|
HAVE I HELPED? |
THE MOTHER OF ALL BATTLES
If you already have a basic network, and are interested in sharing folders and files and printers, then here I have accumulated a wealth of tips and caveats about "windows networking." What a battle......... If you are just starting out trying to connect two or more PCs together, along with your Internet connection, you may need to take our "Basic Networking Course." Come back here when you have graduated...!
OK, OK, I know. You don't want to sort thru those 10 million sites on Windows networking. You want it straight from the horse's mouth, no page after page of fancy graphics [I have really stunned you with my graphical design capabilities on this website, have I not!]. All right, you asked for it, you got it!
First of all there is a so-called "browser" service used by Windows PCs for locating PCs and services, such as shared documents, folders, and printers on a network. Basically, the PCs fight it out amongst themselves as to who is the "master browser." The master browser is top dog in the windows networking world. He is the guy who keeps the information that all the other PCs go to when they need to paint those pretty little maps in "network Neighborhood" and "My Network Places." This browsing service is real nice, except it has a great big problem. When you start turning PCs on and off, these maps of course have to be updated to reflect what is "available" and NOT available. There are humungous [great word....] timeout periods that the master browser endures in order to declare a PC officially "there" or "not there." In addition there are all kinds of rules. NT4 or WIn2K have precedence over Win98. Server has precedence over workstation. You get the picture. So when you turn off your master browser machine they have to go thru the whole procedure and then the whole timeouts, etc. When you are having trouble with your little Windows PC and you start power cycling it, you can imagine that the browser service can get all screwed up in it's representation of what is actually available out there! So beware of the browsing service! You may have to go away and then come back in an hour and the maps .....might.... represent what is actually available out there. Win95 I have found can be a real problem in this assemblage of august PCs. If you know how, you need to go and TELL Win95 never to be master browser. This site contains some more info about the browsing service.
Now we don't HAVE to wait for this browser service to settle down. Remember, it just provides nice little icons to show us visually what is shared out there in Windows land. Of course the shares are there as soon as the PC is up and running. So we can outsmart the browser service. The problem here is that you need to know the exact name of the "share" in order to "mount" it. See 10 below. The browser service simply lets us "browse" to it and not have to remember the name. Microsoft tries to do things like this....
These are my 10 rules for Windows networking:
FLASH! FLASH! There are some new and simplifying ways to network WinXP Home and Pro! See Below.
0) Yes, I know, I thot of another important one, even more important than the first two, so I had to stick it in here before "1." Please make sure you can ping the PC you're trying to network to! I.e. get the IP address of that other PC [it does have one, doesn't it? Do you know how to check?], and make sure you can ping it. If you can't even ping that PC, you have some basic networking problems you have to solve first. You may need to take the Basic Networking Course.
1) "Client for Microsoft Networking" is installed automatically if you have any kind of a network card, such as a modem or an Ethernet NIC. This is the client software that lets you get to other resources on other PCs, and initiates the login requirement to access the PC in the first place. Of course you must ALSO have "File and Print Sharing for Microsoft Networks." This is the server service, as opposed to the client service. You also need a layer 3 and 4 protocol, and TCP/IP will do nicely here. You do NOT need netbeui. In fact XP doesn't even ship with netbeui protocol - well it is buried in the CDROM somewhere.... Of course netbeui was the default protocol in Win95/Win98 days. Argh! For Win9X/ME, open Settings -> Control Panel -> Network. If "Client for Microsoft Networking" and "File and Print Services" do not appear in the Configuration List, click on "add." I think the Client is a protocol, and the File and Print Sharing is a service, but I may have forgotten. They are in there someplace!!
For Win9X/ME you might have to add these services, and even for XP/Win2k in rare instances. But they are generally installed.
What we have accomplished here is to make sure the "netbios protocol" is enabled on these PCs. This is what the Windows Networking runs on top of. netbios used to run only over netbeui in the old days, but these days, we run it over TCP/IP. On the XP systems, you can verify that the netbios over TCP/IP is installed and enabled by going to TCP/IP Properties entry in the Network Connection Properties Window, highlight it, and click on Properties, then go to the Advanced button, and then finally, the WINS tab - make sure netbios over TCP/IP is enabled. It should be there by default, but some techies recommend running netbios over netbeui, which makes for a very secure network. There is no TCP/IP in there that the Internet can look in upon! This is a very secure way of building your home network that I do not discuss on this web site. With XP, Microsoft has even eliminated the need to have netbios by allowing the file sharing service (SMB) to run directly over TCP/IP, but in the general case we need netbios installed.
We have also accomplished installing the client service and the server service, in case they were not present. Windows PCs can be both clients and servers, unlike computers that run Netware - they can only be a client or a server.
2) You must enable File and Print Sharing on your Win9X/ME PCs. Kinda like a "global" setting to enable the server service, even though it is installed. This is the setting that you want to have OFFFFFFF if your PC is directly connected to the Internet, God forbid! DO I make myself clear? But since we are doing a home network, and everybody is behind a NAT/router, we can open that baby up! We can enable the server service behind our NAT/router. On NT4/Win2K/XP these services are always available since these are "server" machines [as well as client machines].
3) You must next select those resources you want to share on each PC, and give it [them] a name. You can pick folders, printers, most anything else. Just select "full access" for folders for now, OK?? Now XP complicates this whole process by trying to make it so easy for us. That is, XP adds a layer of wizardry and "I think this is what you want to do" on top of the sharing stuff - which makes it real confusing. Thanks, Microsoft. See Below.
4) All PCs must be in the same workgroup. There is actually a logical construct you can use on top of this to perform isolations in a workgroup, but I forgot what is for now. Maybe I'll remember it later. Ah, I remember now, "scopes!" But you don't need to use those. On Win9X/ME this is set in the Identification tab of the network properties [right click on network neighborhood]. On XP, you can get to the workgroup setting by running the Network Setup Wizard, or you can go into Control Panel -> Network Connections -> Advanced -> Network Identification. Beware that the XP Network setup wizard always shows "MSHOME" as your workgroup, even if you have it set to something else!
5) All PCs must be in the same subnet in order for the browse service to work, or else you have to get WINS working [or you can map network drives using actual IP addresses]. Whew.... Did I confuse you there? Basically all your PCs have to have a similar IP address - you know, it is probably something like 192.168.1.1, 192.168.1.4, etc. As long as the first three numbers are the same, you are ...probably... OK [I am trying to make this simple, OK..] Don't even ask about WINS please.... To be strictly correct, you can do Windows networking across subnet boundaries if you install the WINS service, but that is a subject for another day. WINS will resolve netbios names to IP addresses, since the resolving mechanism (broadcasting) used by netbios is blocked by the router between subnets. You can also do Windows across subnet boundaries if you specify the actual IP address of the neighboring machine. Jump here to see this.
6) You must have everybody LOGIN to their PC when they first approach it in the morning! This is what the "Client for Microsoft Networks" you installed provides. Now here is where you probably really screwed up, I'll bet. You are probably one of those idiots who just couldn't see any use of logging into your own Win9X/ME PC, so you dutifully followed the instructions initially and got rid of that login, right. Now we need to figure out how to get it back. I'll have to work on this one too, I know I used to know how to do it. Maybe just erase the .pwl file? Stay tuned. Of course on Win2K and WinNT4 you really don't have a choice, you pretty much have to setup a login. Thank Goodness for that. Now I notice that XP is trying to simplify again for the user, and winds up complicating it, because they actually provide a way to skip the login screen!! Argh! Now we need to wind our way around all those wizards and get the login back! Actually I just discovered a pretty good book and a site you should maybe refer to www.xphomenetworking.com . I actually bought the book! And this book doesn't talk about the simplified XP Home networking, which was apparently straightened out in SP1. See Below.
7) On EACH WinNT4/XP/Win2K you must setup username/passwords which correspond exactly to the logins you have the people use on all the other machines in your network. The reason you have to do it on EACH WinNT4/XP/Win2K PC is because you are most likely not running a "domain," where there is a central guy [PC] who keeps track of this username/password stuff. If you are installing the PCs as part of a domain, then you are in a more complicated environment. "Domains" have central PCs [PDCs] which keep track of the username/password pairs. Kinda like the stuff you have at work, OK. In our "peer-to-peer" workgroup, each PC is responsible for keeping the username/password pairs which are allowed onto that PC. Thus it is your human job, as the "domain controller" to keep track of these network wide and make sure they correspond! In our house, On each PC, I have a login for each of our family members, and it is the SAME username/password on each machine. This includes Win9X/ME machines as well as the XP/WinNT/Win2K machines. This is called providing "pass thru authentication" so that you don't have to login to each machine to access the share when you want to use it. If the username/password are not the same on each machine, you will have to login each time to access a share on another machine. Now this is not a bad thing, and you may want to take advantage of it.
8) On EACH Win9X/ME machine you don't need to setup username/passwords to correspond to all the above, unless you want all family members to have access to all machines. Just make sure the username/password used to login to that PC is setup in each of the WinNT4/XP/Win2K machines. If you want to share resources on the Win9X/ME machine, just do the share thing! When other machines try to connect to your share, they don't have to go thru username/password authentication. Now..... you can setup share authentication on that Win9X/ME machine, and the Win9X/ME machine will ask for that password when another machine tries to access it. The Win98 (and presumably 95 and ME) will present you with a dialog box, asking "connect as who" and the "password." The "connect as who" has to be a user on the Win9X I believe [which is the same as who are on the machine you are on now, if you set up the username/password pairs identical], and the password is for the SHARE. Setting up the same username/password on each machine enables "pass-thru" authentication, so you don't have to individually login to each machine when you need to access a resource on that machine.
9) I'm sure there is a #9. Ah yes, I am assuming our network is behind a NAT/router here ladies and gentlemen, or we are all in deep trouble. Osama bin laden and his ilk can see into your very soul if you have enabled file and print sharing on the Internet!! [But then again, where would you have gotten the IP address!! ] On pre SP2 XPs, you must make sure that Internet Connection Firewall (ICF) is OFF. For XP SP2, Windows firewall must be turned off, or you must make exceptions. In some circumstances XP automatically enables this, so you must disable it on a home network [certainly leave it on if you are directly connected to the Internet for God's sake!]. This is on the Advanced tab on Local area connection properties window. If you are running another personal firewall, such as Zonealarm, or MacAfee the easiest way to enable Windows networking is to "trust" your local subnet.
Beware that if you are running behind a wireless NAT/router you desperately need to practice some wireless safe computing practices.
Also, when you are accessing foreign wireless networks with your wireless NIC, you desperately need to have a personal firewall setup on your PC to protect yourself from the hackers who are now on the very same network you are on!! God help us....
10) You can always short circuit the terribly long delays of the browser service (network neighborhood/my network places) by explicitly "mounting" the share as a new drive letter on your PC. You need to know the name of the remote share in this case. In Windows Explorer -> tools, "map network drive." You can always browse, i.e. use the browser service if it has settled down, but go ahead and manually specify the share if you know it - the form has to be "\\PCname\sharename." You have to get these exactly right for it to work. You can see the remote share as the new drive letter [assuming it has proper share permissions of course]. You can even do this trick across networks, as long as you reference the other machine by its actual IP address, and not its name. If you try to use the name, it will do broadcasts and try to find the IP address corresponding to the name, and that doesn't work across networks.
Don't forget about the trick of using a dollar sign [$] after the share name if you don't want the share displayed in the "network neighborhood" or "My Network Places" of other PCs. This is a very effective technique to share a folder, but don't publicize the fact widely. Of course you have to know the share name beforehand, and map a network drive to it in order to use it.
And don't forget that you can always map network drives by using the actual IP address of the machine, instead of the name, such as \\192.168.1.100\sharename. This actually allows you to map network drives across subnet boundaries by obviating the need to find the IP address of the machine. WINS performs that function, but we don't need it if we can do the actual name - address translation ourselves!
11) 10? 10?? "I thought you said there were 10 rules!" Sorry about that. I could have added a "0" or a -1" you know! More and more I am seeing the antivirus solutions come with simple firewalls. Norton, Trend, McAfee. Either integrated as part of the "antivirus" package you receive, or sold as a separate, but often included package, such as "Norton Internet Security." The default settings for these firewalls is often to block inbound TCP connections, and even block inbound UDP or ICMP IP packets - so this means you will certainly not be able to do Windows networking, or even ping the computer that has the simple firewall installed. I can't go through each product, but you need to dig into each one and turn the firewall off. Or you can dig further and fine tune it by setting up a "trusted," or a "local" subnet, which consists of your local LAN. The firewall will allow all connections in the trusted zone. This is probably the simplest way.
12) I keep adding to this list..... Jeez. If you have your VPN client set to autodial [and it succeeds] , then you will have a very difficult time getting on any home network! Most clients operate in "split tunnel mode," where you are not allowed to split off to the Internet if you are logged onto the VPN. So make sure your VPN client isn't trying to get into the act here!
13) WinXP Simplifications (New Feb 2003): Run this great little wizard found in the Control Panel -> Network and Internet Connections -> setup or change your home or small office network. Note that this is user specific, i.e. each user login on the PC will have to set up networking as is appropriate to him or her [or it...]. Set your workgroup as appropriate. [note that it lists your workgroup name as "MSHOME" even if it is something else - be careful] This makes the folder which you choose to share, universally accessible, as near as I can tell by anybody and everybody on that workgroup, even on Win98 PCs where you have NOT LOGGED in with a valid username/password. You apparently have to login, but you don't need to use an EXISTING account on that XP machine in order to see its shares! If you do not login, you still cannot see any network shares. Well, OK, why not. Fascinating stuff here. It sure makes it easy, all you have to do is open Network Neighborhood on Win98, or My Network Places on WinXP/ME/Win2K and there is the PC icon [as long as the browser service is working ..... remember all that discussion above!]. Double click and you will see the shared folder! Double click again, and there are your shared docs.
I believe the easiest way to use this is to setup the "Shared Documents" in a workgroup environment in the same manner that it is setup on a single machine. "Shared Documents" folder is accessible by ALL users on a single machine. So why not make it accessible by ALL users on ALL machines in a networked environment? So just right click on the Shared Documents folder and share it over the network via simple file sharing.
[Beware some complications about the "owner" user which comes with OEM PCs. - to be investigated]
Beware that this doesn't work on Win2K or Samba for that matter, unless you have the proper username/password. Only works on WinXP Home or Pro. The Simple XP file sharing has ELIMINATED the requirement for proper accounts with username/password pairs setup on WinXP Home or Pro and Win98/ME.
I guess we should be grateful for this simplification? But be careful, you should only do this behind a router. This simple networking is NOT secure, unless you are already behind the router and you trust your children intimately!
Now it gets a little confusing if you have WinXP Pro. If you are NOT a member of a domain, then apparently this same "simple file sharing" is enabled by default on WinXP Pro, since there is a default workgroup in effect - "MSHOME." If you want the more stringent precautions of requiring username/passwords as discussed above, then you have to go turn "simple file sharing" OFF. The button is under tools -> folder options -> view on any folder. This button is NOT available to turn off simple file sharing in WinXP Home!! I am not sure I like the idea of simple file sharing being available at all times if I am running WinXP home. At least you have to go and actually share a folder for the simple file sharing to work! This is especially troubling if you are running behind a wireless NAT/router, where the hackers may actually be behind your router, i.e. on your actual network. Wireless network precautions become even more important!
Here is a link which attempts to explain Simple File sharing in more general terms.
14) WinXP SP2 complications
The advent of XP SP2 and the Windows firewall that comes with has complicated setting up home networks even further. If your home network is very well protected, you may consider just turning off the Windows firewall if you don't want to deal with it. On the other hand, I would recommend that you try to figure it out. The Windows firewall wizard tries to figure all this out for you and enable the Windows file and printer sharing if it sees it present. But be careful.
Here is a link which helps you recover passwords in varying situations.
Here is a nice site that helps you debug Windows networking problems.
Here is the Microsoft knowledge base article on the topic.
Read on in this website to learn about Ethernet, TCP/IP, Wireless, Safe Computing, etc. etc.