx?FamilyID=6cd853ce-f349-4a18-a14f-c99b64adfbea . n “Applying the Principle of Least Privilege to User Accounts on Windows XP” at . n “Fundamental Computer Investigation Guide for Windows” at /downloads/details.aspx?FamilyId=71B986EC-B3F1-4C14-AC70-EC0EB8ED9D57 . n “Security Compliance Management Toolkit Series” at /downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e. On the Companion Media n DeleteCertificate .ps1 n FindCertificatesAboutToExpire .ps1 n FindExpiredCertificates .ps1 n Get-Certificates .ps1 n Get-DefenderStatus .ps1 n Get-ForefrontStatus .ps1 n InspectCertificate .ps1 n ListCertificates .ps1 Additional Resources CHapTER 24 1163 Please purchase PDF Split-Merge on to remove this watermark.
  12. Please purchase PDF Split-Merge on to remove this watermark.
  13. PAR T V Networking CHAPTER 25 Configuring Windows Networking 1167 CHAPTER 26 Configuring Windows Firewall and IPsec 1227 CHAPTER 27 Connecting Remote Users and Networks 1293 CHAPTER 28 Deploying IPv6 1371 Please purchase PDF Split-Merge on to remove this watermark.
  14. Please purchase PDF Split-Merge on to remove this watermark.
  15. CHAPTER 25 Configuring Windows Networking n Usability Improvements 1167 n Manageability Improvements 1174 n Core Networking Improvements 1184 n Improved APIs 1205 n How to Configure Wireless Settings 1210 n How to Configure TCP/IP 1216 n How to Connect to AD DS Domains 1223 n Summary 1224 n Additional Resources 1225 T he Windows 7 operating system builds on the networking features introduced previ- ously in Windows Vista and improves them . This chapter discusses how Windows 7 addresses the concerns of a modern network, how you can configure and manage these new features, and how you can deploy Windows 7 to take advantage of modern, flexible networking . Usability Improvements Improving the usability of Windows 7 helps both users and administrators . Users benefit because they can get more done in less time, and administrators benefit because users make fewer support calls . The sections that follow describe important networking usability improvements first introduced in Windows Vista and improved in Windows 7, including Network And Sharing Center, Network Explorer, the Network Map, and the Set Up A Connection Or Network Wizard . Understanding these features will help you to use them effectively and guide you through many common network configuration and troubleshooting tasks . 1167 Please purchase PDF Split-Merge on to remove this watermark.
  16. Network and Sharing Center Improved Network And Sharing Center in Windows 7, shown in Figure 25-1, provides a clear view of available wireless networks, a Network Map to show the surrounding network resources on a home or unmanaged network, and easy methods to create or join ad hoc wireless networks . Diagnostic tools built into Network And Sharing Center simplify troubleshooting connectivity problems . Users can also browse network resources with the new Network Explorer, which they can start by clicking the network . FIgURE 25-1 Network And Sharing Center simplifies network management for users . If a network connection is not available, such as a failed Internet connection (even if the link connected to the computer is functioning), Network And Sharing Center detects this failure and displays it graphically on the abbreviated version of the Network Map, shown in Figure 25-2 . Users can troubleshoot the problem simply by clicking the failed portion of the Network Map to start Windows Network Diagnostics . For more information, read Chapter 31, “Troubleshooting Network Issues .” FIgURE 25-2 Network And Sharing Center automatically detects problems and can assist users with diagnosis and troubleshooting . 1168 CHapTER 25 Configuring Windows Networking Please purchase PDF Split-Merge on to remove this watermark.
  17. To open Network And Sharing Center, click the network icon in the notification area and then click Open Network And Sharing Center . Alternatively, you can open Control Panel, click Network And Internet, and then click Network And Sharing Center . Network Explorer Like My Network Places in Windows XP, Network Explorer (also known as the Network folder) allows users to browse resources on the local network . However, Network Explorer is more powerful than My Network Places, largely because of the Network Discovery support built into Windows Vista and Windows 7 (described later in this section) . To open Network Explorer, click a network from within Network And Sharing Center . As shown in Figure 25-3, Network Explorer displays other visible computers and network devices . Users can access network resources simply by double-clicking them . FIgURE 25-3 Network Explorer allows users to browse local resources . The following sections discuss how different aspects of Network Explorer function, includ- ing Network Discovery and the Network Map . How Windows Finds Network Resources Versions of Windows prior to Windows Vista use NetBIOS broadcasts to announce their presence on the network to facilitate finding shared resources in workgroup environments . Windows Vista and Windows 7 expand this capability with a feature called Network Discovery, also known as Function Discovery (FD) . Network Discovery’s primary purpose is to simplify configuring and connecting network devices in home and small office environments . For example, Network Discovery can enable the Media Center feature to detect a Media Center Extender device (such as an Xbox 360) when it is connected to the network . Network Discovery can be enabled or disabled separately for different network location types . For example, Network Discovery is enabled by default on networks with the private Usability Improvements CHapTER 25 1169 Please purchase PDF Split-Merge on to remove this watermark.
  18. location type, but it is disabled on networks with the public or domain location types . By properly configuring network location types (described later in this chapter), computers running Windows Vista and Windows 7 in your environment can take advantage of Network Discovery when connected to your internal networks but minimize security risks by disabling Network Discovery when connected to other networks, such as the Internet . You might want to leave Network Discovery enabled for some network location types so that users can more easily find network resources on your intranet that aren’t listed in Active Directory Domain Services (AD DS) and so that users with mobile PCs can configure network devices more easily on their home networks or when traveling . Although Network Discovery is preferred, Windows Vista and Windows 7 continue to use the Computer Browser service and NetBIOS broadcasts to find earlier versions of Windows computers on the network . In addition, Windows Vista and Windows 7 use the Function Discovery Provider Host service and Web Services Dynamic Discovery (WS-Discovery) to find other Windows Vista and Windows 7 computers and use Universal Plug and Play (UPnP)/ Simple Service Discovery Protocol (SSDP) to find networked devices that support the proto- cols . Therefore, enabling Network Discovery creates exceptions for each of these protocols through Windows Firewall . WS-Discovery is a multicast discovery protocol developed by Microsoft, BEA, Canon, Intel, and webMethods to provide a method for locating services on a network . To find network resources, computers running Windows Vista and Windows 7 send a multicast request for one or more target services, such as shared folders and printers . Then, any computers on the local network with shared resources that match the request use WS-Discovery to respond to the message . To minimize the need for clients to regularly send requests to find new resources, newly published resources announce themselves on the network, as described in the next section . WS-Discovery uses Simple Object Access Protocol (SOAP) over UDP port 3702 . The multi- cast address is 239 .255 .255 .250 for IPv4 and FF2::C for IPv6 . How Windows publishes Network Resources When you share a network resource, such as a folder or printer, Windows communicates using several protocols to make other computers on the network aware of the resource . To communicate with versions of Windows prior to Windows Vista, the Server service notifies the Computer Browser service when new shares are created or deleted, and the Computer Browser service sends the announcements over NetBIOS . To announce resources to other computers running Windows Vista and Windows 7 using WS-Discovery, Windows 7 uses the Function Discovery Resource Publication (FDRP) service . Although FD is responsible for discovering shared resources on a network when the computer is acting as a client, FDRP is responsible for announcing resources when the computer is acting as a server . The primary functions are: n Sends a HELLO message for each registered resource on service startup . 1170 CHapTER 25 Configuring Windows Networking Please purchase PDF Split-Merge on to remove this watermark.
  19. n Sends a HELLO message whenever a new resource is registered . Responds to network probes for resources matching one of the registered resources by type . n Resolves network requests for resources matching one of the registered resources by name . n Sends a BYE message whenever a resource is unregistered . n Sends a BYE message for each registered resource on service shutdown . The HELLO message includes the following information: n Name n Description n Whether the computer is part of a workgroup or domain n Computer type, such as desktop, laptop, tablet, Media Center, or server n Whether Remote Desktop is enabled and allowed through Windows Firewall n Folder and printer shares with at least Read access for Everyone if file sharing is en- abled and allowed through Windows Firewall . Specifically, administrative shares are not announced . For each share, the following information is included: • Path • If applicable, the folder type (such as documents, pictures, music, or videos) • The share permissions assigned to the Everyone special group FDRP is primarily intended for home networks, where ease of use is typically a requirement and networks are unmanaged . In corporate computing environments, where there can be a large number of computers on a single subnet and the network is managed, FDRP is not recommended because the traffic might become a nuisance . By default, FDRP is enabled in a workgroup and disabled in a domain environment . How Windows Creates the Network Map Windows creates the Network Map in part by using the Link Layer Topology Discovery (LLTD) protocol . As the name suggests, LLTD functions at Layer 2 (the layer devices use to communicate on a LAN) and enables network devices to identify each other, learn about the network (including bandwidth capabilities), and establish communications (even if devices are not yet configured with IP addresses) . Typically, you do not need to manage LLTD directly . However, you can configure two Group Policy settings located within Computer Configuration\Policies\Administrative Templates\Network \Link Layer Topology Discovery: n Turn on Responder (RSPNDR) Driver This setting enables computers to be discovered on a network and to participate in Quality of Service (QoS) activities, such as bandwidth estimation and network health analysis . You can choose to enable the responder driver while connected to networks of the domain, public, or private location type . Windows enables the responder driver for all networks by default . Usability Improvements CHapTER 25 1171 Please purchase PDF Split-Merge on to remove this watermark.
  20. n Turn on Mapper I/O (llTDIO) Driver This setting enables a computer to discover the topology of the local network and to initiate QoS requests . You can choose to en- able the mapper driver while connected to networks of the domain, public, or private location type . This option is enabled for all networks by default . Windows enables the mapper driver for all networks by default . Figure 25-4 illustrates how the LLTD responder and mapper relate to other networking components . Network Map Function Discovery Mapper Service LLTD LLTD IP Mapper Responder Driver Driver NDIS FIgURE 25-4 LLTD is implemented as a low-level mapper and responder . note Windows Vista and Windows 7 include an LLTD responder, but earlier versions of Windows do not. To find out how to download an LLTD responder that you can add to Windows Xp, read Microsoft Knowledge Base article 992120 at /kb/922120. This will enable computers running Windows Xp to appear on the Network Maps in Windows 7, but they still cannot generate the maps. LLTD is not a secure protocol, and there is no guarantee that the Network Map is accurate . It is possible for devices on the network to send false announcements, adding bogus items to the map . Because each user can have his own set of network profiles, Windows creates Network Maps on a per-user basis . For each network profile that a user creates, Windows actually generates two maps: the current map and a copy of the last functional map (similar to the Last Known Good recovery option) . When displaying the Network Map to the user, Windows combines these two maps . Network Map The Network Map, shown in Figure 25-5, makes it simpler to visually examine how a computer is connected to one or more networks and to other computers on your intranet . Although the tool is primarily intended to simplify networking for users, it is also a useful tool for administrators . A user can click the name of her computer to view her computer’s properties, click a local network to view network resources with Network Explorer, or click the Internet icon to browse the Web . 1172 CHapTER 25 Configuring Windows Networking Please purchase PDF Split-Merge on to remove this watermark.
Đồng bộ tài khoản