The Cable Guy - Column Archives
Enable Connectivity and End-to-End Solutions Using Windows Networking Technologies
This article describes the new templates feature and local log file and SQL logging options in NPS.
This article describes how to connect to 802.11 wireless networks and manage wireless network profiles with Windows 7.
This article describes how DirectAccess and NAP can be used together to enforce system health requirements before allowing a DirectAccess client access to the intranet.
This article describes the changes to the DNS Client service, including new name devolution behavior, the Name Resolution Policy Table (NRPT), and DNS Security (DNSSEC).
This article describes the new features and integrated support for network diagnostics and event tracing in Windows 7.
This article describes name resolution and network location detection for DirectAccess clients and how to plan for network location detection in your network.
This article from TechNet Magazine describes the Name Resolution Policy Table (NRPT) in the latest versions of Windows, how it works, and how to configure NRPT rules using Group Policy.
This article from TechNet Magazine describes the operation and security of BranchCache, the new WAN optimization technology in the latest versions of Windows.
This article from TechNet Magazine describes the new features of IPv6 in the latest versions of Windows, including HomeGroup, DirectAccess, and enhanced support for IPv6 transition technologies.
This article from TechNet Magazine describes how you can use Network Access Protection (NAP) to evaluate and automatically correct system health on managed computers that are roaming on the Internet.
This article from TechNet Magazine describes how DirectAccess uses a combination of technologies to provide seamless access to intranet resources and how it allows you to reduce the number of remote access-related servers in your edge network.
This article from TechNet Magazine describes how Network Access Protection (NAP) health policy evaluation works and how to troubleshoot the most common issues with NAP enforcement.
This article from TechNet Magazine describes how to configure IEEE 802.1X authentication settings on wired connections for computers running Windows Vista or Windows Server 2008.
This article from TechNet Magazine describes the new features of the Domain Name System (DNS) Server service in Windows Server 2008.
This article from TechNet Magazine describes the features and enhancements to Network Policy Server (NPS) in Windows Server 2008, the replacement for the Internet Authentication Service (IAS) in Windows Server 2003.
This article from TechNet Magazine describes how Wireless Single Sign On in Windows Vista provides a more seamless logon for users and allows you to configure when to perform wireless network authentication to address domain logon issues and VLAN configurations.
This article from TechNet Magazine describes the details of the Authenticated Internet Protocol (AuthIP), an enhanced version of the Internet Key Exchange (IKE) protocol for Internet Protocol security (IPsec)-protected communication.
This article from TechNet Magazine describes how the strong and weak host models for multihomed hosts work for the Next Generation TCP/IP Stack in Windows Vista.
This article from TechNet Magazine describes how Windows Vista performs stateful and stateless address autoconfiguration for LAN and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling interfaces.
This article from TechNet Magazine describes how IPv6 traffic can be sent over virtual private network (VPN) connections that are established across the IPv4 and IPv6 Internets using Windows Vista, Windows Server 2008, Windows XP, and Windows Server 2003.
This article from TechNet Magazine describes how the Secure Socket Tunneling Protocol (SSTP) uses the HyperText Transfer Protocol (HTTP) over secure sockets layer (SSL) for remote access VPN connections across network address translators (NATs), firewalls, and proxy servers.
This article from TechNet Magazine describes the new architecture in Windows Vista and Windows Server 2008 to support Extensible Authentication Protocol (EAP) supplicants and authentication methods.
This article from TechNet Magazine describes the enhanced wireless Group Policy settings that are supported by wireless clients running Windows Vista or Windows Server 2008.
This article from TechNet Magazine describes how Dynamic Host Configuration Protocol for IPv6 (DHCPv6) can provide IPv6 hosts with stateful addresses or stateless configuration settings.
This article from TechNet Magazine describes how Quality of Service (QoS) is supported in current and future versions of Microsoft Windows.
This article from TechNet Magazine describes how Windows Vista uses TCP Receive Window Auto-Tuning to optimize TCP throughput for received data.
This article describes how IPv6 packets are sent over Point-to-Point Protocol (PPP) links and the IPv6 Control Protocol (IPV6CP), which configures IPv6 options during the PPP connection negotiation.
This article describes how the new Link-Local Multicast Name Resolution (LLMNR) protocol in Windows Vista provides name resolution for computer names on a subnet without a Domain Name System (DNS) server.
This article describes how ECN helps prevent packet losses on congested networks and how ECN is supported in Windows Vista.
This article describes the new network location types in Windows Vista and the default security settings for each type (Domain, Private, and Public).
This article describes the Authenticated Internet Protocol (AuthIP) in Windows Vista, an enhanced version of the Internet Key Exchange (IKE) protocol that provides simplified IPsec policy configuration and additional authentication flexibility.
This article describes the new Network Diagnostics Framework in Windows Vista that diagnoses and corrects network connectivity problems.
This article describes how the Windows Server 2003 Scalable Networking Pack helps you scale your networking applications and services.
This article describes how to configure Internet Protocol version 6 (IPv6) settings with Microsoft Windows Vista.
This article describes the improvements for connecting to an IEEE 802.11 wireless network with Windows Vista.
This article describes the architecture of the new Policy-based Quality of Service (QoS) feature in Windows Vista and Windows Server 2008 and how it marks or throttles outgoing traffic.
This article describes the IPv6 source and destination address selection algorithms and provides an example of their use.
This article describes the features of the new Windows Firewall in Windows Vista and Windows Server 2008.
This article describes the various types of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports that are available to Windows Sockets applications and their ranges for Windows XP and Windows Server 2003.
This article describes the performance enhancements of the Next Generation TCP/IP stack, which include Receive Window Auto-Tuning, enhancements for wireless traffic, and improved routing path detection and recovery.
This article describes the new features for IPv6 and the Teredo IPv6 transition technology in the Next Generation TCP/IP stack.
This article describes the Next Generation TCP/IP stack, which is a complete redesign of TCP/IP functionality for both Internet Protocol version 4 (IPv4) and IPv6 in Windows Vista and Windows Server 2008.
This article describes the details of the Wi-Fi Protected Access 2 (WPA2) implementation of the Advanced Encryption Standard (AES) Counter Mode Cipher Block Chaining-Message Authentication Code (CBC-MAC) protocol (CCMP) for encryption, decryption, and data integrity validation of 802.11 wireless frames.
This article describes the Network Access Protection (NAP) platform for Windows Server 2008 and Windows Vista, which provides components and an infrastructure to enforce compliance with computer health requirements for network access and communication.
This article describes the basic architecture of the TCP/IP protocol for IP version 4, the additional components that process packets, and the packet processing path for unicast traffic sent, received, and forwarded by Windows-based computers.
The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) Update for Windows XP with Service Pack 2 is a free download that updates the wireless client components in Windows XP with Service Pack 2 to support WPA2. This article describes the features of WPA2 security and WPA2 support included with the update.
This article describes how computers running Windows XP or Windows Server 2003 behave when they have simultaneous connectivity to both wired and wireless networks.
This article describes the tasks and tools to gather information and test networking components when troubleshooting an arbitrary problem with IPv6 in Windows.
This article describes the IPsec filter list, which is the end result of applying an IPsec policy. The IPsec filter list specifies the exact set of interesting IP traffic and how the traffic is to be handled (permitted, blocked, or secured) and is ordered based on a weight value calculated by the IPsec Policy Agent component.
This article lists a set of tools that you can use to test network paths for specific types of traffic and describes how to use the tools for the most common types of traffic that are dropped by firewalls installed in a Windows networking infrastructure.
This article describes the new networking features and enhancements that are included in Windows Server 2003 Service Pack 1 to support server services and operations.
This article describes the details of Temporal Key Integrity Protocol (TKIP) and Michael in the Wi-Fi Protected Access (WPA) standard for encryption, decryption, and data integrity validation of 802.11 wireless frames.
This article discusses the pitfalls of network address translators (NATs) when using multiparty applications, peer-to-peer applications, and Internet Protocol security (IPsec) NAT-Traversal (NAT-T).
This article explains the basics of Mobile IPv6 and how it allows an IPv6 node to remain reachable regardless of its location on an IPv6 network.
This article reviews the enhancements included in Windows XP Service Pack 2 (SP2) to support Institute of Electrical and Electronic Engineers (IEEE) 802.11-based wireless local area networks (LANs).
PMTU black hole routers can cause problems for TCP connections by silently dropping packets that cannot be fragmented. This article describes how to detect and work around PMTU black hole routers.
The Wireless Network Setup Wizard in Windows XP with Service Pack 2 automates the configuration of strong security for small wireless networks by using a Universal Serial Bus (USB) flash drive (UFD). Once created, you can plug the UFD into other wireless devices in the home or small office that support Windows Connect Now.
The networking components of Windows XP and Windows Server 2003 must determine whether or not the computer is attached to a managed network containing the domain controllers of the domain to which the computer belongs or another network in order to correctly apply a set of network-related Group Policy settings, such as Windows Firewall settings.
The Routing and Remote Access service in Windows Server 2003 supports both Windows and Remote Authentication Dial-In User Service (RADIUS) authentication and accounting providers. This article describes how to configure the Routing and Remote Access service for the RADIUS authentication and accounting providers and how to configure the Internet Authentication Service (IAS) for a RADIUS client corresponding to a Routing and Remote Access server.
Local Server-Less Domain Name System (LSLDNS), also known as multicast DNS, is a new capability in the IPv6 protocol included with Windows CE version 4.1 and later that allows nodes to resolve each other's names on a network segment without using DNS servers.
Windows XP SP2 includes the new Windows Firewall, which replaces the Internet Connection Firewall (ICF). This article describes the new dialog boxes for Windows Firewall and describes what can be configured on each dialog box.
Windows XP Service Pack 2 includes new networking features to provide enhanced security and additional functionality for wireless users and peer-to-peer network applications. They are: the new Windows Firewall, Wireless Provisioning Services, Windows Peer-to-Peer Networking, and updates to IPv6.
Wireless Provisioning Services (WPS) is designed to simplify, automate, and standardize initial sign-up and subscription renewal so that the user does not have to perform a different set of steps for each wireless provider to which they want to connect. This article describes the infrastructure and process when a wireless client initially connects to a public wireless hotspot that is providing access to the Internet.
Peer-to-peer networking enables or enhances real-time communications (RTC), collaboration, content distribution, and distributed processing. To address the need for platform-based peer-to-peer networking capabilities, Microsoft has developed and released Windows Peer-to-Peer Networking for Windows XP with SP2 and for Windows XP with Service Pack 1 (SP1) with the Advanced Networking Pack for Windows XP, a free download.
When a Windows-based VPN client makes a VPN connection, it automatically adds a new default route for the VPN connection and modifies the existing default route that points to the Internet to have a higher metric. Adding the new default route means that Internet locations except the IP address of the VPN server are not reachable for the duration of the VPN connection. This article describes how to configure split tunneling, so that both intranet and Internet locations are simultaneously reachable.
Learn how to configure the setting for one or multiple default gateways. The default gateway setting, which creates the default route in the IP routing table, is a critical part of the configuration of a TCP/IP host. Without a default gateway, communication with remote destination is not possible unless additional routes are added to the IP routing table.
This article describes the IP address assignment behavior of the Routing and Remote Access service when the remote access client is configured to obtain an IP address automatically, when the remote access policies for remote access connections are configured to allow the remote access server to supply an address, and when the dial-in properties of the user account are not configured to use a static IP address.
To automate the configuration of wireless network settings for Windows XP with SP2, Windows XP with SP1, and Windows Server 2003 wireless client computers, Windows Server 2003 Active Directory domains support a new Wireless Network (IEEE 802.11) Policies Group Policy extension. This new extension allows you to configure wireless network settings that are part of Computer Configuration Group Policy for a domain-based Group Policy object.
In order to use the Pragmatic General Multicast (PGM) on computers running Windows Server 2003, you must add the Reliable Multicast Protocol component and create PGM-enabled applications.
A NAT forwards traffic from the Internet to the private network if a specific mapping exists in the NAT's translation table. However, this behavior creates a connectivity problem when you want to make private network resources available to Internet clients. Learn how to resolve this issue by allowing traffic for services located behind the NAT computer.
Windows Peer-to-Peer Networking is a developer platform (which runs exclusively over IPv6) that you can use to create peer-to-peer applications for computers running Windows XP. The enhancements to IPv6 included in the Advanced Networking Pack for Windows XP include: IPv6 Internet Connection Firewall (ICF) and Teredo. Learn more about these features and how they work.
To provide an interim solution to the remaining issues of IEEE 802.11 security and Wired Equivalent Privacy (WEP) encryption, a new interoperable standard known as Wi-Fi Protected Access (WPA) is being made available now from wireless vendors. This article describes the security features of WPA and the changes that need to be made to wireless equipment and wireless client software, including Windows, to support WPA.
A remote access computer can typically access private network resources even when its configuration does not comply with organization network policy. For example, network policies might require the use of an antivirus programs or the disabling of routing on remote access clients. This article describes Windows Server 2003 Network Access Quarantine Control, a new feature that delays normal remote access to a private network until the configuration of the remote access computer has been examined and validated by an administrator-provided script.
The Point-to-Point Tunneling Protocol (PPTP) is widely used for virtual private network (VPN) connections. This article describes the PPTP control connection and PPTP tunneled data and includes discussions of firewall configuration, Network Address Translator (NAT) editors, and the PPTP connection establishment, maintenance, and termination processes.
Microsoft 802.1X Authentication Client is a free download that enables computers running Windows 2000 with Service Pack 3 to use IEEE 802.1X to authenticate network connections (including wireless). This article describes how to install and configure Microsoft 802.1X Authentication Client and obtain certificates. Microsoft 802.1X Authentication Client is included with Windows 2000 Service Pack 4 (SP4).
Windows XP Wireless Auto Configuration dynamically connects to wireless networks based on the set of available networks and the set of configured preferred networks. This article describes Wireless Auto Configuration, its user interface, and how it works to automatically connect your wireless computer to the most preferred wireless network.
Learn about the IPv6 routing table: its structure, the types of entries, and how the route determination process works. Additionally, this article describes an example routing configuration, example IPv6 routing tables, and how the IPv6 protocol determines the next-hop address and interface for various destinations.
In a few cases, an IPv6 host running Windows Vista, Windows XP, or Windows Server 2003 must be manually configured with IPv6 addresses or to act as routers. This article describes how to manually configure IPv6.
This article examines the problems associated with using IPsec across NATs, how these problems are solved by IPsec NAT-T, and the resulting changes in the Internet Key Exchange (IKE) negotiation for Quick Mode and Main Mode.
Secure wireless access for small businesses is obtained through the use of Protected EAP (PEAP) with the Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAP v2) EAP type (known as PEAP with MS-CHAP v2), supported by Windows XP with SP2, Windows XP with SP1, Windows Server 2003, and Windows 2000 SP4.
To ensure successful and secure communication for IPsec, the Internet Key Exchange (IKE) protocol performs a two-phase negotiation. For the IPsec implementation in Windows 2000 and Windows XP, the two phases are Main Mode and Quick Mode.
Microsoft L2TP/IPsec VPN Client supports the use of either certificates or pre-shared keys for IPsec main mode authentication.
Learn how Windows supports IEEE 802.1X authentication for LAN-based network adapters, including Ethernet and wireless.
Learn about the basic components of wireless networking and how Windows XP provides built-in support for IEEE 802.11b.
Windows 2000 supports IP multicast. IP multicast traffic is sent to a single destination IP address but is received and processed by multiple IP hosts, regardless of their location on an IP internetwork.
Transparently combine multiple LAN segments to form a single network segment using Windows XP's Layer 2 and Layer 3 bridging.
When an IP packet is forwarded, the IP routing table is used to determine the next-hop address and interface.
Use the Netsh command-line and scripting utility to configure Windows 2000 networking components on the local computer or remote computers.
Learn how to deploy demand-dial routing for the router-to-router VPN connection.
Connection Manager (CM) is the solution for issues associated with configuring dial-up or VPN connections for an enterprise and for outsourced dial configurations.
Secure your connection using the L2TP protocol with IPsec encryption.
Simplify remote access, virtual private network, or routing configuration by using the Routing and Remote Access Server Setup Wizard in Windows 2000 Server.
Protect traffic between computers (using IPsec policy) and learn how to use IPsec for port blocking.
The solution to keeping DNS current in a DHCP environment is DNS dynamic updates.
Leverage the use of a single connection to the Internet for multiple computers, using NAT.
Take steps to plan and set up a remote access VPN server so that individual computers can connect to your organization's intranet.
Take a quick look at how to design a DNS namespace.