Which of the following command line tools are used to join a computer to a domain?

BranchCache

BranchCache is like DNS cache but for files in remote locations. When a Windows 7 user requests a file from a remote location, for example, headquarters or a data center server, the file is pulled from the remote location once and then stored on the requester's machine or a Windows Server 2008 R2 server with BranchCache enabled. Any other user on the same network that requests the same file from the remote site will pull it from the original requester or the Windows 2008 R2 server. This is a great feature introduced in Windows 7 with Windows Server 2008 R2. As the economic trend leads to budget cuts and a push to “do more with less,” this feature can assist in lowering bandwidth costs between sites.

BranchCache can work in one of two modes, Hosted Cache or Distributed Cache. With Hosted Cache mode, a server in the remote office running Windows Server 2008 R2 will download the requested file and host it for the other requesters. With Distributed Cache mode, a Windows Server 2008 R2 server is not required in the remote office as the original requester will cache the file and distribute it to other requesters.

It is important to note that BranchCache will only serve files to users with the right permissions. BranchCache will also continue to communicate with the original server to ensure the file is current. As a passive cache, BranchCache will only cache the file once the first user requests the file from the remote location. Furthermore, this feature will only cache read requests, not write requests.

BranchCache supports file caching for Web requests using HTTP and HTTPS protocols as well as SMB. It also works with SSL and IPSec encryption. BranchCache requires Windows Server 2008 R2 in the remote site and Windows 7 clients or another Windows Server 2008 R2 server in the cache site. Enabling BranchCache will be discussed in Chapter 6, “Networking and Mobility,” as it requires configuration of the server and client.

DirectAccess

Windows 7 Enterprise and Ultimate editions with Windows Server 2008 R2 introduce a new feature, DirectAccess, which allows remote users to securely access enterprise shared drives, Web sites, and applications without connecting to a virtual private network (VPN). This is possible because DirectAccess establishes a bidirectional connection with a user's enterprise network every time the system connects to the Internet. This connection occurs even prior to the user logging on. Allowing continuous connectivity to the enterprise environment has many benefits, such as simplicity for end users, network, and IT administrators.

DirectAccess uses IPv6 as it uses globally routable addresses. If your organization is not yet moving to IPv6, other options like 6to4, Teredo, and NAT-PT may be configured for similar functionality. This will be expanded on in Chapter 4, “The New Windows 7 Desktop Environment,” although most of the configuration is on Windows Server 2008 R2 side.

HomeGroup

As the name suggests, HomeGroup is aimed at home users and networks. This feature allows for easy sharing of files and printers in a home network. HomeGroup uses a password to secure the home network. A user can share pictures, documents, music, printers, and/or videos. Creating a HomeGroup is only possible on Home Premium, Professional, Enterprise, and Ultimate editions while any edition can join a current HomeGroup. More details on HomeGroup will be referenced in Chapter 6, “Networking and Mobility.”

Configuring a HomeGroup is very simple and user friendly. When connecting to a home network for the first time, the network configuration wizard will pop up and ask the user what type of network the system is connected to, as shown in Figure 1.12.

It is important that users be trained to select the correct network because the Windows Firewall settings depend on the network that is selected. When Home network is selected, the system will scan the network for a HomeGroup. It will then prompt the user to select what items should be shared in the HomeGroup, as shown in Figure 1.13. If there is already a HomeGroup created in the home network, then a password will be requested. Once the user inputs that password once, Windows 7 will detect and connect to that HomeGroup every time the system is on the network. If a HomeGroup is not detected, the step after selecting what to share will create one and create a password as shown in Figure 1.14. This password should be stored safely and only given to trusted users on the network that wish to connect to the HomeGroup.

Internet Explorer 8

IE 8 was released on March 19, 2009 for Windows XP operating systems and above as an optional update. On Windows 7 and Windows Server 2008 R2 systems, it is the default browser. For security reasons alone, it is highly recommended to upgrade to IE 8 on all Windows systems. IE 8 will be further discussed in Chapters 4, “The New Windows 7 Desktop Environment,” and Chapter 8, “Securing Windows 7.” This should serve as a brief introduction to the new features of IE 8. It is noteworthy to point out that most of these features can be enabled and disabled from IE options by clicking Tools on the top-right corner of the IE 8 window as shown in Figure 1.15.

Following are the few new features that should be understood by administrators and end users for using and configuring IE 8:

Accelerators – plug-ins or add-ons much like third-party browsers allow users to perform common tasks, such as blogging, e-mail, searching, translating, etc., quicker from within IE.

Compatibility View – toolbar to display Web sites with IE 7 rendering, necessary due to Microsoft not following any standards when it comes to Web browsing.

Security Features – the most important reason to move to IE 8. End user training is critical for these features to be effective.

Cross Site Scripting (XSS) Filter – XSS is one of the most used attacks against Web browsing users. IE 8 provides a filter for these types of end user attacks by alerting the user and disabling the harmful scripts.

DEP – prevents code from being written to executable memory. A feature available for the entire operating system now protects Web users.

Domain Highlighting – a basic feature that highlights the domain name of the site the user is browsing to in the address bar. This assists trained Web users to visually identify the integrity of the site to avoid phishing and malware sites.

InPrivate – IE 8 mode that does not leave traces of browsing history, Internet files, form data, cookies, usernames and passwords, and other private data on the computer.

SmartScreen – set of technologies to detect and block possible malicious Web sites and downloads. IE 8 detects such malicious intent and notifies the user and/or blocks the attempt.

Web Slices – allows for subscribing to compatible Web sites from within IE 8 to later view the site's content without actually visiting the Web site. The Web sites must be compatible by following a standardized HTML markup format. Compatible sites will show a green slice on the top right of the IE 8 window next to the home button.

Offline Domain Join

Since Windows NT4, client machines have been able to join Windows domains as long as a direct connection to the domain controller was present. With Windows 7 and Windows Server 2008 R2, there is now a way to join an offline client to a domain. A new program called djoin.exe has been introduced to perform this task. Like previous versions of Windows, joining a domain is only available on Professional, Enterprise, and Ultimate editions. This feature will be explained more in-depth in Chapter 6, “Networking and Mobility.”

VPN Reconnect

Apart from DirectAccess, Windows 7 also introduces a feature called VPN Reconnect. This feature will be useful for the mobile user that must connect to the corporate network from the road. Prior to VPN Reconnect, if the Internet connection experienced connection issues for a mobile worker that was connected to VPN, the VPN would disconnect and not reconnect when the Internet connection returned. VPN Reconnect resolves that issue by automatically reconnecting to the VPN within the network outage time, as shown in Figure 1.16. VPN Reconnect uses IPsec Tunnel Mode that uses IKEv2. This requires configuration of the VPN server and the VPN client. This feature will be fully explained in Chapter 6, “Networking and Mobility.”

Windows Mobility Center

Windows 7 has improved the Mobility Center for managing mobile options for laptops, notebooks, netbooks, tablets, etc. The mobility center allows for easy management of display brightness, volume control, power options, wireless networking, external display, sync center, and presentation settings as shown in Figure 1.17. All these options have been available in prior versions of Windows but not in an easy-to-use central console. This is definitely a feature that end users should be educated about. This feature is only available on mobile computers and can be started manually from C:\Windows\System32\mblctr.exe.

Windows Connect Now

Windows Connect Now was introduced in Windows XP Service Pack 2 but Windows 7 promises more compatibility and easier setup. This feature makes setting up a wireless network quicker and easier for the end user. The Windows 7 system will connect to the wireless access point or router and automatically set up the device. Once the device is configured, it will automatically set up the computer to connect to the device and save the configuration on USB to easily configure other devices. If the device is already setup, the connection wizard for wireless networking has also been improved for quicker and easier connectivity to already configured wireless networks, as shown in Figure 1.18. This feature will most likely be used by home users and does require the wireless router or access point to be compatible with Windows 7.

Connecting to a network is much simpler in Windows 7:

Click the network or wireless logo on the notification area as shown in Figure 1.18

Click the network that you need to connect to.

If it is password protected, input the password and click Connect.