Configuring Network Connectivity - Chap 4 q's by SL
T/F ? You enable Windows Remote Shell (WinRS) by running the Windows Remote Management (WinRM) Quickconfig command.
True. With WinRS, you can execute command-line utilities on a remote computer. To configure a computer to accept remote commands, run the following command from an elevated command prompt: Winrm quickconfig
T/F ? You can enable notifications in Windows Firewall on a per-network location basis.
True. Notifications inform the user that Windows Firewall has blocked a new program. You configure notifications for Windows Firewall by performing the following steps: 1. Open the Windows Firewall console and then click Change Notification Settings. 2. In the Customize Settings dialog box, choose whether to enable the Notify Me When Windows Firewall Blocks A New Program option for each network location.
T/F ? You can create authentication exemptions using the netsh command-line utility.
True. You can create authentication exemptions using the netsh command-line utility. You must run this command from an elevated command prompt and use the netsh advfirewall consec option. When using this command you must specify endpoint1 as "any" and endpoint2 as the addresses of the computers for which you want to configure the authentication exemption. For example, to create authentication exemptions from all computers on the subnet 192.168.16.0/24, use the following command: Netsh advfirewall consec add rule name=Exemptions endpoint1=any endpoint2=192.168.16.0/24 action=noauthentication
T/F ? LLMNR is never used if a Windows 7 client is configured with the IPv6 address of a DNS server
False. LLMNR is a protocol that allows IPv6 (and IPv4) hosts to perform name resolution on the local network segment without forwarding a query to a DNS server. LLMNR sends a link-local scope name request message to IPv6 multicast address FF02::1:3. All Windows 7 clients listen on this address and respond when their host name matches the name request. Computers running Windows 7 will fall back to using an LLMNR query if they can't resolve a name to an IP address through a DNS query.
T/F ? You can perform remote management of computers running Windows 7 only if they are members of the same domain.
False. You can perform remote management of computers running Windows 7 using several different technologies, each of which is appropriate for specific scenarios. Each remote management technology can be used when the remote and the local computers are members of the same Active Directory domain or when they are stand-alone systems. The remote management technologies that you can use with Windows 7 include these: ■ Remote Assistance Used in screen-sharing support scenarios. The remote user is given permission to connect by the currently logged-in user. ■ Remote Desktop Allows remote full-screen login to a computer running Windows 7. The remote user requires local credentials that have Remote Desktop privileges. Configuring Network Connectivity Chapter 4 91 ■ WinRS Allows remote execution of scripts and command-line utilities. Remote user requires local credentials with permission to execute command-line utilities and scripts. ■ PowerShell Remoting Allows remote execution of PowerShell commands and scripts. Requires local credentials with permission to execute PowerShell commands and scripts.
T/F ? A computer that has the IPv4 address 192.168.169.254 is using an APIPA address.
False. APIPA addresses fall in the range 169.254.0.1 to 169.254.255.254. Windows 7 computers that can't obtain a dynamically configured IPv4 address from a DHCP server use APIPA addresses. This can occur for a multitude of reasons, from the DHCP server not being functional to problems with the network adapter or intervening network infrastructure. You can use APIPA addresses to allow computers running Windows 7 on a LAN to communicate when no DHCP server is present. Computers with APIPA addresses can't use that address to send and receive traffic from hosts on the Internet
T/F ? IPv6 is disabled by default on all network adapters.
False. By editing the network adapter properties, you can configure existing Clients, Services, and Protocols or install a new Client, Service, or Protocol. Network adapters in Windows 7 come with the following clients and protocols enabled: ■ Client For Microsoft Networks A client can access resources on Microsoft networks. ■ QoS Packet Scheduler Enables network traffic control, including rate-offlow and traffic prioritization. ■ File And Printer Sharing For Microsoft Networks Enables the Windows 7 client to share files and printers. ■ Internet Protocol Version 6 (TCP/IPv6) Enables the computer to use IPv6. Click Properties to configure IPv6 address configuration. ■ Internet Protocol Version 4 (TCP/IPv4) Enables the computer to use IPv4. Click Properties to configure IPv4 address configuration. ■ Link-Layer Topology Discovery Mapper I/O Driver Enables the Windows 7 client to discover network infrastructure components such as other clients and devices. ■ Link-Layer Topology Discovery Responder Enables the Windows 7 client to be discovered on the network. Configuring Network Connectivity Chapter 4 83 Although all these items are enabled by default,
T/F ?A computer needs a dynamically assigned IP address to communicate on a LAN.
False. Computers running Windows 7 need an IP address to communicate on the local area network. This can be an IPv4 or an IPv6 address, and can be assigned dynamically or statically.
T/F ? You can configure which DNS servers a client uses by using the Ipconfig.exe command-line utility.
False. DNS resolution enables the translation of IP addresses into fully qualified domain names (FQDNs) and FQDNs into IP addresses. You configure DNS resolution for computers running Windows 7 by setting preferred and alternate DNS servers. You can do this by editing the Internet Protocol Version 4 (TCP/IPv4) properties on the adapter properties in the GUI or by using the netsh interface ipv4 set dnsservers command. For example, to set the network adapter "Local Area Connection" to use the IP address 192.168.15.10 as the primary DNS server, run the following from an elevated command prompt: Netsh interface ipv4 set dnsservers "Local Area Connection" static 192.168.15.10 primary In most organizations, DHCP servers provide clients with DNS server addresses. You can choose this option by editing the Internet Protocol Version 4 (TCP/IPv4) properties or by executing the following command from an elevated command prompt: Netsh interface ipv4 set dnsservers "Adapter Name" source=dhcp
T/F ? You can use the Netstat command-line utility to configure IPv6 name resolution on a computer running Windows 7.
False. IPv6 name resolution works in a similar manner to IPv4 name resolution. You can configure a preferred and alternate DNS server that has an IPv6 address by editing the properties of a network adapter and then opening the Internet Protocol Version 6 (TCP/IPv6) Properties dialog box. You can also configure IPv6 DNS server configuration using the netsh interface IPv6 add dnsserver command from an elevated command prompt. For example, to add a DNS server with the IP address FEC0:0:0:FFFF::1 to the "Local Area Connection" interface, use this command: Netsh interface ipv6 add dnsserver "Local Area Connection" FEC0:0:0:FFFF::1 You can use netsh to delete a DNS server for a configured interface. For example, to remove DNS server FEC0:0:0:FFFF::1 from the "Local Area Connection" interface, use the following command:Netsh interface ipv5 delete dnsserver "Local Area Connection" FEC0:0:0:FFFF::1
T/F ? You can see connected devices through View Network Computers And Devices on a Windows 7 client when Network Discovery is disabled.
False. Many devices, such as network storage devices, network-enabled printers, and network scanners, can be discovered by Windows 7 once they are connected to the same network segment.
T/F ? By default, only members of the local Administrators group can make a Remote Desktop connection to a computer running Windows 7.
False. Members of the administrators and Remote Desktop Users local groups can connect through Remote Desktop to computers running Windows 7. When you add specific users or groups through the Remote Desktop Users dialog box, you can alter which groups and users can log in by editing the Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow Log On Through Remote Desktop Services policy.
T/F ? It is possible to remotely log in through Remote Assistance without the logged-in user's permission.
False. Remote Assistance is a support tool that enables support staff, usually referred to as helpers, to view the screen of a user logged in to a computer running Windows 7. Remote Assistance requires the helper to have an invitation issued by the computer user. The computer user can terminate the Remote Assistance session at any time.
T/F ? The Nslookup utility cannot be used to resolve the IPv6 addresses of fully qualified domain names.
False. The tools that you use to diagnose IPv4 problems also work with IPv6. You can use the following tools to diagnose IPv6 connectivity issues: ■ Ipconfig Displays the IP address configuration. Use Ipconfig to determine if the computer is using an appropriate IP address. ■ Ping You can check point-to-point connectivity between computers running Windows 7 and another host. Use the -6 parameter to ensure that you are using IPv6 with Ping (for example, ping -6 www.contoso.com). ■ Nslookup You can check the resolution of FQDN to IP address and IP address to FQDN. Use the -q=aaaa option to return only IPv6 addresses (for example, nslookup -q=aaaa www.contoso.com). ■ Tracert You can see the path taken from the computer running Windows 7 to a destination host. Use the -6 option with IPv6 (for example, tracert -6 www.contoso.com). ■ Pathping A combination of the Ping and Tracert tools. You can view the path between two hosts and the reliability of each hop in that path. Use the -6 option to force IPv6 (for example, pathping -6 www.contoso.com).
T/F ? A firewall rule can only apply in a single network profile.
False. Windows Firewall rules can apply across one or more network profiles. You can choose the network profiles in which a firewall rule applies for Windows Firewall by choosing Allow Program Or Feature Through Windows Firewall on the Windows Firewall Control Panel item, then clicking Change Settings, and then checking the profiles in which you want a specific allowed program or feature to be enabled. Firewall rules are represented by program and feature name. You can choose to enable firewall rules in the home/work (private) or public profiles. You can also choose to allow a program or feature for the domain network profile if your computer is a member of an Active Directory domain. You can configure the profiles in which a Windows Firewall rule applies using the netsh firewall set allowedprogram command with the profile option. Netsh firewall set allowedprogram "C:\apps\program.exe" "Program" profile=standard
T/F ? Wired network connections on Windows 7 clients are enabled for 802.1X authentication by default.
False. With 802.1X authentication, you can limit network access to clients that have performed authentication. As you learned earlier, you can configure 802.1X authentication for wired network connections by configuring the Wired AutoConfig service. When this service is active, the Authentication tab becomes available on a network adapter's properties. On the Authentication tab, you can configure the following settings: ■ Enable IEEE 802.1X authentication ■ Choose A Network Authentication Method • Microsoft: Smart Card Or Other Certificate • Microsoft: Protected EAP (PEAP) ■ Remember My Credentials For This Connection Each Time I'm Logged On ■ Fallback To Unauthorized Network Access
T/F ? Computers running Windows 7 Home Premium support incoming Remote Desktop connections.
False. With Remote Desktop, clients that use the Remote Desktop Connection software or a compatible third-party alternative to make remote connections to computers running Windows 7 can view and interact with the desktop of the host computer.
T/F ? You can allow programs through Windows Firewall by using the ipconfig command.
False. You can allow or block inbound network traffic to programs or features on a computer running Windows 7. To allow a program through Windows Firewall, open the Windows Firewall Control Panel item and then click Allow A Program Or Feature Through Windows Firewall. Either select the program or feature from the list, or click Allow Another Program and then navigate to the executable file for that program. To allow or block a program through the command line, use the netsh firewall add allowedprogram command. For example, to allow the program c:\app\ program.exe, run the following command from an elevated command prompt: Netsh firewall add allowedprogram "c:\app\program.exe" "My Program" enable
T/F ? Windows Firewall rules must always apply to the public profile.
False. You can configure a firewall rule to apply in a single network profile. You can do this by choosing Allow Program Or Feature Through Windows Firewall on the Windows Firewall Control Panel item, then clicking Change Settings, and then checking the profile in which you want a specific allowed program or feature to be enabled. You can configure the profiles in which a Windows Firewall rule applies using the netsh firewall set allowed program command with the profile option. The allowed profile settings are as follows: ■ Current Applies to all currently active network profiles ■ Domain Applies only to the domain profile ■ Standard Applies only to the private profile ■ All Applies to all profiles except the private profile
T/F ? Administrators can manually configure the networks Windows 7 assigns to the domain network location.
False. You can differentiate networks based on their characteristics, so you can configure rules for Windows Firewall and Windows Firewall with Advanced Security (WFAS) that will apply to some network types and not others. Windows 7 remembers the properties of networks, so that once you assign a network type to a particular connection, the same network type will be assigned to the connection in the future. Windows 7 supports the following network locations: ■ Domain Profile is used when the computer is joined to an Active Directory domain. You cannot apply this profile manually. It is assigned to adapters, including VPN and DirectAccess connections, where Windows 7 detects a domain controller. Generally the most permissive profile. ■ Home/Work (Private) A manually selectable location type used for networks that are indirectly connected to the Internet. Network is assumed to be secure, but not as permissive as the domain profile. Can be set manually. ■ Public Used with insecure networks, including direct connections to the Internet and public access points. This profile is least permissive. Can be set manually. Windows 7 supports more than one active network location type at a time. Computers running earlier versions of Windows support only one active network location type and apply the most restrictive profile when they detected multiple networks. Supporting more than one active location means that multiple profiles can be functioning at the same time.
T/F ? You can configure WFAS notifications only for the domain profile.
False. You configure notifications for WFAS by editing WFAS properties and clicking the Customize button in the Settings area for each profile. You can then choose whether a notification is displayed when a program is blocked from receiving inbound connections.
T/F ? You can specify an IPv6 address as the destination Internet address when configuring up a VPN connection.
True. Setting up a connection for a network uses the same process whether the network uses IPv4, IPv6, or both network-addressing schemes. For example, when setting up a VPN connection you can use an FQDN, IPv4, or IPv6 address as the destination Internet address. To set up a connection or network, use the Setup A Connection Or Network Wizard and choose one of the following options: ■ Connect To The Internet ■ Set Up A New Network ■ Manually Connect To A Wireless Network ■ Connect To A Workplace ■ Set Up A Dial-Up Connection ■ Set Up A Wireless Ad Hoc (Computer To Computer) Network ■ Connect To A Bluetooth Personal Area Network (PAN)
T/F ? You can enable PowerShell remoting by running the Enable-PSRemoting cmdlet when the Windows Remote Management service is configured.
True. To set up PowerShell for remoting when the WinRM service is running, open an elevated PowerShell session and run the following command: Enable-PSRemoting -force
T/F ? You need to configure remotely managed computers to be trusted when attempting to use PowerShell remoting for computers that are in different Active Directory environments.
True. When managing computers not in the same Active Directory domain, you will need to configure remotely managed computers to be trusted. Do this from an elevated command prompt by issuing the following command: Winrm set winrm/config/client @{TrustedHosts="Remote Computer or IP Address"} To open an interactive session, run the Enter-PSSession cmdlet with the ComputerName parameter. For example, to open an interactive session to computer Win7-680, use this command: EnterPSSession -ComputerName:Win7-680 To end the session, run the Exit-PSSession cmdlet.
T/F ? Windows 7 Professional edition supports Location Aware Printing
True. With Location Aware Printing, Windows 7 clients can use a different default printer depending on the network to which they connect. Default printers are associated with network names. You configure default printers for each network name using the Manage Default Printers dialog box, which is accessible through the Devices And Printers Control Panel item. The Professional, Enterprise, and Ultimate editions of Windows 7 support Location Aware Printing.
T/F ? A computer will use an APIPA address if it is configured to use a dynamically assigned address but cannot communicate with a DHCP server.
True. You can determine whether the DHCP server has responded to the client's request for an IP address by checking the IP address configuration. If the computer has been assigned an APIPA address, the computer cannot contact the DHCP server. This may be because there is a problem with the physical network connection, such as a failed UTP drop cable between the computer and the wall point, a failure between the wall point and the switch, a switch failure, the failure of a router, or the failure of the DHCP server.
T/F ? You use the WinRS command to execute command-line utilities on remote computers.
True. You use the WinRS command to execute command-line utilities or scripts on the remote computer. You also specify the name of the remote computer using the -r parameter. For example, to run the command hostname on the computer Win7-B, using the Kim_Akers account, use this command: WinRS -r:Win7-B -u:Win7 B\Kim_Akers hostname
T/F ? You can determine whether the Wired AutoConfig service is running by viewing a wired network adapter's properties.
True. 802.1X authentication requires that the computer authenticate to the wireless access point or the wired switch before it can establish a connection to the network. 802.1X authentication usually requires a certificate or smart card.
T/F ? IPv6-only networks use the same network profiles as IPv4-only networks.
True. A computer uses the same network locations independently of whether it is connecting to an IPv4 network, an IPv6 network, or a network that supports both IPv4 and IPv6. These network locations are as follows: ■ Domain Profile is used with network adapters when Windows 7 determines that an Active Directory domain controller is directly contactable. This profile cannot be applied manually. ■ Home/Work (Private) A manually selectable location type used for networks that are indirectly connected to the Internet, such as those that use link-local or unique unicast addresses. ■ Public Used when the adapter is assigned a IPv6 global unicast address or when connecting to a potentially hostile network.
T/F ? Authentication exemptions enable you to bypass WFAS rules that require authentication.
True. Authentication exemptions allow you to exempt computers or IP address ranges from needing to authenticate even when other connection security rules are being applied. You need to use authentication exemptions only when you are using connection security rules and you have configured WFAS rules with the Allow The Connection If It Is Secure action. An authentication exemption makes all such rules function as if the Allow The Connection action were chosen, but only for the computers specified in the authentication exemption rule. To create an authentication exemption, open the WFAS console and perform the following steps: Configuring Network Connectivity Chapter 4 p.89 1. Select the Connection Security Rules node and click New Rule on the Actions pane. 2. On the Rule Type page, select Authentication Exemption. 3. On the Exempt Computers page, click Add and then enter an IP address, an IP subnet, or one of the following from the predefined list: ■ Default gateway ■ WINS servers ■ DHCP servers ■ DNS servers ■ Local subnet 4. Specify the profiles in which the exemption applies and give the exemption a name.
T/F ? You can configure 802.1X authentication to use either user or computer authentication.
True. By configuring Advanced Settings on the Authentication tab of a network adapter's properties, you can configure the following advanced settings: ■ Specify Authentication Mode Used when you want to configure specific types of 802.1X authentication. You can choose between the following: • User Or Computer Authentication User or computer can perform 802.1X authentication. • Computer Authentication Computer credentials are used for 802.1X authentication. • User Authentication User credentials are used for 802.1X authentication. • Guest Authentication Allows limited guest access to the network. ■ Enable Single Sign On For This Network Determines how single sign in functions with 802.1X authentication. You can configure the following single sign in options: • Perform Immediately Before User Logon • Perform Immediately After User Logon • Maximum Delay • Allow Additional Dialogs To Be Displayed During Single Sign On • This Network Uses Separate Virtual LANs for Machine And User Authentication
T/F ? Unique local IPv6 addresses use the address prefix fc00::/7.
True. IPv6 generally uses auto-configured IP addresses. Configuring the provision of IPv6 addresses usually occurs through the configuration of routers or DHCP servers. There are three types of IPv6 addresses: ■ Unicast Address used by a single network interface. Windows 7 supports the following types of unicast addresses: • Global Address prefix 2000::/3. Can also start with a 3000::/3. Used in the same way as a public IPv4 address for communication across the Internet. • Link-local Address prefix fe80::/64. Used in the same way as an IPv4 APIPA address for traffic on the same network that will not be routed. Used when IPv6 addresses are not automatically configured. • Site-local Address prefix fec0::/10. Can also start with Fed0::/10. Used in the same way as private IP address space, but deprecated by RFC 3879. Use unique local addresses instead of site-local. Configuring Network Connectivity Chapter 4 75 • Unique local Address prefix fc00::/7. Can also start with fd00::/7. Used in the same way as private IP address space. Routable within the organization. ■ Multicast Used by multiple nodes across the network and uses the FF prefix. ■ Anycast Used by multiple nodes, but traffic only received by nearest node to transmission according to routing metrics.
T/F ? The Network Troubleshooter can automatically diagnose and repair common network problems.
True. The Network Troubleshooter provides a user-friendly interface for diagnosing network problems. The Network Troubleshooter performs common network troubleshooting tasks, such as attempting to renew a DHCP lease automatically. With Network Troubleshooter, non-IT professionals can resolve common network problems. Network Troubleshooter can diagnose problems with the following: ■ Internet Connections ■ Shared Folders ■ HomeGroup 72 Chapter 4 Configuring Network Connectivity ■ Network Adapter ■ Incoming Connections ■ Connection To A Workplace Using DirectAccess Network Troubleshooter is most useful for help desk support staff who can use it as first steps in a network troubleshooting routine during a support call. Users do not need to be members of the local Administrators group to use Network Troubleshooter. Each time Network Troubleshooter runs, it generates a problem report. IT professionals can reference this report when performing a more thorough fault diagnosis.
T/F ? IPv6 addresses can be automatically configured based on router advertisements.
True. Unlike IPv4, which uses DHCP servers to dynamically assign IP addresses, IPv6 uses auto-configuration to provision clients with addresses. IPv6 supports two different types of auto-configuration: ■ Stateful Auto-configuration Uses a DHCP server to provision clients with IPv6 addresses. Suitable for organizational networks. ■ Stateless Auto-configuration Uses router advertisements to inform hosts of appropriate IPv6 address prefix. Suitable for small organizations and individuals.
T/F ? Windows Internet Name Service (WINS) is used for NetBIOS name resolution.
True. WINS resolution enables the translation of IP addresses into NetBIOS names. You configure WINS resolution for computers running Windows 7 by editing the Internet Protocol Version 4 (TCP/IPv4) properties on the adapter properties in the GUI or by using the netsh interface ipv4 set winsserver command. For example, to set the network adapter "Local Area Connection" to use the IP address 192.168.15.100 as the WINS server, run the following from an elevated command prompt: Netsh interface ipv4 set winsserver "Local Area Connection" static 192.168.15.100
T/F ? You can configure Remote Desktop so that only Remote Desktop clients that support Network Level Authentication can connect.
True. When you enable Remote Desktop, you choose between allowing connections from any version of Remote Desktop or restricting connections to Remote Desktop clients that support Network Level Authentication. The Remote Desktop clients available in Windows Vista, Windows 7, and Windows Server 2008 support Network Level Authentication.
T/F ? You can view available wireless networks from the command prompt.
True. Windows 7 clients can connect to wireless networks using the following methods: ■ Network notification area icon Click this icon to connect from the Windows 7 taskbar. ■ Set Up A Connection Or Network Wizard You can choose to connect to a wireless network from Network and Sharing center. You can use this method to prepopulate wireless networks without having to initiate a connection. 80 Chapter 4 Configuring Network Connectivity ■ Manage Wireless Networks dialog box You can add new wireless networks or delete existing remembered wireless network connections. You can use this method to prepopulate wireless networks without having to initiate a connection. You can use this method to create an ad hoc wireless network. ■ Group Policy Administrators can specify wireless network settings for domain-joined computers. ■ Netsh wlan command-line utility You can view and join wireless networks from the command line. For example, the command Netsh wlan show networks displays available wireless networks.
T/F ? You can use the ipconfig command to determine whether a DHCP server has provided the computer with an IP address.
True. Windows 7 includes a large number of command-line utilities that can be used to diagnose network connectivity problems. ■ Ipconfig Displays the IP address configuration. You can use the following options in diagnosing and resolving network connectivity issues: • ipconfig /all To determine whether the computer has been correctly assigned an IP address from a DHCP server and to determine the default gateway, MAC address, and DNS server address. Configuring Network Connectivity Chapter 4 71 • ipconfig /release To release the currently leased address. • ipconfig /renew To renew the currently leased address. • ipconfig /flushdns To flush the DNS resolver cache. ■ Ping You can check point-to-point connectivity between computers running Windows 7. Use the -4 parameter to ensure that you are using IPv4 with Ping. If you can't ping a specific network host on a remote network, attempt to ping the default gateway address that you obtained running the ipconfig / all command. ■ Nslookup You can check the resolution of FQDN to IP address and IP address to FQDN. Use Nslookup when you suspect that connectivity problems might be caused by DNS problems. Use the command ipconfig /flushdns to flush the DNS resolver cache before attempting to use Nslookup. ■ Tracert You can see the path taken from the computer running Windows 7 to a destination host. You can determine if there is a problem between the computer running Windows 7 and the destination host, such as a failed router. ■ Pathping A tool that combines the functionality of Ping and Tracert. You can view the reliability of each hop on the path between two hosts. Useful if you want to determine whether a specific router is suffering reliability problems. ■ Route You can view and modify the computer's routing table. ■ Arp You can view the Address Resolution Protocol (ARP) cache. The ARP cache stores IP addresses and their resolved Ethernet addresses, also known as MAC address. Use it to determine whether Windows 7 can resolve the Ethernet addresses of other computers on the LAN. ■ Netstat Displays all active TCP connections. This tool can also display Ethernet statistics and the IP routing table.
T/F ? Helpers remotely connected using Remote Assistance can respond to User Account Control (UAC) prompts.
True. With Easy Connect, you can connect without using Remote Assistance invitations. You can use Easy Connect only when both computers are running Windows 7, both computers have Internet access, and routers support the Peer Name Resolution Protocol (PNRP). If Easy Connect is unavailable, you can forward an invitation file through an email message or by transferring the invitation file through another method such as a file share or USB storage device. When connecting, a helper must enter a password that displays on the user's screen. You can transmit this password with the invitation, but Microsoft recommends using a separate method such as an SMS message or reading the password over a telephone call. You can specify the period of invitation validity through the Remote Assistance Settings dialog box. In domain-based environments, the user can choose to allow a helper to respond to UAC prompts when accepting the connection.
T/F ? You can run one PowerShell command or script against multiple computers.
True. With PowerShell remoting, you can execute commands in parallel to more than one destination computer. You do this by using the Invoke-Command cmdlet with the Computername parameter. For example, to run the cmdlet GetHotfix on computers ALPHA, BETA, and GAMMA using the Kim_Akers local account credential, run this command: Invoke-Command -scriptblock { Get-Hotfix } -computername ALPHA,BETA,GAMMA
T/F ? You can configure WFAS rules to only apply to wireless network interfaces.
True. With WFAS, you can control the network profiles in which a rule applies. You can configure this by editing the properties of the WFAS rule or by specifying the network profiles during rule creation. You also can configure the following additional limits on rules: ■ Interface Types You can specify that the rule applies to one or all of the following interface types: Local Area Network, Remote Access, Wireless. ■ Edge Traversal You can block or allow traffic that has passed across a Network Address Translation router or firewall. ■ Scope You can specify local and remote IP addresses and IP address ranges. WFAS will block traffic that does not meet the specified local and remote IP address scope condition. ■ Users You can specify user accounts or group accounts when you configure a firewall rule that allows only secure connections. WFAS will block network traffic from users not on this list. ■ Computers You can specify a list of computers or security groups when you configure a firewall rule that allows only secure connections. WFAS will block network traffic computers not on this list.
T/F ? You can configure a Windows 7 client to connect to a particular wireless network when more than one wireless network that you regularly connect to is available.
True. You can configure Windows 7 to remember the credentials that you use to connect to different wireless networks. You can use the Manage Wireless Networks dialog box to set preferred wireless networks, with wireless networks toward the top of the list preferred over wireless networks lower on the list. When the Windows 7 client is in range of one or more existing networks for which credentials are stored, it connects to the preferred wireless network
T/F ? The private profile applies to both the home and work locations.
True. You can configure the network profiles in which a WFAS rule applies on the Advanced tab of the rule's properties. You can choose for the rule to apply in the domain, private (home or work), or public profiles. You can modify an existing WFAS rule using the netsh advfirewall firewall set rule command with the profile option and choose among the following options: ■ Public Applies to the public network profile ■ Private Applies to the work and home network profiles ■ Domain Applies to the domain network profile ■ Any Applies to all network profiles
T/F ? You can create rules in WFAS to block outbound traffic for specific applications
True. You can use WFAS to block or allow programs, services, or traffic on specific ports. Unlike Windows Firewall, you can configure WFAS to allow or block both inbound and outbound traffic. WFAS does not block outbound connections by default, though this can be changed on a per-network profile basis basis by setting the Outbound connections drop-down from Allow (default) to Block.
T/F ? Windows 7 supports setting up a PAN across Bluetooth connections.
True. You can use the Set Up A Connection Or Network Wizard to set up different types of network connections for computers running Windows 7. The Set Up A Connection Or Network Wizard, available through the Network and Sharing Center, gives you the following options: ■ Connect To The Internet You can configure a connection to the Internet using a wireless network, broadband, or dial-up connection. For example, if you directly connect a DSL modem to your computer, you will be able to provision that modem with a user name, password, and phone number. ■ Set Up A New Network You can configure a new router or wireless access point. For example, configure wireless access point settings such as network name, password, authentication scheme, and whether the wireless access point distributes IP addresses. ■ Manually Connect To A Wireless Network You can set up a connection to a hidden wireless network or to create a new wireless profile. ■ Connect To A Workplace You can create a dial-up or VPN connection. You'll learn more about creating VPN connections in Chapter 6, "Configuring Mobile Computing." ■ Set Up A Dial-Up Connection You can connect to the Internet by setting up a modem. ■ Set Up A Wireless Ad Hoc (Computer To Computer) Network You can set up a temporary network for sharing an Internet connection or files. It is available only if the computer has a wireless adapter. ■ Connect To A Bluetooth Personal Area Network (PAN) You can set up a connection to a Bluetooth device or network. It is available only if the computer running Windows 7 has Bluetooth capability.