Key Terms CHAPTER 5 293
Chapter Review
To further practice and reinforce the skills you learned in this chapter, you can perform the
following tasks:
n
Review the chapter summary.
n
Review the list of key terms introduced in this chapter.
n
Complete the case scenarios. These scenarios set up real-world situations involving the
topics of this chapter and ask you to create a solution.
n
Complete the suggested practices.
n
Take a practice test.
Chapter Summary
n
You can use built-in compatibility modes to allow applications designed for previous
versions of Windows to run on Windows 7. If one of the existing compatibility modes
does not resolve the compatibility issues, you can use the ACT to search a large
database of existing application specific fixes and modes.
n
Windows XP Mode is a fully virtualized instance of Windows XP that can be run on
a client running Windows 7 Professional, Ultimate, or Enterprise edition as a way of
resolving compatibility problems that you are unable to solve using compatibility
modes or the ACT.
n
Software Restriction Policies can be used on all versions of Windows and allow you
to create rules based on a file hash, software path, publisher certificate, or network
zone. Software Restriction Policies are applied from the most specific rules to the least
specific. Rules that are more specific override rules that are less specific.

n
AppLocker policies can only be used on computers running Windows 7 Enterprise and
Ultimate editions. AppLocker policies can be applied on the basis of publisher identity,
file hash, or software path. AppLocker includes wizards that automatically generate
rules. AppLocker block rules override all other AppLocker rules.
Key Terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book.
n
AppLocker policy
n
compatibility fix
n
compatibility mode
n
hash rule
2 9 4 CHAPTER 5 Managing Applications
n
path rule
n
publisher rule
n
Software Restriction Policy
Case Scenarios
In the following case scenarios, you apply what you’ve learned about subjects of this chapter.
You can find answers to these questions in the “Answers” section at the end of this book.
Case Scenario 1: Configuring Application
Compatibility at Fabrikam
You are in the process of planning a migration of your organization’s desktop computers from
Windows XP to Windows 7. At the moment, you are investigating application compatibility

issues. You are primarily concerned with three applications named Alpha, Beta, and Gamma.
After investigation, you have found that application Alpha does not run on computers
running Windows 7 Enterprise but that it does run without problems on computers that
have Windows XP Professional SP3 installed. Application Beta runs only on computers with
Windows 7 installed when you right-click the desktop shortcut for it and then click Run As
Administrator. Application Gamma was created when your organization had a small team of
developers. The application does not function under the existing Windows 7 compatibility
modes, and your organization now lacks the expertise to revise the original source code so
that the application functions properly when installed on computers running Windows 7.
With these facts in mind, answer the following questions.
Questions
1. What steps should you take to get application Alpha to execute?
2. What steps should you take to enable the execution of application Beta by just clicking
on its shortcut?
3. What tool can you use to configure custom compatibility options for application
Gamma?
Case Scenario 2: Restricting Applications at Contoso
You are responsible for configuring computers running Windows 7 Enterprise at Contoso’s
Antarctic Research facility. In-house developers created a data collection and analysis
application used at the facility. This application communicates with instruments that measure
temperature variations in the ice fields that surround the Contoso outpost. The in-house
developers did not digitally sign this application. As the application interacts with delicate
scientific instruments, only members of the Scientists group should be able to execute the
Suggested Practices CHAPTER 5 295
data collection application. You want to create a single rule to manage the execution of this
application. With this information in mind, answer the following questions.
Questions
1. What type of rule would you create for the data collection application?
2. How can you ensure that only members of the Scientists group can execute the data
collection application and other users cannot?

3. What steps would the in-house developers need to take to allow you to create
a publisher rule for this application?
Suggested Practices
To help you master the exam objectives presented in this chapter, complete the following
tasks.
Configure Application Compatibility
In this set of practices, you configure application compatibility. Use your favorite search
engine to locate and download an evaluation version of an application that works on
a previous version of Windows, such as Windows XP, but which does not work when running
Windows 7.
n
Practice 1 Edit the properties of an application and configure the Windows 7
compatibility modes to get the application to function when running Windows 7.
n
Practice 2 Edit the properties on an application and configure the Windows 7
compatibility modes to disable the Aero UI when the application is executing.
Configure Application Restrictions
In this set of practices, you configure application restrictions. It requires that you have
downloaded the Process Explorer application to the desktop of your computer running
Windows 7. You can obtain this application from the Web site at rosoft
.com/en-us/sysinternals/bb896653.aspx. You need to enable the Application Identity service
temporarily to complete these practices. Remember to disable the service when you complete
these exercises, or else you may experience problems executing other applications in later
chapters.
n
Practice 1 Use the Local Group Policy Editor to configure an AppLocker path rule
to block the execution of the Process Explorer application that you downloaded for
the exercises at the end of Lesson 1. After rebooting the computer, verify that the
application is blocked by the path rule. When you have done this, create a copy of
the executable file in another location. Attempt to execute the application in its new

location.
2 9 6 CHAPTER 5 Managing Applications
n
Practice 2 Use the Local Group Policy Editor to create a publisher rule to block the
execution of the Process Explorer application. After rebooting the computer, verify that
the Process Explorer application does not execute. Copy the application file to another
location. Verify that the Process Explorer application does not execute in the new
location.
Take a Practice Test
The practice tests on this book’s companion DVD offer many options. For example, you
can test yourself on just one exam objective, or you can test yourself on all the 70-680
certification exam content. You can set up the test so that it closely simulates the experience
of taking a certification exam, or you can set it up in study mode so that you can look at the
correct answers and explanations after you answer each question.
More Info PRACTICE TESTS
For details about all the practice test options available, see the section entitled “How to Use
the Practice Tests,” in the Introduction to this book.
CHAPTER 6 297
CHAPTER 6
Network Settings
T
his chapter discusses networks and how you locate computers and other devices within
networks. It looks at Internet Protocol version 4 (IPv4), a robust, reliable protocol that
has implemented routing and delivered packets to hosts on subnets for many years. It also
discusses the various types of IPv4 address and the services on which IPv4 relies.
Internet Protocol version 6 (IPv6) is the successor to IPv4, and the chapter explains why
IPv4 might no longer be adequate to cope with modern intranetworks, in particular the
Internet. It describes the various types of IPv6 addresses and their functions, as well as
address types that implement the transition from IPv4 to IPv6.
Traditionally, most networks used wired connections, but wireless networking is now

much more common, particularly with the increase in mobile communication and working
from home. The chapter looks at how you set up both wired and wireless networks and
troubleshoot connectivity problems.
Finally, the chapter considers the new Windows 7 feature of location-aware printing that
enables mobile users to move between networks without needing to re-specify their default
printer.
Exam objectives in this chapter:
n
Configure IPv4 network settings.
n
Configure IPv6 network settings.
n
Configure networking settings.
Lessons in this chapter:
n
Lesson 1: Configuring IPv4 300
n
Lesson 2: Configuring IPv6 328
n
Lesson 3: Network Configuration 348
2 9 8 CHAPTER 6 Network Settings
Before You Begin
To complete the exercises in the practices in this chapter, you need to have done the following:
n
Installed the Windows 7 operating system on a stand-alone client PC as described in
Chapter 1, “Install, Migrate, or Upgrade to Windows 7.” You need Internet access to
complete the exercises.
n
Installed Windows 7 on a second PC. The procedure is the same as for installing the
first PC, and the user name and password are the same (Kim_Akers and P@ssw0rd).

The computer name is Aberdeen. As with the installation of the Canberra computer,
accept the installation defaults (unless you are not U.S based, in which case select the
appropriate keyboard and time zone). It is highly recommended that you create the
Aberdeen computer as a virtual machine (VM). You can do this by using Hyper-V or
by downloading Microsoft Virtual PC 2007 at />details.aspx?FamilyID=04d26402-3199-48a3-afa2-2dc0b40a73b6&displaylang=en.
n
If you have two physical computers that are not connected to the same network by
any other method, you need to connect their Ethernet ports with a crossover cable or
by using an Ethernet switch.
n
You will need a wireless connection on the Canberra computer and a wireless access
point (WAP) connected via a cable modem to the Internet to complete the optional
exercise in Lesson 1. You need a wireless adapter on each computer to complete the
exercise in Lesson 3, “Network Configuration,” later in this chapter.
real World
Ian McLean
I
’ve just read it in a Microsoft magazine, so it must be correct—we’re running out
of IPv4 addresses.
As one of those who was crying wolf very loudly indeed in 1999, I can’t say I’m
surprised; in fact I am surprised it has taken so long. The use of Network Address
Translation (NAT) and private addressing, of Classless Inter-Domain Routing (CIDR),
and Variable-Length Subnet Mask (VLSM), and the claw-back of allocated but
unused addresses were at best a temporary fix. They were never a solution. We were
using up a limited resource. We could slow the process, but we could not halt it. So
what’s the solution?
In a word (or to be pedantic an acronym): IPv6.
There’s a huge amount of money invested in the IPv4 Internet and it’s not about to
go away. As a professional, you need to know about IPv4 and how to configure and
work with it, and you will for some time yet. However, where there are now islands

of IPv6 Internet among seas of IPv4 Internet, IPv6 is growing, and eventually IPv4
will become the islands, and they’ll get smaller all the time.
Before You Begin CHAPTER 6 299
So don’t ignore IPv4, but the time has come to add IPv6 to your skills base. After
all, it’s hardly new. The IPv6 Internet has been around since the last millennium. You
don’t need to subnet or supernet it, and a device can have several IPv6 addresses
for different functions. There is quite an incredible (literally) number of available
addresses. I’m told the resource is almost infinite. Forgive me, but wasn’t that what
they said about IPv4 address space in 1985?
So learn IPv6. If I were you, I’d do so quickly. The human race is never more
ingenious than when it sets its mind to using up a seemingly infinite resource. I may
be getting on a bit, but I have bets with several of my colleagues that IPv8 will be
around before I’m finally laid to rest.
What hasn’t occurred to them is—how are they going to collect their winnings?
3 0 0 CHAPTER 6 Network Settings
Lesson 1: Configuring IPv4
As an IT professional with at least one year’s experience, you will have come across IPv4
addresses, subnet masks, and default gateways. You know that in the enterprise environment,
Dynamic Host Configuration Protocol (DHCP) servers configure IPv4 settings automatically
and Domain Name System (DNS) servers resolve computer names to IPv4 addresses.
You might have configured a small test network with static IPv4 addresses, although
even the smallest of modern networks tend to obtain configuration from a cable modem or
a WAP, which in turn is configured by an Internet service provider (ISP). You might have set
up Internet Connection Sharing in which client computers access the Internet through, and
obtain their configuration from, another client computer.
You have probably come across Automatic Private Internet Protocol (APIPA) addresses that
start with 168.254 when debugging connectivity because computers that fail to get their IPv4
configuration addresses from DHCP typically configure themselves using APIPA instead—so
an APIPA address can be a symptom of DHCP failure or loss of connectivity, although it is
also a valid way of configuring isolated networks that do not communicate with any other

network, including the Internet.
However, you might not have been involved in network design or have subnetted
a network. Subnetting is not as common these days, when private networks and NAT give
you a large number of addresses you can use. It was much more common in the days when
all addresses were public and administrators had to use very limited allocations. Nevertheless,
subnetting remains a useful skill and subnet masks are likely to be tested in the 70-680
examination.
In this lesson, you look at the tools available for manipulating IPv4 addresses and subnet
masks and implementing IPv4 network connectivity. The lesson considers the Network And
Sharing Center, the Netstat and Netsh command-line tools, Windows Network Diagnostics,
how you connecting a computer to a network, how you configure name resolution, the
function of APIPA, how you set up a connection for a network, how you set up network
locations, and how you resolve connectivity issues.
Before you look at all the tools for manipulating and configuring IPv4, you first need
to understand what the addresses and subnet masks mean. You will learn the significance
of addresses such as 10.0.0.21, 207.46.197.32, and 169.254.22.10. You will learn why
255.255.255.128, 255.255.225.0, 225.255.254.0, and 255.255.252.0 are valid subnet masks,
whereas 255.255.253.0 is not. You will learn what effect changing the value of the subnet
mask has on the potential size of your network and why APIPA addresses do not have default
gateways.
This chapter starts with an introduction to IPv4, in particular IPv4 addresses, subnet masks,
and default gateways. It continues with the practical aspects of configuring and managing
a network.
Lesson 1: Configuring IPv4 CHAPTER 6 301
After this lesson, you will be able to:
n
Explain the functions of an IPv4 address, a subnet mask, and a default gateway,
and interpret the dotted decimal format.
n
Connect workstations to a wired network and set up Internet Connection

Sharing (ICS) on that network.
n
Manage connections for wired networks.
Estimated lesson time: 50 minutes
Introduction to IPv4 Addressing
IPv4 controls packet sorting and delivery. Each incoming or outgoing IPv4 packet, or
datagram, includes the source IPv4 address of the sender and the destination IPv4 address of
the recipient. IPv4 is responsible for routing. If information is being passed to another device
within a subnet, the packet is sent to the appropriate internal IPv4 address. If the packet is
sent to a destination that is not on the local subnet (for example, when you are accessing the
Internet), IPv4 examines the destination address, compares it to a route table, and decides
what action to take.
You can view the IPv4 configuration on a computer by opening the Command Prompt
window. You can access this either by selecting Accessories and then Command Prompt on the
All Programs menu, or by entering cmd in the Run box. If you need to change a configuration
rather than to merely examine it, you need to open an elevated command prompt.
The Ipconfig command-line tool displays a computer’s IPv4 settings (and IPv6 settings).
Figure 6-1 shows the output of the Ipconfig command on a computer connected wirelessly
through a WAP to the Internet and internally to a private wired network that is configured
through APIPA. For more detail enter ipconfig /all.
FIGURE 6-1 Ipconfig command output
The IPv4 address identifies the computer and the subnet that the computer is on. An IPv4
address must be unique within a network. Here the private address is unique within the internal
3 0 2 CHAPTER 6 Network Settings
network (the number 10 at the start of the address indicates that the address is private). If an
IPv4 address is a public address on the Internet, it needs to be unique throughout the Internet.
We look at public and private addresses later in this lesson.
There is nothing magical about the IPv4 address. It is simply a number in a very large range
of numbers. It is expressed in a format called dotted decimal notation because that provides
a convenient way of working with it. An IPv4 address is a number defined by 32 binary digits

(bits), where each bit is a 1 or a 0. Consider this binary number:
00001010 00010000 00001010 10001111
The spaces are meaningless. They only make the number easier to read.
The decimal value of this number is 168,823,439. In hexadecimal, it is 0A100A8F. Neither of
these ways of expressing the number is memorable or convenient.
note BINARY AND HEXADECIMAL NOTATION
You do not need to be a mathematician or an expert in binary notation to understand IPv4
addressing, but you do need a basic knowledge. To learn more, you can search for “the
binary system” (for example) on the Internet, but possibly the best way to become familiar
with binary and hexadecimal is to use the scientific calculator supplied by Windows 7.
For example, enable binary (Bin) and type in 11111111. Enable decimal (Dec) and then
hexadecimal (Hex), and ensure that you get 255 and FF, respectively. The same calculator is
available in the 70-680 examination.
Binary digits are generally divided into groups of eight, called octets (an electronics
engineer would call them bytes). So let us group this number into four octets and put a dot
between each because dots are easier to see than spaces.
00001010.00010000.00001010.10001111
Convert the binary number in each octet to decimal and you get:
10.16.10.143
Binary, decimal, hexadecimal, and dotted decimal are all ways of expressing a number.
The number uniquely identifies the computer (or other network feature) within a network and
the specifically identifiable network (or subnet) that it is on.
A network is divided into one or more subnets. Small networks—for example, a test
network—might consist of only a single subnet. Subnets are connected to other subnets by
a router (for example, a WAP, a Microsoft server configured as a router, or a hardware device
such as a Cisco or 3Com router). Each subnet has its own subnet address within the network
and its own gateway or router connection. In large networks, some subnets can connect to
more than one router. You can also regard the connection through a modem to an ISP as
a subnet, and this subnet in turn connects to the Internet through a router at the ISP.