Microsoft Press Windows Vista Administrator's Pocket Consultant ebook
Page 45
Real World
Skilled administrators know that several weeks in advance of the actual change, they should start to decrease the TTL values for DNS records that are going to be changed. Typically, this means reducing the TTL from a number of days (or weeks) to a number of hours, which allows for quicker propagation of the changes to computers that have cached the related DNS records. Once the change is completed, administrators should restore the original TTL value to reduce renewal requests.
In most cases, you can resolve problems with the DNS resolver cache by either flushing the cache or reregistering DNS. When you flush the resolver cache, all DNS entries are cleared out of the cache and new entries are not created until the next time the computer performs a DNS lookup on a particular host or IP address. When you reregister DNS, Windows Vista attempts to refresh all current DHCP leases and then performs a lookup on each DNS entry in the resolver cache. By looking up each host or IP address again, the entries are renewed and reregistered in the resolver cache. You'll generally want to flush the cache completely and allow the computer to perform lookups as needed. Reregister DNS only when you suspect that there are problems with DHCP and the DNS resolver cache.
You can use the IPCONFIG command to flush and reregister entries in the DNS resolver cache by following these steps:
Start an elevated command prompt.
To clear out the resolver cache, type ipconfig/flushdns at the command line.
To renew DHCP leases and reregister DNS entries, type ipconfig/registerdns at the command line.
When the tasks are complete, you can check your work by typing ipconfig/displaydns at the command line.
Chapter 13: Managing Mobile Networking and Remote Access
Users often want to connect to their organization's network from an off-site computer. To do so, they need a dial-up, broadband, or virtual private network (VPN) connection. Dial-up networking enables users to connect off-site computers to their organization's network using a modem and a standard telephone line. Broadband enables users to connect off-site computers to their organization's network using high-speed Digital Subscriber Line (DSL) routers or cable modems. VPN uses encryption to provide secure connectivity over an existing connection, which can be a local area, dial-up, or broadband connection. Increasingly, wireless connections are being used as well. With a wireless connection, computers establish connections using a network adapter that has an antenna that enables it to communicate with similar wireless devices.
Understanding Mobile Networking and Remote Access
Although the underlying technologies are fundamentally different, direct dial, broadband, and dial-up connections make it possible for users to access your organization's network remotely. With a typical direct dial network configuration, off-site users utilize their computer's modem and a standard telephone line to connect to a modem pool located at the office. A Microsoft Windows Server managing the modem pool and running Routing And Remote Access authenticates the logon ID and password and authorizes the user to connect to the internal network. The user can then access network resources just as she does when working on-site.
Figure 13-1 shows direct dial connections using modem pools. Analog modems use dedicated telephone lines to connect users to the internal network at speeds up to 33.6 kilobits per second (Kbps). Digital modems use channels of a T1 line to connect users to the internal network at speeds up to 56 Kbps. In a standard configuration, you might have 8, 12, or 16 modems configured in the pool, each with its own line (or channel). Typically, the modem pool has a lead number that users can call. This number connects to the first modem in the pool. When the lead number is busy, the line rolls over to the next number, which connects to the next modem in the pool, and so on, enabling users to dial a single number to gain access to all modems in the pool.
Figure 13-1: Use a dial-up connection to access an office network through a modem pool.
Unlike direct dial connections, which can be made directly to the office network, broadband connections are made through an Internet service provider's (ISP's) network. The user's DSL router or cable modem establishes a connection to the ISP, which in turn connects the user to the public Internet. To connect to the office network, broadband users must establish a VPN between the user's computer and the office network. Figure 13-2 shows how VPN works.
Figure 13-2: Use broadband and VPN to access an office network.
A VPN is an extension of a private network across the public Internet. Once a user is connected, it appears to him that he is directly connected to the office network and can access network resources just as he does when working on-site. These seamless connections are possible because a virtual tunnel is established between the user's computer and the office network, where the VPN technology takes care of routing information over the public Internet. One of two VPN technologies is typically used: Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP).
Both L2TP and PPTP offer encryption and protection from attacks, but only L2TP uses IP Security (IPSec) for advanced encryption, making it the more secure of the two technologies. Unfortunately, L2TP is more difficult to configure. When you use L2TP, you'll need to use Microsoft Certificate Services or a third party certificate server to issue individual certificates for each system that will connect to the network using L2TP.
In addition to using VPN with broadband connections, you can also use VPN with dialup connections. In this configuration, as shown in Figure 13-2, users go through their ISP to establish a connection to the public Internet and later establish a private connection to the office network. When this configuration becomes standard procedure for dial-up users, your organization won't need dedicated private lines like those reserved for a modem pool.
Creating Connections for Remote Access
As discussed previously, you can create both dial-up and broadband connections for remote access. If you want additional security, you can also configure these connections to use VPN. Microsoft Windows Vista provides a wizard for creating these connections. In most cases, you'll want to access this wizard through Network And Sharing Center. Click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar. In Network And Sharing Center, click Set Up A Connection Or Network. You can then create dial-up, broadband, and VPN connections.
Note: Real World
Consider whether Group Policy can help you reduce your workload. If you want to use the same connection settings on multiple computers, you could import the settings into Group Policy, and they would then be available to all computers in the related Group Policy object. You can use this technique to deploy new connection configurations, to update existing configurations when you need to make changes, and to delete existing configurations and replace them with new ones. See the "Managing Connection and Proxy Settings" section of Chapter 14, "Managing Advanced Internet Options and Security," for more information.
Creating a Dial-Up Connection
Windows Vista provides two options for making dial-up connections. You can create a dial-up connection to an ISP or a dial-up connection to the workplace. Although the connections are created using slightly different techniques, the settings for the connection options are the same, with the following exceptions:
A dial-up connection to an ISP does not use the Client For Microsoft Networks component, and it redials if the line is dropped by default.
A dial-up connection to the workplace does use the Client For Microsoft Networks component, and it does not redial if the line is dropped by default.
The networking component Client For Microsoft Networks enables Windows Vista systems to communicate in a Windows domain or workgroup. Because most workplaces use Windows domains or workgroups and some ISPs don't, the component is configured for workplace environments and not for ISPs.
Creating dial-up connections is a two-part process. Before you create a dial-up connection, you should check the current phone and modem options, which set dialing ru
les. Once the dialing rules are configured, you can create the dial-up connection.
Working with Dialing Rules and Locations
Dialing rules are used with modems to determine how phone lines are accessed, what the caller's area code is, and what additional features should be used when dialing connections. Sets of dialing rules are saved as dialing locations in the Phone And Modem Options tool.
Viewing and Setting the Default Dialing Location To view and set the default dialing location, follow these steps:
Click Start and then click Control Panel. In Control Panel, click Hardware And Sound.
In Hardware And Sound, click Set Up Dialing Rules under Phone And Modem Options. The first time you start this tool, you'll see the Location Information dialog box, as shown in Figure 13-3.
Figure 13-3: The first time you use Phone And Modem Options, you must configure the initial location.
Answer the following questions to configure the default location (My Location):
q What Country/Region Are You In Now? Select the country or region you are in, such as United States.
q What Area Code (Or City Code) Are You In Now? Type the area or city code as appropriate, such as 212.
q If You Need To Specify A Carrier Code, What Is It? You can specify the telephone carrier to use when dialing and establishing connections by entering its carrier code. A carrier code might be necessary if you are making long-distance or international calls.
q If You Dial A Number To Access An Outside Line, What Is It? Type the number you need to access an outside line, if any. An access code might be necessary to bypass a switch panel within a company or when dialing from a hotel.
q The Phone System At This Location Uses Select either Tone Dialing or
Pulse Dialing, as appropriate. Most areas of the United States and Canada use tone dialing.
Once you configure an initial location and click OK, you'll see the Phone And Modem Options dialog box, shown in Figure 13-4. From then on, you will no longer need to set up an initial location.
Figure 13-4: Check dialing rules to ensure they are configured properly.
Locations configured for the computer are shown in the Locations list by name and area code. The location from which you are currently dialing is selected and highlighted in bold.
Initially, the default location is set as My Location. By selecting a different location, you can make it the current or default location. I recommend editing the default location (My Location) and renaming it so that the name used includes the city or office location. To view the configuration of a selected location, click Edit. Then, to rename the location, type a new value in the Location Name field on the General tab and then click OK.
Note
Of all the available dialing rules, the area code is the one you'll work with most often. During installation of the operating system, a default location might have been created with the area code set by the person who installed the computer. In many cases, the default area code is not the one the user needs to use when dialing another location from home.
Creating Dialing Locations You can create dialing locations to set unique rules for each area code from which the user will make dial-up connections. To create a dialing location, follow these steps:
Click Start and then click Control Panel. In Control Panel, click Hardware And Sound.
In Hardware And Sound, click Phone And Modem Options. In the Phone And Modem Options dialog box, click New on the Dialing Rules tab. This displays the New Location dialog box, shown previously in Figure 13-3.
The New Location dialog box has three tabs:
q General Sets the location name, country/region, and area code. On this tab, you can also set access numbers for outside lines when dialing local or long-distance calls, disable call waiting, and specify whether tone or pulse dialing is used. Be sure to use an appropriate location name. Typically, this is the name of the city or metro area from which the user is dialing.
q Area Code Rules Sets rules that determine how phone numbers are dialed from the location's area code to other area codes and within the location's area code. These rules are useful when multiple area codes that are not long distance are used in the same location. They are also useful when calls within the area code might be local or long-distance based on number prefixes.
q Calling Card Sets a calling card to use when dialing from this location. Calling card information for major carriers is provided and you can also create calling card records.
When you are finished creating the location, check that the default location in the Phone And Modem Options dialog box is correct. You might need to select a different entry. Click OK when you are finished.
Deleting Dialing Locations To delete a dialing location, follow these steps:
Access Phone And Modem Options in Control Panel.
In the Phone And Modem Options dialog box, select the location you want to permanently remove and then click Delete. If prompted to confirm the action, click Yes.
Select the dialing location that you want to use as the default and then click OK.
Creating a Dial-Up Internet Connection to an ISP
You can create dial-up connections in the following ways:
If users are dialing up through an ISP that has point of presence (POP) locations throughout the United States and the world, you'll usually want to configure dialing rules and connections for specific locations. Here, you could create a dialup location called Seattle and a dial-up connection called Connect To ISP In Seattle. In this configuration, you would set the area code for Seattle as well as any special dialing rules and then configure the connection to use the ISP's access numbers for Seattle. You'd also need to show users how to change their current locations when they travel from place to place.
If users are dialing an 800 number or long distance to access the office modem pool or a special out-of-area access number for an ISP, you'll usually want to configure separate connections rather than separate locations. Here, you would create a connection that dials long distance to establish the connection and a connection that is used when the user is in the local area. You would then need only one dialing location.
To create a dial-up Internet connection, follow these steps:
Before you create a dial-up connection, you should check the current phone and modem options as discussed in the "Working with Dialing Rules and Locations" section of this chapter.
Note
If you use dialing rules with a connection and then set area and country codes, you are making it possible for the connection to be used for long-distance calls, which can sometimes be very expensive. If this isn't what you want, you might want to reconsider these selections.
Click Start and then click Connect To. In Connect To A Network, click Set Up A Connection Or Network. This starts the Set Up A Connection Or Network Wizard.
To make a dial-up connection to an ISP, select Set Up A Dial-Up Connection and then click Next.
Set the phone number to dial for this connection using the Dial-Up Phone Number text box.
Set account information for the connection. Enter the user name in the field provided and then enter the password. Although you can ensure the password is remembered by selecting Remember This Password, it is a poor security practice because it enables anyone with access to the computer to use the connection.
In the Connection Name field, enter the name for the connection, such as Service Provider. Keep in mind that the name should be short (50 or fewer characters) but descriptive.
If you want the connection to be available to all users of the computer, select Allow Other People To Use This Connection. This option is best when you plan to assign the connection through Group Policy and have not provided user logon information.
Click Create to create the dial-up connection and then click Close. To test the connection settings, follow the steps outlined in the "Establishing Connections" section of this chapter.
Note: Real World
Most organiza
tions use digital phone systems, which don't allow you to make an analog connection to an outside line. If this is the case at your office, you'll need to access an analog line before you can test the connection. Some digital phones can be equipped with digital-to-analog converters that you can use for testing dial-up connections. You might find these converters used with conference phones or fax machines, or you might find that conference phones or fax machines are already connected to analog phone lines.
Creating a Broadband Connection to the Internet or a Dial-Up Connection to the Workplace
In many respects, broadband connections are much easier to configure than dial-up connections are. When you work with broadband, you don't need to set up dial-up rules or locations. You don't need to worry about calling cards, ISP access numbers, or redialing preferences either, all of which make broadband much easier to work with.
Most broadband providers give users a router or modem, which users need to connect to the service provider. Each user must also have a network adapter on her computer, connected to a DSL router or cable modem. In this configuration, the necessary connection is established over the local area network (LAN) rather than a specific broadband connection. Therefore, it is the local area connection that must be properly configured to gain access to the Internet. You won't need to create a broadband connection.
You can, however, create a specific broadband connection if needed. In some cases, you need to do this to set specific configuration options required by the ISP, such as secure authentication, or you might want to use this technique to set the user name and password required by the broadband provider.
You create a broadband connection to the Internet or a dial-up connection to a workplace by following these steps:
Click Start and then click Connect To. In Connect To A Network, click Set Up A Connection Or Network. This starts the Set Up A Connection Or Network Wizard.