Requirements for Performing the Scenarios

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

This section describes how to configure computers to try the scenarios for Windows Firewall with Advanced Security in a test lab environment. Step-by-Step guides are not necessarily meant to be used to deploy Windows Server features without accompanying documentation (as listed in the Additional References section). Use this guide as a stand-alone document with discretion.

Warning

If you accidentally apply Windows Firewall with Advanced Security settings to a GPO that applies to production computers, you can affect their ability to communicate with other computers.

In this section:

  • Hardware requirements

  • Software requirements

  • Required common procedures

  • Setting up the lab computers

Hardware requirements

You must meet the following hardware requirements in order to set up the test lab:

  • Three computers that can run the operating systems required for the roles used in this guide (see the "Software Requirements" section later in this guide). The computers can be physical computers attached to a physical network, or virtual computers that are running on Microsoft® Hyper-V Server, the Hyper-V server role in Windows Server 2008 R2 or Windows Server 2008, or Virtual Server or Virtual PC and connected to an isolated virtual network.

    The computers needed for a test lab for this guide include the following:

    1. DC1 is a computer that is running Windows Server 2008 R2 or Windows Server 2008, Standard or Enterprise Edition, configured to provide the following functions:

      • The primary domain controller for the Contoso.com Active Directory domain

      • A Domain Name System (DNS) server that can resolve names for the Contoso.com DNS zone

    2. MBRSVR1 is a computer that is running Windows Server 2008 R2 or Windows Server 2008, Standard or Enterprise Edition, configured to provide the following functions:

      • A domain member in the Contoso.com domain

      • A manager and editor of the Group Policy objects in the Contoso.com domain

      • A Telnet server

    3. CLIENT1 is a computer that is running Windows 7 or Windows Vista, configured as follows:

      • A domain member in the Contoso.com domain

      • A Telnet client

  • The computers must be connected to each other by using a network. We recommend that you use a stand-alone, isolated network that contains nothing but the computers that are used in this guide.

Warning

If you connect your test network to your production environment or to the Internet then we strongly recommend that you make sure that all computers are updated with the latest security updates and are running appropriate antivirus protection software.

Note

The steps in this guide assume that your computers are on an isolated test lab network, and that the names, IP addresses, and so on, do not interfere with the operation of other computers on your production environment.

Software requirements

  • For DC1: Windows Server 2008 R2 or Windows Server 2008, Standard or Enterprise Edition.

  • For MBRSVR1: Windows Server 2008 R2 or Windows Server 2008, Standard or Enterprise Edition.

  • For CLIENT1: Windows 7 or Windows Vista.

Note

If you use Windows Server 2008 on MBRSVR1, or Windows Vista on CLIENT1 then you cannot perform the steps that demonstrate features unique to Windows Server 2008 R2 and Windows 7. These steps are clearly identified in the text.

Required common procedures

The procedures that are shown here frequently occur in this guide, and the steps for them are not included in-line. See the steps listed here any time that you must refer to them.

Responding to the User Account Control dialog box

The User Account Control dialog box can appear when you try to perform a task that requires administrative permissions. If your account is a member of the local Administrators group then you can click Continue when you are prompted. If your user account is not an administrator then you must provide the credentials (user name and password) of an account that has the required permissions.

Note

User Account Control dialog boxes appear much less frequently in Windows 7 and Windows Server 2008 R2 than in earlier versions of Windows.

Administrator command prompts

Use the following procedure when you are instructed to open an Administrator: Command prompt.

To open an Administrator: Command prompt

  1. Click Start, click All Programs, and then click Accessories.

  2. Right-click Command Prompt, and then click Run as administrator.

You can do the same thing with any shortcut to the command prompt that you put in the Start menu, or on the desktop, or that you pin to the taskbar or Quick Launch bar.

Starting Windows Firewall with Advanced Security

Use the following procedure when you are instructed to open the Windows Firewall with Advanced Security MMC snap-in.

To open the Windows Firewall with Advanced Security MMC snap-in

  • Click Start, in the Start Search box, type wf.msc, and then press ENTER.

Alternatively:

  • On Windows Server 2008 R2 or Windows Server 2008 you can click Start, click Administrative Tools, and then click Windows Firewall with Advanced Security.

Setting up the lab computers

First, set up the domain controller and create the domain that has the required user accounts.

To install and configure the domain controller DC1

  1. Install Windows Server 2008 R2 or Windows Server 2008 by using the following settings:

  2. Set the local Administrator account password to Pass@word1.

  3. Configure the network to use the following settings:

    • IP address: 192.168.0.1

    • Subnet mask: 255.255.255.0

    • Default gateway: Leave blank

    • DNS server address: 192.168.0.1

  4. Name the computer DC1. Restart the computer when you are prompted.

  5. Install Active Directory by using the following settings:

    • Create a new domain in a new forest, and name the domain contoso.com.

    • Set the Forest Functional Level to the highest level supported in the version of Windows Server that you are using.

    • Include DNS as part of the installation.

    • Use the password Pass@word1 for all user accounts.

  6. After installing Active Directory, restart the computer when you are prompted.

  7. Create a new user account in Contoso named Admin1, with a password of Pass@word1.

  8. Add Admin1 to the group Domain Admins.

Now install the member server, and then configure the required services.

To install and configure the member server MBRSVR1

  1. Install Windows Server 2008 R2 or Windows Server 2008 by using the following settings:

  2. Set the local Administrator account password to Pass@word1.

  3. Configure the network to use the following settings:

    • IP address: 192.168.0.100

    • Subnet mask: 255.255.255.0

    • Default gateway: Leave blank

    • DNS server address: 192.168.0.1

  4. Name the computer MBRSVR1, join the computer to the contoso.com domain, and then restart the computer when you are prompted.

  5. Use Server Manager to install the features Group Policy Management and Telnet Server onto the computer.

  6. Use the Services.msc console to configure the Telnet service to start automatically whenever the computer starts, and then start the service.

Finally, install the workstation client, and configure it.

To install and configure the client computer CLIENT1

  1. Install Windows 7 or Windows Vista by using the following settings:

  2. When prompted to name the local administrator during setup, name it localadmin, and then set its password to Pass@word1.

  3. Name the computer CLIENT1.

  4. Identify the network location type as Work.

  5. Configure the network to use the following settings:

    • IP address: 192.168.0.101

    • Subnet mask: 255.255.255.0

    • Default Gateway: Leave blank

    • DNS server address: 192.168.0.1

  6. Using the Turn Windows features on and off option in the Program and Features control panel program, install the Telnet Client onto the computer.

  7. Join the computer to the contoso.com domain, and then restart the computer when you are prompted.

Next topic: Examining Default Settings on Clients and Servers