Lesson 2: Windows 7 Remote Management CHAPTER 7 413
FIGURE 7-27 Remote Desktop Client
14. When presented with the warning that the identity of the remote computer cannot be
verified, shown in Figure 7-28, click Yes.
FIGURE 7-28 Remote ID verification
15. When the connection has been established, click the Start menu and type PowerShell
into the Search Programs And Files text box. Click the Windows PowerShell item.
16. At the PowerShell prompt, type the command $env:ComputerName;$env:UserName
and press Enter. Verify that the command returns the values Aberdeen and Cassie
Hicks. Close the PowerShell window and log off of computer Aberdeen.
4 1 4 CHAPTER 7 Windows Firewall and Remote Management
exercise 2 Using Windows PowerShell and WinRS for Remote Management
In this exercise, you configure a client running Windows 7 so that it can be managed remotely
using Windows PowerShell and WinRS. You execute commands remotely to verify that this
configuration is correct.
1. Log on to computer Aberdeen with the Kim_Akers computer account.
2. Open an elevated command prompt and issue the command WinRM Quickconfig.
When prompted, press the Y key and press Enter twice, as shown in Figure 7-29.
FIGURE 7-29 WinRM Quickconfig
3. Close the Command Prompt window and log off of computer Aberdeen while keeping
computer Aberdeen turned on.
4. Log on to computer Canberra using the Kim_Akers user account.
5. Open an elevated command prompt.
6. Enter the command winrm quickconfig. Press Enter. Press the Y key and then press
Enter when prompted.
7. Enter the command winrm set winrm/config/client @{TrustedHosts=”Aberdeen”}
and press Enter.
8. Enter the command whoami. Verify that the result is Canberra\Kim_Akers.
9. Execute the command winrs –r:Aberdeen whoami. Verify that the result is
Aberdeen\Kim_Akers.
10. Enter the command ipconfig. Note the IP address information.

11. Enter the command winrs –r:Aberdeen ipconfig. Note the different IP address
information.
12. Enter the command PowerShell and press Enter. This starts Windows PowerShell.
13. Enter the command Get-Process | Sort-Object –Property CPU –Descending |
Select –First 10 and press Enter. This displays a list of the top 10 processes by CPU
usage on Canberra.
Lesson 2: Windows 7 Remote Management CHAPTER 7 415
14. Enter the command icm Aberdeen { Get-Process | Sort-Object –Property CPU
–Descending | Select –First 10 } and press Enter. This displays a list of the top 10
processes by CPU usage on Aberdeen.
15. Close Windows PowerShell and the command prompt, and then shut down the
operating system and turn off the computer.
Lesson Summary
n
Remote Desktop allows you to make a connection to a remote computer and view its
desktop as though you were logged on directly.
n
When Remote Desktop with Network Level Authentication is enabled, only clients
running Windows Vista and Windows 7 can connect. It is possible to connect using
a client running Windows XP with SP3, but it requires special configuration and is not
supported by default.
n
Standard users must be members of the Remote Desktop Users group before they can
connect to a client running Windows 7 using Remote Desktop.
n
You need to run the command WinRM Quickconfig from an elevated command
prompt on a client that you want to manage remotely using either WinRS or Windows
PowerShell. WinRM Quickconfig configures the Windows Remote Management service
and appropriate firewall rules and enables the WinRM listener.
n

You can use the winrs –r:hostname command to run a command-line command
remotely on the host named hostname.
n
Only Windows PowerShell V2 and later support remote Windows PowerShell. Windows
PowerShell V2 is the default version of Windows PowerShell included with Windows 7.
n
You can use the icm hostname command to run PowerShell Command on computer
hostname remotely.
Lesson Review
You can use the following questions to test your knowledge of the information in Lesson 2,
“Windows 7 Remote Management.” The questions are also available on the companion DVD
if you prefer to review them in electronic form.
note ANSWERS
Answers to these questions and explanations of why each answer choice is correct
or incorrect are located in the “Answers” section at the end of the book.
1. You need to manage a computer running Windows 7 from a computer running
Windows XP with SP2 when no user is logged on to the computer running Windows 7.
416 CHAPTER 7 Windows Firewall and Remote Management
You want connections to be as secure as possible. Which of the following settings on
the Remote tab of the System Properties dialog box should you configure?
a. Remote Assistance: Enable The Allow Remote Assistance Connections To This
Computer Option
B. Remote Desktop: Don’t Allow Connections To This Computer
c. Remote Desktop: Allow Connections From Computers Running Any Version Of
Remote Desktop
D. Remote Desktop: Allow Connections Only From Computers Running Remote
Desktop With Network Level Authentication
2. You want to user Windows PowerShell on a client running Windows 7 named Alpha to
manage a client running Windows 7 named Beta. Which of the following steps do you
need to take to do this?

a. Run the command WinRM Quickconfig from an elevated command prompt on
client Alpha.
B. Run the command WinRM Quickconfig from an elevated command prompt on
client Beta.
c. Create a WFAS rule for TCP port 80 on client Alpha.
D. Create a WFAS rule for TCP port 80 on client Beta.
3. You are logged on to a client running Windows 7 named Canberra. You want to
determine the media access control (MAC) address of a client running Windows 7
named Aberdeen, which is located on another subnet. Both computers are members of
the same domain and your domain user account is a member of the local administrator
group on both computers. The command WinRM Quickconfig has been executed on
all clients running Windows 7 in your organization. Which of the following commands
should you execute to accomplish your goal?
a. nslookup Aberdeen
B. winrs –r:Aberdeen ipconfig /all
c. winrs –r:Canberra ipconfig /all
D. arp -a
4. Which of the following Windows PowerShell commands can you issue on a client
running Windows 7 named Canberra to get a list of processes, including CPU and
memory usage, on a client running Windows 7 named Aberdeen?
A. icm Canberra {Get-Process}
B. icm Aberdeen {Get-Process}
C. winrs –r:Aberdeen Get-Process
D. winrs –r:Canberra Get-Process
Lesson 2: Windows 7 Remote Management CHAPTER 7 417
5. Which of the following reasons might explain why a helper is unable to connect to
a Remote Assistance session when two stand-alone clients running Windows 7 are
located on the same LAN?
a. The WinRM service is disabled on Aberdeen.
B. Client Aberdeen is configured to accept only Remote Desktop sessions that use

Network Level Authentication.
c. The helper is not a member of the Remote Desktop Users local group on
Aberdeen.
D. The Remote Assistance panel has been closed on client Aberdeen.
4 1 8 CHAPTER 7 Windows Firewall and Remote Management
Chapter Review
To further practice and reinforce the skills you learned in this chapter, you can perform the
following tasks:
n
Review the chapter summary.
n
Review the list of key terms introduced in this chapter.
n
Complete the case scenarios. These scenarios set up real-world situations involving the
topics of this chapter and ask you to create a solution.
n
Complete the suggested practices.
n
Take a practice test.
Chapter Summary
n
Windows Firewall can only be configured for applications and features.
n
WFAS can be configured for applications, features, services, and ports. It is possible to
configure authentication and scope option for WFAS rules.
n
Remote Assistance allows a user to forward an invitation to a helper that enables that
helper to view the user’s screen concurrently. There are several safeguards in place to
stop the helper from overriding the user and taking control of the user’s computer.
n

Remote Desktop allows a user to connect to an existing session that the user has
created on a remote client running Windows 7 or to initiate a new session.
n
The Windows Remote Management service allows command-line utilities and
Windows PowerShell scripts to be run remotely against clients running Windows 7.
Key Terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book.
n
connection security rule
n
inbound rule
n
outbound rule
n
Windows Remote Shell
Case Scenarios
In the following case scenarios, you apply what you’ve learned about subjects of this chapter.
You can find answers to these questions in the “Answers” section at the end of this book.
Suggested Practices CHAPTER 7 419
Case Scenario 1: University Client Firewalls
You work as a desktop support technician at a local university. All client computers at the
university have Windows 7 Enterprise installed. You have several support tickets that you
need to resolve. The first ticket involves an academic who wants to run a personal Web site
off his laptop computer when he is presenting at conferences and is connected to an ad hoc
network. Attendees at his presentations should be able to connect to download information
from the site, but people from elsewhere should not be able to connect. The second ticket
involves students in the undergraduate laboratory running a stand-alone file sharing
application off USB flash drives. You know the port that this application uses, but the name of
the application appears to vary. The third ticket involves a postgraduate computer laboratory

that has 25 stand-alone clients running Windows 7. You want to ensure that each of these
computers has the same WFAS configuration.
With this information in mind, answer the following questions:
1. What steps would you take to resolve the first ticket?
2. What steps would you take to resolve the second ticket?
3. What steps would you take to resolve the third ticket?
Case Scenario 2: Antarctic Desktop Support
Your organization is responsible for supporting a small scientific research facility in Antarctica.
The person responsible for IT support at the facility has come down with a serious illness
and has been confined to the base medical facility for the next week. In her place, you are
providing client operating system support to 30 scientists stationed at the facility. Your
office in Tasmania is connected to the base by a high-speed Internet link. All clients running
Windows 7 have Remote Desktop enabled.
With these facts in mind, answer the following questions:
1. One of the scientists needs an application installed on their client running Windows 7
that you cannot deploy through Group Policy. You have the ability to elevate your
privileges on the computer, but this scientist does not. How can you resolve this
situation?
2. Another staff member at the Tasmanian office needs to connect to a client running
Windows 7 at the Antarctic base to verify some scientific results but is unable to do so.
You check and find that you are able to establish a Remote Desktop connection. What
steps can you take to resolve this problem?
3. You need to be able to run Windows PowerShell scripts remotely against the clients
running Windows 7. What steps do you need to take before you can do this?
Suggested Practices
To help you master the exam objectives presented in this chapter, complete the
following tasks.
4 2 0 CHAPTER 7 Windows Firewall and Remote Management
Configure Windows Firewall
n

Practice 1 Configure a WFAS incoming rule for port 1138 for the UDP protocol for
IP addresses between 10.10.10.1 and 10.10.10.255.
n
Practice 2 Configure a WFAS incoming rule for the program Calc.exe in the
C:\Windows\System32 folder.
Configure Remote Management
n
Practice 1 Create and execute a WinRS command that provides a list of all local
groups on a remote client running Windows 7.
n
Practice 2 Create a Windows PowerShell script that lists the free space left on the
volumes on a remote computer.
Take a Practice Test
The practice tests on this book’s companion DVD offer many options. For example, you
can test yourself on just one exam objective, or you can test yourself on all the 70-680
certification exam content. You can set up the test so that it closely simulates the experience
of taking a certification exam, or you can set it up in study mode so that you can look at the
correct answers and explanations after you answer each question.
More Info PRACTICE TESTS
For details about all the practice test options available, see the section entitled “How to
Use the Practice Tests,” in the Introduction to this book.
CHAPTER 8 421
CHAPTER 8
BranchCache and Resource
Sharing
P
eople in the workplace rarely create documents that only they access. This is because
organizational data is generally useful only when it is shared among people in the
organization. People generally spend countless hours creating and formatting documents
in Microsoft Office Word because they expect other people to read those documents. They

write documents to explain ideas or to transmit data to other people because, generally,
it is not necessary to write a document to explain something to yourself. The first part of
this chapter looks at the methods you can use to share data stored on computers running
Windows 7. This includes the simplified technique of sharing data through HomeGroups and
the more complex technique of configuring shared folders. The second part of this chapter
looks at how you can restrict the sharing of data, ensuring that only the people who should
to be able to view that data are actually able to view it. You can do this by applying file and
folder permissions restricting who can access the data and by using encryption to ensure
that data is encoded so that only specific people can decode it. The final part of this chapter
looks at how you can speed up data access for people that are located in small branch
offices in larger organizations through a new Windows 7 feature named BranchCache.
Exam objectives in this chapter:
n
Configure shared resources.
n
Configure file and folder access.
n
Configure BranchCache.
Lessons in this chapter:
n
Lesson 1: Sharing Resources 423
n
Lesson 2: Folder and File Access 442
n
Lesson 3: Managing BranchCache 461
4 2 2 CHAPTER 8 BranchCache and Resource Sharing
Before You Begin
To complete the exercises in the practices in this chapter, you need to have done the following:
n
Installed Windows 7 on a stand-alone client PC named Canberra, as described in

Chapter 1, “Install, Migrate, or Upgrade to Windows 7.”
real World
Orin Thomas
A
lthough file and folder sharing at the client rather than the server level can
be quite useful for small businesses that do not have the resources to deploy
a dedicated file server, I’ve found that if people are not paying attention, shared
folders on client computers can cause a lot of problems. Perhaps this is because
people think about shared folders on a server and shared folders on a client computer
quite differently. When you have a file server, people are very aware that files saved in
that location will be visible to other people in the organization. When you deploy file
servers, it is relatively simple to set up file shares on the basis of group membership,
and people remember that a file that should be visible only to managers gets put
in the Managers shared folder. Sure, you can do this with client computers, but it
generally takes more effort to configure different shares with specific permissions
on each client computer. It takes even more effort to get the people that actually use
these computers to remember how permissions actually work.
A colleague of mine had to deal with a meltdown that occurred at one client he
worked for because a manager had saved performance reviews to a local folder that
was visible to everyone on the network. Although there had been a specific shared
folder set up that did limit document access to the administrative assistant and the
company director, the manager hadn’t paid attention when this was explained to
him. He worked off the assumption that no one else would see the reviews because
he told only his administrative assistant and the company’s director that the
documents were present in the shared folder.
Shared printers can cause similar problems. In many small businesses, the people
who run the company get the best hardware. The person that ends up with the most
fully featured printer gets it because she is the person who owns the company and
signs the purchase orders. The printer ends up shared so that the people who might
use features such as automatic double-sided printing and collation can actually do

so. The downside to this is that these people have to keep going across to the senior
staff member’s work space to retrieve their printing. At one organization I know,
several people had to be given keys to the boss’s office so they could access their
printing when he was away on business. Rather than move the printer to a more
public location, the boss ended up authorizing the purchase of another printer.