1. Networking with Other Operating Systems
Most
Microsoft online help and websites tell you how well Windows 7
networking works with Windows 7 and Windows Server computers, but these
instructions consider only “vanilla” Windows networks. Real-life
networks are seldom so simple, even at home. Often networks have a mix
of operating systems, and Windows often has to be coaxed into getting
along with them.
On a real-life LAN with multiple OSs, it’s not
enough that computers be capable of coexisting on the same network cable
at the same time. They need to actually work with each other, or internetwork,
so that users of these various systems can share files and printers. At
best, this sharing should occur without anyone even knowing that
alternative platforms are involved. Achieving this kind of seamlessness
can range from effortless to excruciating.
If a network appliance isn’t in the cards, you
need to get your computers to interoperate directly.
Some new features have been added to Windows 7
networking, and support for some old features has been removed. With
respect to internetworking, this list provides a summary of the most
significant changes since Windows Vista and XP:
Windows 7 behaves differently from
previous versions of Windows when Password Protected Sharing is turned
off.
The
NetBEUI network protocol is not available under Windows 7. This could
impact you if your network includes computers running Windows XP, 2000,
Me, 98, or earlier versions.
The Link Level Discovery
Protocol (LLDP) is relatively new to Windows. LLDP lets Windows 7 eke
out a map of the connections between your computers and the other
hardware on your network. LLDP support is currently available only for
Windows 7, Vista, XP (via a download), Server 2003, and Server 2008.
Connections to computers running older versions of Windows will not be
diagrammed on the network map. Computers running Linux and Mac OS X
probably won’t appear,
either, but I suspect that it will eventually be provided in a future
Mac or Linux version or update. An Open Source effort to bring LLDP to
Linux and the Mac was underway at the time this was written (see http://openlldp.sourceforge.net) and some commercial network mapping applications (such as LANsurveyor at www.solarwinds.com) also have a Mac LLDP responder.
Microsoft
does not provide out-of-the-box support for Novell NetWare (an
industrial-strength corporate networking system) with Windows.
However, although some things change, other
things stay the same. You probably won’t be surprised to learn that the
Network Browser service (the relatively obscure software component
responsible for collecting the list of names of the computers on your
network, the list upon which the old Network Neighborhood display was
based) is still present, and it still doesn’t work worth a darn.
2. Internetworking with Windows Vista, XP, and 2000
Windows 7’s file and printer sharing services
work quite well with Windows Vista, XP, and Windows 2000 Professional.
All three OSs were intended from the start to work well with the TCP/IP
network protocol favored by Windows 7.
If your network has computers running these older versions of Windows, the differences in OSs show up in these areas:
Default networking protocols—
You might have configured older computers to use the NetBIOS or SPX/IPX
protocols as the primary networking protocol. Windows 7 and Vista
require that you use TCP/IP. And, it’s best if you use only TCP/IP.
LLDP mapping—
By default, Windows XP and Windows 2000 computers did not come with
support for LLDP; without LLDP, these computers will appear as “orphans”
on the network map display. You can download and install an LLDP add-on
for Windows XP, but not for Windows 2000.
Password Protected Sharing (Simple File Sharing)—
Windows 7, Vista, XP, and 2000 can provide username/password security
for shared files and folders. Windows 7, Vista, and XP also have a
“passwordless” option that Windows 2000 doesn’t have. You might need to
work around this.
HomeGroup networking—
Windows 7 lets you join your computers in a homegroup, which simplifies
file sharing security. A Windows 7 homegroup member can still share
files and printers with older versions of Windows.
We cover these topics in the next four sections.
Setting TCP/IP as the Default Network Protocol
When
installed, Windows 2000 and XP were set up to use the TCP/IP network
protocol for file and printer sharing. If your network previously
included Windows 95, 98, or Me computers, you might have changed the
network protocols to simplify internetworking with the older operating
systems.
Because Windows 7 and Vista support only TCP/IP,
you need to make sure that TCP/IP is enabled on your Windows 2000 and
XP computers. Also, Windows networking works much more reliably when
every computer on the network has the exact same set of protocols
installed. You should ensure that TCP/IP is the only installed network protocol.
Note
These instructions don’t
apply if your computer is part of a corporate network, especially one
that uses Novell NetWare servers. If your computer is connected to a
corporate network, your network administrator will make all necessary
changes for you. |
Follow these steps on all your computers that run Windows 2000 Professional, XP Home Edition, or XP Professional:
1. | On Windows XP, log on using a Computer Administrator account. On Windows 2000, log on using the Administrator account.
|
2. | On
Windows XP, click Start, Control Panel, Network and Internet
Connections; then click the Network Connections icon. On Windows 2000,
click Start, Settings, Network and Dial-Up Connections.
|
3. | Right-click the Local Area Connection icon and select Properties.
|
4. | Look
in the list of installed components and make sure that Internet
Protocol (TCP/IP) is listed. If not, click Install, select Protocols,
click Add, and select Internet Protocol (TCP/IP). If your network uses
manually assigned (static) IP addresses, configure the Internet Protocol
entry just as you configured your Windows 7 computers.
|
5. | Look in the list of installed components for the NWLink IPX/SPX or NetBEUI protocols. Select these entries and click Uninstall.
|
6. | Click OK to close the Local Area Connection Properties dialog box.
|
7. | From
the menu in the main window (Network Connections on Windows XP, Network
and Dial-Up Connections on Windows 2000), select Advanced, Advanced
Settings. Select the Adapters and Bindings tab.
|
8. | In
the top list, select Local Area Connection. In the lower list, make
sure that Internet Protocol (TCP/IP) is checked under both File and
Printer Sharing for Microsoft Networks and Client for Microsoft
Networks.
|
9. | Click OK to close the dialog box.
|
After checking all your computers, restart all your computers if you had to make changes on any of them.
Installing the LLDP Responder for Windows XP
Windows
7 and Vista include a graphical network map feature that’s pretty and
might even be useful. The problem is that it diagrams only Windows 7 and
Vista computers and most, but not all, network hardware devices such as
routers, switches, and hubs.
Computers and network appliances that offer
Windows file sharing and are part of the same workgroup also show up on
the display, but they appear as disconnected icons at the bottom of the
map. You can’t do anything about this for Windows 2000 computers, but
Microsoft did create an add-on to Windows XP called the LLDP Responder
for Windows XP that lets XP computers appear on the network wiring
diagram.
To download the software, search Microsoft.com or Google for “Link Layer Topology Discovery (LLTD) Responder.”
You need to install it on each of your XP computers while logged on as a
Computer Administrator. After you install it, it starts to work
immediately—no configuration steps are needed.
Password Protection and Simple File Sharing
On small Windows networks (that is, networks
that aren’t managed by a Windows Server computer using the Domain
security model), each computer is separately responsible for managing
usernames and passwords. Before Windows XP, this made it difficult to
securely share files across the network—you had to create accounts for
each of your users on every one of your computers, using the same
password for each user on each computer.
Windows
XP introduced a concept called Simple File Sharing; when enabled, it
entirely eliminated security for file sharing. All network access was
done in the context of the Guest user account, regardless of the remote
user’s actual account name. Essentially, anyone with physical access to
your network could access any shared file. This made it much easier for
other people in your home and office to get to each other’s files.
(Horrifyingly, it was enabled by default, and there was no Windows
Firewall when XP first came out—so everyone on the Internet also could
get to your files, until Windows XP Service Pack 2 was released. But I
digress.)
Windows 7 and Vista also include Simple File
Sharing, although it’s now called Password Protected Sharing. And, the
effect of disabling and enabling the feature is reversed on the two
newer operating systems. Table 1 shows the settings and the results.
Table 1. File Sharing Settings on Windows 7, Vista, and XP
| Windows 7 and Vista: Password Protected Sharing | XP Professional: Simple File Sharing | ...Means Account and Password Are |
|---|
| On | Unchecked | Required |
| Off | Checked | Not required |
This setting is not always changeable. In
Windows XP Home Edition, Simple File Sharing cannot be turned off. In
all other versions of Windows it can be turned on or off, except if the
computer is a member of a domain network. In this case, passwords are
always required.
Finally, Windows 7 has a new twist in the way
that security works when Password Protected Sharing is turned off. On
Vista and XP, when passwords are not required, all
network access uses the Guest account. Thus, anyone on the network can
access any file in a shared folder only if the file can be accessed by
Guest, or by the user group “Everyone.”
But on Windows 7, it works this way: When a
remote user attempts to use a folder or file shared by a Windows 7
computer with Password Protected Sharing turned off,
If the remote user’s account matches an account in the Windows 7 computer and that account has a password set, that account is used for file access.
If
the remote user’s account matches an account in the Windows 7 computer
but that account has no password set, then the Guest account is used.
If the remote user’s account matches no account in the Windows 7 computer, the Guest account is used.
This might seem convoluted, but this is actually
a very useful change. First of all, this change was necessary to
support the new HomeGroup feature. All homegroup member computers use a
special, password-protected account named HomeGroupUser$ to access other
member computers, and this change lets it work whether Password
Protected Sharing is turned on or off. Second, it gives you the option of giving designated users additional access privileges, without requiring you to set up a full-blown security scheme.
I know this has probably given you a headache by
now. You probably just want to know how to get at the library of
pictures stored on your old computer. In the end, it can be pretty easy
to decide how to set things up, based on how concerned you need to be
about security.
To see how to set up your network, decide which of the following three categories best describes your environment:
My computer is part of a corporate domain network.
In this case:
Accounts and passwords are always required. Your network administrator
sets these up. Use the Security tab on any folder that you share to
select the users and groups to which you want to grant access.
Ease of use is my priority, and network security is not a great concern.
In this case:
Turn off Password Protected Sharing on your Windows 7 and Vista
computers, and enable Simple File Sharing on Windows XP Professional
computers. This lets anyone on the network access any shared folder.
Alternatively,
you can create an account named, for example, “share” on each of your
computers and assign a password to it, using the same password on each
computer. When you share folders, be sure that you give Everyone or this
“share” account permission to use the folder.
When you want to use a shared folder or printer stored on another
computer, Windows will prompt you for a username and password. Enter
username share and the password you chose for the share account.
In any case, you must
make sure that a firewall is set up to block File and Printer Sharing
access over your Internet connection. Use a connection-sharing router,
Windows Firewall, or a third-party firewall program to do this. If you
have a wireless network, you must enable WPA or WEP security.
If
you have Windows 2000 computers on your network, see if you can get by
without sharing any printers or folders from those computers—let them
use resources shared by your XP and Windows 7 computers. Otherwise, you
must create an account on the Windows 2000 computers—everyone can use a
single account (for example, “share,” as described previously), or
create an account for every user.
Network security is important to me; I want specific control over which users can use which shared files and folders.
In this case:
Turn on Password Protected Sharing on your Windows 7 and Vista
computers, and disable Simple File Sharing on any XP Professional
computers. Do not share sensitive resources from any computer that runs
Windows XP Home Edition (or do not use XP Home Edition at all). Do not
create a homegroup.
Note
If you change your
password on any computer, it’s a good idea to make the same change on
every computer where you have an account. This way, you won’t be asked
to supply your password whenever you use network resources. |
On
every computer that does share sensitive folders or printers with the
network, you need to create an account for every user who needs access
to the shared folders or printers. For each user, be sure to create an
account with the same name and the same password as on that user’s own
computer.
To change the Simple File Sharing setting on Windows XP Professional, follow these steps:
1. | Log on as a Computer Administrator.
|
2. | Click Start, My Computer.
|
3. | Press and release the Alt key to display the menu. Select Tools, Folder Options, and then select the View tab.
|
4. | Scroll
to the bottom of the Advanced Settings list. Simple File Sharing is the
last entry in the list. Check or uncheck the entry as desired.
|
Note
All of these rules about whether a password is required or not are interpreted by the computer that is sharing a folder or printer. When any version of Windows uses a folder or printer shared by another computer, that
computer sets the rules for requiring a password. For example, XP Home
Edition never requires an account or password when someone wants to use
its shared folders, but it can still use password-protected shared
resources shared by, say, Windows 7 or even a Windows domain server. |
Using Windows Vista and XP with a Homegroup
If you have two or more Windows 7 computers, you can set up a homegroup to simplify sharing libraries, folders, and printers. The HomeGroup
system is based on regular Windows file sharing, so computers running
other operating systems can also participate in your network.
The easiest way to make XP and Vista fit in is
to disable password protected sharing on all your computers. (Password
protected sharing is discussed in the previous section.) Here are the
instructions for doing this on various versions of Windows:
Windows 7—
Click Start, Control Panel, View Network Status and Tasks (under
Network and Internet), Change Advanced Sharing Settings. Scroll down,
select Turn Off Password Protected Sharing, and then click Save
Settings.
Windows Vista—
Click Start, Control Panel, Set Up File Sharing (under Network and
Internet). Click the circular icon to the right of Password Protected
sharing, click Turn Off Password Protected Sharing, and then click
Apply. You might need to confirm a user account control prompt.
Windows XP Professional—
Log on as a computer administrator. Click Start, My Computer. In the
menu, select Tools, Folder Options, and then select the View tab. Scroll
the list down to the bottom, check Simple File Sharing, and then click
OK.
Windows XP Home Edition— No adjustments are necessary.
Now Windows 7 computers will connect to other
Windows 7 computers using the special HomeGroupUser$ account, but all
other combinations will use the Guest account. This means you need to
make sure that resources are shared so that “Everyone” can use them. In
particular, the file security settings for the shared folder and its
contents must be set so that Everyone has read or read and write
permission.
To ensure that this happens, use the following procedures when you’re sharing folders on various versions of Windows:
Windows 7—
Right-click a folder or library and select Share With, Share with
Homegroup (Read) or Share with Homegroup (Read/Write). Then, right-click
it again and select Share With, Specific People. Type or select
Everyone in the drop-down list, and click Add. If you want other users
to be able to change the contents of the folder, next to Everyone, click
the word Read in the Permissions column and select Read/Write. Click
Share to finish.
Windows Vista—
Right-click a folder and select Share. Type or select Everyone in the
drop-down list, and click Add. If you want other users to be able to
change the contents of the folder, next to Everyone, click the word
Reader in the Permissions column and select Contributor. Click Share to
finish.
Windows XP Professional or Home Edition—
Right-click a folder and select Sharing and Security. Select Sharing
This Folder and click Apply. Select the Security tab. Under Group or
User Names, if there is an entry for Everyone, select it; otherwise,
click Add, type the word Everyone,
press Enter, and select the entry for Everyone. In the lower section,
in the Allow column, Read & Execute, List Folder Contents, and Read
should be checked. If you would like to let other network users modify
the contents of the folder, check Modify. Click OK to finish.
Caution
If you give Everyone
permission to change files, you must be sure that your network is
secured. If you have a wireless network, you must have it set up so that
it has WEP or WPA security enabled (that is, so that a password or key
is required to use the network). If you connect to the Internet, you
must be sure that Windows Firewall or a third-party firewall product is
set up to block Windows file sharing. If you don’t secure your network,
“Everyone” means “anyone in the world,” and that’s a recipe for
disaster. |
If you want to use passwords to protect access
to shared folders, you should leave password-protected sharing turned
on. There are two ways in which you can deal with the Windows XP and
Vista computers:
Set up accounts on every computer using
the same account name and password for each person, on each computer.
This will give you complete control over who has access to which folders
shared by Windows 7, Vista, and XP Professional. (Per-user security is
not available on folders shared by XP Home.)
Set up a single account that you’ll use for file sharing, perhaps named share,
on every computer, with the same password on every computer. Use this
account when you set the permissions on shared folders, and use this
account when Windows asks for an account and password when you connect
to another computer.
If you share your printer, it’s enough just to
enable sharing. By default, all versions of Windows enable Everyone to
print to every installed printer, so anyone on the network should be
able to print to any shared printer without changing the security
settings.
