If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
XP Home: selective folder sharing
Hi folks,
I was wanting to set up some folders so that they are available only to some users, but not to all. I see from KB 304040 that this is not generally allowed in XP Home. Does anyone know of any workarounds? What I'm worried about is access to files on my wired Ethernet LAN through an 802.11g network adapter where I don't have access to the access point. Maybe that's not a problem for other reasons? Any help would be greatly appreciated. DaddySchlich |
Ads |
#2
|
|||
|
|||
XP Home: selective folder sharing
On Sun, 16 Jan 2005 08:31:02 -0800, DaddySchlich
wrote: Hi folks, I was wanting to set up some folders so that they are available only to some users, but not to all. I see from KB 304040 that this is not generally allowed in XP Home. Does anyone know of any workarounds? What I'm worried about is access to files on my wired Ethernet LAN through an 802.11g network adapter where I don't have access to the access point. Maybe that's not a problem for other reasons? Any help would be greatly appreciated. DaddySchlich With XP Home, you can temporarily disable Simple File Sharing by starting up in "Safe Mode with Networking". A Description of the Safe Mode Boot Options in Windows XP http://support.microsoft.com/default...b;en-us;315222 With Simple File Sharing disabled, right click the desired folder, click Sharing and Security, and share the folder. Then, click the Permissions button to specify network access permissions, and click the Security tab to specify NTFS file system permissions. A network user needs both permissions in order to access the share. For details how to set permissions, see this web site: http://www.practicallynetworked.com/...ring/index.htm IMHO, this is a good reason to get XP Pro, and avoid all this complication. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#3
|
|||
|
|||
XP Home: selective folder sharing
Chuck,
Thanks very much for the advice. I was able to implement at least part of it. Unfortunately, I've put myself in a bit of a pickle, and need a bit more. I successfully booted into Safe Mode w/ Networking, and found Simple File Sharing disabled. I created a Test folder in root, and played with the Permissions button. It appeared to allow me to look for possible users to authorize only on the PC I was on - and not on other homenetworked PCs. I rebooted back to XP SP2. My Win98SE PC normally boots directly to Desktop, and had my name on the Log Off function on the Start Menu. Thinking that adding another User might help, I went into Control Panel/Userson the 98SE, and created new User "Test" with a different Desktop. Oddly, my name was not also there as a User. Rebooting gave me a chance to sign on as Test, but no other choices. Hitting Test logged me to its Desktop; hitting Cancel logged me to my usual Desktop. Adding Test made no difference for sharing the Test folder in XP Safe Mode. In Control Panel/Network on the 98SE machine, I found the network login set to Microsoft Family login. I changed to Windows Logon, but the PC hung twice on rebooting. Got into Safe Mode there, and changed back there to Windows Logon. Was able to start up in 98SE. At this point, hitting Network Neighborhood on the 98SE PC then indicated that there was no XP machine on the network. Ouch! So I tried to undo everything - put the Test folder back in Simple File Sharing mode on the XP machine, and deleted Test as a 98SE User through Control Panel. Have tried both Microsoft Family Logon and Windows Logon on the 98SE machine - no crashes, but no answers either. On Rebooting the 98SE machine, I now get the Login screen with no choices (so I hit cancel and get my normal Desktop), and no recognition of the XP machine (checked that machine and clearly have three folders enabled through Simple File Sharing as well as a printer) So - to get back where I started, any advice on getting network access again, and to get rid of the Windows Login screen on rebooting the 98SE machine??? Hopefully, all this detail will help you. My searches on the Microsoft KB sent me to the Registry, but it was very unclear whether the article applied, so I changed nothing. Thanks very much for your help. Daddy Schlich "Chuck" wrote: On Sun, 16 Jan 2005 08:31:02 -0800, DaddySchlich wrote: Hi folks, I was wanting to set up some folders so that they are available only to some users, but not to all. I see from KB 304040 that this is not generally allowed in XP Home. Does anyone know of any workarounds? What I'm worried about is access to files on my wired Ethernet LAN through an 802.11g network adapter where I don't have access to the access point. Maybe that's not a problem for other reasons? Any help would be greatly appreciated. DaddySchlich With XP Home, you can temporarily disable Simple File Sharing by starting up in "Safe Mode with Networking". A Description of the Safe Mode Boot Options in Windows XP http://support.microsoft.com/default...b;en-us;315222 With Simple File Sharing disabled, right click the desired folder, click Sharing and Security, and share the folder. Then, click the Permissions button to specify network access permissions, and click the Security tab to specify NTFS file system permissions. A network user needs both permissions in order to access the share. For details how to set permissions, see this web site: http://www.practicallynetworked.com/...ring/index.htm IMHO, this is a good reason to get XP Pro, and avoid all this complication. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#4
|
|||
|
|||
XP Home: selective folder sharing
On Mon, 17 Jan 2005 08:45:16 -0800, DaddySchlich
wrote: Chuck, Thanks very much for the advice. I was able to implement at least part of it. Unfortunately, I've put myself in a bit of a pickle, and need a bit more. I successfully booted into Safe Mode w/ Networking, and found Simple File Sharing disabled. I created a Test folder in root, and played with the Permissions button. It appeared to allow me to look for possible users to authorize only on the PC I was on - and not on other homenetworked PCs. I rebooted back to XP SP2. My Win98SE PC normally boots directly to Desktop, and had my name on the Log Off function on the Start Menu. Thinking that adding another User might help, I went into Control Panel/Userson the 98SE, and created new User "Test" with a different Desktop. Oddly, my name was not also there as a User. Rebooting gave me a chance to sign on as Test, but no other choices. Hitting Test logged me to its Desktop; hitting Cancel logged me to my usual Desktop. Adding Test made no difference for sharing the Test folder in XP Safe Mode. In Control Panel/Network on the 98SE machine, I found the network login set to Microsoft Family login. I changed to Windows Logon, but the PC hung twice on rebooting. Got into Safe Mode there, and changed back there to Windows Logon. Was able to start up in 98SE. At this point, hitting Network Neighborhood on the 98SE PC then indicated that there was no XP machine on the network. Ouch! So I tried to undo everything - put the Test folder back in Simple File Sharing mode on the XP machine, and deleted Test as a 98SE User through Control Panel. Have tried both Microsoft Family Logon and Windows Logon on the 98SE machine - no crashes, but no answers either. On Rebooting the 98SE machine, I now get the Login screen with no choices (so I hit cancel and get my normal Desktop), and no recognition of the XP machine (checked that machine and clearly have three folders enabled through Simple File Sharing as well as a printer) So - to get back where I started, any advice on getting network access again, and to get rid of the Windows Login screen on rebooting the 98SE machine??? Hopefully, all this detail will help you. My searches on the Microsoft KB sent me to the Registry, but it was very unclear whether the article applied, so I changed nothing. Thanks very much for your help. Daddy Schlich OK, a Win 98 / Win XP LAN! That gives a bit of a twist. The browser (I'm not talking about Internet Explorer here) on Win 98 and Win XP don't work well together on the same LAN. Make sure the browser service is running on the WinXP computer. Control Panel - Administrative Tools - Services. Verify that the Computer Browser, and the TCP/IP NetBIOS Helper, services both show with Status = Started. Disable the browser on the Win98 computer: http://cms.simons-rock.edu/faq_by_subtopic/node138.html After checking / disabling / enabling as above, power all computers off to reset the browser settings on each. Then power both computers back on. The Microsoft Browstat program will show us what browsers you have in your domain / workgroup, at any time. http://support.microsoft.com/?id=188305 You can download Browstat from either: http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip Browstat is very small (40K), and needs no install. Just unzip the downloaded file, copy browstat.exe to any folder in the Path, and run it from a command window, by "browstat status". Make sure all computers give the same result. For more information about the browser subsystem (very intricate), see: http://support.microsoft.com/?id=188001 http://support.microsoft.com/?id=188305 http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx Once you get both computers visible from each other, then let's continue. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. |
#5
|
|||
|
|||
XP Home: selective folder sharing
Hi Chuck,
Here we a Verified that those two services were running on the XP machine. Disabled the browser on the W98SE PC, though it's still on Windows logon as primary logon. Rebooted both PCs (just realized I didn't turn completely off, just rebooted), Downloaded browstat. Ran on XP, and received a reasonable response - which I've saved in a .txt file. Tried to run on W98SE machine in a MS-DOS window, and received following error message in a window: "Error Starting Program - The Browstat.exe file is linked to missing export: NETAPI32.DLL:I_BrowseQueryEmulatedDomains." Hitting OK puts me back at the command prompt. Checked to see whether PCs see each other - W98SE machine can still see nothing on the XP - I get a "Unable to browse the network" error message when I click on Entire Network in Network Neighborhood. on the XP machine, I can see all the W98SE files, and successfully printed a test page on the printer attached to the 98 machine. Thanks again. What next? Daddy Schlich "Chuck" wrote: On Mon, 17 Jan 2005 08:45:16 -0800, DaddySchlich wrote: Chuck, Thanks very much for the advice. I was able to implement at least part of it. Unfortunately, I've put myself in a bit of a pickle, and need a bit more. I successfully booted into Safe Mode w/ Networking, and found Simple File Sharing disabled. I created a Test folder in root, and played with the Permissions button. It appeared to allow me to look for possible users to authorize only on the PC I was on - and not on other homenetworked PCs. I rebooted back to XP SP2. My Win98SE PC normally boots directly to Desktop, and had my name on the Log Off function on the Start Menu. Thinking that adding another User might help, I went into Control Panel/Userson the 98SE, and created new User "Test" with a different Desktop. Oddly, my name was not also there as a User. Rebooting gave me a chance to sign on as Test, but no other choices. Hitting Test logged me to its Desktop; hitting Cancel logged me to my usual Desktop. Adding Test made no difference for sharing the Test folder in XP Safe Mode. In Control Panel/Network on the 98SE machine, I found the network login set to Microsoft Family login. I changed to Windows Logon, but the PC hung twice on rebooting. Got into Safe Mode there, and changed back there to Windows Logon. Was able to start up in 98SE. At this point, hitting Network Neighborhood on the 98SE PC then indicated that there was no XP machine on the network. Ouch! So I tried to undo everything - put the Test folder back in Simple File Sharing mode on the XP machine, and deleted Test as a 98SE User through Control Panel. Have tried both Microsoft Family Logon and Windows Logon on the 98SE machine - no crashes, but no answers either. On Rebooting the 98SE machine, I now get the Login screen with no choices (so I hit cancel and get my normal Desktop), and no recognition of the XP machine (checked that machine and clearly have three folders enabled through Simple File Sharing as well as a printer) So - to get back where I started, any advice on getting network access again, and to get rid of the Windows Login screen on rebooting the 98SE machine??? Hopefully, all this detail will help you. My searches on the Microsoft KB sent me to the Registry, but it was very unclear whether the article applied, so I changed nothing. Thanks very much for your help. Daddy Schlich OK, a Win 98 / Win XP LAN! That gives a bit of a twist. The browser (I'm not talking about Internet Explorer here) on Win 98 and Win XP don't work well together on the same LAN. Make sure the browser service is running on the WinXP computer. Control Panel - Administrative Tools - Services. Verify that the Computer Browser, and the TCP/IP NetBIOS Helper, services both show with Status = Started. Disable the browser on the Win98 computer: http://cms.simons-rock.edu/faq_by_subtopic/node138.html After checking / disabling / enabling as above, power all computers off to reset the browser settings on each. Then power both computers back on. The Microsoft Browstat program will show us what browsers you have in your domain / workgroup, at any time. http://support.microsoft.com/?id=188305 You can download Browstat from either: http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip Browstat is very small (40K), and needs no install. Just unzip the downloaded file, copy browstat.exe to any folder in the Path, and run it from a command window, by "browstat status". Make sure all computers give the same result. For more information about the browser subsystem (very intricate), see: http://support.microsoft.com/?id=188001 http://support.microsoft.com/?id=188305 http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx Once you get both computers visible from each other, then let's continue. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. |
#6
|
|||
|
|||
XP Home: selective folder sharing
On Mon, 17 Jan 2005 10:43:04 -0800, DaddySchlich
wrote: Hi Chuck, Here we a Verified that those two services were running on the XP machine. Disabled the browser on the W98SE PC, though it's still on Windows logon as primary logon. Rebooted both PCs (just realized I didn't turn completely off, just rebooted), Downloaded browstat. Ran on XP, and received a reasonable response - which I've saved in a .txt file. Tried to run on W98SE machine in a MS-DOS window, and received following error message in a window: "Error Starting Program - The Browstat.exe file is linked to missing export: NETAPI32.DLL:I_BrowseQueryEmulatedDomains." Hitting OK puts me back at the command prompt. Checked to see whether PCs see each other - W98SE machine can still see nothing on the XP - I get a "Unable to browse the network" error message when I click on Entire Network in Network Neighborhood. on the XP machine, I can see all the W98SE files, and successfully printed a test page on the printer attached to the 98 machine. Thanks again. What next? Daddy Schlich If you reboot a computer that is currently a master browser, it will generally re-elect itself after it boots. The only reliable way to reset both computers, simultaneously, is to power both off. Please provide ipconfig information for each computer. Start - Run - "cmd". Type "ipconfig /all c:\ipconfig.txt" into the command window - Open c:\ipconfig.txt in Notepad, make sure that Format - Word Wrap is NOT checked!, copy and paste entire contents into your next post. Identify operating system (by name, version, and SP level) with each ipconfig listing. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#7
|
|||
|
|||
XP Home: selective folder sharing
Next steps. As you suggested, I totally shut down both the XP and W98SE
machines. Then I rebooted. No different outcome. Late this afternoon, my son booted up another PC on the same network - a Windows 98 machine. Oddly enough, it was able to see the XP machine on the network - no problem. I doublechecked the Master Browser, and it was set to Automatic, not Disable. Because it was working, I didn't touch a thing. So, below, I give you 4 ipconfig files - two on the XP machine, one with an 802.11g network adapter attached, and one without, one on the problem Win98SE machine, and one on the Win98 machine that's networking fine. Let me know what you think, Daddy Schlich First: Windows XP Home Edition, Version 2002, Service Pack 2 - 1. with 802.11g Windows IP Configuration Host Name . . . . . . . . . . . . : FALCON-II Primary Dns Suffix . . . . . . . : Node Type . . . .. . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . .. . . : arlngt01.va.comcast.netEthernet adapter Network Bridge (Network Bridge): Connection-specific DNS Suffix . : Description . . . .. . . . . . . . : MAC Bridge Miniport Physical Address. . . . . . . . .. : B2-3E-25-7F-9B-23 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . .. . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix .. : arlngt01.va.comcast.net Description . . . . . . . . . . . : NETGEAR WG111 802.11g Wireless USB2.0 Adapter Physical Address. . . . .. . . . . : 00-09-5B-B8-00-F3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . .. . . . . : 192.168.1.104 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . .. . . . . . : 68.48.0.5 68.48.0.6 68.87.96.16 Lease Obtained. .. . . . . . . . . : Monday, January 17, 2005 10:24:29 PM Lease Expires .. . . . . . . . . . : Tuesday, January 18, 2005 10:24:29 PM 2. without 801.11g Windows IP Configuration Host Name . . . . . . . . . . . . : FALCON-II Primary Dns Suffix . . . . . . . : Node Type . . . .. . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Network Bridge (Network Bridge): Connection-specific DNS Suffix . : Description . . . . . . . . . . . : MAC Bridge Miniport Physical Address. . . . . . . . . : B2-3E-25-7F-9B-23 Dhcp Enabled. . . . . . . .. . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . .. . . . . . . : 3. The "problem" machine: Windows 98 Section Edition 4.10.2222 A Windows 98 IP Configuration Host Name . . . . . . . . . : FALCON NW.mshome.net DNS Servers . . . . . . . . : 192.168.0.1 Node Type . . . . . . .. . . : Mixed NetBIOS Scope ID. . . . . . : IP Routing Enabled. . . . . : No WINS Proxy Enabled. . . . . : No NetBIOS Resolution Uses DNS : No0 Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 1 Ethernet adapter : Description . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet Adapter Physical Address. . . . . . : 00-80-C8-FB-83-AC DHCP Enabled. . . . . .. . . : Yes IP Address. . . . . . . . . : 192.168.0.179 Subnet Mask . . . . . .. . . : 255.255.255.0 Default Gateway . . . . . . : 192.168.0.1 DHCP Server . .. . . . . . . : 192.168.0.1 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : 01 17 05 10:33:16 PM Lease Expires . . . . . . . : 01 24 05 10:33:16 PM 4. Finally, the other Windows 98 machine - Windows 98 4.10.1998 Windows 98 IP Configuration Host Name . . . . . . . . . : MICRON PC.mshome.net DNS Servers . . . . . . . . : 192.168.0.1 Node Type . . . . . . .. . . : Mixed NetBIOS Scope ID. . . . . . : IP Routing Enabled. . . . . : No WINS Proxy Enabled. . . . . : No NetBIOS Resolution Uses DNS : No0 Ethernet adapter : Description . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet Adapter Physical Address. . . . . . : 00-80-C8-FB-90-92 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . : 192.168.0.43 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . .. . . . : 192.168.0.1 DHCP Server . . . . . . . . : 192.168.0.1 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : 01 16 05 10:16:51 PM Lease Expires . . . . . . . : 01 23 05 10:16:51 PM1 Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 2 Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical Address. . . . .. . : 44-45-53-54-00-01 DHCP Enabled. . . . . . . . : Yes IP Address. . . . . .. . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway . . . .. . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . .. . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 3 Ethernet adapter : Description . . . . . . . . : AOL Adapter Physical Address. . . . . . : 44-45-53-54-61-6F DHCP Enabled. . . .. . . . . : Yes IP Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . .. . : 0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 4 Ethernet adapter : Description . . . . . . . . : AOL Dial-Up Adapter Physical Address. .. . . . . : 44-45-53-54-61-70 DHCP Enabled. . . . . . . . : Yes IP Address. . .. . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway .. . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease Expires . . . . . . . : "Chuck" wrote: On Mon, 17 Jan 2005 10:43:04 -0800, DaddySchlich wrote: Hi Chuck, Here we a Verified that those two services were running on the XP machine. Disabled the browser on the W98SE PC, though it's still on Windows logon as primary logon. Rebooted both PCs (just realized I didn't turn completely off, just rebooted), Downloaded browstat. Ran on XP, and received a reasonable response - which I've saved in a .txt file. Tried to run on W98SE machine in a MS-DOS window, and received following error message in a window: "Error Starting Program - The Browstat.exe file is linked to missing export: NETAPI32.DLL:I_BrowseQueryEmulatedDomains." Hitting OK puts me back at the command prompt. Checked to see whether PCs see each other - W98SE machine can still see nothing on the XP - I get a "Unable to browse the network" error message when I click on Entire Network in Network Neighborhood. on the XP machine, I can see all the W98SE files, and successfully printed a test page on the printer attached to the 98 machine. Thanks again. What next? Daddy Schlich If you reboot a computer that is currently a master browser, it will generally re-elect itself after it boots. The only reliable way to reset both computers, simultaneously, is to power both off. Please provide ipconfig information for each computer. Start - Run - "cmd". Type "ipconfig /all c:\ipconfig.txt" into the command window - Open c:\ipconfig.txt in Notepad, make sure that Format - Word Wrap is NOT checked!, copy and paste entire contents into your next post. Identify operating system (by name, version, and SP level) with each ipconfig listing. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#8
|
|||
|
|||
XP Home: selective folder sharing
On Mon, 17 Jan 2005 20:01:05 -0800, DaddySchlich
wrote: Next steps. As you suggested, I totally shut down both the XP and W98SE machines. Then I rebooted. No different outcome. Late this afternoon, my son booted up another PC on the same network - a Windows 98 machine. Oddly enough, it was able to see the XP machine on the network - no problem. I doublechecked the Master Browser, and it was set to Automatic, not Disable. Because it was working, I didn't touch a thing. So, below, I give you 4 ipconfig files - two on the XP machine, one with an 802.11g network adapter attached, and one without, one on the problem Win98SE machine, and one on the Win98 machine that's networking fine. Let me know what you think, Daddy Schlich Daddy, You have an intriguing network. Lots of fun there. ;-) Node Types either Hybrid or Mixed, no problem there. The dual personality of Falcon-II is interesting - Configuration 1 (with 802.11g) puts it on the 192.168.1.0/24 subnet, Configuration 2 (without 802.11g) puts it on 192.168.0.0/24 subnet - as 192.168.0.1. And you're using a bridge in both configurations. Is Falcon-II providing internet service for Falcon using the bridge? When does Falcon-II run on 802.11g? What does Falcon do when Falcon-II is on 802.11g? Falcon, OTOH, is on the 192.168.0.0/24 subnet. What does Falcon do for browsing when Falcon-II is on 802.11g? You disabled the browser on Falcon. Did you test its ability to see Falcon-II (and Micron) when Micron is on the network, and when it's off? What is the master browser (per Browstat from Falcon-II)? I note that Micron also has its own internet service. Let's get a diagnosis of your problem. Take the following code (everything inside the "#####"). (Did I get the names and ip addresses right)? Please disable the browser on Micron, and power everything off again to reset. Highlight then Copy the code (Ctrl-C), precisely as it is keyed, and Paste (Ctrl-V) into Notepad. Ensure that Format - Word Wrap is not checked. Save the Notepad file as "cdiag.cmd", as type "All Files", into the root folder "C:\". Run it by Start - Run - "c:\cdiag". Wait patiently. When Notepad opens up displaying c:\cdiag.txt, first check Format and ensure that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C) and paste (Ctrl-V) into your next post. Do this from all computers, please, with all computers powered up and online. ##### @echo off set FullTargets=FALCON-II 192.168.0.1 FALCON 192.168.0.179 MICRON 192.168.0.43 set PingTargets=127.0.0.1 Set Version=V1.05 @echo CDiagnosis %Version% c:\cdiag.txt @echo Start diagnosis for %computername% (Targets %FullTargets%) c:\cdiag.txt for %%a in (%FullTargets% %PingTargets%) do ( @echo. c:\cdiag.txt @echo Target %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "ping %%a" c:\cdiag.txt @echo. c:\cdiag.txt ping %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "net view %%a" c:\cdiag.txt @echo. c:\cdiag.txt net view %%a c:\cdiag.txt ) @echo End diagnosis for %computername% c:\cdiag.txt notepad c:\cdiag.txt :EOF ##### -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#9
|
|||
|
|||
XP Home: selective folder sharing
"Chuck" wrote:
On Mon, 17 Jan 2005 20:01:05 -0800, DaddySchlich wrote: Next steps. As you suggested, I totally shut down both the XP and W98SE machines. Then I rebooted. No different outcome. Late this afternoon, my son booted up another PC on the same network - a Windows 98 machine. Oddly enough, it was able to see the XP machine on the network - no problem. I doublechecked the Master Browser, and it was set to Automatic, not Disable. Because it was working, I didn't touch a thing. So, below, I give you 4 ipconfig files - two on the XP machine, one with an 802.11g network adapter attached, and one without, one on the problem Win98SE machine, and one on the Win98 machine that's networking fine. Let me know what you think, Daddy Schlich Daddy, You have an intriguing network. Lots of fun there. ;-) Node Types either Hybrid or Mixed, no problem there. The dual personality of Falcon-II is interesting - Configuration 1 (with 802.11g) puts it on the 192.168.1.0/24 subnet, Configuration 2 (without 802.11g) puts it on 192.168.0.0/24 subnet - as 192.168.0.1. And you're using a bridge in both configurations. Is Falcon-II providing internet service for Falcon using the bridge? When does Falcon-II run on 802.11g? What does Falcon do when Falcon-II is on 802.11g? Falcon, OTOH, is on the 192.168.0.0/24 subnet. What does Falcon do for browsing when Falcon-II is on 802.11g? You disabled the browser on Falcon. Did you test its ability to see Falcon-II (and Micron) when Micron is on the network, and when it's off? What is the master browser (per Browstat from Falcon-II)? I note that Micron also has its own internet service. Let's get a diagnosis of your problem. Take the following code (everything inside the "#####"). (Did I get the names and ip addresses right)? Please disable the browser on Micron, and power everything off again to reset. Highlight then Copy the code (Ctrl-C), precisely as it is keyed, and Paste (Ctrl-V) into Notepad. Ensure that Format - Word Wrap is not checked. Save the Notepad file as "cdiag.cmd", as type "All Files", into the root folder "C:\". Run it by Start - Run - "c:\cdiag". Wait patiently. When Notepad opens up displaying c:\cdiag.txt, first check Format and ensure that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C) and paste (Ctrl-V) into your next post. Do this from all computers, please, with all computers powered up and online. ##### @echo off set FullTargets=FALCON-II 192.168.0.1 FALCON 192.168.0.179 MICRON 192.168.0.43 set PingTargets=127.0.0.1 Set Version=V1.05 @echo CDiagnosis %Version% c:\cdiag.txt @echo Start diagnosis for %computername% (Targets %FullTargets%) c:\cdiag.txt for %%a in (%FullTargets% %PingTargets%) do ( @echo. c:\cdiag.txt @echo Target %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "ping %%a" c:\cdiag.txt @echo. c:\cdiag.txt ping %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "net view %%a" c:\cdiag.txt @echo. c:\cdiag.txt net view %%a c:\cdiag.txt ) @echo End diagnosis for %computername% c:\cdiag.txt notepad c:\cdiag.txt :EOF ##### -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. Chuck, My "intriguing" network? - a story of accretion, and making as minimal changes as possible for things to work. Short story: Bought the Micron, Falcon, and Falcon-II over a period of 7 or so years. So each came with an independent ability to access the Internet. Falcon-II and Falcon have 56k modems, Micron has a 28.8k modem. After losing battles with Internet connection sharing a few years back, we basically logon to the Internet separately from each machine. (Micron and Falcon II have Compuserve, which has a separate DUN, or something.) The 802.11g adapter is a recent inexpensive gift and is an addition on a USB port. Turns out there are indeed unprotected access points in our neighborhood. On an experimental basis, we use it on and off. In fact, the impetus for this whole exercise, and my original question, was a concern that others could see folders on Falcon-II, and so I was hoping to set it up so that anyone logging onto the Falcon or Micron through our wired LAN would have access to Falcon-II files, but no one else. Don't know whether I should be worried, or even worried about Falcon and Micron files. On my home network problem, I think I've found a fix. I successfully ran cdiag on the XP machine, but it wouldn't run on the 98SE or 98 machines. The 98SE machine just pulled the file up in Wordpad; the 98 machine said it needed to have the program associated with file. So I looked at the content of the file, and it seemed that it was checking to see whether all 3 machines could ping one another. A-ha. Last fall, I had to reinstall Win98SE on the Falcon, and had home network problems after that, which I now remembered trouble-shooting through the Win98 community newsgroup. I found my lengthy notes, and succeeded in pinging the other two machines from the network from each of the three. OK. I then found in my notes that a common problem when you can't browse the network but can ping the other machines is that a user isn't logged on. As I think I mentioned earlier in this chain, I had added a "Test" user on the 98SE machine to see whether I could limit access to that user from the XP machine. (I noticed at that point that the machine had a "user" logged on, but it was not in Control Panel - Users screen.) No luck in making that solution work to selectively share folders, so I deleted the Test user. So in logging on, I was getting the Windows logon screen with no users listed, and was hitting "Cancel." So I've gone to Users and created a "DaddySchlich" user with no password. Booted up that way, and full access was restored. Yea!! Of course, now I had to hit enter to logon every time! nuts. So I downloaded TweakUI 1.33. Activated Autologon and Client for Microsoft Networks as Primary Network Logon, so a Logon screen shows, but it disappears automatically. Not nearly as elegant as before - when it just booted straight to Desktop with no logon screen. And there's a beep at the end of the bootup routine that suggests that something's still not quite right. So, where I now stand, 1. should I worry about others looking at my files over the wireless link? (I have a firewall on the XP machine.) If so, should I pursue the Safe Mode option you first suggested to disable Simple File Sharing? Can I set it up so that the Falcon boots directly to Desktop, and there is a logged on User that the XP can validate without more? 2. independently, is there a way to set up the Falcon so it boots directly to Desktop without showing a Logon screen at all, as it was set up at the beginning? (Coincidentally, I made an image of my Boot partition this past weekend, just before starting all this, so I can just restore that image if need be.) Chuck, thank you for all your help on this matter. This certainly is not easy stuff. What do you think are my options at this point? Thanks, Daddy Schlich |
#10
|
|||
|
|||
XP Home: selective folder sharing
On Tue, 18 Jan 2005 19:51:03 -0800, DaddySchlich
wrote: "Chuck" wrote: On Mon, 17 Jan 2005 20:01:05 -0800, DaddySchlich wrote: Next steps. As you suggested, I totally shut down both the XP and W98SE machines. Then I rebooted. No different outcome. Late this afternoon, my son booted up another PC on the same network - a Windows 98 machine. Oddly enough, it was able to see the XP machine on the network - no problem. I doublechecked the Master Browser, and it was set to Automatic, not Disable. Because it was working, I didn't touch a thing. So, below, I give you 4 ipconfig files - two on the XP machine, one with an 802.11g network adapter attached, and one without, one on the problem Win98SE machine, and one on the Win98 machine that's networking fine. Let me know what you think, Daddy Schlich Daddy, You have an intriguing network. Lots of fun there. ;-) Node Types either Hybrid or Mixed, no problem there. The dual personality of Falcon-II is interesting - Configuration 1 (with 802.11g) puts it on the 192.168.1.0/24 subnet, Configuration 2 (without 802.11g) puts it on 192.168.0.0/24 subnet - as 192.168.0.1. And you're using a bridge in both configurations. Is Falcon-II providing internet service for Falcon using the bridge? When does Falcon-II run on 802.11g? What does Falcon do when Falcon-II is on 802.11g? Falcon, OTOH, is on the 192.168.0.0/24 subnet. What does Falcon do for browsing when Falcon-II is on 802.11g? You disabled the browser on Falcon. Did you test its ability to see Falcon-II (and Micron) when Micron is on the network, and when it's off? What is the master browser (per Browstat from Falcon-II)? I note that Micron also has its own internet service. Let's get a diagnosis of your problem. Take the following code (everything inside the "#####"). (Did I get the names and ip addresses right)? Please disable the browser on Micron, and power everything off again to reset. Highlight then Copy the code (Ctrl-C), precisely as it is keyed, and Paste (Ctrl-V) into Notepad. Ensure that Format - Word Wrap is not checked. Save the Notepad file as "cdiag.cmd", as type "All Files", into the root folder "C:\". Run it by Start - Run - "c:\cdiag". Wait patiently. When Notepad opens up displaying c:\cdiag.txt, first check Format and ensure that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C) and paste (Ctrl-V) into your next post. Do this from all computers, please, with all computers powered up and online. ##### @echo off set FullTargets=FALCON-II 192.168.0.1 FALCON 192.168.0.179 MICRON 192.168.0.43 set PingTargets=127.0.0.1 Set Version=V1.05 @echo CDiagnosis %Version% c:\cdiag.txt @echo Start diagnosis for %computername% (Targets %FullTargets%) c:\cdiag.txt for %%a in (%FullTargets% %PingTargets%) do ( @echo. c:\cdiag.txt @echo Target %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "ping %%a" c:\cdiag.txt @echo. c:\cdiag.txt ping %%a c:\cdiag.txt @echo. c:\cdiag.txt @echo "net view %%a" c:\cdiag.txt @echo. c:\cdiag.txt net view %%a c:\cdiag.txt ) @echo End diagnosis for %computername% c:\cdiag.txt notepad c:\cdiag.txt :EOF ##### -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. Chuck, My "intriguing" network? - a story of accretion, and making as minimal changes as possible for things to work. Short story: Bought the Micron, Falcon, and Falcon-II over a period of 7 or so years. So each came with an independent ability to access the Internet. Falcon-II and Falcon have 56k modems, Micron has a 28.8k modem. After losing battles with Internet connection sharing a few years back, we basically logon to the Internet separately from each machine. (Micron and Falcon II have Compuserve, which has a separate DUN, or something.) The 802.11g adapter is a recent inexpensive gift and is an addition on a USB port. Turns out there are indeed unprotected access points in our neighborhood. On an experimental basis, we use it on and off. In fact, the impetus for this whole exercise, and my original question, was a concern that others could see folders on Falcon-II, and so I was hoping to set it up so that anyone logging onto the Falcon or Micron through our wired LAN would have access to Falcon-II files, but no one else. Don't know whether I should be worried, or even worried about Falcon and Micron files. On my home network problem, I think I've found a fix. I successfully ran cdiag on the XP machine, but it wouldn't run on the 98SE or 98 machines. The 98SE machine just pulled the file up in Wordpad; the 98 machine said it needed to have the program associated with file. So I looked at the content of the file, and it seemed that it was checking to see whether all 3 machines could ping one another. A-ha. Last fall, I had to reinstall Win98SE on the Falcon, and had home network problems after that, which I now remembered trouble-shooting through the Win98 community newsgroup. I found my lengthy notes, and succeeded in pinging the other two machines from the network from each of the three. OK. I then found in my notes that a common problem when you can't browse the network but can ping the other machines is that a user isn't logged on. As I think I mentioned earlier in this chain, I had added a "Test" user on the 98SE machine to see whether I could limit access to that user from the XP machine. (I noticed at that point that the machine had a "user" logged on, but it was not in Control Panel - Users screen.) No luck in making that solution work to selectively share folders, so I deleted the Test user. So in logging on, I was getting the Windows logon screen with no users listed, and was hitting "Cancel." So I've gone to Users and created a "DaddySchlich" user with no password. Booted up that way, and full access was restored. Yea!! Of course, now I had to hit enter to logon every time! nuts. So I downloaded TweakUI 1.33. Activated Autologon and Client for Microsoft Networks as Primary Network Logon, so a Logon screen shows, but it disappears automatically. Not nearly as elegant as before - when it just booted straight to Desktop with no logon screen. And there's a beep at the end of the bootup routine that suggests that something's still not quite right. So, where I now stand, 1. should I worry about others looking at my files over the wireless link? (I have a firewall on the XP machine.) If so, should I pursue the Safe Mode option you first suggested to disable Simple File Sharing? Can I set it up so that the Falcon boots directly to Desktop, and there is a logged on User that the XP can validate without more? 2. independently, is there a way to set up the Falcon so it boots directly to Desktop without showing a Logon screen at all, as it was set up at the beginning? (Coincidentally, I made an image of my Boot partition this past weekend, just before starting all this, so I can just restore that image if need be.) Chuck, thank you for all your help on this matter. This certainly is not easy stuff. What do you think are my options at this point? Thanks, Daddy Schlich The ethics, and legality, of hijacking a wireless signal (unprotected, unknown sources) for internet access are heavily discussed in other forums (maybe alt.internet.wireless and / or microsoft.public.windows.networking.wireless), so I won't get into that. What I will say is that, IMHO, if your're going to connect any computer to a wireless network, you should protect it as well as a computer connected directly to the internet. Simple File Sharing is a bad idea here, which in my book says NO XP Home. But yes, if you can disable SFS under XP Home using the recommended (but unsupported) procedure, then try it. If you use ICS, instead of a bridge, on Falcon-II, then Falcon and Micron would be protected by the NAT in Falcon-II, at least. As it stands right now, if Falcon-II is running a bridge, I would suspect that Falcon and Micron are visible to the world outside Falcon-II. Which means your wireless neighbors, unknown as they are. I should note that some of the discussions (mentioned above) include the ethics of hacking any computer connected to one's wireless LAN without permission. IOW, your computers may be targets, more so than if you were operating the wireless LAN. Please protect yourself. Install a software firewall on Falcon and on Micron, and use fixed ip addresses on both. Put manually assigned ip addresses in the Local (highly trusted) Zone. Open the firewalls for file sharing, only in the Local Zone, to assigned addresses. You could go back to skipping the logon screen on Falcon, yes. But that won't give you authentication for file sharing with Falcon-II. Not without Guest access, anyway, but Guest access on an unprotected wireless LAN is also a bad idea. Which again means disabling SFS. You should explicitly disable the Guest account, and rename the administrative account, whenever possible. You need to have two accounts for all 3 computers. One administrative (full), the other normal (limited). You should use the full account only when installing software, and only when not connected to the LAN. Which means, again, having to enable Windows Logon. In short, I don't think I would personally do what you're doing, at least with Windows 9x. But, if you're going to do this, please let us know how you set it up. This is, at least, a lesson in unconventional LAN topology. Which many here can learn from. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#11
|
|||
|
|||
XP Home: selective folder sharing
Chuck,
Thanks. You've given me a lot to think about, which is as it should be. As I mentioned earlier, we were using the wireless connection on and off - largely because of the potential problems caused. I'm comfortable with the network doing dial-up; not so with wireless. And you're telling me I've got that right. A few nuts-and-bolts questions that reflect my level of knowledge/ignorance: 1. can you explain further what you mean by "bridge" and by "NAT" early on, or give me a references? I basically have a cabled Ethernet LAN with a 100 Mbps switch at the center, wtih printers plugged into PCs. As I mentioned earlier, ICS was not a whole lot of fun (or successful or simple) the last time I tried, which is why we've been using three separate dial-up connections. 2. I understand the idea of putting firewalls on all three machines and putting only these three PCs in the Local Zone, and using manually assigned IP addresses to make sure those are the only three PCs included. Alternatively, where I started this exercise was restricting access to all but selected files on the XP machine to others on the wired LAN, figuring the same would hold for any wireless connection. Even better would be disabling SFS for those few files to limit access to specific selected Users. With user-level access possible on the Win98 machines, limiting access to files on those machiens to specific selected Users would appear to be easier. I am bit fuzzy about the reasons for having to have both firewalls and separate logons. If the wall around the PC prevents any non-trusted source from getting inside the PC, why is it necessary to ask for a passworded login? Alternatively, if files are limited to selected Users, why the wall? Similarly, if I have a wall on the XP machine, the only one with wireless access, why do I need separate walls on the other PCs? Similarly, I am a bit unclear about your suggestion that, if I am logged on as an Administrator, someone from outside can breach the wall and step into my shoes to wreak havoc as an Administrator on the PC. There must be something here I'm not understanding. In short, I have been aware that I need to worry these issues. If you can help me directly by answering or giving references to read, that would be most helpful. At the end of the day, I may decide to bag the wireless access altogether. If I ultimately do set something up, I would be happy to share with the group. Thanks for your help, and your willingness to answer my questions. DaddySchlich "Chuck" wrote: DaddySchlich ... So, where I now stand, 1. should I worry about others looking at my files over the wireless link? (I have a firewall on the XP machine.) If so, should I pursue the Safe Mode option you first suggested to disable Simple File Sharing? Can I set it up so that the Falcon boots directly to Desktop, and there is a logged on User that the XP can validate without more? 2. independently, is there a way to set up the Falcon so it boots directly to Desktop without showing a Logon screen at all, as it was set up at the beginning? (Coincidentally, I made an image of my Boot partition this past weekend, just before starting all this, so I can just restore that image if need be.) Chuck, thank you for all your help on this matter. This certainly is not easy stuff. What do you think are my options at this point? Thanks, Daddy Schlich The ethics, and legality, of hijacking a wireless signal (unprotected, unknown sources) for internet access are heavily discussed in other forums (maybe alt.internet.wireless and / or microsoft.public.windows.networking.wireless), so I won't get into that. What I will say is that, IMHO, if your're going to connect any computer to a wireless network, you should protect it as well as a computer connected directly to the internet. Simple File Sharing is a bad idea here, which in my book says NO XP Home. But yes, if you can disable SFS under XP Home using the recommended (but unsupported) procedure, then try it. If you use ICS, instead of a bridge, on Falcon-II, then Falcon and Micron would be protected by the NAT in Falcon-II, at least. As it stands right now, if Falcon-II is running a bridge, I would suspect that Falcon and Micron are visible to the world outside Falcon-II. Which means your wireless neighbors, unknown as they are. I should note that some of the discussions (mentioned above) include the ethics of hacking any computer connected to one's wireless LAN without permission. IOW, your computers may be targets, more so than if you were operating the wireless LAN. Please protect yourself. Install a software firewall on Falcon and on Micron, and use fixed ip addresses on both. Put manually assigned ip addresses in the Local (highly trusted) Zone. Open the firewalls for file sharing, only in the Local Zone, to assigned addresses. You could go back to skipping the logon screen on Falcon, yes. But that won't give you authentication for file sharing with Falcon-II. Not without Guest access, anyway, but Guest access on an unprotected wireless LAN is also a bad idea. Which again means disabling SFS. You should explicitly disable the Guest account, and rename the administrative account, whenever possible. You need to have two accounts for all 3 computers. One administrative (full), the other normal (limited). You should use the full account only when installing software, and only when not connected to the LAN. Which means, again, having to enable Windows Logon. In short, I don't think I would personally do what you're doing, at least with Windows 9x. But, if you're going to do this, please let us know how you set it up. This is, at least, a lesson in unconventional LAN topology. Which many here can learn from. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#12
|
|||
|
|||
XP Home: selective folder sharing
On Wed, 19 Jan 2005 12:17:03 -0800, DaddySchlich
wrote: Chuck, Thanks. You've given me a lot to think about, which is as it should be. As I mentioned earlier, we were using the wireless connection on and off - largely because of the potential problems caused. I'm comfortable with the network doing dial-up; not so with wireless. And you're telling me I've got that right. A few nuts-and-bolts questions that reflect my level of knowledge/ignorance: 1. can you explain further what you mean by "bridge" and by "NAT" early on, or give me a references? I basically have a cabled Ethernet LAN with a 100 Mbps switch at the center, wtih printers plugged into PCs. As I mentioned earlier, ICS was not a whole lot of fun (or successful or simple) the last time I tried, which is why we've been using three separate dial-up connections. 2. I understand the idea of putting firewalls on all three machines and putting only these three PCs in the Local Zone, and using manually assigned IP addresses to make sure those are the only three PCs included. Alternatively, where I started this exercise was restricting access to all but selected files on the XP machine to others on the wired LAN, figuring the same would hold for any wireless connection. Even better would be disabling SFS for those few files to limit access to specific selected Users. With user-level access possible on the Win98 machines, limiting access to files on those machiens to specific selected Users would appear to be easier. I am bit fuzzy about the reasons for having to have both firewalls and separate logons. If the wall around the PC prevents any non-trusted source from getting inside the PC, why is it necessary to ask for a passworded login? Alternatively, if files are limited to selected Users, why the wall? Similarly, if I have a wall on the XP machine, the only one with wireless access, why do I need separate walls on the other PCs? Similarly, I am a bit unclear about your suggestion that, if I am logged on as an Administrator, someone from outside can breach the wall and step into my shoes to wreak havoc as an Administrator on the PC. There must be something here I'm not understanding. In short, I have been aware that I need to worry these issues. If you can help me directly by answering or giving references to read, that would be most helpful. At the end of the day, I may decide to bag the wireless access altogether. If I ultimately do set something up, I would be happy to share with the group. Thanks for your help, and your willingness to answer my questions. Explaining bridges vs NAT is not easy. Here are a couple mentions about NAT, to start: http://compnetworking.about.com/b/a/071937.htm http://www.internet-sharing.com/nat_...at_is_nat.html A bridge simply connects two or more physically separate networks (such as the Wireless LAN of your neighbor and your Ethernet LAN). All components on each network are visible to all other components on each network. With a bridge (if Falcon-II is providing one), the ip addresses of Falcon (192.168.0.179) and Micron (192.168.0.43) are visible to any computer connected to Falcon-II at the other end of the wireless link (ie to the owner of the WLAN). Thus, Falcon, Falcon-II, and Micron are all open to hacking and other abuse by the WLAN operator (and possibly the internet, if the WLAN isn't properly secured). If you setup ICS properly, it operates as a NAT router, and only the upstream side of Falcon-II (probably 192.168.1.104) is visible to the bad guys (rest of the WLAN etc). Falcon and Micron are accessible only to ICS on Falcon-II. I, and various other paranoiacs, recommend a layered (redundant component) security strategy. All individual security components are subject to abuse, and potentially, to breach. The recommendation is for multiple layers to protect you. NAT is a good protective outer layer. There is no known vulnerability of NAT in general, though there have been reported weaknesses in specific NAT hardware that causes some concern. But NAT operates at the network layer. http://networking.ringofsaturn.com/P...sevenlayer.php If you were to import hostile code (such as spyware, trojan, or virus), it would enter your network as data, and would not be filtered by a NAT router. Once inside your network, it could attack any unprotected computer. For protection inside the NAT router (assuming that you have one), I recommend protection of a firewall on each computer, and use of non-administrative accounts except when intentionally installing software. A software firewall protects each computer individually, similarly to a NAT router protecting the LAN as a whole, from network level threats. Unfortunately, a software based firewall can be bypassed too, by data level threats. If you import spyware onto your computer, and you are logged in as an adminstrator, it is that much easier for spyware to install, and operate, on your system. By logging in as a non-administrator, you make it a little harder for malicious software to attack your system, and maybe interfere with your software firewall. Since the Administrator and Guest accounts have well known names, they are frequently used in a network based attack. Deleting the Guest account, and renaming the Adminisrator account, are recommended so a bad guy (maybe the owner of the WLAN) can't access your system thru brute force password guessing. None of this is to say that you WILL be attacked if you don't use every one of these protective strategies. But, recognising that none of these strategies are 100% invulnerable, I generally recommend using as many as possible. And, if you intend to connect your network to another, unknown network, I absolutely recommend as many layers as possible. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. |
#13
|
|||
|
|||
XP Home: selective folder sharing
Chuck,
Thanks, yet again, for the follow-up. You've given me some more to read, and some steps to consider. Just what I needed. Daddy Schlich "Chuck" wrote: On Wed, 19 Jan 2005 12:17:03 -0800, DaddySchlich wrote: Chuck, Thanks. You've given me a lot to think about, which is as it should be. As I mentioned earlier, we were using the wireless connection on and off - largely because of the potential problems caused. I'm comfortable with the network doing dial-up; not so with wireless. And you're telling me I've got that right. A few nuts-and-bolts questions that reflect my level of knowledge/ignorance: 1. can you explain further what you mean by "bridge" and by "NAT" early on, or give me a references? I basically have a cabled Ethernet LAN with a 100 Mbps switch at the center, wtih printers plugged into PCs. As I mentioned earlier, ICS was not a whole lot of fun (or successful or simple) the last time I tried, which is why we've been using three separate dial-up connections. 2. I understand the idea of putting firewalls on all three machines and putting only these three PCs in the Local Zone, and using manually assigned IP addresses to make sure those are the only three PCs included. Alternatively, where I started this exercise was restricting access to all but selected files on the XP machine to others on the wired LAN, figuring the same would hold for any wireless connection. Even better would be disabling SFS for those few files to limit access to specific selected Users. With user-level access possible on the Win98 machines, limiting access to files on those machiens to specific selected Users would appear to be easier. I am bit fuzzy about the reasons for having to have both firewalls and separate logons. If the wall around the PC prevents any non-trusted source from getting inside the PC, why is it necessary to ask for a passworded login? Alternatively, if files are limited to selected Users, why the wall? Similarly, if I have a wall on the XP machine, the only one with wireless access, why do I need separate walls on the other PCs? Similarly, I am a bit unclear about your suggestion that, if I am logged on as an Administrator, someone from outside can breach the wall and step into my shoes to wreak havoc as an Administrator on the PC. There must be something here I'm not understanding. In short, I have been aware that I need to worry these issues. If you can help me directly by answering or giving references to read, that would be most helpful. At the end of the day, I may decide to bag the wireless access altogether. If I ultimately do set something up, I would be happy to share with the group. Thanks for your help, and your willingness to answer my questions. Explaining bridges vs NAT is not easy. Here are a couple mentions about NAT, to start: http://compnetworking.about.com/b/a/071937.htm http://www.internet-sharing.com/nat_...at_is_nat.html A bridge simply connects two or more physically separate networks (such as the Wireless LAN of your neighbor and your Ethernet LAN). All components on each network are visible to all other components on each network. With a bridge (if Falcon-II is providing one), the ip addresses of Falcon (192.168.0.179) and Micron (192.168.0.43) are visible to any computer connected to Falcon-II at the other end of the wireless link (ie to the owner of the WLAN). Thus, Falcon, Falcon-II, and Micron are all open to hacking and other abuse by the WLAN operator (and possibly the internet, if the WLAN isn't properly secured). If you setup ICS properly, it operates as a NAT router, and only the upstream side of Falcon-II (probably 192.168.1.104) is visible to the bad guys (rest of the WLAN etc). Falcon and Micron are accessible only to ICS on Falcon-II. I, and various other paranoiacs, recommend a layered (redundant component) security strategy. All individual security components are subject to abuse, and potentially, to breach. The recommendation is for multiple layers to protect you. NAT is a good protective outer layer. There is no known vulnerability of NAT in general, though there have been reported weaknesses in specific NAT hardware that causes some concern. But NAT operates at the network layer. http://networking.ringofsaturn.com/P...sevenlayer.php If you were to import hostile code (such as spyware, trojan, or virus), it would enter your network as data, and would not be filtered by a NAT router. Once inside your network, it could attack any unprotected computer. For protection inside the NAT router (assuming that you have one), I recommend protection of a firewall on each computer, and use of non-administrative accounts except when intentionally installing software. A software firewall protects each computer individually, similarly to a NAT router protecting the LAN as a whole, from network level threats. Unfortunately, a software based firewall can be bypassed too, by data level threats. If you import spyware onto your computer, and you are logged in as an adminstrator, it is that much easier for spyware to install, and operate, on your system. By logging in as a non-administrator, you make it a little harder for malicious software to attack your system, and maybe interfere with your software firewall. Since the Administrator and Guest accounts have well known names, they are frequently used in a network based attack. Deleting the Guest account, and renaming the Adminisrator account, are recommended so a bad guy (maybe the owner of the WLAN) can't access your system thru brute force password guessing. None of this is to say that you WILL be attacked if you don't use every one of these protective strategies. But, recognising that none of these strategies are 100% invulnerable, I generally recommend using as many as possible. And, if you intend to connect your network to another, unknown network, I absolutely recommend as many layers as possible. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. |
#14
|
|||
|
|||
XP Home: selective folder sharing
On Wed, 19 Jan 2005 20:25:02 -0800, DaddySchlich
wrote: Chuck, Thanks, yet again, for the follow-up. You've given me some more to read, and some steps to consider. Just what I needed. Enjoy your reading. Here's a new one. http://news.bbc.co.uk/1/hi/technology/4190607.stm -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net |
#15
|
|||
|
|||
XP Home: selective folder sharing
Thanks, Chuck, for the extra lead. The .about article seems to lead to a
number of other useful articles. In fact, I think that someone may have tried to illustrate for me some of the vulnerabilities. I'm thinking that sticking to the dial-up connection with my home LAN may well be the safest course. Even then, I think it's worth reading up on Windows Networks, so I appreciate the leads. I now have a password-protected Limited User Account name "ASP.NET Machine A..." on my XP machine. Might that a legitimate use by the .NET, by which I login to the Newsgroups? Or is that a User Account I should delete ASAP? Thanks, Daddy Schlich "Chuck" wrote: On Wed, 19 Jan 2005 20:25:02 -0800, DaddySchlich wrote: Chuck, Thanks, yet again, for the follow-up. You've given me some more to read, and some steps to consider. Just what I needed. Enjoy your reading. Here's a new one. http://news.bbc.co.uk/1/hi/technology/4190607.stm -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Is it Possible to Lock Windows Folder Settings? >> David Candy (registry tweaking) | Maerko | Customizing Windows XP | 0 | August 31st 04 05:19 PM |
Is it Possible to Lock Windows Folder Settings? >> David Candy (registry tweaking) | Maerko | Windows XP Help and Support | 0 | August 31st 04 05:19 PM |
Is it Possible to Lock Windows Folder Settings? >> David Candy (registry tweaking) | Maerko | General XP issues or comments | 0 | August 31st 04 05:19 PM |
message: "windows could not start..." | phar77 | Windows XP Help and Support | 1 | August 12th 04 01:01 AM |
Corrupt thumbnails | Craig | Customizing Windows XP | 8 | August 6th 04 11:30 AM |