The Off (Disabled) state means

■ The computer cannot discover other computers and devices on the network.

■ Other computers on the network cannot discover the computer.

Typically, you will find that a network adapter is set as public before you join a computer to the domain. Network Explorer, shown in Figure 7–1, displays a list of discovered computers and devices on the network. To access Network Explorer, tap or click File Explorer on the Start screen. In File Explorer, tap or click the location path selection button, and then tap or click Network.

FIGURE 7–1 Use Network Explorer to browse network resources.

The computers and devices listed in Network Explorer depend on the network discovery settings of the computer, the operating system, and whether the computer is a member of a domain. If discovery is blocked and a server running Windows Server 2012 R2 is not a member of a domain, you’ll get a warning message about this. When you tap or click the warning message and then select Turn On Network Discovery And File Sharing, you enable network discovery, file sharing, and printer sharing. In addition, related Windows Firewall ports open.

Network And Sharing Center, shown in Figure 7–2, provides the current network status, in addition to an overview of the current network configuration. In Control Panel, you can access Network And Sharing Center by tapping or clicking View Network Status And Tasks under the Network And Internet heading.

FIGURE 7–2 View and manage network settings with Network And Sharing Center.

Network And Sharing Center provides an overview of the network. The value below the network name shows the category of the current network as Domain Network, Private Network, or Public Network. The Access Type box specifies whether and how the computer is connected to its current network. Values for this option are No Network Access, No Internet Access, or Internet. If you tap or click the name of a network connection, you can display the related status dialog box.

Tapping or clicking Change Adapter Settings displays the Network Connections page, which you can use to manage network connections. Tapping or clicking Change Advanced Sharing Settings provides options for configuring the computer’s sharing and discovery settings for each network profile. To manage a profile, expand the profile’s view panel by tapping or clicking the Expand button (showing a down arrow), tap or click the setting with which you want to work, and then tap or click Save Changes. To turn on or off network discovery, tap or click Turn On Network Discovery or Turn Off Network Discovery as appropriate, and then tap or click Save Changes.

From Network And Sharing Center, you can attempt to diagnose a networking problem. To do this, tap or click Troubleshoot Problems, and then tap or click a troubleshooter to run, such as Incoming Connections or Network Adapter, and then follow the prompts. Windows Network Diagnostics then attempts to identify the network problem and provide a possible solution.

NOTE To quickly access Network Connections without opening Network And Sharing Center, enter ncpa.cpl in the everywhere search box. Alternatively, enter ncpa.cpl at a command prompt or a Windows PowerShell prompt.

In Group Policy, you’ll find network management policies for both wired networks (IEEE 802.3) and wireless networks (IEEE 802.11) are located in the Administrative Templates for Computer Configuration under Windows Settings\Security Settings. Only one wired policy and one wireless policy can be created and applied at a time. This means you can establish both a wired policy and a wireless policy for computers running Windows Vista and later releases of Windows. You also can create a wireless policy for computers running Windows XP.

If you press and hold or right-click the Wired Network (IEEE 802.3) node, you can create a policy for Windows Vista and later releases that specifies whether the Wire AutoConfig service is used to configure and connect these clients to 802.3 wired Ethernet networks. For Windows 7 and later releases of Windows, you have options for preventing the sharing of user credentials and for specifying whether to prohibit computers from making autoconnection attempts to the network for a specified amount of time.

If you press and hold or right-click the Wireless Network (IEEE 802.11) node, you can create separate policies for Windows XP computers and computers running later releases that enable WLAN autoconfiguration, define the specific networks that can be used, and set network permissions. For Windows 7 and later releases of Windows, you have options for preventing the sharing of user credentials, for specifying whether to prohibit computers from making autoconnection attempts to the network for a specified amount of time, and for preventing the use of hosted networks.

Windows Vista SP1 or later and later releases of Windows support several wired and wireless enhancements. These enhancements enable users to change their password when connecting to a wired or wireless network (as opposed to using the Winlogon change password feature), to correct a wrong password entered during sign on, and to reset an expired password-all as part of the network logon process.

Network security enhancements include the following:

■ Secure Socket Tunneling Protocol (SSTP)

■ Secure Remote Access (SRA)

■ CryptoAPI Version 2 (CAPI2)

■ Online Certificate Status Protocol (OCSP) extensions

■ Port preservation for Teredo

■ Remote Desktop Protocol (RDP) file signing

Secure Socket Tunneling Protocol allows data transmission at the data link layer over an HTTPS connection. Secure Remote Access enables secure access to remote networks over HTTPS. Together these technologies enable users to securely access a private network by using an Internet connection. Secure Socket Tunneling Protocol and Secure Remote Access represent improvements over the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol/Internet Protocol Security (L2TP/ IPsec) protocols because they use the standard TCP/IP ports for secure web traffic, and this allows them to traverse most firewalls in addition to Network Address Translation (NAT) and web proxies.

Secure Socket Tunneling Protocol uses HTTP over Secure Sockets Layer (SSL), which is also known as Transport Layer Security (TLS). HTTP over SSL (which uses TCP port 443) is commonly used for protected communications with websites. Whenever users connect to a web address that begins with https://, they are using HTTP over SSL. Using HTTP over SSL solves many of the virtual private network (VPN) protocol connectivity problems. Because SSTP supports both IPv4 and IPv6, users can establish secure tunnels using either IP technology. Essentially, you get VPN technology that works everywhere, which should mean that you receive far fewer support calls.

CAPI2 extends support for public key infrastructure (PKI) and X.509 certificates and implements additional functionality for certificate path validation, certificate stores, and signature verification. One of the steps during certificate path validation is revocation checking, which involves verifying the certificate status to ensure that it has not been revoked by its issuer; this is where Online Certificate Status Protocol comes into the picture.

OCSP is used to check the revocation status of certificates. CAPI2 also supports independent OCSP signer chains and specifying additional OCSP download locations on a per-issuer basis. Independent OCSP signer chains modify the original OCSP implementation so that it can work with OCSP responses that are signed by trusted OCSP signers that are separate from the issuer of the certificate being validated. Additional OCSP download locations make it possible to specify OCSP download locations for issuing CA certificates as URLs that are added as a property to the CA certificate.