Peer-to-Peer Networks

Use network setup wizard to set proper permissions on shared folders, add required registry keys, configure and bind protocols, enable ICF and adjust system policies. Tweak settings afterwards. If you are using ICS, configure internet connection first, then run setup wizard. Network setup wizard will change default workgroup name to MSHOME: change this to preserve existing workgroup name. Workgroup names do not require any security settings: they are merely an organisational grouping tool. Workgroup name can be up to 15 characters long. No shared user database on peer-to-peer, local accounts only. By disabling Simple File Sharing, you can use an XP Pro machine as a Print and File Server. Right-click a connection to rename it.

Hardware requirements

NICs

Hub or Switch. Residential gateways can provide NAT and act as hub. Wireless Access Points do the same job on a wireless network

Cables. Use a crossover cable for direct connections between two PCs. Max 100m cables for Ethernet (10Mbps). Fast Ethernet (100Mbps), Gigabit (1000Mbps), Wireless (802.11b) 11Mbps

Use Find Compatible hardware Wizard in Help to identify compatible network gear. Wireless security (Wireless Equivalence Privacy) to stop unauthorised eavesdroppers. WEP encrypts (40 or 104-bit) data flow. IPSec may be required for stronger security. When you install a wireless NIC, connect to wireless network dialogue begins, and invites you to enter WEP key if required.

Wireless Troubleshooting

• Does NIC support automatic configuration: check with manufacturer
• Is automatic configuration enabled in Windows. Open properties in network connections, select 'use Windows to Configure my Wireless Network Settings'
• Is the Wireless Zero Configuration service running?
• Is the Access Point visible in 'available networks' in the connect to wireless network dialogue

Ad Hoc mode allows a peer-to-peer network without a WAP (infrastructure mode). Configure Ad Hoc mode using 'advanced' on wireless network tab

Default Components of Network Configuration

• Client for Microsoft Networks
• File and Print sharing for Microsoft Networks (server)
• QoS Packet Scheduler (mainly IPv6 protocol)
• Internet Protocol (TCP/IP)

IP address

IP address: 4 8-bit numbers. IANA reserved addresses:

• to 10.255.255.255
• 172.16.0.0. to 172.16.255.255
• 192.168.0.0. to 192.168.255.255 (used by ICS, 192.168.0.1 is ICS Host)

Can be assigned by

• DHCP
• APIPA: automatic private IP addressing uses address in range 169.254.0.0 to 169.254.255.255
• manually (used in small workgroup networks to avoid need for TCP/IP configuration). APIPA checks if DHCP available first. If not ,it then checks that the desired IP address is not in use then it sets the address and mask. Default gateway is not set, on the assumption that all machines on the local network are on the same subnet. To use APIPA, configure the machine as you would for DHCP.
• Alternate IP Configuration, useful for mobile computers. Allows you to add a backup configuration to the main IP config. Use DHCP for main connection, and supply a static configuration as a backup. Only one connection is used at a time.

Internet Connection Sharing

Internet Connection Sharing Details

• DHCP allocator
• DNS Proxy
• Autodial enabled
• Public and Private addresses
• Must use IE5 or later with ICS server set as proxy
• Configure mail client (only outlook or outlook express supported) to access mail through the LAN connection
• Only windows clients can use ICS

Network Troubleshooting

Using Ping, if some but not all packets timeout, suggests one or more hops between source and target are experiencing problems:

• 127.0.0.1 (check nic)
• localhost (name resolution)
• myIP
• otherlocalIP
• myGateway
• myDNSserver
• external host
• then use pathping and traceroute

If IP address is 169.254.0.0, your computer is using APIPA, which suggests DHCP server is unavailable. If IP Address is 0.0.0.0, then network is disconnected or static IP address is duplicated. See Q164015 for introduction to subnetting.

Repairing TCPIP Configuration

Repairing a TCP/IP Configuration: run network setup wizard again or choose repair option from connection support tab. Repair is equivalent to

• ipconfig /renew
• arp -d
• nbtstat -R
• ipconfig /flushdns
• ipconfig /registerdns

Although you can't uninstall TCP/IP in XP, you can reinstall and reset registry settings with 'netsh int ip reset resetlog.txt'. Control which UDP and TCP ports can be used on your network using IP filtering on the advanced properties of your TCP/IP connection.

DNS Issues

• check server IPs
• try alternate DNS
• check Hosts files
• check VPN connection (may be intercepting packets for internet: disable use VPN default gateway)

Network troubleshooting tools

Other Network troubleshooting tools can be found in \support\tools

• DHCPloc: displays available DHCP servers
• Getmac: discovers MAC addresses and associated protocols for local and remote hosts
• hostname
• ipconfig
• nslookup
• net
• netstat
• netsh: network command shell
• netdiag: test network status
• ipxroute
• pathping
• pptpclient: check VPN connection
• pptpsrv
• nbtstat
• ping
• route
• tracert
• Taskmanager network tab shows saturation of network connection

Use network setup wizard on machine with two nics to act as bridge between two separate networks

Shared Folders and Printers

Two sharing models available: SFS and classic sharing. Sharing is disabled on a clean XP installation, because the guest account is disabled. To setup sharing run the network setup wizard. If you enable sharing without using the wizard, the guest account is enabled and removed from the list of 'deny access to this computer'. This allows anyone access to the shares. If you can't see a sharing tab check if server service is running and File and printer sharing installed. With SFS you can choose 'allow network users to change any files'. This is still subject to other restrictions on the guest account. Behind the scenes:

permissions granted to everyone group (guest is a member of the everyone group) for sharing: either read or full

ace added to the acl for NTFS drives for everyone group: rx or rwx

With SFS, simply enabling sharing automatically shares your shared docs folder with modify permissions for everyone. To share a folder locally, simply drag it to the 'Shared Documents' folder. Shared Documents is available to all users who login locally. Use Group Policy to disable local sharing.

Classic Sharing

No difference between Windows 2000 and XP permissions. Share and NTFS permissions are two separate controls. When a conflict occurs between share and NTFS permissions, most restrictive applies. Share level access only applies to network access. In a workgroup you need to setup accounts on each computer. Use the same username and password to avoid a separate logon dialogue. In a workgroup maximum connections equals 10. Share Level permissions are one of: full, read or change (change means all permissions but take ownership or change permissions). To deny guest access, replace everyone permissions with authenticated users. Files created in shared folders while SFS is enabled are owned by the guest account, even if you later turn off SFS. fsmgmt.msc is another tool to manage shared folders. If SFS enabled, you get a read-only view from the console. By default XP searches the network for shared resources and places them in the network places. Turn this feature off through tools, folder options, view, advanced. Network places can be folders, printers, ftp sites, web folders on the internet and can be access via standard dialogue boxes. On XP Home, you always connect to shares as Guest. In XP Pro you are connected if you have an account and password matching one on the remote computer. Otherwise you are connected as Guest. If guest disabled, you'll be prompted for a password. If you get access denied instead of a password dialogue, change your network passwords in User Accounts.

Command Line Share Control

• net share sharename=path
• /users=number
• /unlimited
• /remark=text
• /cache;[manual|documents|programs|no]
• /delete
• net use
• net session (view connections)
• net session \\computername /delete (disconnect a session)
• net session /delete (disconnect all)
• net file (list all open files)
• net file ID /close (close an open file)
• net statistics workstation
• net statistics server

Remote Access

Remote desktop based on Terminal Services technology, the machine you are connecting to must be running XP Pro. Use Remote Assistance or NetMeeting to control an XP Home PC. Remote computer requires a visible IP Address from local machines viewpoint. Client software can be installed from XP CD to Windows for Workgroups upwards (software located at \support\tools\msrdpcli.exe). Enable Remote Desktop from sysdm.cpl (Ctrl+Break). Only accounts that require a password can connect. By default current user, administrators, and members of the Remote Desktop users group can connect, but you can add additional users if required (username must have a password). If connection is via modem, then you must configure modem to answer automatically and setup an incoming connection. If connection is via internet, you'll need to open port 3389 on Firewall (ICF blocks remote desktop port). If computer on a network but not connected directly to the internet, you should setup a VPN connection. You can also install remote desktop web connection on an IIS server on the remote network, one of the optional components of the IIS install. Then you can access remote desktops using a browser via this website. Configure the 'Default Web Site\Tsweb' to accept anonymous access, leaving authentication to be handled by remote client. To access a remote desktop via the web go to http://server/tsweb (involves downloading an ActiveX control). Once connected save connection in favorites for future use. If your 3^rd party firewall blocks unknown outbound internet traffic, you'll need to enable connections on port 3389.

If someone is already logged on at remote machine, then your connection will log them off. Remote monitor does not display activities of a remote desktop connection, instead the Welcome screen or unlock workstation screen is displayed. To reduce the risk of being accidentally logged out of a remote desktop connection, disable the Welcome screen and\or Fast User Switching. Only one user can control the desktop of an XP machine. RDP connection preferences are stored in \mydocs\default.rdp. Screen resolution is set by client, number of colours is set to lowest value on either computer. Clipboard allows cut and paste between the two computers, and local drives can appear on remote computer if this option is selected in connection preferences. Choose preferences according to performance requirements and network connection speed. Screen Saver configured on remote desktop will not display on remote connection instead you'll see a blank screen. You can disconnect or logoff from a remote connection. Special key combinations can be reserved for local computer or sent to remote. If reserved, following key mappings can be used:

Alt+Tab Alt+PageUp

Alt+Escape Alt+Insert

Ctrl+Alt+Del Ctrl+Alt+End

Ctrl+Esc Alt+Home

Virtual Private Networks

Virtual Private Networks (VPN) connections allow you to connect to a private network using an internet connection. A connection is effected using encryption to tunnel the link over the internet. Three popular tunnelling protocols: PPTP, L2TP (Layer 2 Tunnelling Protocol), and IPSec Tunnel Mode. Windows XP can use PPTP or L2TP, but Windows 2000/3 Server required to act as a L2Tp VPN server. A number of third party VPN solutions exist, but XP has sufficient support for VPN connections for small networks.

Configure XP VPN Server:

• Network Connections
• New Connection Wizard
• Setup Advanced Connection
• Accept Incoming Connection
• Allow Incoming VPN (requires public IP Address)
• Select Users
• Select Network Components

For RAS servers (Computers without a permanent internet connection), select device for VPN and then select 'do not allow incoming VPN connections' (?). After configuring a connection, right-click the connection to set 'require encryption'. User must also set 'require encryption' for connection to work. XP automatically configures firewall to allow VPN traffic. If you use a third party firewall, enable ports 1701 (L2TP) and 1723 (PPTP). L2TP connections require use of certificates. Some ISPs block VPN traffic. Check TCP/IP options on server's incoming connection to allow access to LAN, and use of DHCP or Static IP Address.

Configure VPN Client:

• Network Connections
• New Connection Wizard
• Connect to workplace network
• Specify VPN
• select dialup internet connection
• specify IP Address for VPN server

VPN connections can interfere with internet access if 'use default gateway on remote network' is selected. VPN connections can be shared, just like normal internet connections.

Dialup Connection Options

• Data Encryption, choose none, optional, required or maximum
• Use Extensible Authentication Protocol (EAP), for use with other products, e.g. smart cards, certificates, etc.
• PAP (unencrypted)
• SPAP (shiva)
• CHAP (password hashes used based on MD5)
• MSCHAP (Microsoft CHAP)
• MSCHAP V2 (version 2 MSCHAP)