A user may not be able to access the Internet with
Internet Explorer and may complain that "the Internet is down," but as a
technician you know there are lots of pieces between the user's system
and the Internet. One of those pieces is much more likely to be the
problem rather than the entire Internet.
If a system is not communicating
with other hosts, it's important to check the TCP/IP connectivity and
configuration information. A primary tool you can use to start checking
TCP/IP is the Network and Sharing Center, shown in Figure 1.
You can access the Network and Sharing Center via the Control Panel => Network And Internet group. You can quickly determine a lot about the connection from this page:
The computer name is DRG.
The
computer is connected to a network. If the connection had a problem,
there would be a yellow triangle or a red X on the line connecting the
computer to the network (see Figure 7.11).
The
known network name is Verizon Wireless – VZAccess 72. Networks can be
identified as public or private. The icon of a park bench is used to
represent a public network.
The
computer is connected to the Internet. If it wasn't connected to the
Internet, it would have a red X between the network and the Internet. In
addition, the Internet icon would be dimmed if the Internet wasn't
accessible.
The View Your Active
Networks section also shows that the connection is a public network. You
can click the Public Network link and change this to Home Network or
Work Network (both of which are considered private).
Figure 2
shows the icons for a different computer that has connectivity problems
with an unknown network and is not connected to the Internet. Notice
that this connection is listed as the Local Area Connection. This is the
default name for a wired network interface card.
The left panel of the Network and Sharing Center includes several links that can be used to configure networking:
Control Panel Home
This will return you to the main page of the Control Panel.
Manage Wireless Networks
If the
computer has wireless capabilities, this link appears. It can be used to
add and configure wireless profiles.
Change Adapter Settings
This link gives access to
all of the network adapters and connections on the system. This includes
wired adapters, wireless adapters, and virtual private network
connections if they've been added to the system.
Change Advanced Sharing Settings
Advanced sharing settings are used to configure different profiles such as a public or private profile (used for home or work).
1. Public vs. Private Networks
The first time Windows 7
connects to a network, the system will determine the type of network or
will prompt the user to identify the type of network. In general, a
network is identified as either Public or Private, and it can also be
identified as Domain.
Public
A public network is one that
is in a public place, such as in an airport or coffee shop. When the
network type is identified as Public, Windows Firewall is configured to
protect the client by refusing unsolicited connections. A user can
connect to the Internet to retrieve email or Internet pages because
these connections are solicited by the user. Anytime a computer has a
public IP address, Public should be selected as the network type.
Private
A private network is one
that is private for the user. For example, a corporate network or a home
network is commonly configured with the Private network type. Security
on the Windows Firewall is relaxed to improve usability within the
network. Private networks are typically protected with a router and a
firewall placed between the user and the Internet, and they can be
labeled as Home or Work.
Domain
If a computer is a member
of a domain and authenticates with a domain controller, it will be put
into a Domain network location. This is similar to a private network
where Windows Firewall is relaxed to improve usability within the
network.
Two important networking
elements are automatically set up when a computer is configured as a
Public, Private, or Domain network type: Windows Firewall exceptions and
Network Discovery.
1.1. Network Discovery
Network Discovery
is used to simplify the process of configuring and connecting
network-connected systems and devices. It is enabled by default in
private (nondomain) networks and can be enabled in a domain network with
Group Policy. It should remain disabled in public networks to prevent
clients from connecting to the system and accessing resources.
Several protocols work
together to enable the Network Discovery feature. The Function Discovery
Provider Host service and Web Services Dynamic Discovery service are
both used by Windows 7 to locate other Windows Vista or Windows 7
clients on the same subnet. The Simple Service Discovery Protocol is
then used to identify devices that support these protocols.
|
Network Discovery is limited to
the same subnet. The Network Discovery messages are not passed by
routers, so any clients on different subnets will not be located or
discovered using Network Discovery.
|
|
As an example, Media
Center Extender Devices (such as Microsoft's Xbox 360) use the Network
Discovery protocol. When the Xbox 360 is on the same subnet and Network
Discovery is enabled, clients can easily connect and use all of the
features available, such as watching movies in one room from the Xbox
360 in another room.
Network Discovery is automatically configured for the different types of networks as follows:
Public
Network Discovery is
disabled by default. This prevents other clients in a public network
from seeing or discovering the Windows 7 client.
Private (home or work)
Network Discovery is
enabled by default in private network types. This is useful in home
networks and small-office networks where users share resources with
others, and it allows the clients to easily discover each other.
Domain
Network Discovery is disabled by default in domain networks, but it can be enabled with Group Policy.
When Network Discovery is
enabled, the system can also create a Network Map. The Network Map
identifies all of the discoverable clients on the network that have
Network Discovery enabled. If the network has a path to the Internet,
this path will also be displayed in the map.
Two protocols must be
running to support the Network Map feature. Both can be enabled on the
network adapter property page. They are
The Link-Layer Topology
Discovery Mapper service is also used by Network Discovery. This service
is set to Manual and is started when needed by Network Discovery. If
the service is set to Disabled, the Network Mapping feature will fail.
1.2. Windows Firewall Exceptions
Most firewalls are configured
with an implicit deny policy, where all traffic is blocked except for
some specific exceptions. Exceptions are identified with rules that
specifically identify what traffic is allowed.
Windows Firewall is configured as follows for the different network types:
Public
All unrequested incoming
traffic is blocked. Exceptions can be created to allow specific traffic
if desired. Clients will still receive requested traffic. For example,
if a user accesses msnbc.com using a web browser, the msnbc.com web page will be displayed.
Private (home or work)
The firewall is configured
to allow connections with other clients in the network. Computers can
share resources that are accessible by others, assuming they have the
correct permissions.
Domain
The firewall is
configured similarly to a private network. Network administrators may
need to configure other exceptions via Group Policy to allow specific
traffic within the network, depending on the applications used in the
domain.
1.3. Network List Manager Policies
Network List Manager
Policies are included as part of the Group Policy and Local Security
Policy settings. These settings affect how networks are identified
(public or private) by the system when the user is not prompted to
select a network type.
Figure 3
shows the Local Security Policy console with Network List Manager
Policies selected. You can access this console by clicking Start, typing
Secpol.msc, and pressing Enter, or by selecting Local Security Policy from the Administrative Tools menu.
Network types you may see here are as follows:
Unidentified Networks
An unidentified network is one that can't be identified because of a network issue or a lack of identifiable characteristics.
Identifying Networks
This is a temporary state of a network until it has been identified or Windows 7 has determined it cannot identify it.
All Networks
This includes settings for all networks whether they are identified or not.
Named Networks
A named network is usually a wireless network. Figure 3
shows the name of the Verizon Wireless – VZAccess 72 network because
the system is currently connected to that wireless network.
NOTE
If a network is set to
Public, preventing any external connectivity or the use of Network
Discovery, and you can't modify the settings, you should check the
Network List Manager Policies. These may be controlled by a GPO in a
domain or by the local security policy in a workgroup.
When troubleshooting
issues, you should focus on the properties of the Unidentified Networks
and All Networks settings. The properties are shown in Figure 4.
When the Unidentified
Networks settings are configured, they can ensure that unidentified
networks are automatically configured as Public (preventing the use of
Network Discovery and outside connections). The user permissions can
also be configured so that users cannot change the location type. It's
also possible to prevent the user from modifying any of the network
settings from the All Networks Properties page.
2. Changing Advanced Sharing Settings
If you click the Change
Advanced Sharing Settings link in the Network and Sharing Center, you'll
have access to many of the settings for the different profiles (Public
or Private).
Figure 5
shows the Advanced Sharing Settings page with some of the Home Or Work
settings. As a reminder, the Home Or Work selections are considered
private, and the Public selection should be chosen when connected to a
network in a public place.
You can access the
following settings from this page. Once a setting is selected and
configured, it will apply to all network connections using this profile.
For example, if you disable the Home Or Work setting for Network
Discovery, Network Discovery will be disabled for all private network
connections.
The following settings can be configured on this page:
Network Discovery
When enabled, other
computers can see this computer and this computer can see other
computers. This is turned on by default for private networks and turned
off for public networks.
File And Printer Sharing
When turned on, files
and printers shared on this computer can be accessed over the network by
other users. This is turned off by default for private networks and
public networks.
Public Folder Sharing
This allows other people
to access files in the public folders. This is turned off by default for
private networks and public networks.
Media Streaming
When enabled, media
files (such as pictures, music, and videos) stored on this computer can
be accessed. This is off by default on both private and public networks.
File Sharing Connections
This uses stronger
128-bit encryption to protect file-sharing connections, but you can
weaken security to use 40- or 56-bit encryption for devices if
necessary.
