Laptop Repair Made Easy
I'll cover this later, but you can only get a RIS system image onto a computer that knows how to ask for one, and the only way that a system knows how to ask is if the system supports something called the Preboot Execution Environment (PXE) protocol, version 0.99C or later. If you've seen computers that can be network managed then there's a good chance that the computer has PXE support in its BIOS. In addition to PXE support, you'll need a NIC that works with PXE. No ISA NIC that I know of supports PXE, and I've only heard rumor of PCMCIA PC Card CardBus laptop NICs that support PXE. Most PXE-compatible NICs are PCI cards. Laptops aren't completely shut out, as some laptops now ship with an integrated NIC built to the mini PCI specification I've seen some IBM ThinkPads that fit in this category. Such a laptop might be RIS-compatible. (And believe me, RIS's convenience is sufficiently great that PXE mini-PCI compliance will be a must-have characteristic of all of my future laptops )...
Laptops typricaMy run local applications when disconnected from the network. When connected to the network by a dial-up or w less WAN connection, laptop users commonly launch a MetaFrame XP cession. Extre trainmg f elps ensure laptop users do eot confuse local afeirhcations with hosted applications. We have found tlaat many employees op companies with SBC environments end up abandoning laptops except when on planes rr in motete since they find it less cumbersome to use a PC or Windows term a1 at both hhe office and home.
You are expecting to receive four new laptop computers and five new desktop computers in your location. A consultant with a user account in the domain will add these computers to the domain. Northwind Traders policy states that the laptop and desktop computers will be managed by the administrators of the city organizational unit. 2. Create five laptop organizational unit.
Correct The password between the laptop and the domain computer account has become unsynchronized and must be reset. C. Incorrect This would solve the problem but might cause other problems if there are permissions set on resources for this laptop computer. Also, this process would take much more time than a computer password reset.
Create a new OU in the HQ Management OU named Laptops. This OU will contain all the computer accounts for the executives' laptop computers. Create a new OU named LaptopComputers in the NAwest domain to simplify the application of Group Policy settings to all laptop computers in this location.
500 users in the organization were issued laptop computers. You are concerned that some users may try to install unsigned device drivers that they find on the Internet. You must change the policy settings so that users are restricted when they try to install unsigned device drivers on their computers.
A traveling user has been away from the office for several months. The laptop computer with which the user travels is not configured for dial-in access to the corporate network because it is used mostly for presentations and client documentation. You examine the accounts associated with the user in Active Directory Users And Computers and note that the computer account for the user's laptop is marked with a red X icon. B. Reset the laptop computer account in Active Directory. C. Delete the laptop computer account from the domain, join the laptop to a workgroup, and then rejoin the laptop to the domain. D. Delete and re-create the laptop computer account.
If you have a limited number of IP addresses, and you have many mobile users who take their laptops out of the office, you potentially could run into problems with long lease periods because all of the IP addresses could be used up. Q Can I set up one DHCP reservation for a user who switches between a laptop machine and desktop workstation
Hardware profiles also allow for the optimization of performance and power usage. Each hardware profile determines which devices and services are used when the system is started using that profile. A laptop computer, for example, can have its battery life extended by creating a mobile profile, which disables devices that are not needed when the computer is disconnected from the network.
You are a consultant and you work for several companies at one time.You keep your laptop in a workgroup because you are at a different company every day.You want to use Stored Usernames and Passwords to add credentials for each of the companies' domains so that you don't have to manually authenticate every time you map drives and print.Which tool would you use
To allow basic Web browsing from x64 computers on our SBS network, we need to define an Allow policy to allow x64 computers on the Internal network to use standard Web protocols to access computers on the External network. We'll create just a simple Allow All rule that allows all computers within a specific address range on the Internal network to browse Web sites on the External network. But how will we know which computers are x64 Unfortunately, ISA doesn't have any way to do that natively. But what it does know is the IP address of the client, so the first step is to use DHCP reservations or DHCP exclusions and a fixed IP address to explicitly assign a known IP address to our x64 computers. (See Chapter 15 for details on how to configure DHCP.) For setting up this policy, we'll assume that the range of IP addresses from 192.168.16.200 to 192.168.16.225 are reserved for use by client computers that can't use the ISA Firewall Client. Meanwhile, we've set up a general DHCP exclusion...
For example, we spend about a third of our time teaching MCSE classes, usually in temporary classrooms set up at conferences, hotels, and so on. Laptops are used in these classes, with one brawny laptop set up as a DNS DHCP DC server. Occasionally, a client will lose its DHCP lease (or not get one, perhaps because a cable has come loose), and the quickest way to fix it is to pop open a command-line window and quickly type ipconfig renew.
Increased use of laptop computers and other wireless access devices within an enterprise along with an increase in worker mobility, have fueled the demand for wireless networks in recent years. Up until recently, wireless technology was plagued with incompatibility issues and vendor-specific products. The technology was slow, expensive, and reserved for mobile situations or hostile environments where cabling was impractical or impossible. In recent years, the maturing of industry standards has caused a leveling point. This is thanks to industry-enforced compatibility standards and the deployment of lightweight wireless networking hardware. All of these factors have allowed wireless technology to come of age in the modern company.
When a user logs on successfully to a Windows operating system, the computer caches the user's credentials (including the user's username and password). This allows the user to log on even if the computer cannot contact a domain controller, which has obvious value for laptop users who work offline. In certain environments, or on certain systems, you might wish to prevent users from logging on with cached credentials in other words, require their computers to be connected to the network and to be able to contact a domain controller. To achieve this configuration, enable the security policy Interactive Logon Number Of Previous Logons To Cache. You can find this policy in the Computer Configuration Windows Settings Security Settings Local Policies Security Options node of a GPO.
An executive has a laptop running Windows XP, with a machine name of Top-Dog. You want to allow the executive's laptop to join the domain, and you want to be sure that the computer is configured by the group policies linked to the Desktops OU immediately. How can you achieve this goal
A developer in your organization has a laptop that dual boots between Windows 2000, Professional, and Windows XP, Professional. Both operating systems have the latest service packs and security updates. The user's Outlook data file is encrypted, and the same EFS key pair is used in both operating systems to provide access to the Outlook data file. This morning, your developer was unable to access the Outlook data file when working in Windows 2000, but you are still able to create new encrypted files. Fearing that the Outlook data file was corrupt, he booted into Windows XP and was able to access the data file. What is the probable cause of this problem Group Policy is enabling System cryptography. Use FIPS-compliant algorithms for encryption of the Group Policy setting for the Windows XP computer account. The Outlook data file is being encrypted with 256-bit AES encryption, which cannot be encrypted by Windows 2000, Professional, as Windows 2000 only supports DESX encryption.
Incorrect The laptops are obtaining valid IP addresses, subnet masks, and default gateways otherwise, the salespersons could not connect to the Routing And Remote Access service and access the intranet. The problem is that the laptops cannot resolve the names of the servers on the intranet IP addresses. Although static IP configuration, including configuration of the DNS server address, would solve this problem, it is usually impractical in this situation, is error-prone, and would involve a great deal of administrative effort. D. Correct The laptops are obtaining IP address, subnet mask, and default gateway configuration from the Routing And Remote Access service. They are not, however, receiving other DHCP options, such as option 006, DNS Server. As a result, they cannot access DNS to resolve server host names to IP addresses. Configuring the Routing And Remote Access service as a DHCP relay agent solves this problem. B. Incorrect The laptop is already correctly configured with...
Do you work for a company that has a lot of remote or mobile laptop users Do you often wonder who they are, what they do, and more importantly, what they are doing on your network when they dial in You might have even been the one who set up these users with VPN access to the network, without knowing why they needed it or when they would be dialing in. Well, if so, you're no different from many other administrators. We just fulfill new user requests as they come in.
Windows XP and Windows Server 2003 clients can also be configured with alternate IP address configurations. This is especially helpful for laptop computers that may connect to a variety of networks such as branch office, home office, and vendor sites. The alternate IP addressing configuration also is used if the DHCP server cannot be contacted, as an alternative to APIPA. The alternate configuration includes IP address, subnet mask, default gateway, and DNS and WINS server IP addresses.
To deploy the configuration file to mobile client computers (such as a laptop computer) that are currently directly connected to the local network, run the Set Up Computer Wizard and enable the computer as a remote client computer. To be able to deploy the configuration package to client computers not directly connected to the local network, run the Create Remote Connection Disk Wizard.
As we move outside of the LAN though, the connection choices for users to connect to their SBC applications in many geographies are slim, and the relatively new solutions offered by wireless WAN (wWAN) carriers like DirecPC satellite and mobile wireless carriers like Sprint, T-Mobile, Verizon, AT&T, Nextel, and others offer a tremendous solution in the SBC environment. By providing truly anytime-anywhere access to the SBC environment, these solutions enable even traveling laptop carriers to stay connected everywhere, sans the airplane itself (although Boeing is working to provide satellite connectivity on planes as well).
Does autoenrollment deploy custom EFS certificates to all Windows 2000 and Windows XP laptop users Why or why not No. Autoenrollment Settings only deploy custom EFS certificates to users with Windows XP laptops. 5. What method of enrollment allows EFS certificates to be deployed to users with Windows 2000 laptops without user intervention
A user has a laptop that she uses at home, at work to access both the corporate network and the Internet, and when she travels to client sites. She contacted you Monday morning to say that her laptop wouldn't connect to the network. She did mention something about having trouble on her home network over the weekend and working Sunday at home to fix the problem.You check the laptop's TCP IP properties, and notice it is configured to Use the following IP address. The address is 192.168.0.1 and the subnet mask is 255.255.255.0.What is the most likely cause of the user's connectivity problem at work B. Her laptop is configured to use a static IP address from the private address range. C. Her laptop is configured to use an alternate IP address for her home connection. D. Her laptop is configured to dynamically obtain an IP address, which caused a problem on her home network and is now causing a problem on the corporate network as well. 0 B.The laptop is configured to use a static IP...
You need to change the password for all laptop users. All laptop users have the description Laptop User. You need to change their passwords to Password01.To ease the process, you want to write a batch file to do it for you. Which commands should you put into your script file A. dsquery user -desc Laptop User dsmod.exe user -pwd Password01 B. dsmod user -pwd Password01 dsquery.exe user -desc Laptop User C. dsget user -desc Laptop User dsmod.exe user -pwd Password01 D. dsmod user -pwd Password01 dsquery.exe user -desc Laptop User
Can control the use of EFS though Group Policy and certificate management. However, there are situations in which EFS can be used effectively in a non-domain-based environment. For example, if you have a portable computer running Windows XP that is a member of a Windows NT 4.0 domain and you want to implement EFS to protect the data if the computer is stolen.
You are a contractor for a brand new mobile advertising company opening up in downtown Boston, MA, called Adstogo, Inc.You have been hired to configure DHCP for their new office of 200 employees. Fifty percent of their employees are mobile and usually out on the road, selling or driving advertising trucks. Every employee at Adstogo was offered a laptop with dial-in capabilities in order to stay in touch with corporate management because most of these road trips last one to two weeks at a time.You arrive onsite and begin configuring the Windows 2003 DHCP server as you have done many times before.You configure a scope with a 192.168.0.0 24 network address and exclude a range of 192.168.0.0 to 192.168.0.20 for network hardware and servers' static IP assignments.You configure the lease duration to three weeks and configure all the standard DHCP options.You authorize the server, activate the scope, and alert the 20 or so users in the office to hook up their already configured DHCP laptops....
Windows Server 2008 (as well as Windows Vista) includes network awareness APIs that enable applications to sense changes to network configurations. What that means is that a corporate laptop that is placed into standby or hibernate and later fires up connected to a home network or a public hotspot will sense that it's on a new network and the firewall settings will be modified accordingly. The network awareness APIs handle that function. This function is clearly less useful on a Windows Server 2008 computer permanently connected to a corporate network. It's really intended for use on mobile computers (which could run Windows Server 2008, of course) that might be running Windows Vista as the client operating system. Although this functionality is included in Windows Vista, we'll refer to it within the Windows Server 2008 context. Windows Server 2008 identifies and remembers network connections and can apply settings according
You are upgrading your existing VPN solution so that all incoming VPN traffic connects to a computer running Windows Server 2008 located on your organization's perimeter network. VPN clients at Fabrikam, Inc ., are a mixture of laptop computers running Windows XP SP3 and Windows Vista SP1. You want to retain the use of a password-based authentication protocol for VPN logons because you do not have the budget to deploy a full certificate services solution. You do not want to use PPTP as a VPN protocol. After you encountered some security problems earlier in the year, the CFO has asked you whether it is possible to block clients connecting to the network remotely from accessing the accounting database server. With this in mind, you must find answers to the following questions
The corporate service desk is overloaded, and management wants to leverage technical knowledge that exists throughout the organization. However, due to concerns over the security of corporate data, managers are wary of providing access to the organization's desktop and laptop systems to individuals outside the organization. They are also wary of allowing individuals who do not possess the required knowledge to provide help. What strategy would you recommend to satisfy management's requirements with the least amount of effort (Choose all that apply.) C. Enable Remote Assistance in System Properties on every desktop and laptop, and add the appropriate users. D. Enable Remote Assistance in local Group Policy on every desktop and laptop. 11. You take responsibility for a mission-critical server that absolutely has to be available on a 24 7 basis. As a result, you are issued a laptop computer so that you can manage the server whenever the need arises.You decide to use Remote Desktop for...
Ad hoc mode allows users to form a wireless LAN with no assistance or preparation. This allows clients to share documents such as presentation charts and spreadsheets by switching their NICs to ad hoc mode to form a small wireless LAN within their meeting room. Through ad hoc mode, you can easily transfer the file from one laptop to another. With any of these applications, there's no need to install an AP and run cables.
Export private keys for recovery accounts on secure media, stored in a safe place. Then, remove the private keys from the computers This prevents a user from using the recovery account to decrypt others' files. This is particularly important for stand-alone computers where the recovery account is typically the Administrator account. For a laptop, this makes sense because if the machine lost or stolen, the data cannot be recovered without the recovery account keys. If the private keys have been removed from the system, they will not be available as a potential security liability.
Windows XP Professional offers some improvements on EFS from Windows 2000 Professional, including sharing EFS-encrypted files, encrypting offline files cached on a laptop, using web folders for storing encrypted files, using 3DES, and the ability to reset passwords without breaking EFS by using a special reset disk. For more information, see Chapter 10.
Because of the kind of work you do, your company allows you the flexibility to work from home about 90 percent of the time.The other 10 percent of the time is spent in the office, at corporate meetings, or presenting new code to other development workers.Your manager Akin asks you to present your current code in a meeting on Wednesday afternoon, to show the other developers.You show up Wednesday morning prepared to wow your coworkers with your new code. About five minutes before the meeting you decide to print a copy of your code to hand out in the meeting.You gather your things and head into Conference Room A.You plug your Windows 2000 laptop into an available network jack and begin to set up a printer in accordance with the instruction card next to the conference room printer. The card states that the printer queue is named CONFA and the NT 4.0 print server is named PRINTSRV As people start entering the room, you quickly realize that your IP information is set up...
A network binding links a protocol to an adapter so that the adapter can carry traffic using that protocol. For example, if we say, TCP IP is bound to the onboard Ethernet port on our laptop, we're telling you a few things TCP IP is installed, our onboard Ethernet port has a driver that supports TCP IP, and the adapter is configured to send and receive TCP IP traffic. In Chapter 1,
Enterprise Client - Desktop.inf Enterprise Client - Laptop.inf High Security - Desktop.inf High Security - Laptop.inf Legacy Enterprise - Account.inf Legacy Enterprise Client - Desktop.inf Legacy Enterprise Client - Laptop.inf Legacy High Security - Account.inf Legacy High Security - Desktop.inf Legacy High Security - Laptop.inf Enterprise Client - Laptop.inf. Baseline templates for laptop computers. High Security - Laptop.inf Baseline template for laptop computers. Legacy Enterprise Client - Laptop.inf. Baseline template for standalone laptop computers. Legacy High Security - Laptop.inf. Baseline template for high security standalone laptop computers.
The network groups have been combined and have successfully created a shared network backbone. They have also set up and confirmed that each company is now hosting secondary copies of the other's DNS domains. Cross-forest trusts have also been established and confirmed in a working order. Solutions is the only one of the three companies that has a Web presence, hosting a Web page at www.solutionsacme.com. It is Joey's responsibility to set up his 20 client users with the correct DNS suffixes to be able to resolve these new domains to access needed shared resources. He decides to test the adding of additional DNS suffixes on his Windows XP laptop first before scripting it out and applying it to the rest of his company workstations. He and most of the other users in his office use static IP addressing and are set up with a default connection-specific DNS suffix of solution-sacme.com. He leaves the default suffix in place on his laptop and adds the other companies' DNS...
To install a smart card reader on your computer, simply attach the reader to an available port, either serial or USB, or insert the reader into an available PCMCIA slot on a laptop. If the driver for the reader is preinstalled in Windows Server 2003, the installation will take place automatically. Otherwise, the Add Hardware wizard will prompt you for the installation disk from the card reader manufacturer.
You have been asked to design an access control strategy for your firm and it must be done as soon as possible. The company currently has about 85 employees, each of whom has a desktop or laptop computer. There are four servers functioning in various roles. The departments are Finance, Administration, Customer Service,Trucking, Warehouse Operations, Purchasing, and IT.Your company plans to expand operations in the next one to two years, adding about 28 new employees in that period of time.There is fairly high turnover in the Trucking and Purchasing departments. Seasonal help comes in during the holidays to assist with warehouse operations, and some seasonal staff have computer access.There are a number of staff that change from one department to another based on external business drivers and internal staffing skills. There have never been any attacks on the network and most users have fairly basic computer skills. All systems are Windows Server 2003, Windows 2000 native mode, and...
The sales force to your corporation spends 80 percent of their time on the road.They travel all over the country, or all over the world meeting with customers. The sales employees need access to real-time production data to accurately inform customers of delivery schedules or product updates. Each salesperson needs secure access to corporate information. Each salesperson carries a laptop computer with a modem and a network card installed. Typically, your sales force stays in hotels that provide either an analog phone line to connect to the Internet, or in some cases, high-speed broadband access. In this scenario, a dedicated VPN server would provide your sales employees with secure access to your corporate data through the Internet connections that are readily available to them on the road. Again, compare this to the cost of long distance for each of the sales representatives that are on the road. The corporate office will incur the expense of a dedicated Internet connection, and the...
Because the Windows 2000 security subsystem handles enforcing, replicating, and caching of the recovery policy, users can implement file encryption on a system that is temporarily offline, such as a portable computer (this process is similar to logging on to their domain account using cached credentials).
One other concept heavily emphasized by MSAM (though administratively controllable, of course) is the capability of the end userto modifythe look and feel of their web-based access center. This is very similar in concept to a My Yahoo or MSN Passport-based site over the public Internet. These sites allow a user to log on to what is typically a standard public site and be presented with a personalized view of the content with the ability to customize and optimize the web experience. MSAM, unlike these peblic siter, does not uee local navhed treaentials or settings to store these optimizations. This allows a user who accesses the data center from various computer resources (such as a business laptop, home machine, or Internet kiosk) to always have access to their customizations, as they are stored in the central MSAM State Web Server located securely in the company's data center.
A forest also provides for a common global catalog (GC) within the forest. A global catalog is a domain controller that hosts objects from every domain naming context within the forest. At first you might think that could be a lot of data for a domain controller to host. If the GC server were to hold all of the attributes from every domain within the forest, you'd be correct. However, to keep network traffic at a minimum, only about 200 of the 1,700+ available attributes for each object are copied into the GC. The GC is like a giant cache of directory objects and attributes that keep you from needing to query beyond a single domain controller. For example, you could easily take a laptop from domain to domain, country to country inside the same forest and authenticate immediately, because your user object (and every user object in the forest) is cached in the GC, which replicates forestwide.
If the DC closest to the client (on the same subnet) is the home DC of the client, then well and good, and no further referral or buck-passing is required. What if the client is located in another network segment, far away from the home DC A good example is a busy executive who spends every week in a different location, and therefore attaches to a different network each time. The notebook computer the executive is carrying around receives an IP address of a new network segment that could be many hops away from the last segment containing the executive's original domain.
Some SMS Advanced Client computers are mobile, moving from one network segment to another. For example, roaming occurs when you remove a laptop from its network connection at work and plug it into a dial-up connection (or other Internet service provider connection) in your home or elsewhere. Roaming also occurs when you unplug your laptop from its network connection in your office, walk down the hallway to a conference room, and connect the laptop to your organization's wireless network using a wireless network card.
All of the floors are connected to the Windows 2000 network. The Minneapolis location is a domain in the tree. The network has removed the last vestiges of its old Windows NT BDC systems and has finally made the switch to native mode. Active Directory Services have been deployed to the main campus and the rollout is complete in the branch offices. The desktop and laptop rollout, company-wide, took longer than expected, but it is now completed. The CEO wants to know what the IT team is doing to make sure that everyone within the company can access resources all over the tree, and to protect the network while making dial-up connections available. Finally, there is the matter of the Web page. This company is going to be taking registrations for the download of a new product, and the CIO and CEO want to make sure that the information is safe. In addition, the CEO is concerned that some of the managers are carrying around information vital to the company. She wants to make sure that when...
The typical corporate laptop user is skilled at basic computer and application operations, but remote access, networking, and especially Internet connectivity operations are beyond this user's level of expertise. When scaling the configuration of VPN connections for an enterprise, you must keep in mind the following issues The exact procedure for configuring a VPN connection varies depending on the version of Windows running on the client computer. This issue becomes prevalent for a corporation that is using more than one operating system on its laptops, and it becomes especially prevalent when users are using VPNs from their home computers to access company resources.
All Emilio's data can be accessed from a central location if the proper accounts have been created. In the case of the Windows 98 computer, the proper folder sharing must be put into place. It is recommended that Emilio create user accounts on both the server and the laptop that have the same name and password and that are in the Administrators group of the respective machines. In addition, on the Windows 98 computer, he should share the root of each hard drive (if there is more than one). This ensures that all data on all computers can be accessed from the server. Because all the data is accessible from the server, Emilio can perform centralized backups from the server onto the DAT drive installed in it. By using Windows 2000 Backup, he can connect to the administrative shares on the laptop (C , D , and so on). Through those shares, Emilio is an administrator on the laptop and the drives of the Windows 98 computer. This will allow him to back up all network data on a single tape.
By using hardware profiles, you can create different device configurations and load them quickly by selecting the appropriate profile to use during startup of the operating system. Hardware profiles are most commonly used with mobile workstations and servers. On a portable computer with a Plug and Play-compatible docking station, you'll have two profiles that are created and loaded automatically as needed a docked profile for when the computer is connected to the network, and an undocked profile for when the computer is disconnected from the docking station. 5 Select the new profile, and then click Properties. For nonmobile servers, ensure the This Is A Portable Computer option isn't selected, as shown in Figure 13-8. For all computers, select Always Include This Profile As An Option When Windows Starts. Click OK. Figure 13-8. Nonmobile servers don't have docked or undocked states, so clear This Is A Portable Computer if it is selected. Figure 13-8. Nonmobile servers don't have docked...
In a conventional VPN network, the remote client runs an Internet Protocol Security (IPSec) VPN client. A secure IPSec session is established between the remote user terminating at the Firewall VPN appliance or server. However, managing mobile user VPN for a large enterprise may be a cumbersome task due to managing and distributing security policies across the enterprise. Moreover, users are restricted to use the client with the VPN pre-installed and pre-configured. TS Gateway liberates users from device restrictions and can virtually access from any desktop, laptop from a trusted or untrusted network, and even from the mobile hand-held devices with RDP client. Apart from establishing a secure connection, administrators can granularly control which network resources need to be accessed by the remote users. HTTP and HTTPS are allowed by most corporate firewalls, therefore there is no need to open the RDP 3389 port on the firewall.
In a managed Enterprise environment, it can be problematic to allow each user to enable BitLocker by themselves. Not only do you have to add the user to the local administrators group, you also give out the management of recovery passwords and or PINs and startup keys. In the real world, users forget their passwords and PINs. So why should this be different with BitLocker recovery information Here's an example A user with a laptop decides to use BitLocker to make sure the data is secure even when the laptop is stolen. After enabling BitLocker, the user puts the recovery password printout into the laptop bag A security nightmare
For many organizations that have effectively eliminated most of their Novell network infrastructure but are limited to a handful of legacy applications that are still running on Novell servers, there's a need for cross compatibility, but possibly not as important to continue to support a dual-client configuration. In these cases, one option an organization can consider is implementing Windows Terminal Services with the Novell client installed on the Terminal Server system. With a Terminal Server system, a single system running the Novell client can host dozens if not a couple hundred client application sessions without having any Novell client software on the client desktop and laptop systems.
Even a highly secure network can be quickly compromised by a poorly secured client computerfor example, a laptop running Windows 98 with sensitive data stored on the hard drive. To maximize the security of client computers, use the following guidelines (refer to Chapter 5 and Chapter 11, Managing Computers on the Network, for more security procedures) Use a secure operating system Use Windows XP Professional or Windows Vista on all client computers (particularly laptops). Use NTFS, file permissions, and possibly EFS Use NTFS for all hard drives, and apply appropriate file permissions so that only valid users can read sensitive data. Encrypt sensitive files on laptop computers using Encrypting File System (EFS).
So, which to choose Both have their place. For the user whose only desktop is a mobile laptop, or who always works remotely from home and doesn't maintain a desktop at work, a VPN is probably a better option. But for everyone else, even the mostly mobile user, RWW is clearly superior. It's easy to set up, doesn't have problems with hotel broadband connections, and provides your users with a simple-to-use experience.
By the very nature of traveling users, you can almost see the laptop being lugged from airport to airport. For the system administrator, the laptop is a security nightmare. Not only are you expected to provide access to your network from anywhere this person decides to go, but you also have to ensure the security of the information transmitted from the laptop to the central location and from the central location to the laptop. To make matters worse, laptops get left in rental cars, hotel rooms, airports, and at client sites. Sometimes, laptops get stolen. When a laptop gets stolen, the problem is not replacing a laptop that is the easy part. The problem is replacing the data that was on the laptop and making sure that data cannot be accessed by anyone else. As you analyze the information security model, keep in mind that Windows 2000 offers the ability to create VPNs and also can encrypt sensitive files. This means that if the remote user makes use of these tools, the communication...
Now that the integration of the company is complete, security is becoming more and more of a concern. The senior management has tasked you with making sure the network is secure. You must provide consistent security to the desktop and controlled access to resources, including an accounting of who is accessing certain sensitive areas. You will need to provide a security plan that will protect the company in case a laptop is compromised. Although users should not be unnecessarily imposed on, you must protect the company against users losing encryption information. Senior management wants the IT department to be lean and mean. While no layoffs are planned, management feels that there are more efficient ways of administering networks.
The CEO has some issues she would like to have addressed First, why does the IT team spend so much time trying to figure out who works with whom on what Second, how do I know unauthorized users are not accessing my sensitive information on the network Third, why in the world did you give a laptop to Fred He can't keep track of his own car keys. If he loses that thing, this company could be severely compromised. And fourth, just so you know, the Athens manager reports that he is going to make sure that policies that you institute from the corporate site will not be accepted.
EFS is particularly useful for protecting data on a computer that might be physically stolen, such as a laptop. You can configure EFS on laptops to ensure that all business information is encrypted in users' document folders. Encryption protects the information even if someone attempts to bypass EFS and uses low-level disk utilities to try to read information.
Unlike bounded media, in which every device on the network must be physically connected to a cable for communication to occur, wireless networks transmit signals in all directions, and any compatible device coming within transmission range may be able to connect to the network. Depending on how many access points you have and where they are located, the boundary of your equipment's effective range can easily fall outside a controllable area. For example, placing an access point near a building's outer wall can enable an unauthorized user with a wireless-equipped laptop to access your network from a car parked outside the building. Data interception A user running a protocol analyzer with a wireless network interface adapter may be able to capture all the packets transmitted between the other wireless devices and the access point. In this case, the device can be as simple as a laptop running Microsoft Network Monitor with a network interface adapter that supports promiscuous mode...
Which of the following terms describe a wireless network that consists of two laptop computers with wireless network interface adapters communicating directly with each other (Choose all that apply.) c. Install smart card readers in all the laptop computers. d. Install SP1 on all the laptops running Windows XP. a and d
Wireless networking has existed for many years, but it is only recently, with the publication of the 802.11 series of standards by the Institute of Electrical and Electronics Engineers (IEEE), that wireless local area networking (WLAN) technologies have become mainstream products. WLANs enable home and business users to set up computer networks between places that were previously inaccessible, and enable portable computer users to roam freely while connected to the network. However, wireless networking creates unique security challenges that administrators must address.
Similar considerations must be made for client systems. Your desktop computer should have different security settings than your CEO's laptop computer, because the CEO stores confidential documents, travels with the computer, and may need to connect to wireless networks outside of the company's intranet. Sometimes hardening a client computer involves more than restricting access from attackers it can require ensuring limited access to legitimate users. Many organizations choose to restrict which applications a user can run and what settings a user can change. While users enjoy having the freedom to perform any task on their computers, restricting their activities makes the computers more reliable and decreases help desk costs. This chapter will show you how to configure security for common client computer roles.
Finally, consider the level of support users provide for their own computers. Users who use portable computers and provide their own support might require administrator rights on their computers. Other high-performance users, such as developers, might also need administrative rights. For example, I destroyed the modem in my laptop a few years ago by plugging it into the digital phone line at a hotel. Digital phone lines have higher voltages than analog lines, and the extra voltage will damage the modem's circuitry. It was a dumb mistake, and it's one that every desktop support guy has heard a dozen times. The IT guy I called immediately knew that I had broken my modem, but I had no idea until I talked to him. Even though I had managed a large modem bank, I had no experience with using modems on the go.
The laptop computer does not support WPA. e. The laptop computer does not trust your root CA. f. MAC address filtering is enabled and does not have the laptop computer's MAC address listed. e. The laptop computer must be configured to trust your root CA before it can establish a connection to the RADIUS server. The other possible causes would not prevent the computer from connecting, with the exception of MAC address filtering. MAC address filtering could cause this problem, because the laptop computer's MAC address would not be on the approved list on the WAP However, MAC address filtering is rarely used on networks with multiple WAPs.
Simulation questions, it is essential to understand, do not simply present tasks such as Configure Client1 to use 192.168.1.1 as a DNS server that you must then perform in a virtual interface. That would be far too easy, after all. Rather, simulation questions present a scenario with a list of requirements that you yourself must then translate into a set of procedures to perform. For example, a simulation might present a scenario with the following requirement In the absence of a DHCP server, Laptop A must be automatically configured with the address 192.168.3.87. You then need to translate this requirement into a procedure configuring an alternate configuration. (Of course, it's not enough just to be able to translate the requirement into this procedure. You then need to actually configure the alternate configuration appropriately )
IMAP, like POP, is used to retrieve mail from a server, and creates a mailbox for each user account. It differs from POP in that the client program can access the mail and allow the user to read, reply to, and delete it while it is still on the server. Microsoft Exchange functions as an IMAP server. This is convenient for users because they never have to download the mail to their client computers (saving space on their hard disks), but especially because they can connect to the server and have all their mail available to them from any computer, anywhere.When you use POP to retrieve your mail, old mail that you've already downloaded is on the computer you were using when you retrieved it, so if you're using a different computer, you won't be able to see it. IMAP is preferred for users who use different computers (for example, a home computer, an office computer, and a laptop) to access their e-mail at different times.
You are a contractor for a brand new mobile advertising company opening up in downtown Boston, MA, called Adstogo, Inc.You have been hired to configure DHCP for their new office of 200 employees. Fifty percent of their employees are mobile and usually out on the road, selling or driving advertising trucks. Every employee at Adstogo was offered a laptop with dial-in capabilities in order to stay in touch with corporate management because most of these road trips last one to two weeks at a time.You arrive onsite and begin configuring the Windows Server 2003 DHCP server as you have done many times before.You configure a scope with a 192.168.0.0 24 network address and exclude a range of 192.168.0.0 to 192.168.0.20 for network hardware and servers' static IP assignments.You configure the lease duration to three weeks and configure all the standard DHCP options.You authorize the server, activate the scope, and alert the 20 or so users in the office to hook up their already configured DHCP...
To wrap up our preparations for the 70-298 exam, we closed with an overview of improving the security of client workstations. Because client workstations often prove to be the point of entry for many attacks and attackers, whether it's through a weak password, a laptop, or desktop session that's left unattended, or through a user opening an infected e-mail attachment, planning for client security is a critical piece of any network security design. Patching and updating servers and services is clearly only one piece of the security puzzle including workstation security concerns in your security design will be crucial to its overall success. To help you in this, we examined various ways to improve or maintain the overall security of the workstations on your network, including ways to secure the client operating system and enforce anti-virus protection for all of your users. We also looked at patch management, which has become a hot topic for security-conscious administrators everywhere.
You have just replaced many of your company's dial-in connections with VPN connections to reduce the costs of maintaining dial-in services. You have recently configured VPN access on a laptop for a user.You have specified the host name for the VPN server in the Host Name or IP Address box. Now the user is complaining that he is receiving the error message Destination Host Unknown. What is the most likely cause for this error message B. The laptop has not been authorized to connect to the VPN server.
File encryption and decryption requires the presence of EFS keys on the local computer where the files reside. When a user encrypts a file on a local desktop or laptop, EFS works with the Microsoft Crypto Provider to create EFS keys and to place those keys in the user's local profile. If the user attempts to encrypt a file across the network, EFS running at the server looks for the user's local profile at the server. EFS cannot access keys at a user's desktop because it does not have a security context anywhere except at the machine where it's running. This means that the server must have a local profile for the user that contains
Using a rogue AP, an attacker can gain valuable information about the wireless network, such as authentication requests, the secret key that is in use, and so on. Often, the attacker will set up a laptop with two wireless adapters, in which the rogue AP uses one card and the other is used to forward requests through a wireless bridge to the legitimate AP. With a sufficiently strong antenna, the rogue AP does not have to be located in close proximity to the legitimate AP. Frequent site surveys also have the advantage of uncovering the unauthorized APs that company staff members might have set up in their own work areas, thereby compromising the entire network and completely undoing the hard work that went into securing the network in the first place. These unauthorized APs are usually set up with no malicious intent but rather for the convenience of the user, who might want to be able to connect to the network via his or her laptop in meeting rooms or break rooms or other areas that do...
You have been contracted to create an Internet-based VPN solution for an organization with a large traveling sales force.The organization has standardized on Windows Server 2003 servers. Sixty percent of the sales force has been issued a new laptop running the Windows 2000 Professional operating system within the past year. As part of the VPN deployment, the remainder of the sales force will receive laptops that are running Windows XP Professional.The CEO and CTO both agree that the VPN solution should use the best security possible. Which protocol should you recommend when designing a VPN solution in this scenario
The exam will not cover networking with infrared Bluetooth or G You can expect that all questions on wireless security
Windows Server 2003 has built-in support for the Infrared Data Association (IrDA) protocol, which, confusingly enough, is administered by an association of the same name, IrDA. The IrDA protocol is intended for high-speed, short range, line-of-sight, point-to-point cordless data transfer, suitable for high-performance computers, digital cameras, handheld data collection devices, and so forth. IrDA Control is most commonly used for in-room cordless peripherals that connect to host PCs at low speeds, such as cordless mice and keyboards and synchronizing a personal digital assistant (PDA) with a laptop. The typical range for continuous data transfer is at least 1 meter but 2 meters is possible. IrDA is supported by the operating system, but very few, if any, server hardware components come equipped with infrared subcomponents or even with an option to install them.With respect to security, the IrDA standards do not specify any security measures for data transfer any security for data...
The ability to define Preferred Networks makes life easier for wireless clients that connect to more than one wireless network. For example, an IT professional may have a laptop that is used to connect to a wireless network in the office and at home. Preferred Network settings make it possible to store a profile for the networks to which you commonly connect. There are two ways to define Preferred Networks through the properties of the local wireless network adapter and through Group Policy.
When a VPN is required for access to the corporate network from the wireless network subnet, all traffic between the two networks is encrypted within the VPN tunnel. If you are using static WEP, a VPN will ensure a higher degree of confidentiality for your traffic. Even if the WEP encryption is cracked, the hacker would then have to crack the VPN encryption to see the corporate traffic, which is a much more difficult task. If a wireless laptop is stolen and the theft unreported, the thief would have to know the laptop user's credentials to gain access to the VPN.
In Figure 19-3, the remote user is using a modem to connect to an ISP, which provides a connection to the public Internet. The user's computer is connecting to two Internet-based resources, shown by the two lines coming from the user's laptop computer. Both connections are passed by the modem to the Internet, where the data travels to its destination.
Some company employees use Windows XP Professional portable computers to connect to Server5. If these users open Internet Explorer, a dial-up connection starts and automatically connects to Server5. All portable computers and user accounts are in the Laptops organizational unit (OU). A Group Policy object (GPO) named LaptopGPO is linked to the Laptops OU. TestKing.com purchases two other companies. Portable computer users from the two other companies report that when they open Internet Explorer, a dial-up connection starts, but does not connect, to server5. You find out that the portable computers are attempting to connect to old servers from the previous companies. You add the new portable computer and user accounts to the Laptops OU. You want all portable computer users to immediately connect to Server through a single dial-up connection when they open Internet Explorer. You want to accomplish this configuration with the minimum amount of administrative effort. A. Add an alias...
As a systems administrator, you understand that threats to network security exist on both sides of the organizational firewall. Attacks against your organization's computers can come from hosts on the Internet or hosts on the local area network (LAN) Whereas, in the past, computers were rarely removed from a controlled network environment, today the workers in your organization are less likely to be bound to a desktop workstation and are more likely to use a laptop computer or Tablet PC. In this chapter, you learn about technologies that give you a greater degree of control in providing secure access to your organization's network. These include authentication technologies, firewalls for use on the LAN, and Windows Server 2008 roles and features that you can use to limit network access based on the health status of a host
Oh, by the way, this all sounds good, but sometimes it has gone haywire on me. In the typical traveling scenario, I've got a laptop and a file server, and I pin some files or perhaps a complete share or folder on the file server. Whenever you pin an entire folder, you have to wait a minute or two while Offline Files goes out and copies all of the files from the pinned folder to your local hard drive. In the case where my laptop is a member of a different domain than the file server, I've seen Offline Files look like everything syncs up fine when I pin the folder. But when I disconnect from the network and try to access the files, I've gotten error messages like The network name is not available. I've also had situations where I originally logged in under a particular username and then had to enter a different username in order to access some share. When I then pinned that share, again Offline Files looked as if it were copying every single file. When on the road, however, Offline...
How do you add a network adapter under Win2K Hopefully, you won't have to. Plug and Play takes away most of your hardware woes. But once in a while you might need to add an adapter manually. For instance, at one point I wanted to load the Microsoft loopback adapter on my laptop to run some tests. In case you don't already know, the loopback adapter is a software-based virtual adapter that allows you to load network protocols and services without having an actual network card installed. The problem is, it's not Plug and Play-compliant, as you would deduce how do you auto-detect a virtual adapter The trick to remember here is that an adapter (even the Microsoft loopback adapter) is considered hardware. So you'll need to invoke the Add Remove Hardware Wizard.
Enable users to secure their laptops to desks, tables, or other nonmovable structures Devices that can locate the exact location of a sensitive laptop in the event that it is stolen or misplaced Introduction Laptop computer theft is a major concern for organizations. Laptop and desktop Best practices Use the following best practices for preventing laptop and desktop theft. Use security cables. Almost all laptop computers in production today have a special node for attaching a security cable. Security cables are available that will enable users to secure their laptops to desks, tables, or other nonmovable structures. These cables are available at most computer stores for 20- 40. Use tracking devices. You can install tracking devices on high security mobile devices. Similar to LoJack devices in cars, these tracking devices can locate the exact location of a sensitive laptop computer in the event that it is stolen or misplaced.
In Chapter 6, you learned how to set up IP on a Windows 2000 system. Ah, but now ask yourself, Do I really want to walk around to 3,000 workstations and do this by hand Auuugghhhh Oops, sorry, what I really meant was, Of course not. Who wants to have to remember which IP address you gave to that machine so that you don't put the address on this machine Or how'd you like to get a phone call every time some visiting dignitary needs an IP address for his laptop No thanks. DHCP will greatly simplify the task, so let's see how to set it up.
After Jim returns from his trip, he plugs his laptop into his company's network and powers up the computer. He has updated filel.txt and fi1e2.txt and created a completely new file, fi1e5.txt, and he wants all three of these new or modified files written to the network servers. As his laptop's operating system loads, it senses that it's back on the corporate network and tries to update the three files on Coral's share. filel.txt and the new fi1e5.txt are no problem the version of filel.txt is the same as it was before Jim left, so Offline Files overwrites the server copy with Jim's updated copy. fi1e5.txt didn't exist before, so there's no conflict and Offline Files writes it to the server share.
A user named Jim is about to go on a trip. He connects his laptop into his company's corporate network and opens a share named Shareac on a server named Coral. Jim's network administrator has set up the Shareac share as an Automatic Caching for Documents share. Shareac contains two files that Jim needs, filel.txt and fi1e2.txt. Jim right-clicks those files and chooses Make Available Offline. Over the course of the day, he also accesses fi1e3.txt and fi1e4.txt, although he does not pin them. Before shutting down the laptop prior to getting on the road, Jim wants to doublecheck that copies of filel.txt and fi1e2.txt are on his laptop's hard disk. He opens his Offline Files folder and sees a screen something like the one in Figure 11.54.
Since the Terminal Servers are special-use computers within the environment, users should have different settings and configurations applied to their environment when they log in to the MetaFrame XP servers versus logging in to a local workstation or laptop. The processes for achieving this are listed next.
ASR is designed to restore a system without any use of the network. Most Administrators know it is very difficult to get a system, such as a laptop, installed without use of the network. A computer with a formatted hard drive can't access the network without drivers. This means you need tons of disks lying around with drivers for each network card in use on your network. You also need to know what network card your computer is using in order to select the right driver disk. Earlier laptop computers, and computers without CD-ROM drives were also very difficult to get an operating system on when you couldn't use the network. Windows 2000 eliminates this problem with the new features of Microsoft Backup, and ASR.
While PIMs are convenient, they do have their drawbacks. To retrieve the information in your PIM, you must have access to both the software and a computer. Also, stand-alone PIMs, such as the software that runs on Palm Pilots, are not convenient for sharing information because their information is not stored on a central server. If your schedule is stored on your laptop or sitting in your pocket, your colleagues can't access it to find out whether you can attend an important staff meeting.
After you create AD RMS rights policy templates, you must export them to a central shared repository so that they can be copied to the AD RMS clients. To access these templates, your internal users must have read access to this central repository. For traveling users with a laptop or other mobile device, you can either manually copy these templates to the client computers or distribute these templates using distribution methods like Active Directory Group Policies or System Center Configuration Manager 2007.
You stand up and begin talking about corporate intranets, and how each division can have its own intranet with information on its cases immediately available. You also begin talking about how e-mail will help to pass information about each client without the partners having to be in a meeting all morning. For those face-to-face meetings, there is videoconferencing. For the meetings that require a dialog, but where no one really wants to leave his desk, there are private chat functions. By plugging your laptop into the wall, you dial in to your corporate intranet and show the partners how you can immediately access information about their firm from your files, as well as from the Internet. You open a chat session with your administrative assistant, checking on the whereabouts of your passport, because you hear that Berne is beautiful this time of year, and hey, you have to start the project somewhere. The partners begin to smile, and all that remains is haggling over...
Use basic disk if you will be moving your disks between machines.You have to go into Disk Management and import dynamic disk every time you move them from one PC to another. With basic disks, you just install them and Windows automatically sees them. Laptop hard disks must be configured as basic disks as most removable storage media.
You might want to flush out all offline files for several reasons. You might be about to give a laptop or desktop to someone and don't want them poking around inside your Offline Files folder or Winnt Csc. Or maybe you've just gone a bit pin-crazy and have so much stuff cached that you don't have any hard disk space left. In that case, unpin what you can first. But finish the job by choosing Start Programs Accessories System Tools Disk Cleanup. You'll notice that one of the things that Disk Cleanup will do is to wipe out your offline files. You'll probably first notice Offline Files when you see how much easier it makes keeping laptop files and network files in lockstep. But you may soon notice that your in-house network is a bit snappier, and that the occasional network failure doesn't keep you from getting work done. And if that isn't a killer app, what is
As you continue to talk, you walk over to a conference table and ask if you can use the laptop on the credenza. The client says sure, but adds that it won't do you much good since it is not logged in. At that point, you smile, and log on as CJCARP, with a password of Cardinals. You then show the client how you can now go in and rename some very sensitive documents. Needless to say, you get the job.
Running Microsoft SQL Server, so you know those are around somewhere. Users are running a mish-mash of computing gear, relative to the kind of vendor the purchasing people could obtain equipment from at the time. You have a 40 laptop 60 desktop mix. You have a small enterprise fax software program running on a Windows 95 computer that allows about 10 marketing people to send faxes out from their desktops. The majority of the staff are basic users that are non-power-user types. The other users vary in skill level from needing to know how to turn the computer on to the tech weenie wannabees on the fourth floor who trade shareware programs they download from the Web. The IT department handles the doling out of Internet connectivity. Only certain people have access to the Internet, and that is through a dual-channel ISDN line. Others in the office have managed to scam an extra telephone jack and are dialing in from their workstations, accessing the Internet through MSN, AOL, FreeInet, and...
The Road Kit The material thah each deploament team member will carry makes up the road kit. It should be well stooked, apd the procedures for replenishing it should be simple and understood by team members before they visit the first site. Using our example methods described in the chapter, a road kit might confain a boot disk, CD-RW drive, laptop, overnight courier materials, Ethernet cables, cross-over cables, and an extro Sloppy drive.
Dynamic disks are not supported on portable computers and removable disk drives. This is by design because laptop computers rarely use multiple disks and having a shared LDM database on a removable drive would require overwriting it every time the drive is transferred between computers. You also cannot use dynamic disks as shared storage devices for server clusters in Windows Server 2003 Enterprise and Datacenter servers.
When CryptoAPI gets one of the subordinate CA certificates that requires certificate path validation, and if the certificate is not located in the Intermediate Certification Authorities store, the API will store the certificate in the Intermediate Certification Authorities store and hold that certificate for future reference. What about the computers that operate offline In the case of laptop computers that are used by mobile users, you might actually have to import subordinate CA certificates into the Intermediate Certification Authorities store to make sure that non-root CA certificates are available to actually validate certification paths.
An example of this would be that Brandice and CJ are playing golf and talking about the synergy between their two companies being just so overpowering. Wouldn't it be wonderful if they could connect the companies' networks so that they could share information After the 19th hole, both CEOs go back to their respective IS departments and make life wonderful for the IS Managers. CJ calls in Fiona, and Brandice talks with Gillian. Fiona is thrilled to be told to set up an appointment to go see Gillian and start the process to get the networks connected. Meanwhile, Gillian is wondering how in the world she is ever going to pull this off. When Fiona attends the meeting, the first thing they decide they should try to do is establish a VPN connection between the two intranets. In this way, visiting employees can access their own networks for information. Fiona starts the process by connecting a laptop computer to Gillian's intranet and an intranet IP address configuration is obtained. At this...
Your company has a user who works from home two days a week. The user uses offline files, so most of the files he needs are already on his laptop. However, occasionally the user requires access to the most up-to-date files on the server. You decide to configure a RAS server that will allow the user dial-in access. Which of the following connection types is not supported by RAS servers in Windows 2000 Server
Internal Web mail and resource access to her NT 4.0 file server in the same way she is able to successfully offer it now to only internal users. Kristy composes an e-mail with detailed instructions on how to set up her Windows ME laptop users with the correct VPN settings to dial-in the company RRAS server. With the e-mail, Kristy asks for feedback as to ease of installation, setup, connectivity, speed, resource access, and so on. A few days later, Kristy receives e-mails from most of the users she sent the e-mail to. All of them said that they were able to access e-mail just fine and that the speeds were great. They also said they were able to browse the Internet without a problem, but none of them could access any of the file server resources that they needed to do their work.What is the easiest thing Kristy can do to facilitate this need
WSUS uses BITS 2.0 for all file transfer tasks.The benefit of using BITS is that it maintains file transfers through network disconnects and computer restarts thus, if an update is interrupted due to a user shutting down the laptop in the middle of an update, BITS will re-start the update from where it left off the next time that computer is back online. BITS is a Microsoft technology that allows programs to download files using very little bandwidth. For additional information on BITS, visit this link on the Microsoft Web site Restarting an update where it left off requires less bandwidth than restarting the update from scratch, so using BITS 2.0 helps reduce bandwidth requirements through the WSUS environment.
A computer can be configured with its IP address information via static address assignment, DHCP, the DHCP allocator, APIPA, or via alternate configuration information. In Windows Server 2003 (and Windows XP), an alternate IP configuration can be assigned to a computer in one of two ways. An alternate configuration can be configured manually for a specific network setting or it can obtain a private IP address automatically when the DHCP server is not available. This is helpful when a computer is used on more than one network, as is often the case with laptops. When a laptop is used at the office, the DHCP server is found and the IP configuration is obtained automatically through the DHCP client request. When the laptop is used on a home network, no DHCP server is found and, if configured, the laptop will use an automatically assigned private IP address or it will use the alternate configuration information provided. Without alternate configuration data, APIPA will be used if no DHCP...
Official Download Page Laptop Repair Made Easy
You can safely download your risk free copy of Laptop Repair Made Easy from the special discount link below.