Windows 7 / Networking

NAP quarantine remediation

You need to know what methods you can use to remediate Windows 7 clients that don't meet Network Access Protection (NAP) health benchmarks.

With NAP, administrators can limit network access, in this case VPN access, to client computers that meet a minimum health benchmark. Remediation is the process through which those clients are updated so that they meet the NAP requirements and are granted access to the network. NAP requirements can include the following:

  • Does the client have active antispyware software, and is that software up-todate?
  • Does the client have active antivirus software, and is that software up-todate?
  • Are automatic updates enabled, and has the computer recently checked for updates?
  • Is a firewall enabled for all network connections?

Administrators specify which of these criteria must be met by configuring security health validators (SHVs). Administrators can also configure NAP to perform remediation so that clients that don't meet these benchmarks can perform the necessary checks and software updates required to bring them to an acceptable standard. Windows 7 clients can take steps toward remediation as long as the Security Center service is enabled. This service interacts with the Windows 7 Action Center, which can trigger the necessary software updates and activate disabled applications and firewalls. There is a limit to what can be accomplished through remediation. For example, although Windows 7 Action Center can enable a disabled antivirus program during remediation, it can't locate and install an antivirus application.

Dial-up connections

You need to know how to configure Windows 7 to support incoming and outgoing dial-up connections.

Windows 7 supports dial-up connections using a modem to an ISP or other host. Windows 7 also supports incoming dial-up connections. Windows 7 can be used with both traditional landline modems and cellular modems. To configure an outbound dial-up connection, in Network And Sharing Center, click Set Up A New Connection Or Network and then select Set Up A Dial-Up Connection. You'll need to enter the phone number of the ISP as well as a user name and password. You can click Dialing Rules to specify options such as country code, carrier code, and whether a specific number needs to be provided to access an external line.

If you have a modem attached to your computer, you can configure your computer to accept incoming modem calls by clicking New Incoming Connection from the Change Adapter Settings dialog box available from the Network And Sharing Center Control Panel item. You can also use this method to configure a computer running Windows 7 to support incoming PPTP VPN connections through a NIC.

Remote Desktop

You need to know how to configure Windows 7 clients to use RD Gateway to access internal Remote Desktop services.

With RD Gateway, clients on the Internet can make Remote Desktop connections to servers on protected internal networks through an RD Gateway server on a perimeter network. Clients can establish these connections without having to initiate a VPN connection. The client opens the specially configured Remote Desktop Connection application and can initiate the connection as if opening a Remote Desktop Connection to a Remote Desktop host on the internal network. To configure Remote Desktop Client to use an RD Gateway, navigate to the Advanced tab of the Remote Desktop Connection Properties dialog box and click Settings under Connect From Anywhere. Specify the RD Gateway server name and whether you want the client to bypass the RD Gateway server for local addresses. You can also configure RD Gateway settings through the User Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Gateway node of a GPO. The policies in this node include the following:

  • Enable Connection Through RD Gateway: When enabled, the client attempts a connection through the specified RD Gateway server if it cannot directly connect to the target Remote Desktop Services server.
  • Set RD Gateway Server Address: You can specify the address of the RD Gateway Server.

Published apps

You need to know how to ensure that remote Windows 7 clients can connect to RemoteApp applications over the Internet.

With the RemoteApp technology, individual Remote Desktop Services applications can be published to client computers. RemoteApp applications can be used by clients on the Internet if the application is published with the address of an RD Gateway Server. Administrators can configure this address on the RD Gateway tab of the RemoteApp Deployment Settings dialog box.

Learn more about RemoteApp, consult the following webpage: http://technet.microsoft.com/en-us/library/cc772415.aspx.

[Previous] [Contents]

In this tutorial:

  1. Configuring Mobile Computing
  2. Managing Trusted Platform Module (TPM) PINs
  3. Data recovery agent support
  4. Configure DirectAccess
  5. Network infrastructure requirements
  6. Configure mobility options
  7. Transparent caching
  8. Configure remote connections
  9. Enabling a VPN Reconnect
  10. NAP quarantine remediation