Figure 7-15: Configuring rule scope in .NET framework

Draw QR-Code in .NET framework Figure 7-15: Configuring rule scope

Figure 7-15: Configuring rule scope
Quick Response Code Creation In .NET
Using Barcode creator for .NET Control to generate, create QR Code JIS X 0510 image in .NET applications.
www.OnBarcode.com
Recognizing QR Code In VS .NET
Using Barcode reader for Visual Studio .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Lesson Sumary
Barcode Printer In .NET Framework
Using Barcode creator for Visual Studio .NET Control to generate, create bar code image in VS .NET applications.
www.OnBarcode.com
Scanning Bar Code In .NET
Using Barcode recognizer for .NET framework Control to read, scan read, scan image in .NET applications.
www.OnBarcode.com
Windows Firewall and WFAS work together on a client running Windows 7. Windows Firewall allows for the creation of basic rules that apply to programs and Windows 7 features. You cannot configure rule scope or authentication settings for Windows Firewall rules. Network profiles allow different sets of firewall rules to apply depending on the properties of the network connection. The three network profiles are Domain, Public, and Home Or Work (Private). Windows Firewall rules can apply selectively to network profiles. Different network profiles can apply to different network interfaces at the same time. WFAS allows you to configure inbound and outbound firewall rules for ports, programs, and services. WFAS allows you to configure rule scope and authentication.
Create QR Code In C#
Using Barcode encoder for .NET framework Control to generate, create QR Code image in Visual Studio .NET applications.
www.OnBarcode.com
Quick Response Code Maker In VS .NET
Using Barcode creator for ASP.NET Control to generate, create QR Code image in ASP.NET applications.
www.OnBarcode.com
Lesson Review You can use the following questions to test your knowledge of the information in Lesson 1, "Managing Windows Firewall." The questions are also available on the companion DVD if you prefer to review them in electronic form. Note ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the "Answers" section at the end of the book.
Make QR Code In Visual Basic .NET
Using Barcode printer for .NET framework Control to generate, create QR Code 2d barcode image in .NET applications.
www.OnBarcode.com
ECC200 Printer In VS .NET
Using Barcode creation for VS .NET Control to generate, create Data Matrix 2d barcode image in .NET framework applications.
www.OnBarcode.com
1. You are responsible for managing student laptops that have Windows 7 installed at a small community college. You want to prevent students from uploading files using FTP to FTP sites on the Internet but allow them to send outbound e-mail using the Simple Mail Transfer Protocol (SMTP). Which of the following rules would you configure to accomplish that goal A. Inbound rules B. Outbound rules C. Isolation rules D. Authentication exemption rules 2. You want to create a firewall rule that allows inbound communications on port 80 when your laptop computer with Windows 7 installed is connected to your office network, but blocks inbound communication on TCP port 80 when you are connected to your home network. Which of the following tools could you use to create this rule (Choose all that apply.) A. Windows Firewall B. WFAS C. Netsh D. Netstat 3. What does the command netsh advfirewall firewall add rule name="CustomRule" profile=domain protocol=TCP dir=in localport=80 action=allow do when executed from an elevated command prompt A. Creates an inbound rule that applies only in the Domain profile that blocks traffic on port 80 B. Creates an outbound rule that applies only in the Domain profile that blocks traffic on port 80 C. Creates an inbound rule that applies only in the Domain profile that allows traffic on port 80 D. Creates an outbound rule that applies only in the Domain profile that allows traffic on port 80 4. You are configuring firewall rules on a client running Windows 7. You want to allow
UPC-A Supplement 5 Encoder In VS .NET
Using Barcode generation for .NET Control to generate, create GTIN - 12 image in Visual Studio .NET applications.
www.OnBarcode.com
Encoding Code 3 Of 9 In .NET Framework
Using Barcode maker for .NET framework Control to generate, create USS Code 39 image in VS .NET applications.
www.OnBarcode.com
incoming traffic to the application named Application.exe, but only if it is authenticated. Which of the following steps should you perform to accomplish this goal A. Use Windows Firewall to create a rule B. Use WFAS to create a rule C. Use the Credential Manager to create a rule D. Use the Authorization Manager to create a rule 5. You want Windows 7 to send you a message when the firewall blocks a new program when you are connected to your organization's domain network. Windows 7 should not send you a message when the firewall blocks a new program when you are connected to a public network. Which of the following settings should you configure (Choose all that apply; each answer forms part of a complete solution.) A. In the Home Or Work (Private) Network Location Settings area, select Turn On Windows Firewall and enable Notify Me When Windows Firewall Blocks A New Program. B. In the Home Or Work (Private) Network Location Settings area, select Turn On Windows Firewall and disable Notify Me When Windows Firewall Blocks A New Program. C. In the Public Network Location Settings area, select Turn On Windows Firewall and enable Notify Me When Windows Firewall Blocks A New Program. D. In the Public Network Location Settings area, select Turn On Windows Firewall and disable Notify Me When Windows Firewall Blocks A New Program. Answers 1. Correct Answer: B A. Incorrect: Inbound rules are used to block traffic from the network to the computer. You want to block a specific type of network traffic from the computer to the network, which necessitates the use of outbound rules. B. Correct: Outbound rules allow you to block and allow traffic that originates on the computer from traveling out to the network. You should configure an outbound rule to block students from using FTP to upload files to sites on the Internet and an outbound rule to allow students to use SMTP to send e-mail. C. Incorrect: Isolation rules are used to limit the hosts that a computer can communicate with to those that meet a specific set of authentication criteria. They cannot be used to block an outbound specific protocol. D. Incorrect: Authentication exemption rules are used in conjunction with Isolation rule to allow connections to be made without requiring that authentication occur. Authentication exemption rules apply to inbound traffic rather than outbound. 2. Correct Answers: B and C A. Incorrect: Windows Firewall does not allow you to create firewall rules for specific network locations on the basis of port address. Windows Firewall does not allow you to create rules that differentiate between the home and work network locations.
PDF 417 Generator In VS .NET
Using Barcode generation for .NET framework Control to generate, create PDF-417 2d barcode image in .NET framework applications.
www.OnBarcode.com
MSI Plessey Encoder In VS .NET
Using Barcode maker for .NET framework Control to generate, create MSI Plessey image in VS .NET applications.
www.OnBarcode.com
You can only create rules that differentiate on the basis of home and work or public network locations. B. Correct: You can use WFAS to create firewall rules on the basis of port address and on the basis of network location. C. Correct: You can use the Netsh command-line utility to create WFAS rules. WFAS rules allow you to create firewall rules on the basis of port address and on the basis of network location. D. Incorrect: Netstat is a tool used to provide information about network traffic. You cannot use Netstat to create firewall rules. 3. Correct Answer: C A. Incorrect: The rule in the question allows traffic rather than blocks traffic. B. Incorrect: The rule in the question applies to inbound traffic rather than outbound traffic. C. Correct: This rule, called CustomRule, applies in the domain profile and allows inbound TCP traffic on port 80. You can create WFAS rules using Netsh in the advfirewall context. D. Incorrect: The rule in the question is an inbound rule rather than an outbound rule. 4. Correct Answer: B A. Incorrect: Although you can create rules based on applications using Windows Firewall, you cannot use this tool to create rules that require that incoming connections be authenticated. B. Correct: WFAS allows you to create detailed rules that include the ability to allow incoming traffic only if it is authenticated. C. Incorrect: Credential Manager stores authentication credentials. It cannot be used to create firewall rules that require authentication. D. Incorrect: Authorization Manager allows you to configure roles for the delegation of administrative privileges. You cannot use Authorization Manager to create firewall rules that require authentication. 5. Correct Answers: A and D A. Correct: You should configure Windows Firewall to notify you when it blocks a program in the Home Or Work (Private) Network Location Settings area. This ensures that you receive a message when a new program is blocked when connected to this network profile. B. Incorrect: You should not disable the setting related to receiving a message when a new program is blocked in the Home Or Work (Private) Network Location Settings area because this means that you do not receive a message when a program is blocked. C. Incorrect: You should not enable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this notifies you when a new program is blocked. The question text states that you should not be notified when this occurs. D. Incorrect: You should disable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this ensures that you are not notified when a program is blocked.
UCC - 12 Encoder In Java
Using Barcode creator for Java Control to generate, create Universal Product Code version A image in Java applications.
www.OnBarcode.com
GTIN - 13 Generation In Java
Using Barcode maker for Android Control to generate, create UPC - 13 image in Android applications.
www.OnBarcode.com
Lesson 2: Windows 7 Remote Management Remote management allows a user in one location to perform management tasks on a computer in another location. Through remote management, you can perform almost every task remotely that you can perform when you are sitting directly in front of the computer. In this lesson, you learn about the remote management technologies that can be used with Windows 7 including Remote Desktop, Remote Assistance, Windows PowerShell, and Windows Remote Shell (WinRS). After this lesson, you will be able to: Use Windows PowerShell for remote management. Use WinRS for remote management. Configure Remote Assistance. Configure Remote Desktop. Estimated lesson time: 40 minutes
PDF-417 2d Barcode Generation In None
Using Barcode drawer for Microsoft Word Control to generate, create PDF-417 2d barcode image in Word applications.
www.OnBarcode.com
Paint UPC Symbol In None
Using Barcode printer for Online Control to generate, create UPC-A Supplement 2 image in Online applications.
www.OnBarcode.com
Remote Desktop Remote Desktop allows you to log on remotely to a computer running Windows 7 and to interact with that computer it in the same manner as you would if you were sitting in front of it. Remote Desktop allows you to print using printers connected to the remote computer, or print to a local printer from an application running on the remote computer. Remote Desktop functions well as a management tool because it allows employees responsible for managing, maintaining, and configuring client operating systems to perform many of those tasks remotely. Note REMOTE MANAGEMENT TERMINOLOGY For the purposes of clarity, when discussing remote management throughout this lesson, the management computer is the computer that the user is logged on to directly. The remote computer is the computer to which the user is making a remote desktop connection. All remote management technologies require that there be network connectivity between the management computer and the remote computer. You can perform a logon using Remote Desktop if no one is currently logged on to the remote computer, though the remote computer does need to be switched on. If Wake On LAN is Configured for the physical network interface, it is possible for the computer to wake from sleep or hibernate mode when an incoming remote desktop session is detected, though configuring Windows 7 to support this functionality is beyond the scope of the 70-680 exam. If a user locks the screen on their client running Windows 7, it is possible for that user to connect to that client remotely and resume the session over Remote Desktop. It is also possible for the user to disconnect from that session and resume it when they log back on directly.
Recognize ECC200 In Visual C#
Using Barcode recognizer for Visual Studio .NET Control to read, scan read, scan image in .NET framework applications.
www.OnBarcode.com
Quick Response Code Reader In .NET Framework
Using Barcode reader for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
If another user is logged on when an incoming Remote Desktop session is initiated, she will receive a message indicating that another user wants to log on remotely, as shown in Figure 716. The logged-on user has the ability to deny the remote user access, even when the remote user has administrative privileges and the logged-on user does not. If a user is logged on remotely and another user attempts a local logon, the remote user will be prompted in the same way. A currently logged-on user, whether that logon is remote or local, is able to deny another user's logon request. If a user is disconnected, her session remains in memory and she can reconnect at any time, similar to the way a user's session remains in memory when you use the Switch User option from the Shutdown menu.
QR Creator In C#
Using Barcode printer for .NET framework Control to generate, create QR Code 2d barcode image in .NET framework applications.
www.OnBarcode.com
Decoding PDF-417 2d Barcode In VB.NET
Using Barcode reader for .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Figure 7-16: The logged-on user can deny remote desktop connection You can make Remote Desktop connections through NAT devices to hosts on the Internet. A technology available in Windows Server 2008 called Terminal Services Gateway allows users to make Remote Desktop connections from hosts that have Internet connectivity to hosts on an internal protected network. It is possible to make Remote Desktop connections over modem and VPN links. Remote Desktop connections can use both the IPv4 and IPv6 protocol and it is possible to make a Remote Desktop connection when a computer connects to the network using DirectAccess. Configuring Remote Desktop You can make remote desktop connections only to computers running the Professional, Enterprise, and Ultimate editions of Windows 7. Other editions of Windows 7 do not support incoming Remote Desktop connections, but all editions include the Remote Desktop client software. Remote Desktop is not enabled by default on computers running Windows 7. You can enable it on the Remote tab of the System Properties dialog box, which is shown in Figure 7-17. When you enable Remote Desktop you need to choose whether to allow connections from computers running any version of Remote Desktop or to restrict connections to computers running Remote Desktop with Network Level Authentication. Only clients running Windows Vista and Windows 7 support Network Level Authentication by default. It is possible to configure computers running Windows XP with SP3 to support Network Level Authentication, but this feature is not enabled by default. If you need to connect to a client running Windows 7 from a client running Windows XP client that does not have SP3 applied, it is necessary to configure the option that allows connections from computers running any version of Remote Desktop.
Figure 7-17: Enable Remote Desktop When you enable Remote Desktop, Windows Firewall automatically updates rules to allow Remote Desktop connections to be made to the computer. If you reset Windows Firewall to its default settings, you need to re-enable the Remote Desktop firewall rules manually. You can also re-enable these rules by disabling and then re-enabling Remote Desktop. If you want to allow a standard user to connect remotely using Remote Desktop, you must add her account to the local Remote Desktop Users group. Only members of the Administrators and Remote Desktop Users local groups are able to make connections to a client running Windows 7 using Remote Desktop. When you click the Select Users button on the Remote tab of the System Properties dialog box, it opens the Remote Desktop Users dialog box, as shown in Figure 7-18. Any user you add using this dialog box is added automatically to the Remote Desktop Users group and this list displays all current members of that group, no matter what method was used to add the user accounts.
Figure 7-18: Remote Desktop Users You will configure Remote Desktop in the practice at the end of this lesson. Remote Assistance Both Remote Assistance and Remote Desktop allow the user at the management computer to see the desktop and applications that are present on the remote computer. The difference between Windows Remote Assistance and Remote Desktop is that a user is logged on to the remote computer and initiates the remote assistance session, whereas a Remote Desktop session is initiated on the management computer. Remote Assistance is a support tool used by help-desk staff to allow them to view the screen of the person to whom they are providing assistance. Remote Assistance reduces the need for nontechnical users to accurately describe the problem that they are having with their computers because support personnel can see the desktop directly. Unlike the version of Remote Assistance that shipped with Windows XP, the version of Remote Assistance that is included with Windows 7 does not include a voice client. If you are going to talk to the person whom you are helping using Remote Assistance, you are going to have to use another method, such as the telephone. Remote Assistance can be used only with the permission of the person that is logged on to the remote computer. Remote Assistance invitations can be used for only a limited time, and once the Remote Assistance application is closed, it is not possible to connect to the remote computer through a Remote Assistance session. The person logged on to the remote computer can terminate the Remote Assistance session at any time. The default connection setting for Remote Assistance has the person providing assistance only able to view, but not interact, with the desktop on the remote computer. The person providing assistance can request control, as shown in Figure 7-19, which allows him to interact directly. This is useful if the person providing assistance needs to respond to a User Account Control prompt. The person receiving the assistance can return the session to view only by clicking the Stop Sharing button on the Windows Remote Assistance control. They can also block the person helping them from viewing their desktop temporarily by pausing the Remote Assistance session.
Figure 7-19: Permission to share control Like Remote Desktop, Remote Assistance connections can occur only when there is connectivity between the management computer and the remote computer. This means that you cannot resolve a network connectivity problem using Remote Assistance because that connectivity problem blocks a Remote Assistance connection. The Windows Remote Assistance rule is enabled in Windows Firewall when Windows Remote Assistance is enabled on a computer. You enable Windows Remote Assistance on the Remote Tab of the System Properties dialog box. Windows Remote Assistance is enabled by default on computers running Windows 7. The advanced Remote Assistance settings, which can be accessed by clicking the Advanced button on the Remote tab of the System Properties dialog box, allow you to configure a maximum time that an invitation can remain open and to limit Remote Assistance so that connections can only be made from computers that are running Windows Vista or later. This dialog box is shown in Figure 7-20.
Figure 7-20: Advanced Remote Assistance settings When you start Windows Remote Assistance, you are presented with the option of configuring an invitation or responding to an invitation, as shown in Figure 7-21. When a user requesting assistance selects the Invite Someone You Trust To Help You option, she is able to choose among three options: saving the invitation as a file, using e-mail to send the invitation, or using Easy Connect. It is possible to use the e-mail option only if a compatible e-mail program is installed on the client running Windows 7. It is important to remember that, unlike previous versions of Windows, Windows 7 does not ship with a built-in e-mail application so you cannot assume that one is automatically present. You can use the Easy Connect
connection method only on a local network if the Peer Name Resolution Protocol is present on a local server running Windows Server 2008 or if you want to use Easy Connect to solicit assistance over the Internet (if your router supports this protocol). Easy Connect allows you to send an assistance request without having to forward an invitation.
Figure 7-21: Asking for or offering remote assistance Not only must the person providing remote assistance receive an invitation, but she also needs to provide a password that can be given to her only by the person requesting assistance, as shown in Figure 7-22. For security reasons, this password should be provided using a different method to the one used to transmit the invitation file. If the user requesting remote assistance closes the Windows Remote Assistance dialog box, it is not possible for the remote user to make a connection, even if the invitation period has not expired. Once this dialog box is closed, Windows Remote Assistance needs to be restarted and a new remote assistance invitation issued because the previous one is no longer valid.
Figure 7-22: Waiting for a connection When the remotely connecting user makes the connection with the password forwarded to them, the person requesting assistance is given a warning that the remotely connecting user will be able to see whatever is on the desktop, as shown in Figure 7-23. Once the connection is accepted, the Windows Remote Assistance session starts. The session can be terminated by either party at any time.
Figure 7-23: The allow assistance connection Quick Check 1. What setting do you need to configure to allow Remote Desktop connections from computers running Windows XP Professional SP2. 2. What protocol must be present on local computers running Windows Server 2008 if you are going to forward Windows Remote Assistance invitations using Easy Connect in a LAN environment Quick Check Answers 1. You must configure Remote Desktop to allow connections from computers running any version of Remote Desktop, rather than only allowing connections from computers running Remote Desktop with Network Level Authentication. 2. The Peer Name Resolution Protocol feature must be installed on Windows Server 2008 for clients running Windows 7 on a LAN to be able to use Easy Connect.
Windows Remote Management Service The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. Executing WinRM quickconfig does the following: Starts the WinRM service Configures the WinRM service startup type to delayed automatic start Configures the LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users Configures the WinRM listener on http://* to accept WS-Man requests Configures the WinRM firewall exception
If you are attempting to manage a computer remotely that is not a member of the same AD DS domain as the management computer, you may need to configure the management
computer to trust the remote computer. This is necessary only when you do not use Hypertext Protocol Secure (HTTPS) or Kerberos to authenticate the remote computer's identity. You need to configure this trust because of the bidirectional nature of remote management traffic and the fact that authentication credentials will be forwarded to the remote computer. You can configure this trust using the following command: winrm set winrm/config/client @{TrustedHosts="remote computer name or IP address"} It is also possible to configure Windows Remote Management through Group Policy. The relevant policies are located in the Computer Configuration\Administrative Templates\ Windows Components\Windows Remote Management node and are split between WinRM Client and WinRM Service policies. These policies relate to authentication settings and TrustedHosts. Windows Remote Shell for Remote Management You can use WinRS to execute command-line utilities or scripts on a remote computer. To use WinRS, open a command prompt and prefix the command that you want to run on the remote computer with the WinRS -r:RemoteComputerName command. For example, to execute the Ipconfig command on a computer named Aberdeen, issue the command: WinRS -r:Aberdeen ipconfig If the computer is on the local network, you can use its NetBIOS name. If the computer is on a remote network, you may need to specify its fully qualified domain name (FQDN). It is also possible to specify credentials to be used on the remote computer. For example, to run the command net accounts, which displays information about a computer's password policy on a computer named Aberdeen.contoso.internal using the Kim_Akers user account, issue the command WinRS -r:http://aberdeen.contoso.internal -u:Kim_Akers net accounts If you do not specify a password using the -p:password option, you are prompted to enter a password after you execute the command. You can configure WinRS options through Group Policy in the Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell node. The policies are shown in Figure 7-24 and can be used to configure settings such as idle timeouts, maximum concurrent remote shells, and whether remote shell access is allowed. You will configure and use Windows Remote Shell in a practice exercise at the end of this lesson.
Copyright © OnBarcode.com . All rights reserved.