Search the Catalog
Windows XP in a Nutshell

Windows XP in a Nutshell

By David A. Karp, Tim O'Reilly, Troy Mott
April 2002
0-596-00249-1, Order Number: 2491
634 pages, $29.95 US $46.95 CA

Chapter 7
Networking

A network is established when two or more computers are connected to each other for the purpose of exchanging data. Although networks have been common in large companies for decades, they're becoming more common in homes and small offices, not only because these environments are getting more computers, but because networking is becoming easier, cheaper, and more useful.

Among the things you can do with a simple network are the following:

File sharing
Documents and even some applications stored on one computer can be accessed by another computer on the network, as though they were on the remote computer's hard disk. Put an end to walking floppies!

Device sharing
Printers connected to one computer can be used by any other computer on the network. The same goes for many scanners, backup devices, and even high-speed Internet devices, such as DSL and cable modems.

Online gaming
Networkable games can be played against other users on your local network or even over the Internet; after all, it's more fun blowing up your friends than computer-generated characters.

Communication
Send and receive email, chat, and even videoconference across the room or the country in seconds, over any type of network connection.

Web
The Web has become ubiquitous. Using Internet Explorer or the web browser of your choice, you can retrieve information from the other side of the world as easily as the other side of town.

Data collaboration
A network connection allows two or more users to simultaneously access the same database, useful for patient-tracking in a doctor's office, parallel development an application in a software company, or keeping track of bills and expenses at home.

Administration
Maintain and troubleshoot multiple computers over a network more easily. Using Remote Desktop Sharing (or a third-party alternative), control a remote computer as though you were sitting in front of it. Rather than spending several hours over the phone helping someone far away fix a problem with their computer, fix it yourself in a few minutes.

The ability to perform these tasks depends only on your software and the speed of your connection. Since Windows XP includes built-in support for networking, as well as starter applications that provide all of the functionality just described, all that's left is setting it up.

Fortunately, networking in Windows XP (and Windows 2000) is easier than in any previous version of Windows. The convoluted and temperamental networking subsystem in Windows 9x/Me has been completely abolished, and the cryptic networking found in Windows NT 3.x/4.x has been greatly simplified and streamlined. In this chapter, we'll cover the steps required to connect your computer to a network and use the connection to its fullest.

It's important to note at this point that when you connect your computer to a network, you can dramatically increase its exposure to hackers and viruses. See the section "Implementing Network Security," later in this chapter, for more information on safeguarding your computer.

Networking Terminology

Understanding networking terminology is essential to making sense of the software and hardware used to assemble a network. The following terms are used throughout this chapter, as well as in just about any conversation about networking:

Bandwidth
The capacity of a network connection to move information. If a network is capable of transferring data at 10 mbps, and two users are simultaneously transferring large files, each will only have about 5 mbps of bandwidth at their disposal. See "Hubs and switches," later in this list, for limitations.

Ethernet
The technology upon which the vast majority of local area networks is built. A standard Ethernet connection is capable of transferring data at a maximum of 10 mbps, and a Fast Ethernet connection can transfer data at 100 mbps. A device capable of communicating of both speeds is typically labelled "10/100."

Firewall
A layer of protection that permits or denies network communication based on a predefined set of rules. A firewall can be used to restrict unauthorized access from intruders, close backdoors opened by viruses and other malicious applications, and eliminate wasted bandwidth by blocking certain types of network applications. Windows XP includes a rudimentary firewall feature, described in "Implementing Network Security," later in this chapter.

Hubs and switches
Devices on your network to which multiple Ethernet connections (called nodes) are made. See Figure 7-1 for an example. The main difference between a hub and a switch is a matter of performance (and cost). A switch is capable of handling multiple, simultaneous, full-bandwidth connections, while the less expensive hub throttles all connections such that, for example, three simultaneous connections can only each use one third of the total bandwidth.

IP address
A set of four numbers (e.g., 207.46.230.218) corresponding to a single computer or device on a TCP/IP network. No two computers on a single network can have the same IP address, but a single computer can have multiple IP addresses. Each element of the address can range from 0 to 255, providing 256^4 or nearly 4.3 billion possible combinations. Network Address Translation (NAT) is used to translate an address from one network to another. This is useful, for example, when a LAN is connected to the Internet. On the Internet, dedicated machines called nameservers are used to translate named hosts, such as www.microsoft.com, to their respective numerical IP addresses. See "Windows IP Configuration" and "NSLookup," both in Chapter 4, for more information.

LAN
Local Area Network, a designation typically referring to a network contained in a single room or building.

MBPS
Mega-Bits Per Second, the unit of measure used to describe the speed of a network connection. Ethernet-based networks can transfer data either up to 10 mbps or up to 100 mbps. High-speed T1, DSL, and cable modem connections typically transfer data up to 1.5 mbps, while the fastest analog modems communicate at a glacial 56 kbps, or 0.056 mbps.

Since there are eight bits to a byte, you can determine the theoretical maximum data transfer rate of a connection by simply dividing by 8. For example, a 384 kbps connection transfers 384 / 8 = 48 kilobytes of data per second, which should allow you to transfer a 1 megabyte file in a little more than 20 seconds. However, there is more going on than just data transfer (such as error correction), so actual performance will always be slower than the theoretical maximum.

NIC
Network Interface Card, commonly known as an Ethernet Adapter. If your computer doesn't have built-in Ethernet, you'll need a NIC to connect your computer to a network. For Desktops, your NIC should be a PCI card; for laptops, your NIC should be a PCMCIA (PC Card) card. Universal Serial Bus (USB) based NICs can also be used with both desktops and laptops.

Ports
A number representing the type of communication to initiate. For example, web browsers typically use port 80 to download web pages, so web servers must be "listening" at port 80. Other commonly used ports include port 25 for sending email (SMTP), port 110 for retrieving email (POP3), port 443 for accessing secure web pages, port 21 for FTP, port 23 for Telnet, port 22 for SSH, port 53 for DNS, port 144 for newsgroups, and port 6699 for peer-to-peer file sharing applications (such as Napster).

PPP
Point-to-Point Protocol, a protocol used to facilitate a TCP/IP connection over long distances. PPP is used by Windows to provide an Internet connection over ordinary phone lines using an analog modem. Some DSL and cable connections use PPPoE (PPP over Ethernet), discussed later in this chapter.

Protocol
A protocol is the language, so to speak, that your computer uses to communicate with other computers on the network. These days, the TCP/IP set of protocols is the de-facto standard for local area networks, and is required for Internet connections.

TCP/IP
Shorthand notation for the collection of protocols that includes Transmission Control Protocol (TCP), Internet Protocol (IP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). TCP/IP is required for all Internet connections, and is the standard protocol for most types of modern LANs.

Topology
The physical layout of your network. See the next section, "Planning Your Network," for more information on how topology comes into play.

WAN
Wide Area Network, or a network formed by connecting computers over large distances. The Internet is an example of a WAN.

Workgroup
Another name for a peer-to-peer LAN.

Planning Your Network

There are many types of networks, but for the purposes of this chapter, we will be focusing on two basic categories:

Peer-to-Peer Local Area Network (LAN)
A LAN is the connection of two or more computers in close proximity, typically in the same building or room. The term "peer-to-peer" implies that each of the computers on the network will have pretty much the same role. This is in contrast to a client/server setup, in which certain computers are intended solely to store data, handle printing, or manage user accounts.

Connection to the Internet
By connecting your computer to the Internet, you are networking your machine to the world's largest Wide Area Network (WAN).

Now, as far as Windows XP is concerned there is very little difference between these two types of network connections. The distinction is made primarily to help you visualize the topology of your environment. See Figure 7-1, Figure 7-2, and Figure 7-3 for some example setups.

Figure 7-1. A simple network with four computers connected with a hub (or switch), one printer connected to one of the computers, and no Internet connection

 

Figure 7-2. A simple network with three computers, one of which has an internet connection that can be shared; see "Sharing an Internet Connection," later in this chapter, for details

 

Figure 7-3. A simple network with three computers connected to a hub or router; see "Internet connection sharing," later in this chapter, for details

 

An especially interesting application of these technologies is how they can be mixed and matched. For example, you can connect your LAN to the Internet using Internet Connection Sharing, giving Internet access to everyone on your local network. Or, you can simulate a LAN over an Internet connection using Virtual Private Networking.

Here are some things to consider when planning your network:

Configuring Network Connections

The central interface used to configure the networking features in Windows XP is the Network Connections window, introduced in Chapter 4. Right-click the My Network Places icon on your Desktop and select Properties, or use Control Panel [Network and Internet Connections] Network Connections to open the Network Connections Window.

Figure 7-4 and Figure 7-5 show two different views of the Network Connections window. Depending on your Windows Explorer settings (discussed in Chapters and See Windows XP Applications and Tools), your view may be different, but all the required components are still there. If you haven't done so already, select Details from the View menu to see all the pertinent information.

Figure 7-4. If common tasks (Tools Folder Options) are enabled, the Network Setup Wizard and New Connection wizard are accessible through the tasks pane on your left

 

Figure 7-5. If common tasks are not shown, the Network Setup Wizard and New Connection Wizard appear as icons in your Network Connections window

 

As its name implies, Network Connections lists all of the networking connections configured on your computer. Windows doesn't care how many computers are on your network, whether you're using a hub or a switch, or even what type of cabling you've used. Rather, the only thing you need to worry about in the context of this window is the individual connections attached to this computer.

In Figure 7-4 and Figure 7-5, two network connections are shown, one for each network adapter installed in the machine. In the right-hand computer in Figure 7-2, a dotted rectangle shows the same setup graphically. Here, we have a single computer with two networking connections: one used to connect to the Internet, and one used to connect to the hub and the rest of the LAN. (See "Sharing an Internet Connection," later in this chapter, for more information on why two connections are required to share an Internet connection with the other computers on a LAN.)

You should have a connection icon for each network adapter (NIC) installed in your system; install a new network adapter, and (if properly installed) it will show up automatically in the Network Connections window. You might also have one or more connection icons for so-called "soft" connections, such as dial-up connections (for your analog or ISDN modem), PPPoE connections (for certain types of DSL and cable modems), and Virtual Private Networking (VPN) connections.

To add a new connection (all types except those that correspond to physical network adapters), open the New Connection Wizard (or click Create a new connection if you have the Common Tasks pane enabled). See "New Connection Wizard" in Chapter 4 for more information on this feature. Throughout the rest of this chapter, you'll see several examples of how and when this wizard is used.

A similar-sounding feature, called the Network Setup Wizard (click "Set up a home or small office network" if you have the Common Tasks pane enabled), is used to automatically configure your Internet connection and local network settings based on one of several predefined scenarios. See "Network Setup Wizard" in Chapter 4 as well as several sections throughout the rest of this chapter for more details.

Right-click a connection icon and select Properties to configure any existing network connection. Depending on the type of connection, you'll see one of several different types of Properties sheets.

LAN or High-Speed Internet connection properties

The Properties window for LAN or High Speed Internet connections is divided into three tabs: General (as shown in Figure 7-6), Authentication, and Advanced (as shown in Figure 7-7).

Figure 7-6. The Authentication Tab allows you to set security features

 

The use of these tabs is as follows:

General
The General tab allows you to configure the main aspects of the connection. The Connect using box shows the hardware adapter with which this connection is associated; click Configure to open the device's properties window, which is the same one you'll get through Device Manager (see Chapter 4).

Next is the list of installed networking components; the checked items represent the services and protocols to be used with the connection. See "Protocols and Services," later in this chapter, for details.

Finally, the "Show icon in notification area when connected" option allows you to toggle the tray icon; if the connection is always active, you can reduce clutter by turning this off.

Authentication
The settings on this page are used to implement certain security features, mostly used in conjunction with wireless networks. Most users will never need to adjust these settings. If you have a wireless network, and you're concerned about unauthorized users accessing your network with their own wireless equipment, look up "Authentication" in the Help and Support Center. (See Chapter 4 for more information.)

Advanced
The Advanced settings are simple, but powerful. These options allow you to control the Internet Connection Firewall and Internet Connection Sharing, both discussed later in this chapter.

Dial-up / Broadband connection properties

For dial-up broadband connections (such as PPPoE), the Properties window (shown in Figure 7-7) has the following tabbed pages:

Figure 7-7. The Advanced tab controls the firewall and Internet Connection Sharing

 
General
The General tab allows you to configure the main aspects of the connection.

The Connect using box (Dial-Up connections only) shows the currently selected modem; click Configure to open the device's properties window, which is the same one you'll get through Device Manager (see Chapter 4). Below, you can change the phone number or even add additional phone numbers, through which Windows will cycle if the first one is busy or unavailable.

The Service name box (Broadband connections only) should be left blank, unless instructed otherwise by your service provider.

Finally, the "Show icon in notification area when connected" option allows you to toggle the tray icon; turning this option on will allow you to disconnect the connection more easily (by right-clicking on the tray icon).

Options
The settings in the Options page affect dialing properties, such as when and how many times to redial, and whether Windows should prompt for information before attempting a connection.

Security
The Security settings allow you to control how your username and password are transmitted to the server; most users will want to leave these settings unchanged. Contact your service provider for more information on supported security protocols.

Networking
The first box is a drop-down list containing all of the supported connection types for the connection. For dial-up connections, you'll usually want PPP; for broadband connections, you'll usually want PPPoE. Like some of the other settings in this window, your service provider will inform you if you need to change any of these settings.

Next is the list of installed networking components; the checked items represent the services and protocols to be used with the connection. See "Protocols and Services," later in this chapter, for details.

Advanced
The Advanced tab is the same as the Advanced tab for standard network connections; these options allow you to control the Internet Connection Firewall and Internet Connection Sharing, both discussed later in this chapter.

Other connection actions

In addition to Properties, there are other items available on the connection icons' context menus (depending on the connection type):

Enable/Disable
This allows you to selectively enable or disable permanent connections, such as LAN or High-Speed Internet connections. Disabling a connection is effectively the same as pulling out the cable; a red X will appear over the icon of a disabled connection.

Connect/Disconnect
Connect establishes a temporary connection, and Disconnect breaks that connection. For Dial-up connections, these commands dial and hang up, respectively. For Broadband connections, these commands login and logout, respectively.

If the "Show icon in notification area when connected" option is enabled in the connection's properties window, you can also access Disconnect by right-clicking the connection icon that appears in the Taskbar tray. You can also open the connection's Status window (see Figure 7-8) and click Disconnect.

Status
This is the default action for all connections; double-click any connection to view its Status window. (See Figure 7-8.) The Status window shows the amount of time the connection has been active, the number of TCP packets sent and received, and even the IP address of the connection (in the Support tab). Also available are buttons for the other actions where applicable, such as Enable / Disable, Connect / Disconnect, Properties, and Repair.

Figure 7-8. The Status window displays information about the current network connection

 

TIP:   If you suspect that a connection is down, check the packets sent and received in the Activity section of the Status window; if the numbers change when you, say, try to open a web page or check your email, the connection is still active.

Repair
Repair reinstalls the drivers associated with the connection. If a connection does not appear to be working, try disabling it and then reenabling it (or disconnecting and then reconnecting, if applicable). If that doesn't work, then try Repair.

Set as Default Connection/Cancel as Default Connection
Available only for temporary connections, such as Dial-up connections and Broadband connections. If a connection is set as the default connection, and Windows is configured to dial automatically (through Control Panel [Network and Internet Connections] Internet Options), it will be connected automatically when needed. If you have more than one connection of this type, use Set as Default Connection to determine which one gets connected automatically.

A black checkmark in a circle will appear over the connection icon for any connection that is set as the default.

Bridge Connections
Simply put, this allows data to be transferred between two (or more) different networks. In effect, a bridge turns you computer into a hub of sorts, but with the advantage of allowing you to combine two otherwise incompatible networks. Windows XP supports only one bridge at any given time, but a single bridge can contain as many different connections as you want.

Select at least two connection icons, right-click, and select Bridge Connections (or go to Advanced Bridge Connections) to create a network bridge between the connections.

Create Copy
Any network connection that can be added with the New Connection Wizard can be copied. Create a copy of a Dial-up connection, for example, to have two connection profiles without having to enter all the information twice. Create Copy is also handy for creating a backup of a connection so that you can experiment with different settings without loosing a working profile.

Note that if you want to add only alternate phone numbers, you can right-click the connection, select Properties, and click Alternates.

Protocols and Services

When you view the Properties window for a connection (see Figure 7-6, earlier in this chapter), you'll see the "This connection uses the following items" list (either in the General tab or the Networking tab, depending on the connection type). This list, also accessible via Network Connections Advanced Advanced Settings, shows all of the installed protocols and services. You can selectively choose which protocols and services are supported by any specific connection with the checkboxes in the list.

If you need to add support for a protocol or service not shown in the list, click Install to add it. If a protocol or service is shown but you're certain it's not used by any of your connections, you can uninstall it. If you install or uninstall a protocol or service, the change will take effect for all existing connections.

Probably the most useful button, however, is Properties. Depending on the service or protocol currently selected, Properties allows you to set many of the advanced options for a connection. The following list shows common services and protocols available in Windows XP:

Client for Microsoft Networks
An essential component for connecting to a Microsoft Network. This entry should always be present and enabled, unless you specifically need to connect to a non-Microsoft network (such as NetWare). This entry has one setting in its Properties window, and most users will have no need to modify it.

File and Printer Sharing for Microsoft Windows
The service responsible for sharing files and printers over a Microsoft Network; see "Sharing Resources," later in this chapter, for more information. This component should be enabled for LAN connections, and disabled for Internet connections. The Properties window is unavailable for this entry.

Internet Protocol (TCP/IP)
The TCP/IP protocol, introduced in the beginning of this chapter, is the protocol used by all Internet connections, as well as most LAN connections. Unless you specifically don't want TCP/IP support for some reason, the Internet Protocol (TCP/IP) entry should be enabled for all of your connections.

Select Internet Protocol (TCP/IP) and click Properties to view and change the connection's TCP/IP settings. The Internet Protocol (TCP/IP) Properties window, shown in Figure 7-9, is where you set the IP address of your connection (if you have a static IP address), as well as the subnet mask, gateway, and DNS server addresses. If the connection has a dynamic IP address (assigned randomly every time you connect), choose the "Obtain and IP address automatically" option.

Figure 7-9. The Internet Protocol Properties Window

 

Click Advanced to configure multiple IP addresses and multiple gateways, use more than two DNS servers, set up WINS, and enable NetBIOS over TCP/IP. Choose the Options tab to configure TCP/IP filtering, which allows you to selectively permit or deny communication based on the port (described at the beginning of this chapter). Note that this is somewhat like a firewall, described in "Implementing Network Security," later in this chapter.

NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Enable this entry to add support for the IPX/SPX (Internetwork Packet eXchange/Sequenced Packet eXchange) protocol. IPX/SPX is used by Novell NetWare networks, as well as some old DOS games and some network printers. Unless you know specifically that you need IPX/SPX support, you probably don't need this protocol.

NWLink NetBIOS
Use this protocol to connect to a NetWare server running Novell NetBIOS. If you use only Microsoft-compatible networks, you'll have no use for this protocol. This entry has no properties.

General Procedures

The preceding sections of this chapter outline the fundamentals of networking and the various components that make up Windows XP's built-in support for networking. As stated earlier, Windows is really only concerned with the connections directly attached to the computer, so building a network essentially means configuring the connections for each computer involved.

The following sections explain the procedures for building and connecting to different types of networks. It's important to realize that there are limitless combinations of networking hardware and software, and it's obviously impossible to cover them all.

Setting Up a LAN

Connecting two computers to form a basic peer-to-peer workgroup is fairly easy with Windows XP, as long as you have the proper equipment, drivers, and an hour or two. Ideally, you should be able to set up a functioning workgroup in less than ten minutes, but that doesn't include fishing for drivers, resolving hardware conflicts, or running a cable through your attic.

We'll start with a basic peer-to-peer workgroup consisting of two computers. Here's what you'll need:

Once you have all of the components, you can begin with the following procedure. Naturally, different types of hardware will require a modified procedure, but the methodology is the same.

  1. Plan your network by drawing a quick diagram similar to the ones shown in Figure 7-1, Figure 7-2, Figure 7-3, and Figure 7-10.

  2. Install a network adapter in each computer, according to the instructions that accompany your hardware. If you're using Plug-and-Play adapters, Windows should automatically install and configure the drivers for the adapters.

    3. A connection icon labeled "Local Area Connection" should appear in your Network Connections window for each installed adapter; check for this in each computer. Select Details from the View menu to show the Type and Status columns; the connections should be enabled and of type "LAN or High-Speed Internet." If the icons don't show up, make sure Windows recognizes your network cards in Device Manager (see Chapter 4) and doesn't report any problems with the devices.

  3. Next, hook up your cables. Nearly all network adapters, hubs, and switches have lights next to their RJ45 ports. When a cable is properly plugged in to both ends, the light goes on. If the lights don't go on, you're either using the wrong type of cable, you've plugged the cable into the wrong port, or the cable is defective. Until the lights are lit, don't go any further. Hint: use a different color cable for each computer to make troubleshooting easier.

    4. Make sure to use only category-5 patch cables, except under the following conditions. A category-5 crossover cable can be used instead to connect two computers directly (if you don't have a hub or switch) and can also be used to connect two hubs together. In some cases where a Digital Subscriber Line (DSL) adapter or cable modem connects directly to a computer with a patch cable, a crossover cable is required to connect either of these devices to a hub. (Naturally, consult the documentation to be sure.)

  4. Go to Control Panel [Performance and Maintenance] System to open the System Properties window (described in Chapter 4), and choose the Computer Name tab.

  5. Click Network ID to run the Network Identification Wizard. Click Next on the first page, choose "This computer is for home use and not part of a business network," click Next, and then click Finish.

  6. Next, click Change to open the Computer Name Changes window (see Figure 7-11), and enter both a Computer name and Workgroup name. The Workgroup name should be the same for all computers on your local network, but the Computer name must be different for each computer.

    7. Figure 7-11. Set the Computer Name and Workgroup Name on the Computer Name Changes Window

     

  7. Click OK when you're done; if Windows informs you that you need to restart your computer, do so now. Repeat steps 4-6 for the other computers on your network.

  8. Your connection should now be active. Determine the IP address of each computer using the connections' Status windows (see "Other connection actions," earlier in this chapter).

  9. Test your connection with Ping (described in Chapter 4). By default, Windows will assign IP addresses in the following way: the first computer will be 192.168.0.1, the second will be 192.168.0.2, and so-on. (See the following section, "What to Do if Your Connection Doesn't Work," for more information on manually assigning IP addresses.) Assuming your network is similar, pick a computer, go to Start Run, and type ping address, where address is the IP address of the other computer. For example, from the 192.168.0.2 computer, you would type:

    10. ping 192.168.0.1

  10. If the network is working, you'll get something like this: 

    11. Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=24ms TTL=53
Reply from 192.168.0.1: bytes=32 time=16ms TTL=53

  11. On the other hand, if you get this result: 

    Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

    it means the network is not functioning.

  12. If your network is functioning, you can proceed to set up the various services you need, such as file sharing, printer sharing, and Internet Connection Sharing (all described later in this chapter). Otherwise, look through the checklist in the following section.

What to do if your connection doesn't work

The following tips should help you get around most of the common hurdles you'll encounter when setting up a LAN:

Sharing Resources

There's little point in setting up a network if you don't take advantage of the connection by sharing files and printers. Once you've established a network connection with another Windows computer and verified that the connection is working (as described in the previous two sections), you can set up resources to be shared over your network.

A shared resource is a folder on your hard disk or a printer physically attached to your computer, which you would like made accessible by other computers on your network. If you share a printer, others on your network can print to it; if you share a folder, others on your network can access the files and folders contained therein as though they were stored on their own hard disks.

Whenever you share a resource, you are opening a backdoor to your computer. It's important to keep security in mind at all times, especially if you're connected to the Internet. Otherwise, you may be unwittingly exposing your personal data to intruders looking for anything they can use and abuse. Furthermore, an insecure system is more vulnerable to viruses and other malicious programs.

The first thing you should do is go to Control Panel [Appearance and Themes] Folder Options View tab, and turn off the "Use simple file sharing" option. See "Folder Options" in Chapter 4 and "Implementing Network Security," later in this chapter, for more information on the problems with this feature.

Sharing resources is easy. Simply right-click a folder or printer icon, select Sharing and Security (or select Properties and choose the Sharing tab), and choose the appropriate options. Figure 7-12 shows a sharing window for a user's Desktop folder. (Sharing printers is discussed later).

Note that under some circumstances, the dialogs shown in Figures 7-12, 7-13, 7-15, and 7-16 may look different. For example, in Windows XP Home Edition, if you're not using the NTFS file, or if you have the "Use Simple File Sharing" option enabled in Windows XP Professional Edition, you may see simpler dialogs with fewer options. The concepts discussed still hold, but some of the advanced options relating to permissions will be unavailable.

Figure 7-12. Use the Sharing tab of a file or folder to set its access privileges

 

Choose the "Share this folder" option to enable sharing for the selected item. (Note that if you're sharing a disk and Sharing already appears to be active, you may be looking at an Administrative Share, discussed later in this chapter.) The name you typed in the "Share name" field is what users of other computers will see when they try to access the folder; the Comment field is optional.

At this point, you can click OK to begin sharing the folder (and all of its contents) over your network. When a folder or drive is shared, a small hand appears over its icon. Note that it's best to share only those folders that you need others to access.

However, you need to make sure that your user accounts are in order before others on your network are able to access your shared resources. Simply put, every user who wishes to access data on your computer remotely (that is, through the network connection) must have a user account on your computer. For example, if you're logged in as "Lenny," you'll only be able to access resources on other computers that also have an account called "Lenny" and that have the same password configured for that account. If you have two Windows XP machines, one with a "Lenny" account and one with a "Lenny" and a "Karl" account, a user logged in as "Karl" will only be able to access resources on the second machine.

Once a folder has been shared, and assuming the user accounts are set up properly, you can access the folder from another computer by using My Network Places. My Network Places is available as an icon on your Desktop and as a folder in the Windows Explorer tree. See Figure 7-13 for an example of how a shared folder called Desktop located on the computer called Karl, is accessed over the network. Files and folders can be dragged to and from this location as though it was just another folder on your hard disk.

Figure 7-13. My Network Places gives access to shared folders on other machines

 

The full path to a network resource (called a UNC path, for "Universal Naming Convention") looks a little different than a standard path. The path to a folder called Desktop, located on a computer called Barney, will look like this: 

\\Barney\Desktop

Note that only the Share name (Desktop) is shown here, even though the folder may have a long path on its host computer (e.g., c:\Documents and Settings\Barney\Desktop).

Mapping drives

Although generally considered passe, you can also access shared resources by mapping them to a network drive. Select Map Network Drive from Windows Explorer's Tools menu to display the window shown in Figure 7-14. Here, if we choose an unused drive letter, such as N:, and specify the path to an existing network resource, such as \\Barney\Desktop, we can then access the files in that folder by navigating to N: in Explorer.

Drive mapping was used more commonly several years ago when most applications didn't support UNCs like \\Barney\Desktop, but happily accessed files off of a fictitious drive N:. Today, it is preferred to simply create a Windows Shortcut to a commonly accessed network resource rather than going to the trouble of mapping a drive. However, if you still rely on an old application or even a DOS program, you may still need to resort to drive mapping.

Figure 7-14. Mapping a network drive

 

Administrative shares

In Windows XP Professional, every drive is automatically shared by default. However, this is for administrative purposes and is not intended for general file sharing. (Unfortunately, there's no way to disable the administrative shares. For most intents and purposes, though, this does not pose a significant security risk, as the shares can be accessed like normally shared resources.) Figure 7-15 shows the "Default Share" for a drive; the dollar sign in the Share name signifies the administrative share. To initiate the type of file sharing most users will need, click the New Share button at the bottom at of the window to display the New Share window (see Figure 7-16).

Here, you can type the Share name and a comment, if desired, as described earlier in this section. The Share name you've typed, as well as the default share (here, D$), will then appear in a drop-down list; you can subsequently select the desired Share name from this list to configure or remove it.

Figure 7-15. An administrative share

 

Figure 7-16. The New Share window

 

Figure 7-17. The Permissions window

 

Figure 7-18. The Select Users or Groups window

 

Permissions

If you're using Windows XP Professional and the NTFS filesystem, you'll be able to control who can view your files and who cannot; click Permissions in the Sharing window to see the Permissions dialog shown in Figure 7-17. By default, a single entry, "Everyone," is shown in the top list. If you want to selectively allow and disallow access to various users, first click all the checkboxes in the Deny column. Then, click Add to configure the access rights for other configured users. Figure 7-18 shows the Select Users or Groups window, which configures permissions for user accounts on your machine and other machines on your network.

When a new user has been added to the Permissions window, highlight the username, and selectively click Allow for the various permissions available.

In Figure 7-17, we have three choices:

Full Control
Allows a user to read, modify, and delete files and folders, and add new files and folders. If allowed, the Change and Read options are also enabled.

Change
Allows a user to modify a file. If allowed, the Read option is also enabled.

Read
Provides basic read-only access to a file or folder. Remote users can view folder listings and open files, but aren't allowed to make any changes, including deleting files or adding new files to protected folders.

Permissions are inherited, which means if you configure the permissions for a folder, those permissions will be active for all subfolders and their contents. However, you can set rather liberal permissions for, say, a drive, and then selectively restrict access for the more sensitive folders contained therein.

Sharing printers

Printers are shared much in the same way that folders are (described in the previous sections), with two exceptions. First, there's really only one option on the Printer Sharing window (see Figure 7-19): the Share name. Second, printers aren't accessed through the My Network Places folder.

Figure 7-19. The Printer Sharing window

 

Here's how to share a printer:

  1. On the computer physically connected to the printer, go to Control Panel [Printers and Other Hardware] Printers and Faxes.

  2. Right-click on the printer icon to share, and select Sharing.

  3. Choose the "Share this printer" option, verify that the Share name is as close to the original printer name as possible, and click OK.

  4. Then, go to another computer on your network, and open Control Panel [Printers and Other Hardware] Printers and Faxes.

  5. Double-click the Add Printer icon (or, if you have common tasks enabled, click "Add a printer" in the Printer Tasks pane).

  6. Click Next on the first page, select "A network printer, or a printer attached to another computer" on the second page, and then click Next.

  7. Leave the default setting of "Browse for printer" selected, and click Next.

  8. You'll then be presented with a rather strange-looking collapsible tree (see Figure 7-20). Although it doesn't look or feel much like the tree in Windows Explorer, it works in somewhat the same way. Double-click any branch to expand it; when you've found the printer, click Next. If the printer does not appear under the computer to which it's attached, either the computer is not properly hooked up to the network or the printer driver does not support network sharing.

    9. WARNING:  Some printer drivers don't support being shared over a network, especially those for cheaper printers. However you may still be able to share your printer by purchasing a separate print server. Note that it may be less expensive to simply purchase a new printer, but that's up to you.

  9. When you complete the wizard, a new icon will appear in the Printers and Faxes window for the newly shared printer, and you'll be able to print to that printer from any Windows application is not physically attached to the computer. Note that the computer that is physically attached to the printer must be turned on in order to print.

  10. Repeat steps 4-9 for all other computers on your network that you need to print from.

    11. Figure 7-20. Browsing for a Shared printer

     

Connecting to the Internet

There are four basic ways to connect to the Internet in Windows XP. The one you choose depends on the type of connection you wish to establish:

If your connection doesn't fit neatly into one of these categories, your setup may still be similar to one of the following sections. Otherwise, you'll need to contact your service provider for specific instructions and software for Windows XP.

If you have a single Internet connection and more than one computer, see "Sharing an Internet Connection" later in this chapter.

Once you've successfully connected to the Internet, see "Implementing Network Security," later in this chapter, for more steps to protect your computer and data.

DSL, cable, or other high-speed connection with a static IP address

High-speed connections with static IP addresses are very easy to set up in Windows XP. (A static IP address means you have the same IP address every time you start your computer.) No additional software is typically required for such a connection. If you're not sure if you have such a connection, check to see if your connection requires a username and password to log on; if so, you most likely have a PPPoE connection (see the next section). Otherwise, proceed with these steps:

  1. Connect your network adapter directly to your Internet connection. (This assumes your Internet connection is properly set up and functioning.)

  2. Open the Network Connections window, locate the connection icon corresponding to your network adapter, and rename it to "Internet Connection." Then, right-click the newly named Internet Connection icon and select Properties.

  3. Under the General tab, only Client for Microsoft Networks, and Internet Protocol (TCP/IP) should be checked (see "Protocols and Services," earlier in this chapter, for details).

  4. Select Internet Protocol (TCP/IP) and click Properties. Click the "Use the following IP address" option and enter the IP address, Subnet mask, Default gateway, and the Preferred (primary) DNS server and Alternate (secondary) DNS server addresses provided by your Internet service provider.

  5. Click OK, then click OK again; the change should take effect immediately. Test your connection by loading a web page or using Ping (see Chapter 4).

Notes:

If Windows ever prompts you to connect to the Internet after completing these steps, go to Control Panel [Network and Internet Connections] Internet Options Connections tab, and click "Never dial a connection."

DSL, cable, or other high-speed connection via PPPoE

PPPoE is the protocol used to establish temporary, dynamic IP connections over high-speed Internet connections. If your connection provides a dynamic IP address, it means your Internet service provider assigns a different IP address every time you connect to the Internet. The PPPoE (PPP over Ethernet) protocol facilitates this connection by sending your username and password to your provider. If your ISP provides special software that connects to the Internet (such as Efficient Networks' NTS Enternet 300 utility or RASPPPoE), you can abandon it in favor of Windows XP's built-in support for PPPoE.

One of the differences between this type of connection and the static IP connection discussed in the previous section is that PPPoE connections must be initiated every time you start Windows or every time you wish to use the Internet, which is somewhat like using old-fashioned dial-up connections (discussed later).

Here's how to set up a PPPoE connection in Windows XP:

  1. If you have PPPoE software (such as Enternet 300) installed, remove it from your system now. This is typically accomplished by going to Control Panel Add or Remove Programs. Refer to the documentation that came with the software for details.

  2. Open the Network Connections window and start the New Connection Wizard (or click Create a new connection if you have the Common Tasks pane enabled).

  3. Click Next to skip the introductory page, choose the "Connect to the Internet" option, and click Next.

  4. Choose the "Set up my connection manually" option, and click Next.

  5. Choose the "Connect using a broadband connection that requires a username and password" option, and click Next.

  6. Type a name for this connection; a good choice is the name of your ISP or just "DSL" or "cable," and click Next.

  7. Enter your username and password, choose the desired options (if you're not sure, turn them all on), and click Next.

  8. Click Finish to complete the wizard.

  9. To start the connection, double-click the icon you just created in the Network Connections folder. If you elected to create a Desktop shortcut in the wizard, double-click said Desktop icon.

  10. The "Connect" box can be disabled by clicking Properties, selecting the Options tab, and changing the "Prompt for name and password, certificate, etc." option. You can return to this window by right-clicking the new connection and selecting Properties.

Notes

Connection provided by another computer or router via Internet Connection Sharing

If you're using Internet Connection Sharing, the setup for the clients (all the computers on your network, other than the one with the physical Internet connection) is a snap. This procedure is also appropriate if you're using a router to share an Internet connection.

This procedure assumes you've already set up your Internet connection, as described in "Sharing an Internet Connection," as well as a properly functioning peer-to-peer workgroup, as described in "Setting up a LAN," discussed earlier in this chapter.

Follow these steps to connect a computer to an existing shared Internet connection:

  1. Open the Network Connections window, right-click the connection icon corresponding to your network adapter, and select Properties.

  2. Under the General tab, make sure Client for Microsoft Networks and Internet Protocol (TCP/IP) are checked (see "Protocols and Services," earlier in this chapter for details). Other protocols and services may be checked here as well, depending on your needs.

  3. Select Internet Protocol (TCP/IP) and click Properties. Here, there are two possibilities.

  4. If you're not using fixed IP addresses on your LAN (which will be the most common case), select both the "Obtain an IP address automatically" and the "Obtain DNS server address automatically" options, and click OK.

  5. If you've set up your network with fixed IP addresses such as 192.168.0.1, 192.168.0.1, and so on (see "Setting Up a LAN," earlier in this chapter), click the "Use the following IP address" option and enter the IP address of the machine. Then type 255.255.255.0 for the subnet mask. For the gateway, enter the IP address of the computer hosting the shared Internet connection. If you're using a router to share your Internet connection, refer to the instructions that come with the router for the proper gateway settings. Finally, type the Preferred (primary) DNS server and Alternate (secondary) DNS server addresses provided by your Internet service provider. Click OK when you're done.

  6. Click OK to close the connection properties window; the change should take effect immediately. Test your connection by loading a web page or using Ping (see Chapter 4).

  7. If the connection doesn't work at this point, run the Network Setup Wizard (or click "Set up a home or small office network" if you have the Common Tasks pane enabled). Click Next at the first two pages, and on the third page, choose "This computer connects to the Internet through another computer..." Then click Next. Depending on your network configuration, the remaining pages will vary here; answer the questions the best you can and complete the wizard.

Notes

Dial-up connection, including analog modems over standard phone lines

If you have a standard analog modem and you connect to the Internet by dialing a phone number, follow these steps to set up your connection. You can have as many connections as you like, which is especially useful if you travel; just repeat these steps for each subsequent connection.

  1. Open the Network Connections window, and then start the New Connection Wizard (or click Create a new connection if you have the Common Tasks pane enabled).

  2. Click Next to skip the introductory page, choose the "Connect to the Internet" option, and click Next.

  3. Choose the "Set up my connection manually" option, and click Next.

  4. Choose the "Connect using a dial-up modem" option, and click Next.

  5. Type a name for this connection; a good choice is your ISP name, or perhaps something like "Analog connection at my sister's house," and click Next.

  6. Type the phone number here, and click Next.

    7. If your ISP provides two or more phone numbers, you have the option of creating multiple connections (one for each phone number), or creating a single connection that cycles through a list of phone numbers until a connection is established. If you choose the latter, you'll have the opportunity to enter additional phone numbers for the connection later on.

  7. Enter your username and password, choose the desired options (if you're not sure, turn them all on), and click Next.

  8. Click Finish to complete the wizard.

  9. To start the connection, double-click the icon you just created in the Network Connections folder. If you elected to create a Desktop shortcut in the wizard, double-click said Desktop icon.

  10. The "Connect" box can be disabled by clicking Properties, selecting the Options tab, and changing the "Prompt for name and password, certificate, etc." option. You can return to this window by right-clicking the new connection and selecting Properties.

Notes

Sharing an Internet Connection

It obviously makes sense to share a single Internet connection among all the computers in your home or office, rather than investing in a separate connection for each machine. Fortunately, Windows XP comes with an Internet Connection Sharing (ICS) feature built right into the operating system. Additionally, there are third-party hardware and software products that provide similar functionality, each with its own advantages and disadvantages. See "Alternatives to Internet Connection Sharing," later in this chapter, for details.

Setting up Internet Connection Sharing

Internet Connection Sharing is a system by which a single computer with an Internet Connection acts as a gateway, allowing other computers on the LAN to use the connection. The computer that is connected directly to the Internet is called the host; all the other computers are called clients.

In order to get ICS (Internet Connection Sharing) to work, you'll need the following:

The first step in setting up ICS is to configure the host, the computer with the Internet Connection that will be shared.

  1. Open the Network Connections window. Here, you should have at least two connections listed: one for your Internet Connection, and one for the Ethernet adapter connected to your Local Area Network (LAN). If they're not there, your network is not ready; refer to the earlier topics in this chapter, and try again.

    2. For clarity, I recommend renaming the two connections to "Internet Connection" and "Local Area Connection," as shown in Figure 7-4 and Figure 7-5.

  2. If you haven't already done it, select Details from the View menu.

  3. Right-click the connection icon corresponding to your Internet connection and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device.

    4. However, if you're using DSL or cable with PPPoE, the icon to use is the "Broadband" connection set up in "Connecting to the Internet: DSL, cable, or other high-speed connection via PPPoE," earlier in this chapter.

  4. Choose the Advanced tab, and turn on the "Allow other network users to connect through this computer's Internet connection" option, as shown in Figure 7-22. Click OK when you're done.

    5. For more information on the Firewall option shown here, see "Implementing Network Security," later in this chapter.

    Figure 7-22. Allowing ICS via the Advanced tab of a network connection's properties

     

  5. Verify that Internet Connection Sharing is enabled; it should say "Enabled, Shared" in the Type column of the Network Connections window, as shown in Figure 7-4 and Figure 7-5.

  6. Verify that the Internet connection still works on the host by attempting to open a web page or by using Ping (see Chapter 4). If the Internet connection doesn't work on the host, it definitely won't work on any of the clients.

  7. That's it! The change should take effect immediately.

The next step is to configure each of the client computers to use the shared connection. The only requirements of the client machines are that they are running an operating system that supports networking, and that their network connections are properly set up. The clients can be running Windows 2000, Windows Me, Windows 9x, Windows NT, Windows 3.x for Workgroups, or even MacOS, Unix, Linux, or FreeBSD.

See "Connecting to the Internet," earlier in this chapter, and follow the instructions under "Connection provided by another computer or router via Internet Connection Sharing." While the instructions are specific to Windows XP, the settings explained therein can be adapted to any OS; refer to your operating system's documentation for more information.

Troubleshooting Internet Connection Sharing

Here are some tips that should help you fix the problems you might encounter with Internet Connection Sharing:

Alternatives to Internet Connection Sharing

The Internet Connection Sharing feature built into Windows XP has it's limitations. For example, the host computer must be on and connected to the Internet for the other computers to have Internet access. If you don't want your network's Internet connection to rely on any single computer, there are alternatives to ICS.

The cheapest and most flexible way to share an Internet connection is to use ICS, but it's worth investigating the alternatives to see if they make sense for you.

Use a router
A router works similarly to a hub or switch, both discussed at the beginning of this chapter, except that it is also capable of connecting a single Internet connection directly to a LAN. The advantages of a router over ICS is that no single computer must be on for the other computers to have Internet access. Among the disadvantages are the added cost, the potentially more complicated setup, and the support for only certain types of high-speed Internet Connections. Figure 7-3 shows a setup that uses a router.

If you're looking for a router, make sure to get one that supports both DSL and cable connections, as well as PPPoE connections (if that's what your service provider uses). Refer to the documentation that comes with the router for basic setup instructions, and see the "Connection provided by another computer or router via Internet Connection Sharing" section earlier in this chapter for instructions on connecting a Windows XP system to a router.

Use multiple IP addresses
Some ISPs may provide, at extra cost, multiple IP addresses, with the specific intent that Internet access be provided for more than one computer. Instead of using software or hardware to share a single connection (as described in the preceding sections), each computer has its own IP address and, therefore, effectively has its own Internet connection.

Refer to the instructions in the "DSL, cable, or other high-speed connection with a static IP address" section earlier in this chapter to set up each of your computers to access the Internet. The only thing to keep in mind is that each computer must have a different IP address.

The advantages of multiple IP addresses over ICS or using a router, as described above, is that the setup is very easy, and no additional hardware or software is required. The downside is that Internet connections with multiple IP addresses are often much more expensive than standard Internet connections. In fact, the added monthly cost will most likely exceed the one-time cost of a router.

Implementing Network Security

Security is a very real concern for any computer connected to a network or the Internet. There are three main categories of security threats:

A deliberate, targeted attack through your network connection
Ironically, this is the type of attack most people fear, but realistically, it is the least likely to occur, at least where home and small office networks are concerned. It's possible for a so-called hacker to obtain access to your computer, either through your Internet connection or from another computer on your local network.

An automated invasion by a virus or robot
A virus is simply a computer program that is designed to duplicate itself with the purpose of infecting as many computers as possible. If your computer is infected by a virus, it may use your network connection to infect other computers; likewise, if another computer on your network is infected, your computer is vulnerable to infection. The same goes for Internet connections, although the method of transport is typically an infected email message.

There also exist so-called robots, programs that are designed to scan large groups of IP addresses and look for vulnerabilities. The motive for such a program can be anything from exploitation of credit card numbers or other sensitive information to the hijacking of computers for the purpose of distributing spam or viruses.

A deliberate attack by a person sitting at your computer
A person who sits down at your computer can easily gain access to sensitive information, including your documents, email, and even various passwords stored by your web browser. An intruder can be anyone, from the person who steals your computer to a co-worker casually walking by your unattended desk. Naturally, it's up to you to determine the actual likelihood of such a threat, and to take the appropriate measures.

Windows XP includes several features that will enable you to implement a reasonable level of security without purchasing additional software or hardware. Unfortunately, Windows is not configured for optimal security by default. Before you proceed with any of the solutions in this section, complete the following steps:

  1. A feature called Simple File Sharing, which could allow anyone, anywhere, to access your personal files, is turned on by default in Windows XP. Go to Control Panel [Appearance and Themes] Folder Options View tab, and turn off the "Use simple file sharing" option.

  2. If you need to share files or folders with other computers on your network, see "Sharing Resources," earlier in this chapter. It's wise to share only those folders that need to be shared; also, make sure none of your sensitive data is stored in shared folders or folders located on shared drives. You can see exactly which folders are shared by navigating to My Network Places Entire Network Microsoft Windows Network the name of your workgroup the name of your computer. Figure 7-23 shows an example of this folder.

    3. Figure 7-23. Showing which files and folders your computer is sharing

     

  3. Open the Network Connections window, and right-click on the icon corresponding to your Internet connection. If you have more than one, repeat this procedure for each Internet connection.

  4. In the General tab, clear the checkmark next to the "File and Printer Sharing for Microsoft Networks" entry. The only connection for which this option should be enabled is the connection to your LAN (if you have one). See "Services and Protocols," earlier in this chapter, for more information.

Read through the remaining topics in this chapter for additional security features in Windows XP.

Using the Internet Connection Firewall

A firewall is a layer of protection that permits or denies network communication based on a predefined set of rules. These rules restrict communication so that only certain applications are permitted to use your network connection. This effectively closes backdoors to your computer that otherwise might be exploited by viruses, hackers, and other malicious applications.

To enable the Internet Connection Firewall (ICF) on your computer, follow these steps:

  1. Open the Network Connections window, and, if you haven't already done so, select Details from the View menu.

  2. Right-click the connection icon corresponding to your Internet connection, and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device.

    3. However, if you're using DSL or cable with PPPoE, the icon to use is the "Broadband" connection set up in "Connecting to the Internet: DSL, cable, or other high-speed connection via PPPoE," earlier in this chapter.

  3. Choose the Advanced tab, and turn on the "Protect my computer and network by limiting or preventing access to this computer from the Internet" option, as shown in Figure 7-22 (earlier in this chapter). Click OK when you're done.

    4. For more information on the Internet Connection Sharing option shown here, see "Sharing an Internet Connection," earlier in this chapter.

  4. Verify that Internet Connection Sharing is enabled; it should say "Enabled, Firewalled" or "Enabled, Shared, Firewalled" in the Type column of the Network Connections window, as shown in Figure 7-4 and Figure 7-5.

  5. Verify that the Internet connection still works on the host by attempting to open a web page or by using Ping. (See Chapter 4.)

As you use your computer, you may find that a particular program no longer works. Verify that the firewall is causing the problem by temporarily disabling the Internet Connection Firewall, and trying again. If indeed the firewall is the culprit, you can add a new rule to permit the program to communicate over your Internet Connection.

  1. Open the Network Connections window, right-click the firewalled connection icon corresponding to your Internet connection, and select Properties.

  2. Choose the Advanced tab, click Settings, and choose the Services tab.

  3. If the program or service you wish to use is on the list, place a checkmark next to it. Otherwise, click Add to display the Service Settings window as shown in Figure 7-24.

    4. Figure 7-24. The Service Settings Window

     

  4. The Description of service is simply a name you assign to the new service; it can be anything that doesn't already exist on the list. The description should be clear and easily recognizable, such as "Peer-to-Peer Sharing" or "Whiteboard software."

  5. The "Name or IP address" field can be somewhat confusing. If you're connecting to a service provided by a single, specific computer, enter the IP address or network name of the computer here. Otherwise, simply type a period. (The field can't be left blank.)

  6. Port numbers, described at the beginning of this chapter, are how ICF distinguishes one service from another. You may need to consult the documentation of the particular software or service to determine the appropriate port number. Type the external and internal port numbers in the two remaining fields; in most cases, both of these values will be the same. And unless you specifically need to specify UDP ports, leave the TCP option enabled.

  7. Click OK when you're done. Place a checkmark next to the newly added service, as well as any other services you wish to permit, and click OK. Finally, click OK to close the properties window.

  8. Test the newly permitted service. You may have to experiment with different firewall rules until your software or service works properly.

Notes

Protecting your data with passwords and encryption

Most users consider passwords to be a monumental nuisance. After all, we use passwords to access our email, place orders from online stores, access our bank accounts, and bid on all of those priceless artifacts on eBay. However, if it weren't for passwords, anyone could read our email, abuse our credit cards, steal from our accounts, and place bids on all sorts of annoying little ceramic figurines, all without our knowledge or authorization.

Windows XP has a rather robust security subsystem, allowing you to deny access to your computer to anyone who does not know your password. If you're using Windows XP Professional, you can also protect your data from other, less-privileged users on the same machine or on your network.

See "User Accounts" in Chapter 4 for more details on adding and removing users, as well as assigning passwords to existing user accounts. Although Windows NT permits user accounts to be created without a password (it's actually the default), you should ensure that each user on your machine is assigned a unique password. Even if you're not the least bit worried about a family member or co-worker accessing the data on your computer, a password-less account is vulnerable to attacks over your network or Internet connection.

Assigning a password doesn't necessarily mean that you have to log in every time use your computer, however. If you're the only one who uses your computer, you can use TweakUI I (discussed in Appendix D) to set Windows XP to log in with your username and password automatically.

Suppose you have three different people who all use the same computer, and you don't want other users to be able to read or modify your personal files. Now, any user with administrator privileges has unrestricted access to every file and folder on your computer, but less-privileged users can easily be selectively locked out of any folder on your hard disk. While Windows XP Home Edition only supports administrator accounts, XP Professional supports several levels of users, and is therefore required for this type of security. See the section on Permissions in "Sharing Resources," earlier in this chapter, for details on setting permissions.

Finally, Windows XP supports file encryption, an additional layer of security that scrambles your sensitive data, making it totally unreadable for anyone without the proper authorization. See the "NTFS Encryption Utility" in Chapter 4 for more information.

Additional security tips

The following tips should help you make your computer more secure and less vulnerable to the types of security threats present today:

Back to: Sample Chapter Index

Back to: Windows XP in a Nutshell

oreilly.com Home | O'Reilly Bookstores | How to Order | O'Reilly Contacts
 International | About O'Reilly | Affiliated Companies | Privacy Policy

© 2001, O'Reilly & Associates, Inc.
webmaster@oreilly.com