CompTIA A+ Exam 220-902 sub-objective 1.6: Given a scenario, install and configure Windows networking on a client/desktop
Detailed (and official) description of CompTIA A+ sub-objective 1.6
1.6 Given a scenario, install and configure Windows networking on a client/desktop
> HomeGroup vs. WorkGroup
> Domain setup
> Network shares/administrative shares/mapping drives
> Printer sharing vs. network printer mapping
> Establish networking connections
– WWAN (Cellular)
> Proxy settings
> Remote Desktop Connection
> Remote Assistance
> Home vs. Work vs. Public network settings
> Firewall settings
– Enabling/disabling Windows firewall
> Configuring an alternative IP address in Windows
– IP addressing
– Subnet mask
> Network card properties
– Half duplex/full duplex/auto
– BIOS (on-board NIC)
Welcome to ExamNotes by CertBlaster! In this session we will cover the A+ 220-902 exam sub-objective 1.6 “Given a scenario, install and configure Windows networking on a client/desktop”. We touched lightly on these topics in our previous session. This time we take a deeper look.
As the base we’ll define the types of networks supported by Microsoft. These are peer-to peer (P2P) networks as WorkGroup or HomeGroup, and third the Domain model.
HomeGroup vs. WorkGroup
The HomeGroup is the least secure P2P approach to networking and sharing. This model allows anyone with access to the Homegroup access to everything shared on any computer in the group. This is an easy but insecure approach because anyone on the HomeGroup network can access anything shared on the network. A single password is used for access to the group providing equal access to all joined devices.
The WorkGroup describes a P2P network with no centralized authority wherein the devices on the network each control what is and is not shared on that particular device or workstation and the users or groups they want to share that resource with. In this model each workstation controls the database of users and privileges collectively referred to as the workgroup. Each device that is part the workgroup can allow access on a user-by-user or group-by-group basis. Network usernames and passwords control access. Local Users and Groups are used to control access.
The Domain network structure is the most secure design supported. Generally it is implemented on a larger sized business network than the P2P deployments. There is a degree of administrative overhead needed and this allows for all resources on the network to be controlled from a single central server using Active Directory. Active Directory creates and maintains a database of network resources and the client/server model is used and multiple servers are supported. The Windows domain (client/server) network design uses more robust operating systems on the servers called Network Operating Systems (NOS). This means that simple operating systems like Windows Starter or Home editions will not be able to participate. The flexibility of the Active Directory model provides for a single server to be dedicated to a single discipline. Alternatively that same server can be configured to provide multiple network services. This allows powerful network configurations to be completed using a minimum amount of physical machines. For the test you will not be expected to know how many servers a particular machine will support.
Network shares/administrative shares/mapping drives
The next item that we will examine is Network connections. This share type allows data to be shared using existing network shares. You can share an existing folder or you can also create a location that you can subsequently share.
Additional methods to share data are administrative shares and drive mapping. Administrative shares are a useful administrative tool that allows you to share data invisibly. This method uses the Windows NT operating system to create hidden network shares. These shares are only accessible using the full path and folder name they will not appear when browsing. The shares will display locally in the Computer Management console and are identified using the $ as the last character of the Share Name. They can be disabled but not deleted.
Mapping drives and printers is a technique to create a shortcut on the local computer that points to a folder or drive on another PC. A drive letter is assigned to the remote resource that appears as a local drive on the host. This very short video shows you one way mapping can be done in Windows:
Mapped drives can be assigned to reconnect whenever the local machine is restarted making it appear consistently as a logical drive on the host reducing the time it takes to browse for the resource. Drive mapping can be used on different operating systems utilizing the Network File System (NFS). Any locally available drive letter can be assigned, we used Z: here:
Printer sharing vs. network printer mapping
There are two ways to use printers on a network aside from a dedicated print server. When you have a printer attached locally you can choose to share the printer on the network and this is a fairly common method for accomplishing the share. You can also make the printer available using its IP address as shown here. If the printer is using DHCP you will assign a manual IP address or use the MAC address. You may also opt to install drivers for other Windows versions if needed to support, for example Windows 7, Windows 8 or Vista.
Establish networking connections
A VPN connection (Virtual Private Network) establishes a safe secure tunnel between your company network and a remote location over an existing connection (Internet). The VPN tunnel is encrypted for maximum security. Microsoft includes VPN support and there are numerous third party programs that perform this function. The test is vendor neutral so we will discuss the Microsoft implementation here. Go to the Network and Sharing Center a And select Choose your network settings in Windows 7 and earlier, or the use the Get Connected Wizard from the Settings Charm in Windows 8 and type vpn in the search bar. You’ll see the Set up a VPN link, click it. You will be prompted for the connection information supplied by your administrator and click Create. In Networks click the VPN connection and authenticate. Any changes can be made to the connection in the Connection. Properties. Take note of the Encryption and Authentication protocols and settings.
Dialups are painfully slow yet still effective ways to connect to the internet in a pinch. You will need an analog (POTS) phone line and a V.92 modem installed in the machine. You will also nee the phone number supplied by your ISP and the credentials provided. Take note of the Encryption and Authentication protocols and settings.
To configure a wireless connection to a router you will need the Service Set Identifier (SSID) of the wireless router and the passphrase. Also you need to know the encryption and security type the router is using and the channel number in case you run into connection issues. Concerns about wireless security can be addresses by stopping the router from broadcasting its SSID,, filtering the MAC addresses allowed to connect and reducing the radio power. The radio power is often overlooked but todays routers ranges far exceed what you would need to cover a SOHO ao even a business with an unobstructed floor plan.
As a rule a Wired network need only be plugged into the network using an TJ-45 Ethernet cable. That is to connect only. Accessing resources are subject to the administrative restrictions on the network like usernames and passwords for starters.
WWAN networks are generally utilized by internet capable Smartphones or cellphones. The networks are provided by cellular phone companies who have expanded their offerings to include internet access. The WWANs are maintained and controlled by the cell service carriers. The carrier requires specific detailed information before it will allow access to its network. A SIM chip or card inside the device provides your access information to the cellular carrier. GSM and LTE both require a SIM card. Also available are USB WWAN devices that can be plugged into the PC and used for internet access.
Proxy settings are managed in Internet Options in your browser or from control panel. Many corporations and service providers use dedicated proxy servers to increase the speed of internet experience. They provide a dedicated controllable resource and speed up the experience by caching data locally. Here is an example broadband proxy. Proxy servers are not used with VPN connections. They must be configured individually for each connection type used.
Remote Desktop Connection
Using Windows on a network has allowed you to manage files and folders shared on the network, provided you have permission to do so. This is good for working with documents or other files. It is not good for checking device settings and other system functions. Windows Remote Desktop fills that void by making the entire desktop and the system in general to you wherever you are using RDP (Remote Desktop Protocol). The process has been around (before the objectives) as Terminal Services. It was introduced in Windows XP as Remote Desktop using port 3389, the port number is important because as you can see in the graphic the program needs to be permitted through the Firewall.
RDC and RA setup window
The Remote Desktop Connection and Remote Assistance are enabled on the System Properties sheet on the Remote tab. Once this is accomplished ensure that the user (you) has remote access privileges on both computers. Use Select Users for this. When this is done you can access the program by typing the program name or the filename MTSC (Microsoft Terminal Services Client) in the Start/Search bar.
Once the program is running you will see you need to identify the target machine using the computer name or IP address and supply your credentials on the General tab.
The Display Tab lets you set the resolution and color depth. Both of these settings are highly reliant on the connection speed and latency. Windows does it’s best to compensate for quality issues on low speed connections this can be found on the experience tab where you can disable bandwidth intensive features to optimize performance. Other features of the remote Desktop are the ability to use your local resources during the session and to launch specific programs upon connection or at any time during the session.
Remote access to computers by trusted parties is a desirable way to handle system repairs by technicians and even your personal access to the entire desktop and operating system. Windows Remote Assistance was introduced in Windows XP as a way to allow users to obtain immediate assistance. In the corporate world this saved countless man-hours of support as it allowed the technician to make a simple repair without having to take the time to walk the user through the physical process. What was done would still need to be explained to the customer’s satisfaction. The Remote Assistance program is allowed access through the Windows Firewall If you use a hardware or third party firewall program you will need to allow the program through. The process allows you to send an invitation to a user you trust to help you resolve your issue. Secondly you are able to offer assistance to a user by responding to their invitation. In either case this is a request and respond type of arrangement and security is managed through the use of a passcode that the responder will need to know to continue. When you request assistance the party you ask will be sent a file with your connection properties and the passcode. The chat feature is available throughout the session and the bandwidth usage is controllable allowing either party to reduce the amount of resources the system is using. When actions are required by either party they can “Take Control” of the session. The output is visible to both parties at all times.
Home vs. Work vs. Public network settings
When you are setting up a network connection your windows machine may use Network Location Awareness to automatically configure this setting to one of these, Home, Work or Public. This is a crucial setting because if you are in a coffee shop using their Wi-Fi, you don’t want your data shared with everyone in the shop. Here is how it breaks down quickly.
A home network setting on your PC makes all of your shared data discoverable by other computers on the network. Throughout the Windows versions and editions you will find that the settings for a private network are identical to those labeled Private or Work. The computer in question cannot be accessed directly from the internet and relies on the hardware and software protection you have on your gateway, router and any other objects in the path between your PC and the internet. This is good at home and work, but bad out in the wild world. This setting in a public environment would be equivalent to leaving the PC unprotected.
The Work network setting would imply but not guarantee that a Domain is in use. In this case all aspects of the connection security are handled by the administrator by using Group Policy and User Policy. The administrator will also have control over other user access and the privileges of the device on the network.
The Public network type is used when there is no security device between the PC and the internet. The Public network setting is the most restrictive mainly because your only defense is Windows Firewall and the AntiVirus and Malware protection you have installed.
Windows Firewall is accessible from the Control Panel, the Search or run line and also as an alternative choice in some of the applets you use to use or change network settings like the Network and Sharing Center as a primary example. It is accessible at the bottom left corner. What a firewall does is filter the content allowing that which you allow and blocking things you don’t want to see using their TCP port numbers. The Windows firewall has an extensive list of preset programs that you can modify using checkboxes. Quite user friendly.
It easy to understand why blocking everything all the time is counterproductive to put it mildly. There is a very real need to allow some activities to pass-through unrestricted. So the directions we supply to control the activity between our network and the internet are called rules.
The firewall comes preset with a group of rules as the basic configuration that will allow basic connectivity. Often a user will use their device for years and not have to make any changes to it. Any changes to a rule is called an Exception. For example after installing a new multi-player game you find that it cannot connect to the internet servers. This is a case where you would make an exception to your firewall settings to allow the program in question to access the internet.
Enabling/disabling Windows firewall
When you find you are having problems connecting to the internet or even the local network the condition can quickly exclude the firewall as the problem by disabling it and checking your connections quickly if the problem disappears then you have zeroed in on the issue. Turn the firewall back on as quickly as possible, then begin to look for the contributing factors. It is very important that you minimize the time that the firewall is off.
Configuring an alternative IP address in Windows
Most networks use DHCP for network configurations. It is fast, efficient and has very little administrative overhead. DHCP servers will ensure that addresses are issued without duplication and that the client receives the correct 32-bit IP Address a valid 32-bit subnet mask, the address (es) of DNS servers and a gateway address to look for when using addresses off the local network. Addresses for WINS servers should also be provided so to summarize here it is.
Windows IPv4 or IPv6 addresses can be configured manually or automatically using DHCP.
Here is a look at a typical Alternate IPv4 configuration. The parts that make it up are in the text that follows.
IP Addressing is a blanket term that covers all of the items that follow.
An IP Address is a 32-bit address that is segmented into four eight bit sections called octets. The maximum value of any octet is 255 or 11111111 (binary). Usually the first two or three octets will identify the network and the remainder will be for the host or device.
Subnet masks are used to identify the network and which of the remaining octets are used to identify the host. So if using a subnet mask of 255.255.255.0 would provide 24 bits, three octets, for the network and eight fot the host.
DNS stands for Domain Name System. This is a naming system for network connected devices. It works well with humans because it is far easier for us to remember a few words than a 32-bit string of numbers. What DNS does is maintain a constantly refreshing list of domain names and the IP addresses they correspond to.
A Gateway is a device on the network designated to provide access to the internet through the local LAN, Part of each machines IP configuration includes the Default Gateway, an address to be used first when accessing data that is not on the local LAN.
Network card properties
Network card properties belong to whatever device you are using to access the network. A network card is required for each and every device that will access the network. We will use this term to describe that which provides access at the physical layer regardless of the method, wired, wireless and all that follow. Interestingly each connection possesses these qualities with one exception. We’ll take that one and toss it first.
Half duplex/full duplex/auto
When we talk about Network speed we usually are referring to throughput and more specifically Ethernet throughput. “Your results may vary” has never been more true than in these cases. We’ll start with a definition that will help some items clarification. Duplex is not an apartment network. It refers to the transmission of data and what amount of time each user is allotted for transmission or when they can send and when the can receive.
Here’s the list and a decent image to refer to.
Half duplex means that in a situation where only two devices are present. One device can transmit and the other receive at the same time Then the second machine can send data back or remain silent. Think of this as a walkie-talkie if that works for you. At the end of each transmission the sending unit will transmit a Clear to send (CTS) message indicating to all parties that the line is open, the walkie-talkie equivalent of saying Over.
Full duplex is the best way for your data to travel over Ethernet. In the same two device sample from above both of your devices can transmit or receive at will. Whenever they want. Now you are getting very close to the advertised speeds. More on that in a bit. For now think of half duplex one way at a time, and Full duplex anything anytime. To manage the settings on your network interface the best way to access it is through Device Manager. The adapter’s properties sheet has an Advanced tab that has close to 30 fine tuning elements. The first one we’ll look at is Speed and Duplex here you can set the interface to it’s maximum speed, the speed you are told the network is running at or auto negotiate.
Auto negotation allows the network devices to send and receive packets to each other very quickly and determine the best transmission and reception settings for the connection in the blink of an eye.
You need speed. Here we will talk about the rated speed not the speed you will get when you get home with the device. In fairness the standard speed does not account for administrative overhead and the retransmission of dropped packets. So we will start with wireless and confine it to what you can expect to see on the test.
These standards are all sanctioned by the IEEE and fall under section 802.11. They are differentiated by their alpha designation. We will list the standard, the radio frequency band it operates in and its speed and range. We are only concerned with four of the wired IEEE standards.
Do your best to really know this, it helps with the “big picture” types of questions.
802.11a – 5.0 GHz frequency – speed up to 54 Mbps – Range 50 meters
802.11b – 2.4 GHz frequency – speed up to 11 Mbps – Range 100 meters
802.11g – 2.4 GHz frequency – speed up to 54 Mbps – Range 100 meters
802.11n – 2.4 or 5.0 frequency- speed 300 – 600Mnps – Range outdoors 250 meters*
802.11ac – 5.0 frequency- speed just under 7Gbps – Range outdoors 250 meters
*) Uuses MIMO Multiple In Multiple Out to bond channels together and increase speed.
Wake on LAN
Last but not least in our exhaustive list of content that would not hurt to be comfortable with is Wake on LAN. This handy little feature has been around forever and is available on most motherboards that have a NIC onboard. This feature is useful when you are trying to access a PC on your network or elsewhere that has gone to sleep. Ordinarily you would have someone go to the workstation and press a key or shake the mouse to wake the machine. The Wake on LAN feature works by simply attempting access the PC. It should be listed on the Network, now double-clicking a folder will be met initially with an error, but wait a few seconds and you will have access to anything shared.
Quality of Service (QoS) settings are also on the Device Manager’s Properties Sheet. Under Priority and VLAN. You simply click to enable the priority. Simple, but so much more happens. Now this is important. If you want this to work at its absolute maximum it must be configured on all routers and switches and computers that you anticipate will be using the program you are implementing.
BIOS (on-board NIC)
This technology is used when the network connection device is built-in the the Motherboard and is controlled by UFEI or BIOS technology. In addition to the operating system settings much of what follows is configurable in the BIOS.
Well that’s it for 220-902objective 1.6! Hopefully you had as much fun reading it as we did writing it.
See you next time.