3.4 Miscellaneous Windows Features

3.4.5 Mobile Computing

 If you are a mobile user, you need to enable the use of certificates on your computer. Unless your system administrator pre configures your computer with machine and user certificates before you receive it, you must connect to your corporate network by using conventional, password-based authentication methods to get your machine and user certificates. At the time you connect, you join your computer to the corporate domain, obtain certificates, and set certificates policy. The next time you connect to the corporate network, you can use certificate-based authentication methods such as EAP.

 To enable the use of certificates on a computer, do the following:

Connect to the corporate network by using a dial-up or PPTP network connection, and authentication protocols such as MS-CHAP, or MS-CHAP v2. When you connect, your computer name joins the corporate domain and receives machine certificates.

 Request a user certificate. For more information about requesting certificates:

1. Open an MMC console that contains Certificates.
2. In the console tree, click a Certificates instance (such as Certificates – Current User or Certificates Computer Name).
3. Do one of the following:

·         If you are in Logical Certificate Stores view mode, click Personal.

·         If you are in Certificate Purpose view mode, click the appropriate certificate purpose mode.

·         On the Action menu, point to All Tasks, and then click Request New Certificate to start the Certificate Request wizard.

·         In the Certificate Request wizard, select the following information: 

                                       i.      The type of certificate you want to request.  (Optional if you have selected Advanced Options)

                                     ii.      The cryptographic service provider (CSP) you are using. (Optional - if you have selected Advanced Options) You can choose to enable strong private key protection. Enabling strong private key protection will ensure that you are prompted for a password every time the private key is used. This is useful if you want to make sure that the private key is not used without your knowledge. (Optional if you have selected Advanced Options) If you have more than one certification authority (CA) available, the name of the certification authority that will issue the certificate.

                                    iii.      A friendly name for your new certificate.

                                   iv.      After the Certificate Request wizard has successfully finished, click Install Certificate.

Notes:- If you have not already created an MMC console that contains Certificates.

You can use this procedure to request certificates from an enterprise certification authority only. To request certificates from a stand-alone certification authority, you need to request certificates via Web pages.

In order to request a Digital Signature Standard (DSS) certificate from an enterprise CA, you must select the User Signature Only certificate template in the Certificate Request wizard.

Create another connection that uses certificate-based authentication, and then connect again by using certificate-based authentication methods such as EAP or IPSec. For more information about enabling a connection to use a smart card or other certificate, see To enable smart card or other certificate authentication. You can avoid these steps by having your system administrator load machine and user certificates before you take your laptop out onto the road.

Note: For machine certificates to be received automatically, you must implement public key policies (by using Group Policy) that auto-enroll computers to receive certificates. If the machine certificate process is not automated, you must log on to your computer as an Administrator, install Certificate Services, and request a computer certificate.

To manage certificates for a computer

1. Log on to the system as an administrator.
2. Click Start, click Run, type mmc, and then click OK.
3. On the Console menu, click Add/Remove Snap-in, and then click Add.
4. Under Snap-in, double-click Certificates, click Computer account, and then click Next.
5. Do one of the following:
6. To manage certificates for the local computer, click Local computer, and then click Finish.
7. To manage certificates for a remote computer, click Another computer and type the name of the computer, or click Browse to select the computer name, and then click Finish.
8. Click Close.
9. Certificates Computer Name appears on the list of selected snap-ins for the new console.
10. If you have no more snap-ins to add to the console, click OK.
11. To save this console, on the Console menu, click Save.

     

3.4.6 Plug and Play

With Windows, it is simple to install a Plug and Play device. Just plug it in and Windows does the rest by installing any necessary drivers, updating the system, and allocating resources.

For example, you can dock a portable computer and connect to a network without changing the configuration. Later, you can undock that same computer and use a modem to connect to the network, again without making any changes to the configuration. Windows does it for you.

With Plug and Play, you can be confident that any new devices will work together properly and that your computer will restart correctly after you install or uninstall hardware.

Plug and Play also recognizes any new hardware when you start your computer and loads any drivers that the hardware device needs.

When you install or uninstall a hardware device, Plug and Play works with Windows Power Options to manage the power requirements of your hardware and peripherals, shutting them down or conserving power when you are not using them. And, if you are working in another program when you install or uninstall a device, Plug and Play lets you know that it is about to change your computer configuration and warns you to save your work. If something does go wrong, Plug and Play records the information in an Event Log.