Index
Symbols | A | B | C | D | E | F | G | H | I | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z
Symbols
32-bit Windows Vista, 161
64-bit programs
application compatibility and, 91
64-bit vs. 128 bit encryption, 457
64-bit Windows Vista, 161
802.1X
802.11 policies, 461
802.11i (WPA2), 458
802.11n compatibility issues, 480
authentication, 287, 372
comparing 802.11b, 802.11g, and 802.11n, 480
NAP (Network Access Protection) and, 455
A
access control
authentication. See authentication
encryption. See encryption
access control lists (ACLs), attacks circumventing, 292
Access Is Denied messages, NTFS permissions, 394
access points, wireless
Ad hoc wireless networks and, 471
exercise configuring unencrypted wireless access point, 466
exercise configuring WEP access point, 466
exercise configuring WPA-EAP access point, 483–486
exercise configuring WPA-PSK access point, 467
overlapping, 480
transmitter power and, 479
troubleshooting weak signals, 478
turning off SSID broadcasting, 461
unsecured, 456
Web browser for managing, 466
access tokens
Application Information service and, 361
logon and, 339
account logon auditing, 285
ACLs (access control lists), attacks circumventing, 292
ACT (Application Compatibility Toolkit) 5.0
downloading, 18
migrating applications and, 17
resolving compatibility issues, 41
actions, Task Scheduler
configuring for scheduled tasks, 262
improvements to Task Scheduler, 260
viewing history of, 267
Active Directory
configuring event forwarding for AD domains, 227–233
configuring to back up BitLocker, 304
GPO hierarchy in AD domains, 107
Internet Explorer add-on configuration, 163–164
WDS and, 60
Active Directory schema, extending to client computers on wireless networks, 461
ActiveX add-ons, Internet Explorer, 164–169
64-bit versions of Internet Explorer and, 161
configuring on single computer, 167
examples, 164
exercise automating installation of, 175
Opt-in setting, 164–165
Security Settings dialog, 166
ActiveX Installer Service, 167
ActiveX Opt-in, 164–165
ad hoc wireless networks, 471–472
Add-On List, Internet Explorer, 163
add-ons, Internet Explorer, 162–169
case scenario of unwanted add-on, 219
configuring ActiveX add-ons, 164–169
configuring in Active Directory domains, 163–164
enabling/disabling, 162
list of, 162
starting Internet Explorer without add-ons, 163
Windows Defender and, 204–205
adm files, 110
Admin Approval Mode
creating new accounts in, 338
enabled by default during administrator sessions, 336
for administrator accounts other than the builtin administrator, 354
for built-in administrator account, 352
required for all administrators, 357
administrative privileges
applications requiring, 16
malware exploiting, 335
Protected Mode and, 169
administrative templates, 109–113
central store for, 112
file formats, 110
migrating, 113
replication and, 112
weaknesses in Windows XP, 110
Administrator account, Safe Mode and, 339
administrators
Admin Approval Mode for administrator accounts other than built-in administrator, 354
Admin Approval Mode for built-in administrator account, 352
Admin Approval Mode required for all administrators, 357
administrator problem in Windows 2000/XP, 334
command prompt run as administrator with UAC enabled, 359
correcting administrator issues, 336
credential prompt settings, 354
Date And Time program and, 342
default UAC features for, 344–345
elevation settings, 354
local administrators as members of Administrators group, 336
local administrators in Vista, 338
logon process and, 339
running older applications as administrator with UAC enabled, 360
software restriction policies used by, 143
Safe Mode and, 339
standard users vs. administrators in Vista, 337
update notifications and, 189
vulnerability due to logging on as, 334
Administrators group, 336
Administrators local GPO, 108
adml files, 111–112
admx files
ADMX Migrator, 113
central store for, 112
overview of, 110
ADMX Migrator, 113
AH (Authentication Header), 420
All Users profile, 73
Allow A Program Through Windows Firewall
Windows Firewall policies, 440
Allow Authenticated IPSec Bypass
Windows Firewall policies, 443
Allow ICMP Exceptions
Windows Firewall policies, 443
Allow Inbound Remote Administration Exception
Windows Firewall policies, 444
Allow Inbound Remote Desktop Exceptions
Windows Firewall policies, 444
Allow Inbound UPnP Framework Exceptions
Windows Firewall policies, 444
Allow Local Port Exceptions
Windows Firewall policies, 444
Allow Local Program Exceptions
Windows Firewall policies, 443
Allow Logging
Windows Firewall policies, 444
answer files
Autounattend.xml, 58
creating setup answer files, 39
preparing disk for image deployment, 52
antennas
high-gain antennas for wireless networks, 479
weak signals and, 478
APIPA (Automatic Private IP Address)
configuring, 381
troubleshooting, 396
APIs (application programming interfaces)
new APIs affecting application compatibility, 90
application compatibility, 89–99
(Program Compatibility Wizard), 92
ACT 5.0 and, 17
alternative hosts as solution to, 93
case scenario configuring, 101
Compatibility tab settings and, 92
exercise configuring policy for, 96
factors affecting, 16
Group Policy settings for, 94–96
OS changes affecting, 90
overview of, 89
PCA (Program Compatibility Assistant), 91
security features in and, 90
security improvements in and, 17
summary and review, 98
tools, 91
Windows Vista deployment and, 5
Application Compatibility Diagnostics, Group Policy, 94
Application Compatibility Toolkit, 172
application connectivity
common problems, 399
troubleshooting, 401–403
Application Information service, 361
application installation, UAC settings 356
application support, 208–217
configuring multiple monitors, 213
configuring Windows Sidebar, 213
deployment, 208
environment variable configuration, 211
exercise automating install of Windows Installer package, 215
Group Policy for application deployment, 210
MSDT (Microsoft Diagnostic Tool), 214
MsiExec.exe tool for automating application deployment, 209
overview of, 208
summary and review, 216
Windows Installer for deployment, 208
applications
ACT 5.0 for resolving application compatibility issues, 41
administrative privileges required by, 16
running older applications as administrator with UAC enabled, 360
UIAccess settings, 356
Windows Defender monitoring, 204
Area charts, Performance Monitor, 246
attackers, Remote Desktop weaknesses, 496
attacks, vulnerability of wireless networks to, 454
Audit Logon Events, 314
Audit.pol
failure auditing, 320
for auditing specific events, 315
set commands, 316
auditing
authentication auditing policies, 284
disabling, 326
disabling failure auditing, 324
enabling, 314
enabling Object Access Auditing, 324
enhancements in Vista, 314–316
exercise enabling failure auditing for files, 325
identifying permission requirements, 319–324
types of, 314
viewing audit events in Event Viewer, 285–287
authentication, 278–291
802.1X authentication, 372, 455
biometric approach, 278
Credential Manager and, 281–283
EAP-MSCHAPv2, 473
exercise troubleshooting network layer authentication in Remote Desktop, 506–507
exercise using Credential Manager, 289–290
HTTP (Hypertext Transfer Protocol), 283
IPSec for data authentication, 415
logging failed authentication attempts, 285
NLA (Network Level Authentication) in Remote Desktop, 496
overview of, 278
PEAP-MS-CHAPv2, 472
Remote Desktop configuration and, 498
Remote Desktop issues, 501
server authentication in Remote Desktop, 496
smart card supporting, 278
smart cards for, 280
summary and review, 290
troubleshooting network authentication, 287
troubleshooting untrusted CAs, 288–289
UAC compatibility problems, 284
use of certificates in Internet Explorer, 173
Vista auditing policies for, 284
Windows Vista logon architecture, 279
wireless networking security and, 456
Authentication Exemption rule, Connection Security Rules, 429
Authentication Header (AH), 420
Authentication Method page, Connection Security Rules, 429
Authorization. See authentication
Auto Start list, Windows Defender and, 204
Automatic Updates client replaced by Windows Update client, 184
Automatically Deny Elevation Requests, UAC settings, 355
AutoRun/AutoPlay, desktop settings, 124
Autounattend.xml, 58
B
back ups
migrating data and, 18
with Windows Easy Transfer, 22
bandwidth
improvements in bandwidth utilization, 372
network traffic and, 480
Basic template, data collector sets, 250
Basic User privileges, security levels, 144
BCD (Boot Configuration Data), 38
BCDEdit utility, 38
BDD (Business Desktop Deployment)
automating updates and, 186
overview of, 41
biometric authentication, 278
BitLocker, 300–310
compared with EFS, 300
decrypting BitLocker protected volumes, 308
disabling temporarily, 308
disabling/removing, 308
drive encryption, 10
enabled with TPM hardware, 302–304
enabled without TPM, 304
enabling, 304–306
hardware requirements and, 10
managing BitLocker keys on local computer, 306
modes, 303
partition configuration for, 301–302
recovering data protected by, 307
start up options, 305
summary and review, 312
TPM with startup key, 303
troubleshooting, 309
BitLocker Drive Preparation Tool
configuring partitions for BitLocker, 301
installing, 301
BitLocker Repair Tool, 308
Boot Configuration Data (BCD), 38
boot disks, Windows PE as alternative to, 37
Build phase, of deployment life cycle, 4
Business Desktop Deployment. See BDD (Business Desktop Deployment)
C
cables, Windows Easy Transfer Cable, 21
CAs (certification authorities)
event forwarding with HTTPS, 233
exercise trusting CA in Internet Explorer, 179
manually trusting, 288
not trusted by Internet Explorer, 174
server authentication and, 173
troubleshooting untrusted CAs, 288–289
viewing trusted CAs, 288
catalog files (.clg), 40
certificates
ActiveX Installer Service and, 168
authentication options for wireless networks, 472, 475
authentication with, 288
digital certificates enforced by UAC, 356
expiration of, 174
Certificates snap-in, 288
certificates, EFS
backing up, 294–295
importing personal certificates, 297
manually importing, 296
certificates, Internet Explorer, 173–180
exercise handling untrusted certificate, 177
exercise simulating invalid certificate, 176
exercise trusting CA, 179
security tasks of, 173
troubleshooting common problems, 174
certification authorities. See CAs (certification authorities)
CIFS (Common Internet File System), 373
Client (Respond Only), IPSec predefined policies, 420
clients
authenticating, 173
exercise adding client computers to domain, 83
network settings. See network settings
troubleshooting File and Printer Sharing from client computer, 394
CLSIDs (class identifiers)
ActiveX controls, 175
add-ons, 163
color coding, UAC elevation prompts, 342
COM objects, application compatibility policies and, 95
command prompt, run as administrator with UAC enabled, 359
command-line utilities, USMT, 24
Common Internet File System (CIFS), 373
Compare menu, Performance Monitor, 246
Compatibility
ACT 5.0 for resolving application compatibility issues, 41
applications. See application compatibility
compatibility logging enabled in Internet Explorer, 171
monitoring compatibility issues, 123
Protected Mode compatibility layer, 171
Remote Assistance issues with, 518
user profile issues. See user profiles
Windows Defender and, 200
Compatibility tab, application compatibility, 92
Configuration Data Collectors, 251
Connect To A Network Wizard, 375, 458
Connection Security Rules
configuring IPSec connection settings, 418
creating, 427–429
exercise implementing IPSec with, 436
exporting, 419
IPSec policies compared with, 414
verifying, 447
connections, Remote Desktop
allowing, 499
configuring, 497–498
exercise connecting to Windows Vista through, 507–508
exercise troubleshooting connection to Windows XP, 503–504
exercise troubleshooting network layerauthentication issues, 506–507
connectivity
application connectivity issues, 401–403
common issues, 399
Connection Security Rules for configuring IPSec settings, 418
establishing IPSec connections, 420
identifying source of connectivity problems, 400–401
testing with PathPing, 389–391
connectivity. See also network troubleshooting
connectivity, wireless
Event Viewer for analyzing wireless connectivity problems, 481–482
logging, 456
manually connecting to wireless network, 458
Network Diagnostics Framework and, 456
troubleshooting wireless networks, 480
consent admins
consent prompt and, 340
creating new user accounts in Vista, 338
defined, 336
consent prompt, UAC, 340, 354
Control Panel
Date And Time program, 342
enabling BitLocker from, 305
Remote Desktop settings, 499
troubleshooting Windows Firewall, 440
turning UAC on/off, 349
counters, Performance Monitor
adding, 245
configuring color, width, and style, 245
Create IP Security Rule Wizard, 423–426
Credential Manager
adding user name and password to, 281
authenticating access to resources, 282
authentication with, 281–283
automatically authenticating websites, 283
exercise using, 289–290
notifying users of expiration of smart card certificates, 280
credential prompt, UAC
administrator settings, 354
overview of, 341
standard user settings, 355
CSPs (cryptographic service providers), 280
Custom rule, Connection Security Rules, 429
D
data collector sets
built-in, 247–249
creating custom, 250
creating with standard templates, 249–250
exercise performing system diagnostics, 255–256
reporting performance data, 251–253
running, 249
saving performance data, 251
summary and review, 257
types of information logged, 247
types of data collectors, 250
viewing summary of data collected, 249
data protection scenarios, 329
Data Recovery Agents. See DRAs (Data Recovery Agents)
Date And Time program, 342
debug logs
Group Policy, 114, 137
how to view, 141–142
improvements in, 227
Default Response Rule, IP Security Policy Wizard, 422
Define Inbound Port Exceptions, Windows Firewall policies, 444
denial of service (DoS) attacks, 496
Deny All Add-Ons Unless Specifically Allowed In The Add-On List, Internet Explorer add-on settings, 164
Deploy phase, of deployment life cycle, 4
deploying applications
Group Policy for, 210
MsiExec.exe tool for automating, 209
overview of, 208
deploying software updates, 183
deploying Windows Vista, 35–67
ACT 5.0 and, 41
application compatibility. See application compatibility
BDD (Business Desktop Deployment) 2007, 41
booting from method, 58
booting master computer in Windows PE, 49
capturing WIM file image for deployment, 47
case scenario for choosing deployment technology, 65
case scenario for preparing master image, 65
creating Windows PE media, 44–46
exercise applying capture image, 56
exercise capturing WIM file image, 55
exercise creating Windows PE CD, 54
exercise generalizing installation with Sysprep, 55
in network environment, 58
ImageX for capturing master installation, 49
ImageX switches, 53
methods, 58
network share distribution method, 59
SIM utility, 39
SMS (Systems Management Server) and, 61
summary and review, 43, 57, 62
Sysprep for preparing master image, 41, 47
user profile compatibility issues. See user profiles
USMT and, 40
viewing WIM file metadata, 50
viewing/editing WIM file image offline, 50
WDS (Windows Deployment Services), 42, 60
WIM (Windows Imaging), 35–37, 51–52
WinPE, 37–39
deployment life cycle
Build phase, 4
Deploy phase, 4
overview of, 3
Plan phase, 3
deployment preparation, 1–6
application compatibility and, 5
costs, 5
expertise and technical resources needed, 5
hardware requirements. See hardware requirements
hardware upgrades required, 4
migrating user-state configuration, 5
phases of deployment life cycle, 3–4
summary and review, 5
Deployment Workbench, BDD (Business Desktop Deployment), 41
Desktop settings, Group Policy for, 122
device drivers
verifying network adapter drivers, 478
Windows Defender monitoring, 204
Device Manager, verifying network adapter drivers, 478
DHCP (Dynamic Host Configuration Protocol)
IP configuration with, 378
IPv6 configured with DHCPv6, 372
restoring computer to default DHCP client status, 378
troubleshooting DHCP servers
troubleshooting IP address problems, 397
WDS and, 60
Diagnose button, launching Windows Network Diagnostics, 393
diagnostics
data collector sets, 248
Windows Network Diagnostics, 386
digital certificates, enforced by UAC, 356
directional antennas. See high-gain antennas
Diskpart
exercise applying capture image, 56
preparing disk for image deployment, 51
DLLs, application compatibility policies and, 95
DNS (Domain Name System)
testing DNS server with Nslookup, 392
troubleshooting name resolution, 397
WDS and, 61
Do Not Allow Exceptions, Windows Firewall policies, 443
Do Not Allow Users To Enable Or Disable Add-Ons, Internet Explorer add-on settings, 164
domain accounts, USMT for migrating, 25
domain administrators
Safe Mode and, 339
software restriction policies used by, 143
domain level, enabling UAC at, 363
domain networks
network location types, 375
profile for, 445
domain user accounts, roaming profiles and, 71
domains
applying GPOs in domain environments, 106
applying Group Policy settings, 126
configuring event forwarding for AD domains, 227–233
configuring Group Policy settings, 125
exercise adding client computers to, 83
Internet Explorer add-on configuration, 163–164
DoS (denial of service) attacks, 496
DRAs (Data Recovery Agents)
importing DRA key, 299
recovering EFS file with, 297–300
Drvload utility, in WinPE, 38
dual-boot, BitLocker and, 309
DWORD, 141
Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)
E
EAP (Extensible Authentication Protocol)
configuring WPA-EAP security for wireless networks, 472–476
EAP-MSCHAPv2 authentication, 473
exercise configuring WPA-EAP access point, 483–486
EC (Enterprise Configuration), security templates, 132
EFS (Encrypting File System), 292–300
allowing encrypted files to be shared, 296
backing up certificates, 294–295
BitLocker compared with, 300
exercise backing up EFS key, 310–311
exercise encrypting a file, 310
exercise recovering encrypted data, 311
folder encryption, 293
granting additional user access to EFS file, 296–297
importing personal certificates, 297
overview of, 292
recovering EFS file with Data Recovery Agent, 297–300
summary and review, 312
Elevate Without Prompting, UAC settings, 354
elevation, UAC, 340–343
administrator settings, 354
application installation settings, 356
color coding for, 342
consent prompt, 340
credential prompt, 341
multicolored shield icon and, 342
Secure Desktop and, 343, 358
standard user settings, 355
what it is, 336
Encapsulating Security Payload. See ESP (Encapsulating Security Payload)
Encrypting File System. See EFS (Encrypting File System)
Encrypting File System Wizard, 294
encryption
64-bit vs. 128 bit, 457
BitLocker. See BitLocker
exercise configuring WEP-encrypted access point, 466
file encryption. See EFS (Encrypting File System)
IPSec for encrypting network data, 415
overview of, 292
SSPs (security support providers), 227
use of certificates in Internet Explorer, 173
wireless networking security and, 456
Endpoints page, Connection Security Rules, 429
Enforcement Properties dialog, software restriction policies, 145
environment variables, configuring, 211
errors
no index content, 324
permissions problems and, 317
ESP (Encapsulating Security Payload), 420
event forwarding, 225–243
configuring collecting computer, 229
configuring for AD domains, 227–233
configuring for workgroups, 233
configuring forwarding computer, 228–229
configuring to use HTTPS, 233
creating subscriptions, 229–232
exercise configuring computer to collect events, 237
exercise configuring computer to forward events, 237–238
exercise configuring event forwarding with HTTPS, 240–242
exercise configuring subscriptions, 238–240
focus on useful events, 233
how it works, 227
improvements in, 226
overview of, 225
services required to run, 227
summary and review, 242
troubleshooting, 234–237
event IDs, scheduled tasks, 267
event logs
event ranges, 137
improvements in Vista, 226
lists of events recorded, 137
software restriction polices, 148–149
troubleshooting software restriction policies, 146
viewing system events, 200
wireless connectivity, 456
event logs. See also event forwarding
Event Trace Data Collectors, 251
event triggers. See triggers
Event Viewer
analyzing wireless connectivity problems, 481– 482
compatibility logs viewed with, 172
Reliability Monitor compared with, 253
system event log, 200
troubleshooting with, 244
troubleshooting with Restart Manager and, 193
viewing audit events in, 285–287
viewing failure audit events, 322
Excel workbook, WVHA report generated as, 13
exceptions, Windows Firewall
adding, 441
configuring, 440
IPSec policies, 443
Explorer.exe, access tokens and, 339
Exporting IPSec policies, 422
extended desktop option, multiple monitors, 213
Extensible Authentication Protocol. See EAP (Extensible Authentication Protocol)
F
failure auditing
disabling, 324
enabling Object Access Auditing, 320
enabling/disabling on registry, 322
exercise enabling for files, 325
exercise enabling Object Access Auditing, 324
viewing failure audit events, 322
FEK (File Encryption Key), 296
File and Printer Sharing
Allow Inbound File and Printer Sharing Exceptions, 443
troubleshooting from client computers, 394
troubleshooting from server, 395
Windows Firewall exceptions, 396
file and registry virtualization, 17, 90
File Encryption Key (FEK), 296
file formats, administrative templates, 110
File Replication Service (FRS), 112
file sharing, network configuration and, 382
File Sharing Wizard, 395
files
exercise encrypting, 310
failure auditing for, 325
including/excluding file types while migrating data, 18
migrating with USMT, 40
Windows Installer and, 208
Filter Action Wizard, 433–434
filters, event filtering, 226
filters, IPSec
creating mirrored filter, 425
creating new filter action, 426
creating new filter lists, 424
creating new filter to add to list, 424
exercise creating, 433
exercise using Filter Action Wizard, 434
IP filter lists, 418
managing filter lists and actions, 427
Negotiate Security, 416
overview of, 416
predefined, 425
firewalls
application connectivity problems and, 400, 402
determining which firewall profile is active, 445
problems connecting to shared resources, 394
Remote Assistance exceptions, 515
reviewing firewall properties, 446
troubleshooting Remote Desktop and, 502
verifying firewall rules, 446
Windows Firewall user interface, 376
firewalls. See also Windows Firewall
flexible single master operations (FSMO) role, 112
Folder Redirection, 75–77
advantages compared with roaming profiles, 75
automating with Group Policy, 77
case scenario for supporting roaming users, 101
compatibility between Windows versions, 76
exercise configuring for and XP, 85
exercise testing, 86
folder settings, 78
Follow The Documents Folder, 79
Group Policy settings, 105
improvement in, 77
Settings tab options, 81
target folder options, 80
folders
encrypting, 293
problems connecting to shared folders, 394
Follow The Documents Folder, Folder Redirection, 79
FRS (File Replication Service), 112
FSMO (flexible single master operations) role, 112
G
Genuine Microsoft Software, 165
GINA (Graphical Identification and Authentication) interface, 279
GPLogView tool, 139–140
GPMC (Group Policy Management Console)
configuring Folder Redirection, 78
enabling UAC at domain level), 363
locating UAC policy settings, 352
gpmc.msc. See GPMC (Group Policy Management Console)
GPOs. See Group Policy
GPResult, 135–136
GpUpdate command, 129
Graphical Identification and Authentication (GINA) interface, 279
graphics memory, 9
graphs, Performance Monitor
comparing multiple, 246
configuring, 245
controlling amount of data in, 245–246
exercise creating, 256–257
types of, 246
Group Policy, 104–117
administrative templates, 109–113
application compatibility settings, 94–96
application deployment, 210
applying GPOs in domain environments, 106
applying MLGPOs, 114
assigning IPSec policies, 421
automating Folder Redirection, 77
configuring UAC policy settings, 352–359
configuring Windows Update, 189
connecting to wireless networks, 461–462
creating IPSec policies, 421
debugging logs, 114
default UAC settings not defined at Group Policy level, 349
exercise configuring application compatibility policy, 96
IPSec policies in GPOs, 416
MLGPOs, 108–109
new/improved categories in Vista, 118
overview of, 104
Remote Assistance and, 515
Secure Desktop, enabling/configuring, 343
security templates applied with, 132
setting for BitLocker without TPM, 304
settings defined with, 105
summary and review, 115
troubleshooting Windows Firewall, 441–444
Windows OSs supporting, 106
Group Policy Management Console. See GPMC (Group Policy Management Console)
Group Policy logs, 136–139
Group Policy Object Editor
debugging logs, 141–142
using with pre-Vista versions of Windows, 113
Group Policy Vista settings, 118–128
applying in domain environment, 126
case scenario configuring computer for a kiosk, 155
configuring Group Policy processing, 124
configuring in domain environment, 125
Desktop settings, 122
Management settings, 121
new policies, 124
security settings, 118–121
summary and review, 127
Group Policy Vista settings, troubleshooting, 129– 153
case scenario troubleshooting GPOs, 156
checklist for, 142
exercise analyzing security settings, 150
exercise determining source of configuration settings, 149
exercise examining Group Policy logs, 150
GPLogView tool for, 139–140
GPResult tool, 135–136
Group Policy logs, 136–139
Group Policy Object Editor for, 141–142
logon scripts, 149
manual refresh, 129
RSoP for, 130
Security Configuration And Analysis tool and, 133–134
software restriction policies, 143–149
summary and review, 151
groups, adding users to Remote Desktop Users group, 501
H
hardware assessment
in Plan phase of deployment life cycle, 3
performance levels and, 10
hardware requirements, 7–15
choosing performance levels, 10
exercise running WVUA, 13
overview of, 7
performance levels and, 7
summary and review, 14
upgrades required when deploying Vista, 4
verifying on individual computer, 11
verifying performance levels, 10
Windows Vista Capable, 8
Windows Vista Premium Ready, 9
hash rules, 145
helpers list, Remote Assistance, 516
high-gain antennas
for wireless networks, 479
weak signals and, 478
Histogram bar, performance graphs, 246
hosts, application compatibility and, 93
HTTP (Hypertext Transfer Protocol)
authentication, 283
event forwarding using, 227
testing HTTP connectivity with PortQry, 392
HTTPS (Hypertext Transfer Protocol Secure)
event forwarding configured for, 233
event forwarding using, 227
exercise configuring event forwarding with HTTPS, 240–242
I
IAS (Internet Authentication Service), 473
ICMP (Internet Control Message Protocol)
Allow ICMP Exceptions, 443
IPSec default settings), 432
PathPing and, 389
Ping and, 388
icons, networking, 374
IEEE 802.1x. See 802.1x
IETF (Internet Engineering Task Force), 415
IKE (Internet Key Exchange), 420
ILs (integrity access levels), in MIC (Mandatory Integrity Control), 170
ImageX
capturing/deploying data, 2
capturing master installation, 49
capturing multiple WIM images, 50
command-line switches, 53
overview of, 39
viewing WIM file metadata, 50
viewing/editing WIM file image offline, 50
WIM files of Windows XP systems, 34
importing IPSec policies, 422
indexed files, 293
install.wim, 36, 59
integrity access levels (ILs), in MIC (Mandatory Integrity Control), 170
interference, in wireless networking, 480
International Organization for Standardization (ISO), 112
Internet and Restricted Sites zones, add-ons and, 165
Internet Control Message Protocol. See ICMP (Internet Control Message Protocol)
Internet Engineering Task Force (IETF), 415
Internet Key Exchange (IKE), 420
Internet Explorer
Group Policy settings, 105
in 64-bit versions of Windows, 161
list of add-ons, 162
Internet Explorer security, 161–182
ActiveX add-on configuration, 164–169
add-on configuration in AD domains, 163–164
case scenario of unwanted add-on, 219
certificate problems, 173–180
compatibility logging enabled, 171
enabling/disabling add-ons, 162
exercise automating installation of ActiveX control, 175
exercise handling untrusted certificate, 177
exercise simulating invalid certificate, 176
exercise trusting CA, 179
overview of, 161
Protected Mode and, 169–172
starting without add-ons, 163
summary and review, 180
Windows Defender and, 204
Internet Protocol. See IP (Internet Protocol)
interoperability, IPSec and, 415
invitations, Remote Assistance
creating, 512
method options, 513
opening, 514
IP (Internet Protocol)
DHCP for IP configuration, 378
manually configuring, 379–380
IP addresses
alternate IP addresses, 381
APIPA and, 381
exercise switching from automatic to manual IP address, 384
law enforcement officials using to track perpetrators, 457
manually configuring, 379–380, 397
name resolution and, 394
Nslookup for testing name resolution, 392
round-robin DNS addressing, 393
verifying connectivity via, 398
IP Filter Wizard, 433
IP filters. See filters, IPSec
IP Security Policy Wizard, 422
Ipconfig
DHCP release/renew, 397
viewing current network settings, 377
IPSec (IP Security), 415–438
configuring IPSec settings in WFAS console, 430
Connection Security Rules, 418
creating Connection Security Rules, 427–429
creating new IPSec policy, 421
defaults, 431
establishing IPSec connections, 420
exercise creating IPSec policies, 433
exercise creating IPSec policy rule and filter, 433
exercise implementing IPSec through Connection Security Rules, 436
exercise testing new policy, 435
exercise using Filter Action Wizard, 434
ICMP exemptions, 432
IP filter lists, 418
IPv6 enabled by default, 372
managing IP filter lists and filter actions, 427
manually configuring IPv4 and IPv6, 379
overview of, 415
polices compared with Connection Security Rules, 414
policies, 416–417
predefined policies, 420
SAs (Security Associations), 420
summary and review, 437
tool for configuring, 119
using Create IP Security Rule Wizard, 423–426
Windows Firewall and, 376
ISO (International Organization for Standardization), 112
Isolation rule
Connection Security Rules, 428
K
Kerberos, 280
L
language identifiers, ISO, 112
latency, routers and, 391
Light Touch Installation (LTI), 41
Line charts, performance graphs, 246
Link Layer Topology Discovery (LLTD), 374
Linux, WEP and WPA support, 458
LLTD (Link Layer Topology Discovery), 374
Loadstate, restoring user data with, 27
local administrators
in Vista, 338
in XP, 335
overview of, 336
local policies
configuring UAC policy settings, 352–359
creating IPSec policies, 421
locating UAC policies, 351
Remote Assistance and, 515
Secure Desktop, enabling/configuring, 343
Windows Firewall settings, 442
types of MLGPOs, 108
UAC default settings, 349
Local Internet and Restricted Sites zones, add-ons and, 165
Log On To Windows screen, security weaknesses of Remote Desktop, 496
logon
auditing logon events, 284
troubleshooting logon scripts, 149
UAC (User Account Control) and, 339
Windows Vista architecture for, 279
logon speed
Folder Redirection and, 76
roaming profiles and, 74
logs
Allow Logging policy, 444
compatibility logging in Internet Explorer, 171
examining Group Policy logs, 136–139
exercise examining Group Policy logs, 150
granularity of event logs in, 226
Group Policy debugging logs, 114
improvements in Vista, 226
logon events, 284
software restriction policies, 148–149
system events, 200
trace and debug, 227
logs. See also event forwarding
low-gain antennas, 478
LTI (Light Touch Installation), 41
M
Mac OS, WEP and WPA support, 458
malware
administrative logon and, 334
administrator privileges and, 16
exploiting ActiveX controls, 164
exploiting administrative privileges, 335
Protected Mode as response to, 169
Windows Defender and, 200, 203
Manage Add-Ons dialog box, 162
Management settings, Group Policy for, 121
Mandatory Integrity Control (MIC), 169
man-in-the-middle attacks, 173
MBSA (Microsoft Baseline Security Analyzer), 191
MD5 hash rules, 145
media sharing, network configuration and, 382
metadata, WIM files, 50
method, Windows Vista deployment, 58
MIC (Mandatory Integrity Control), 169
Microsoft, updates from, 183
Microsoft Baseline Security Analyzer (MBSA), 191
Microsoft Diagnostic Tool (MSDT), 214
Microsoft Kerberos, 227
Microsoft Negotiate, 227
migrating applications, 16–17
ACT (Application Compatibility Toolkit) 5.0, 17
file and registry virtualization and, 16
overview of, 16
summary and review, 27
tools for, 16
migrating data, 18–28
backing up and, 18
case scenario, 30
determining storage location for, 19
exercise using Loadstate to restore user data, 27
exercise using Scanstate utility for backing up user data, 26
overview of, 18
side-by-side migration, 20
summary and review, 27
tools for, 16
USMT (User State Migration Tool) for, 24–26
Windows Easy Transfer tool for, 21–23
wipe-and-load migration, 19
migrating administrative templates, 13
Minimize Bandwidth, event forwarding subscription types, 231
Minimize Latency, event forwarding subscription types, 231
Mirrored option, multiple monitors, 213
MLGPOs (multiple local GPOs)
applying, 114
managing, 109
types of, 108
Windows OSs supporting, 108
mobile computers
alternate IP addresses, 381
per-user profiles and, 476
modes, BitLocker, 303
modularization, WIM and, 37
Monitoring node, WFAS (Windows Firewall with Advanced Security), 445
monitoring performance. See Performance Monitor
monitors, configuring multiple, 213
MSDT (Microsoft Diagnostic Tool), 214
MsiExec.exe, automating install of Windows Installer packages, 209
msra.exe, Remote Assistance firewall exception, 515
multicolored shield icon, UAC elevation and, 342
Multiple GPOs. See MLGPOs (multiple local GPOs)
N
Name page, Connection Security Rules, 429
name resolution
Pinging hostname, 394
troubleshooting network problems, 397
work around for name resolution problems, 399
namespace, for user profiles, 71
NAP (Network Access Protection)
improvements to networking, 375
WPA integration with, 455
Negotiate Security, IPSec filter actions, 416
net use command, testing connectivity to server, 394
Netsh utility, script for connecting to wireless networks, 462–464
Network Access Protection. See NAP (Network Access Protection)
network adapters
icon representing cumulative connectivity of, 374
troubleshooting wireless networks, 478
Network And Sharing Center
enabling/disabling features of, 382
improvements to Vista networking, 373
launching diagnostics, 387
opening, 400
Sharing And Discovery section of, 382
turning on file or printer sharing, 395
viewing current network settings, 376
network authentication, troubleshooting, 287
Network Connection Details dialog, 376
Network Diagnostics Framework
troubleshooting wireless network problems, 482
wireless network connections and, 456
network discovery, configuring, 382
Network Explorer, 374
Network Level Authentication. See NLA (Network Level Authentication)
network location types, 375, 445
Network Map, 373
network security
case scenario for troubleshooting, 450
securing network traffic. See IPSec (IP Security)
network settings, 372–385
alternate IP addresses, 381
APIPA (Automatic Private IP Address), 381
case scenario choosing complicated configuration method, 409
changes in, 372–376
DHCP for IP configuration, 378
exercise examining current configuration, 383
exercise switching from automatic to manual IP address, 384
how to identify current configuration, 376
manually configuring IP settings, 379–380
network discovery, 382
overview of, 372
sharing, 382
summary and review, 384
network shares
distribution methods for Windows Vista, 59
exercise creating network share for Remote Assistance, 519
network troubleshooting, 386–407
APIPA addresses, 396
case scenario, 409
exercise resolving complex issues, 404
exercise solving simple problem, 403
File and Printer Sharing from clients, 394
File and Printer Sharing from server, 395
name resolution problems, 397
Nslookup, 392
overview of, 386
PathPing, 389–391
Ping, 388
PortQry, 391
problems connecting to shared folders or printers, 394
summary and review, 405
tools, 388
Windows Network Diagnostics, 386
networking icons, 374
networks
domain, public, and private, 445
verifying performance levels on, 12
New Connection Security Rule Wizard, 427
NLA (Network Level Authentication)
exercise troubleshooting in Remote Desktop, 506–507
Remote Desktop, 496
troubleshooting Remote Desktop, 502
Non-Administrators GPO, types of MLGPOs, 108
nondestructive imaging, WIM, 52
Normal, event forwarding subscription types, 231
Notify Blocked Drivers, application compatibility policies, 95
Nslookup
name resolution, 398
name resolution problems and, 401, 402
Ping compared with, 394
testing DNS server with, 392
NTFS permissions
Access Is Denied messages and, 394
attackers circumventing, 292
determining effective, 318
isolating problems, 317
Ntuser.dat file, 78
O
Object Access Auditing, 320
omni-directional antennas, 478
OScdimg utility, 38
OSs (operating systems)
applications checking for specific OS versions, 17
changes affecting application compatibility, 90
IPSec for interoperability, 415
version-related application compatibility issues, 91
P
partitions, configuring for BitLocker, 301–302
password protected sharing, 382
passwords
adding to Credential Manager, 281
Remember My Password check box, 281
setting for duplicating recovery password, 306
smart cards and, 278
PathPing
compared with Tracert, 390
latency and, 391
testing connectivity with, 389–391
PCA (Program Compatibility Assistant)
application compatibility tools, 91
detecting application install failure, 95
detecting installers that need to run as administrators, 95
detecting users unable to launch under UAC, 95
monitoring compatibility issues, 123
PCW (Program Compatibility Wizard), 92
PEAP-MS-CHAPv2, 472
performance
choosing performance level during deployment, 10
core improvements to networking, 372
hardware requirements and, 7
monitoring. See Performance Monitor
reliability. See Reliability Monitor
tools for troubleshooting, 244
troubleshooting poor performance on wireless networks, 480
verifying performance levels, 10–12
Performance Counter Alerts, 251
Performance Counter Data Collector, 251
Performance Monitor, 244–247
case scenario monitoring kiosk computers, 273
case scenario troubleshooting client computers, 274
comparing multiple graphs, 246
controlling amount of data appearing in graphs, 245–246
data collector sets used with, 247
exercise creating performance graph, 256–257
exercise performing system diagnostics, 255– 256
monitoring real-time data, 245
overview, 244
summary and review, 257
performance. See also data collector sets
permissions, 316–327
auditing used to identify permission requirements, 319–324
case scenario troubleshooting, 329
changing sharing permissions, 395
determining effective NTFS permissions, 318
disabling auditing, 326
disabling failure auditing, 324
exercise enabling failure auditing for files, 325
exercise enabling Object Access Auditing, 324
exercise isolating problem area, 325–326
isolating source of problems, 317–318
overview of, 316
shared resources and, 396
summary and review, 327
Permit, predefined IPSec filters, 425
per-user profiles, wireless networks, 476
PIN (personal identification number)
resetting, 306
smart cards and, 278
Ping
name resolution and, 394
network troubleshooting with, 388
Nslookup compared with, 394
Plan phase, deployment life cycle, 3
policies, group. See Group Policy
policies, IPSec
creating new IPSec policy, 421
example of, 417
exercise creating, 433
exercise testing new policy, 435
importing and exporting, 422
overview of, 416–417
predefined, 420
policies, local. See local policies
policies, UAC
configuring UAC policy settings, 352–359
locating UAC policies, 351
PortQry
checking connectivity to port 445, 395
connectivity testing, 391
downloading, 392
testing ports, 403
ports
Allow Local Port Exceptions policy, 444
assignments for common services and tasks, 402
checking connectivity to, 395
Windows Firewall exceptions, 440
power management, update schedules and, 190
Power Users group, comparing XP and Vista, 337
Pre-boot eXecution Environment (PXE), 60
printers
Allow Inbound File and Printer Sharing Exception, 443
problems connecting to shared folders or printers, 394
sharing, 382
private networks
network location types, 375
profile for, 445
privileges, 393. See also permissions
Profile page, Connection Security Rules, 429
profiles, determining which firewall profile is active, 445
profiles, wireless
configuring profile types, 476–478
manually creating new profile, 459
prioritizing, 470
Program Compatibility Assistant. See PCA (Program Compatibility Assistant)
Program Compatibility Wizard (PCW), 92
programs, Windows Firewall exceptions, 440
Prohibit Notifications, Windows Firewall policies, 444
Protect All Network Connections, Windows Firewall policies, 443
Protected Mode, 169–172
application compatibility and, 90
compatibility layer, 171
disabling, 172
MIC (Mandatory Integrity Control) and, 169
overview of, 169
public folders, sharing, 382
public networks
network location types, 375
profile for, 445
Public profile, 73
PXE (Pre-boot eXecution Environment), 60
Q
QoS (Quality of Service), 375
R
RAC (Reliability Analysis Component), 255
RACAgent.exe, 255
RADIUS servers
configuring RADIUS server, 473
Validate Server Certificate, 475
Raserver.exe, Remote Assistance firewall exception, 515
RDP (Remote Desktop Protocol)
establishing Remote Desktop connections with, 495
NLA (Network Level Authentication) and, 496
Readiness Report, WVHA, 13
Real-Time protection options, Windows Defender, 204–205
recovery, duplicating recovery password, 306
recovery mode, BitLocker, 308
registry
failure auditing for registry key, 322
file and registry virtualization, 17
Group Policy settings, 105
Reliability Analysis Component (RAC), 255
Reliability Monitor, 253–255
charts, 254
function of, 253
opening, 254
remote administration, Allow Inbound Remote Administration Exception, 444
Remote Assistance, 511–523
case scenario offering, 524
compatibility issues, 518
enabling, 511
establishing sessions, 516
exercise answering invitation, 520
exercise creating invitation, 519
exercise creating network share for, 519
helpers list, 516
offering unsolicited, 515
overview of, 511
requesting, 512
summary and review, 521
UAC (User Account Control) prompts and, 517
Windows Live Messenger and, 518
Remote Desktop, 495–510
adding users to Remote Desktop users group, 501
Allow Inbound Remote Desktop Exceptions, 444
allowing connections, 499
case scenario configuring, 524
connection configuration, 497–498
exercise connecting to Windows Vista through, 507–508
exercise troubleshooting connection to Windows XP, 503–504
exercise troubleshooting network layer authentication issues, 506–507
exercise troubleshooting server authentication, 504
exercise troubleshooting user rights issues, 505–506
NLA (Network Level Authentication), 496
overview of, 495
security features, 495
server authentication, 496
summary and review, 509
troubleshooting, 501
updates for XP and Windows Server 2003, 495
Remote Desktop Connection
allowing connections, 499
client component of Remote Desktop, 495
configuring, 497–498
exercise connecting to Windows Vista, 507–508
exercise troubleshooting connection to Windows XP, 503–504
exercise troubleshooting network layer authentication issues, 506–507
exercise troubleshooting server authentication, 504
exercise troubleshooting user rights issues, 505–506
overview of, 495
Remote Desktop Protocol. See RDP (Remote Desktop Protocol)
Remote Installation Services (RIS), 33, 42
replication, administrative templates and, 112
reports
performance data, 251–253
Performance Monitor graph types, 246
Request Security (Optional), IPSec filters, 425
Require Security, IPSec filters, 425
Requirements page, Connection Security Rules, 429
restart, updates and, 190
Restart Manager, 193
Resultant Set of Policy. See RSoP (Resultant Set of Policy)
Rights, 338. See also permissions
RIS (Remote Installation Services), 33, 42
roaming profiles
case scenario for supporting roaming users, 101
compared with Folder Redirection, 75, 77
compatibility issues, 70
exercise creating roaming user profile, 84
exercise testing on computers, 84
limitations on, 74
round-robin DNS addressing, 393
routers, latency and, 391
RSoP (Resultant Set of Policy)
how to use, 130
troubleshooting software restriction policies, 147
verifying configuration of Windows Update, 192
Rule Type page, Connection Security Rules, 428
rules, IPSec
example, 417
policies, 416
rules, IPSec. See also Connection Security Rules
Run As Administrator
command prompt options, 359
running older applications, 360
Runas command, 334
S
Safe Mode, 339
SAs (Security Associations)
establishing dynamically between IPSec peers, 420
IPSec (IP Security), 420
Scanstate utility, 26
Scheduled Tasks console, 264
Scheduled Tasks console. See also Task Scheduler
SchTasks.exe
creating scheduled tasks from command-line, 264
parameters, 265
scripts
ActiveX controls marked as unsafe for scripting, 166
automatic updates during setup, 187
for connecting to wireless networks, 462–464
Group Policy settings for user or computer scripts, 105
scripting updates, 191
troubleshooting logon scripts, 149
secpol.msc. See local policies
Secure Desktop
required for elevation, 358
UAC elevation prompts and, 343
Secure Password authentication, 473
Secure Server (Require Security), IPSec policies, 421
Secure Sockets Layer. See SSL (Secure Sockets Layer)
security
application compatibility and, 90
improvements to Task Scheduler, 260
wireless networking, 456
Security Associations. See SAs (Security Associations)
Security Center, alert displayed when UAC is off, 350
Security Configuration And Analysis
applying security settings with, 134
exercise analyzing security settings, 150
how to use, 133–134
security features, Remote Desktop
NLA (Network Level Authentication), 496
overview of, 495
server authentication, 496
vulnerabilities in early versions of Remote Desktop, 496
Security Rule Wizard
exercise creating IPSec policies rules, 433
security settings
exercise analyzing, 150
for scheduled tasks, 260
Group Policy, 105, 118–121
Security Settings dialog, ActiveX, 166
security support providers (SSPs), 227
security templates
applying with Group Policy, 132
importing/exporting, 134
Security Configuration And Analysis tool for working with, 133–134
Server (Request Security), IPSec policies, 421
server authentication
exercise troubleshooting Remote Desktop Connection, 504
process of authenticating servers, 173
Remote Desktop, 496
authenticating, 173
Server Message Block (SMB) 2.0, 373
Server-to-Server rule, Connection Security Rules, 429
servers, troubleshooting File and Printer Sharing from, 395
service set identifiers. See SSIDs (service set identifiers)
services, Windows Defender monitoring, 204
sessions, Remote Assistance, 516
set commands, Audit.pol, 316
settings, migration
deciding which to migrate, 18
USMT for migrating all users and user settings, 24, 40
setup files, integrating updates into, 186
setup program, WinPE and, 38
SHA-1 hash rules, 145
shares
connectivity problems for shared folders or printers, 394
exercise creating network share for Remote Assistance, 519
troubleshooting shared files, folders, or printers, 395
Sharing And Discovery section, of Network And Sharing Center, 382
Shockwave Flash, 162
side-by-side migration, of data, 20
SIM (System Image Manager), 39
Simple Service Discovery Protocol (SSDP), 374
single sign-on, wireless networking, 455
smart cards
authentication options for wireless networks, 472
improvements in, 280
requiring for connecting to wireless network, 474
supporting authentication with, 278
SMB (Server Message Block) 2.0, 373
SMS (Systems Management Server) methods for deploying Windows Vista, 61
update deployment methods, 184
updating software, 185
software assessment, in Plan phase of deployment life cycle, 3
software deployment, 1
software deployment. See also deploying Windows
software distribution, Group Policy settings, 105
software restriction policies, 143–149
advanced logging of, 148–149
configuring, 145
domain administrators use of, 143
improvement in, 144
overview of, 105, 143
troubleshooting manually, 147–148
troubleshooting with Event Log, 146
software updates. See updates, software
Solution Accelerator for Business Desktop Deployment 2007, 186
Specialized Security Limited Functionality (SSLF), 132
spoofing attacks, 496
spyware
administrative logon and, 334
Protected Mode and, 169
Windows Defender and, 200
SSDP (Simple Service Discovery Protocol), 374
SSIDs (service set identifiers)
configuring multiple SSIDs for single wireless profile, 462
hidden wireless networks and, 455
manually connecting to wireless networks, 458
pros/cons of broadcasting for wireless access, 460
SSL (Secure Sockets Layer)
encryption and authentication and, 173
HTTPS using SSL certificates, 227
SSLF (Specialized Security Limited Functionality), 132
SSPs (security support providers), 227
Stacked Area charts, Performance Monitor, 246
Standard User privileges, security levels, 144
standard users
administrator credentials and, 334, 336
administrators compared with, 337
creating new accounts in, 338
credential prompt needed for elevation, 341
credential prompt settings, 355
Date And Time program and, 342
elevation settings, 355
logon process and, 339
security of running as, 336
UAC and, 335
UAC settings for, 355
start up options, BitLocker, 305
startup policies, 124
Startup Repair, 195
storage
administrative templates, 112
data during migration, 19
subscriptions
event forwarding, 229–232
exercise configuring event subscriptions, 238–240
synchronization
Folder Redirection and, 76
roaming profiles and, 74
Sysprep
exercise generalizing installation with Sysprep, 55
overview of, 41
preparing master installation, 47
system configuration, Windows Defender and, 204
system diagnostics
data collector sets, 248
exercise performing, 255–256
template, 250
system event logs, 136, 200
System Image Manager (SIM), 39
System Performance, data collector sets, 248, 250
System properties
Remote Assistance settings, 512
Remote Desktop settings, 499
System Restore, 196
System Stability Report, Reliability Monitor, 254
Systems Management Server. See SMS (Systems Management Server)
T
Task Scheduler, 259–271
creating scheduled task, 260–264
creating tasks from command-line, 264
default tasks in library, 265
event IDs, 267
exercise analyzing scheduled tasks, 269
exercise configuring triggers, 268
exercise creating scheduled task, 267
exercise disabling/deleting scheduled tasks, 269
improvements to, 259
managing existing tasks, 265
overview of, 259
summary and review, 270
troubleshooting scheduled tasks, 266
Task Scheduler Library, 265
TCP 135 (port), Remote Assistance firewall exception, 515
TCP/IP, Windows Firewall and, 439
technical resources, Windows Vista deployment, 5
Telnet
checking connectivity to port 445, 395
exercise installing Telnet services, 432
testing ports, 403
templates, for data collector sets, 249–250
Terminal Services
allowing log on to Remote Desktop, 501
hosting Vista-incompatible applications, 94
Remote Desktop components, 495
TPM (Trusted Platform Module)
BitLocker Drive Encryption and, 10
BitLocker used in conjunction with, 302–304
TPM only, BitLocker modes, 303
trace logs, improvements in Vista, 227
Tracert, 390
traffic
creating exceptions in firewall to allow, 439
securing network traffic. See IPSec (IP Security)
Windows Firewall and, 439
transmitters, in wireless networks, 479
triggers
conditions for refining, 263
configuring for scheduled tasks, 261
exercise configuring triggers for scheduled tasks, 268
improvements in, 226
improvements to Task Scheduler, 260
trust levels, ActiveX controls and, 168
Trusted Platform Module. See TPM (Trusted Platform Module)
Tunnel rule, Connection Security Rules, 429
Turn Off Crash Detection, Internet Explorer addon settings, 164
U
UAC (User Account Control), 333–369
application compatibility and, 90
case scenario for troubleshooting UAC, 368
color coding for elevation prompts, 342
compatibility problems, 284
correcting administrator issues in Vista, 336
default features for administrators, 344–345
default features for standard users, 345–346
detecting users unable to launch under UAC, 95
elevation prompts, 340–343
local administrator in Windows XP, 335
logon process in and, 339
multicolored shield icon, 342
Remote Assistance and, 517
standard users vs. administrators in Vista, 337
summary and review, 346
what it is, 335
UAC (User Account Control), configuring, 349–367
Admin Approval Mode for built-in administrator accounts, 352
Admin Approval Mode required for administrator accounts other than the built-in administrator, 354
Admin Approval Mode required for all administrators, 357
application installation settings, 356
case scenario, 368
command prompt run as administrator, 359
digital certificate settings, 356
exercise disabling UAC, 361
exercise enabling at domain level, 363
exercise exploring with UAC disabled, 362
legacy applications running with standard user privileges, 358
locating UAC policy setting, 351
overview of, 349
running older applications as administrator, 360
Secure Desktop required for elevation, 358
standard user settings, 355
summary and review, 364
turning UAC on/off in Control Panel, 349
UAC policy settings, 352–359
UIAccess settings for applications, 356
UFD (flash drive), 376
UI (user interface)
improvements to Task Scheduler, 259
improvement to wireless networking, 455
Windows Aero GUI, 9
UIAccess settings, UAC, 356
UIPI (User Interface Privilege Isolation), 170
uniform resource locators (URLs), 175
Universal Plug and Play. See UPnP (Universal Plug and Play)
universal serial bus. See USB (universal serial bus) 2.0
updates, Windows Defender cannot download, 200–202
updates, software, 183–199
applying to new computers, 186
automatic, 189–191
case scenario deploying, 220
deployment methods, 183
exercise distributing with WSUS, 196
improvements in Windows Vista, 183
manual, 187
recovery when update prevents from starting, 195
removing manually, 194
removing with WSUS, 195
scripted, 191
SMS (Systems Management Server), 185
summary and review, 197
troubleshooting Restart Manager, 193
troubleshooting Windows Update, 191
Windows Update client and, 184
WSUS (Windows Server Update Services), 184
upgrades
case scenario for performing, 30
hardware upgrades required for deployment, 4
upgrades. See also WVUA (Windows Vista Upgrade Advisor)
UPnP (Universal Plug and Play)
Allow Inbound UPnP Framework Exceptions, 444
Network Explorer and, 374
URLs (uniform resource locators), 175
USB (universal serial bus) 2.0
flash drive, 10
Windows Easy Transfer Cable, 21
User Account Control. See UAC (User Account Control)
user accounts
configuring domain user accounts with roaming profiles, 71
in Vista, 338
turning UAC on/off, 349
user interface. See UI (user interface)
User Interface Privilege Isolation (UIPI), 170
user policies, GPOs, 108
user profiles, 70–88
case scenario for supporting roaming users, 101
changes in, 72
compared with XP, 72
exercise adding client computers to domain, 83
exercise creating roaming user profile, 84
exercise supporting roaming users, 101
exercise testing roaming profile on computers, 84
Folder Redirection, 75–77
limitations on roaming profiles, 74
locations in various Windows OSs, 72
namespace for, 71
overview of, 70
Public profile, 73
roaming profiles in Vista and XP, 73–75
summary and review, 87
User State Migration Tool. See USMT (User State Migration Tool)
users. See also administrators, standard users
adding user name to Credential Manager, 281
default UAC features for standard users, 345–346
granting access to EFS file, 296–297
importing user certificates, 297
standard users vs. administrators in Vista, 337
update notification privileges, 189
USMT for migrating all users and user settings, 24
Users group, Remote Desktop
adding users to, 501
exercise troubleshooting user rights issues, 505–506
user-state configuration, migrating while deploying Windows Vista, 5
USMT (User State Migration Tool), 24–26
downloading, 24
Loadstate for restoring user data, 27
migrating all users and user settings, 24
migrating domain accounts, 25
migrating files and settings, 40
overview of, 24
Scanstate for backing up user data, 26
V
Validate Server Certificate, RADIUS servers, 475
Virtual PC 2007, 93
Virtual Server, 94
viruses
administrative logon and, 334
administrator privileges and, 16
VMRC (virtual machine remote control), 162
W
WAIK (Windows Automated Installation Kit), 40, 44
WDDM (Windows Driver Display Model), 9
WDS (Windows Deployment Services)
methods for deploying Windows Vista, 60
overview of, 42
Wdscapture utility, 38
Web browsers, managing wireless access points, 466
Web Services Dynamic Discovery (WS-Discovery), 374
websites, Credential Manager and, 283
WEP (Wired Equivalent Protection)
exercise configuring WEP-encrypted access point, 466
integration with (Network Access Protection), 455
wireless networking security, 457
WPA as successor to, 457
WFAS (Windows Firewall with Advanced Security)
configuring IPSec settings in WFAS console, 430
Group Policy and, 442
Monitoring node, 445
reviewing firewall properties, 446
troubleshooting Windows Firewall from WFAS console, 444–447
verifying firewall rules, 446
Wi-Fi Protected Access. See WPA (Wi-Fi Protected Access)
WIM (Windows Imaging)
advantages of, 36
applying WIM file images, 52
capturing master image for deployment, 47
capturing multiple WIM images, 50
case scenario for preparing master image, 65
exercise capturing WIM file image, 55
ImageX for capturing, modifying, and applying, 39
introduction, 35–37
modularization and, 37
overview of, 35
technology for, 20
viewing WIM file metadata, 50
viewing/editing WIM file image offline, 50
WIM file image deployment, 51–52
Windows XP images, 34
Windows 2000. See also Windows XP
administrator problem, 334
smart card support, 280
Windows activation, 48
Windows Aero, 9
Windows Automated Installation Kit (WAIK), 40, 44
Windows Backup, 300
Windows Capable, hardware specifications in, 8
Windows Connect Now, improvements to Vista networking, 376
Windows Defender, 200–207
configuring to ignore false alarms for unknown software, 205
configuring to ignore specific files and folders, 203
configuring to ignore specific types of real-time protection, 204–205
exercise analyzing changes caused by, 205
identifying changes blocked by, 202–203
overview of, 200
summary and review, 206
troubleshooting problems downloading updates, 200–202
working around false alarms, 203
Windows Deployment Services. See WDS (Windows Deployment Services)
Windows Driver Display Model (WDDM), 9
Windows Easy Transfer, 21–23
cable for, 21
options for applying, 22
overview of, 21
side-by-side migration with, 21
steps in process, 23
what can be backed up with, 22
Windows Event Collector, event forwarding and, 227
Windows Explorer
backing up certificates, 295
color coding for encrypted files, 293
Windows Firewall
application connectivity problems and, 400
event forwarding and, 228
exceptions, 396
IPSec and, 376
problems connecting to shared resources, 394
tool for configuring, 119
troubleshooting Remote Desktop and, 502
with advanced security. See WFAS (Windows Firewall with Advanced Security)
Windows Firewall, troubleshooting, 439–448
Control Panel for, 440
determining which firewall profile is active, 445
Group Policy for, 441–444
overview of, 439
reviewing firewall properties, 446
summary and review, 447
verifying Connection Security Rules, 447
verifying firewall rules, 446
WFAS for, 444–447
Windows Imaging. See WIM (Windows Imaging)
Windows Installer
application deployment, 208
exercise automating package installation, 215
Group Policy for package deployment, 210
MsiExec.exe for automating package installation, 209
Restart Manager in version 4.0, 193
Windows Live Messenger, 518
Windows Media Player, 162
Windows Meeting Space, 372
Windows Network Diagnostics
Diagnose button for launching, 393
how to use, 386
launch methods, 386
list of detected problems, 387
name resolution problems, 398
troubleshooting DHCP connectivity, 396
Windows OSs. See also by version
BitLocker support, 301
Group Policy support, 106
MLGPO support, 108–109
Remote Assistance compatibility issues, 518
weaknesses of administrative templates in Windows XP, 110
Windows Preinstallation Environment. See WinPE (Windows Preinstallation Environment) 2.0
Windows Remote Assistance wizard, 512, 516
Windows Remote Assistance. See Remote Assistance
Windows Remote Desktop. See Remote Desktop
Windows Remote Management (WinRm) command-line tool, 228
Windows Remote Management. See WSManagement (Windows Remote Management)
Windows Resource Protection, 90
Windows Server 2003
IAS (Internet Authentication Service), 473
Remote Assistance compatibility issues, 518
Remote Desktop update for, 495
WDS and, 61
Windows Server Update Services. See WSUS (Windows Server Update Services)
Windows Sidebar, 213
Windows Update
automatic options, 189
client, 184
configuring with Group Policy, 189
Group Policy settings, 105
manually applying updates, 187
reviewing update history, 192
scheduling, 189
smart cards and, 280
troubleshooting, 191
viewing update history, 194
Windows Update Standalone Installer (Wusa.exe), 191
Windows Vista
exercise connecting to Windows Vista through Remote Desktop, 507–508
network settings. See network settings
Windows Vista Capable
compared with Windows Vista Premium Ready, 10
overview of, 7
Windows Vista Hardware Assessment. See WVHA (Windows Vista Hardware Assessment)
Windows Vista Premium Ready
compared with Windows Vista Capable, 10
list of hardware specifications in, 9
overview of, 7
Windows Vista Security Guide, 132
Windows Vista Upgrade Advisor. See WVUA (Windows Vista Upgrade Advisor)
Windows XP
administrative templates, 110
administrator problem, 334
authentication methods, 279
exercise configuring Folder Redirection for XP and, 85
exercise troubleshooting network layer authentication issues in Remote Desktop, 506–507
exercise troubleshooting Remote Desktop connection to, 503–504
exercise troubleshooting Remote Desktop server authentication, 504
exercise troubleshooting user rights issues in Remote Desktop, 505–506
Power Users group, compatibility with Vista, 337
Remote Assistance compatibility issues, 518
Remote Desktop update for, 495
running as local administrator in, 335
smart card support, 280
user profiles compared with XP, 72
WPA support, 458
WPA2 support, 455
WinPE (Windows Preinstallation Environment) 2.0
booting master computer in, 49
creating Windows PE media, 44–46
deploying Windows Vista, 37–39
Diskpart for preparing image for deployment, 51
exercise applying capture image, 56
exercise capturing WIM file image, 55
exercise creating CD for, 54
overview of, 37
WinRm (Windows Remote Management)
command-line tool, 228
wipe-and-load migration, migrating data, 19
Wired Equivalent Protection. See WEP (Wired Equivalent Protection)
wired networks, Group Policy settings, 124
Wireless Diagnostics, data collector sets, 249
wireless networking, 453–491
ad hoc wireless networks, 471–472
case scenario for teaching user how to connect to wireless network, 490
case scenario troubleshooting, 490
changing priorities of wireless networks, 470
common problems, 478–481
configuring profile types, 476–478
configuring WPA-EAP security, 472–476
Event Viewer for analyzing connectivity problems, 481–482
exercise configuring unencrypted wireless access point, 466
exercise configuring WEP-encrypted access point, 466
exercise configuring WPA-EAP access point, 483–486
exercise configuring WPA-PSK access point, 467
exercise troubleshooting wireless network, 482
Group Policy for connecting to, 461–462
Group Policy settings, 124
improvements in, 373, 455
manually connecting to network, 458
manually creating new profile, 459
overview of, 454
popularity of, 454
pros/cons of broadcasting SSID, 460
reconfiguring wireless networks, 464
scripts for connecting to, 462–464
security, 456
summary and review, 468, 486
support for hidden wireless networks, 455
unprotected networks, 456
WEP (Wired Equivalent Protection), 457
WPA (Wi-Fi Protected Access), 457
wireless signal, troubleshooting weak signals, 478
WLAN AutoConfig service
configuration of wireless networks, 455
starting, 458
workgroups, configuring event forwarding for, 233
worms, 16
WPA (Wi-Fi Protected Access)
configuring WPA-EAP security, 472–476
exercise configuring WPA-EAP access point, 483–486
exercise configuring WPA-PSK access point, 467
integration with (Network Access Protection), 455
personal and enterprise editions, 457
Vista support for, 455
WPA2, 458
WPA Enterprise. See WPA-EAP
WPA2
integration with (Network Access Protection), 455
support for, 455
WPA2-PSK and WPA2-EAP, 458
WPA-EAP
configuring for wireless networks, 472–476
exercise configuring WPA-EAP access point, 483–486
overview of, 458
WPA2-EAP, 458
WPA-PSK (WPA Personal)
exercise configuring access point, 467
overview of, 457
WPA2-PSK, 458
Wpeutil, 38
WS-Discovery (Web Services Dynamic Discovery), 374
WS-Management (Windows Remote Management)
configuring event forwarding, 228
event forwarding and, 227
WSUS (Windows Server Update Services)
applying updates to new computers, 187
exercise distributing updates, 196
removing update with, 195
specifying update server location, 189
update deployment methods, 184
updating software, 184
Wusa.exe (Windows Update Standalone Installer), 191
WVHA (Windows Vista Hardware Assessment)
downloading, 12
reports generated by, 13
verifying performance levels on networks, 12
WVUA (Windows Vista Upgrade Advisor)
downloading, 12
exercise running, 13
limitations of, 11
verifying hardware requirements on individual computer, 11
X
Xbox 360, 382
XML (Extensible Markup Language), 24
Z
ZTI (Zero Touch Installation), 41
© Microsoft. All Rights Reserved.