XP Home: selective folder sharing

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi folks,

I was wanting to set up some folders so that they are available only to some
users, but not to all. I see from KB 304040 that this is not generally
allowed in XP Home. Does anyone know of any workarounds?

What I'm worried about is access to files on my wired Ethernet LAN through
an 802.11g network adapter where I don't have access to the access point.
Maybe that's not a problem for other reasons?

Any help would be greatly appreciated.

DaddySchlich
 
Hi folks,

I was wanting to set up some folders so that they are available only to some
users, but not to all. I see from KB 304040 that this is not generally
allowed in XP Home. Does anyone know of any workarounds?

What I'm worried about is access to files on my wired Ethernet LAN through
an 802.11g network adapter where I don't have access to the access point.
Maybe that's not a problem for other reasons?

Any help would be greatly appreciated.

DaddySchlich

With XP Home, you can temporarily disable Simple File Sharing
by starting up in "Safe Mode with Networking".

A Description of the Safe Mode Boot Options in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

With Simple File Sharing disabled, right click the desired folder, click Sharing
and Security, and share the folder. Then, click the Permissions button to
specify network access permissions, and click the Security tab to specify NTFS
file system permissions. A network user needs both permissions in order to
access the share.

For details how to set permissions, see this web site:
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm

IMHO, this is a good reason to get XP Pro, and avoid all this complication.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Chuck,

Thanks very much for the advice. I was able to implement at least part of
it. Unfortunately, I've put myself in a bit of a pickle, and need a bit more.

I successfully booted into Safe Mode w/ Networking, and found Simple File
Sharing disabled. I created a Test folder in root, and played with the
Permissions button. It appeared to allow me to look for possible users to
authorize only on the PC I was on - and not on other homenetworked PCs. I
rebooted back to XP SP2.

My Win98SE PC normally boots directly to Desktop, and had my name on the Log
Off function on the Start Menu. Thinking that adding another User might
help, I went into Control Panel/Userson the 98SE, and created new User "Test"
with a different Desktop. Oddly, my name was not also there as a User.
Rebooting gave me a chance to sign on as Test, but no other choices. Hitting
Test logged me to its Desktop; hitting Cancel logged me to my usual Desktop.

Adding Test made no difference for sharing the Test folder in XP Safe Mode.
In Control Panel/Network on the 98SE machine, I found the network login set
to Microsoft Family login. I changed to Windows Logon, but the PC hung twice
on rebooting. Got into Safe Mode there, and changed back there to Windows
Logon. Was able to start up in 98SE.

At this point, hitting Network Neighborhood on the 98SE PC then indicated
that there was no XP machine on the network. Ouch!

So I tried to undo everything - put the Test folder back in Simple File
Sharing mode on the XP machine, and deleted Test as a 98SE User through
Control Panel. Have tried both Microsoft Family Logon and Windows Logon on
the 98SE machine - no crashes, but no answers either.

On Rebooting the 98SE machine, I now get the Login screen with no choices
(so I hit cancel and get my normal Desktop), and no recognition of the XP
machine (checked that machine and clearly have three folders enabled through
Simple File Sharing as well as a printer)

So - to get back where I started, any advice on getting network access
again, and to get rid of the Windows Login screen on rebooting the 98SE
machine???

Hopefully, all this detail will help you. My searches on the Microsoft KB
sent me to the Registry, but it was very unclear whether the article applied,
so I changed nothing.

Thanks very much for your help.

Daddy Schlich
 
Chuck,

Thanks very much for the advice. I was able to implement at least part of
it. Unfortunately, I've put myself in a bit of a pickle, and need a bit more.

I successfully booted into Safe Mode w/ Networking, and found Simple File
Sharing disabled. I created a Test folder in root, and played with the
Permissions button. It appeared to allow me to look for possible users to
authorize only on the PC I was on - and not on other homenetworked PCs. I
rebooted back to XP SP2.

My Win98SE PC normally boots directly to Desktop, and had my name on the Log
Off function on the Start Menu. Thinking that adding another User might
help, I went into Control Panel/Userson the 98SE, and created new User "Test"
with a different Desktop. Oddly, my name was not also there as a User.
Rebooting gave me a chance to sign on as Test, but no other choices. Hitting
Test logged me to its Desktop; hitting Cancel logged me to my usual Desktop.

Adding Test made no difference for sharing the Test folder in XP Safe Mode.
In Control Panel/Network on the 98SE machine, I found the network login set
to Microsoft Family login. I changed to Windows Logon, but the PC hung twice
on rebooting. Got into Safe Mode there, and changed back there to Windows
Logon. Was able to start up in 98SE.

At this point, hitting Network Neighborhood on the 98SE PC then indicated
that there was no XP machine on the network. Ouch!

So I tried to undo everything - put the Test folder back in Simple File
Sharing mode on the XP machine, and deleted Test as a 98SE User through
Control Panel. Have tried both Microsoft Family Logon and Windows Logon on
the 98SE machine - no crashes, but no answers either.

On Rebooting the 98SE machine, I now get the Login screen with no choices
(so I hit cancel and get my normal Desktop), and no recognition of the XP
machine (checked that machine and clearly have three folders enabled through
Simple File Sharing as well as a printer)

So - to get back where I started, any advice on getting network access
again, and to get rid of the Windows Login screen on rebooting the 98SE
machine???

Hopefully, all this detail will help you. My searches on the Microsoft KB
sent me to the Registry, but it was very unclear whether the article applied,
so I changed nothing.

Thanks very much for your help.

Daddy Schlich

OK, a Win 98 / Win XP LAN! That gives a bit of a twist. The browser (I'm not
talking about Internet Explorer here) on Win 98 and Win XP don't work well
together on the same LAN.

Make sure the browser service is running on the WinXP computer. Control Panel -
Administrative Tools - Services. Verify that the Computer Browser, and the
TCP/IP NetBIOS Helper, services both show with Status = Started. Disable the
browser on the Win98 computer:
http://cms.simons-rock.edu/faq_by_subtopic/node138.html

After checking / disabling / enabling as above, power all computers off to reset
the browser settings on each. Then power both computers back on.

The Microsoft Browstat program will show us what browsers you have in your
domain / workgroup, at any time.
http://support.microsoft.com/?id=188305

You can download Browstat from either:
<http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip>
<http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip>

Browstat is very small (40K), and needs no install. Just unzip the downloaded
file, copy browstat.exe to any folder in the Path, and run it from a command
window, by "browstat status". Make sure all computers give the same result.

For more information about the browser subsystem (very intricate), see:
http://support.microsoft.com/?id=188001
http://support.microsoft.com/?id=188305
<http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx>

Once you get both computers visible from each other, then let's continue.
 
Hi Chuck,

Here we are:

Verified that those two services were running on the XP machine. Disabled
the browser on the W98SE PC, though it's still on Windows logon as primary
logon.

Rebooted both PCs (just realized I didn't turn completely off, just rebooted),

Downloaded browstat. Ran on XP, and received a reasonable response - which
I've saved in a .txt file. Tried to run on W98SE machine in a MS-DOS window,
and received following error message in a window: "Error Starting Program -
The Browstat.exe file is linked to missing export:
NETAPI32.DLL:I_BrowseQueryEmulatedDomains." Hitting OK puts me back at the
command prompt.

Checked to see whether PCs see each other - W98SE machine can still see
nothing on the XP - I get a "Unable to browse the network" error message when
I click on Entire Network in Network Neighborhood. on the XP machine, I can
see all the W98SE files, and successfully printed a test page on the printer
attached to the 98 machine.

Thanks again. What next?

Daddy Schlich
 
Hi Chuck,

Here we are:

Verified that those two services were running on the XP machine. Disabled
the browser on the W98SE PC, though it's still on Windows logon as primary
logon.

Rebooted both PCs (just realized I didn't turn completely off, just rebooted),

Downloaded browstat. Ran on XP, and received a reasonable response - which
I've saved in a .txt file. Tried to run on W98SE machine in a MS-DOS window,
and received following error message in a window: "Error Starting Program -
The Browstat.exe file is linked to missing export:
NETAPI32.DLL:I_BrowseQueryEmulatedDomains." Hitting OK puts me back at the
command prompt.

Checked to see whether PCs see each other - W98SE machine can still see
nothing on the XP - I get a "Unable to browse the network" error message when
I click on Entire Network in Network Neighborhood. on the XP machine, I can
see all the W98SE files, and successfully printed a test page on the printer
attached to the 98 machine.

Thanks again. What next?

Daddy Schlich

If you reboot a computer that is currently a master browser, it will generally
re-elect itself after it boots. The only reliable way to reset both computers,
simultaneously, is to power both off.

Please provide ipconfig information for each computer.
Start - Run - "cmd". Type "ipconfig /all >c:\ipconfig.txt" into the command
window - Open c:\ipconfig.txt in Notepad, make sure that Format - Word Wrap is
NOT checked!, copy and paste entire contents into your next post. Identify
operating system (by name, version, and SP level) with each ipconfig listing.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Next steps. As you suggested, I totally shut down both the XP and W98SE
machines. Then I rebooted. No different outcome.

Late this afternoon, my son booted up another PC on the same network - a
Windows 98 machine. Oddly enough, it was able to see the XP machine on the
network - no problem. I doublechecked the Master Browser, and it was set to
Automatic, not Disable. Because it was working, I didn't touch a thing.

So, below, I give you 4 ipconfig files - two on the XP machine, one with an
802.11g network adapter attached, and one without, one on the problem Win98SE
machine, and one on the Win98 machine that's networking fine.

Let me know what you think,

Daddy Schlich

First: Windows XP Home Edition, Version 2002, Service Pack 2 -

1. with 802.11g

Windows IP Configuration Host Name . . . . . . . . . . . . :
FALCON-II Primary Dns Suffix . . . . . . . : Node Type . . .
.. . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . .
.. . . : arlngt01.va.comcast.netEthernet adapter Network Bridge (Network
Bridge): Connection-specific DNS Suffix . : Description . . .
.. . . . . . . . : MAC Bridge Miniport Physical Address. . . . . . . .
.. : B2-3E-25-7F-9B-23 Dhcp Enabled. . . . . . . . . . . : No IP
Address. . . . . . . . . . . . : 192.168.0.1 Subnet Mask . . . . . . .
.. . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet
adapter Wireless Network Connection 2: Connection-specific DNS Suffix
.. : arlngt01.va.comcast.net Description . . . . . . . . . . . :
NETGEAR WG111 802.11g Wireless USB2.0 Adapter Physical Address. . . .
.. . . . . : 00-09-5B-B8-00-F3 Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . .
.. . . . . : 192.168.1.104 Subnet Mask . . . . . . . . . . . :
255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . .
.. . . . . . : 68.48.0.5 68.48.0.6
68.87.96.16 Lease Obtained.
.. . . . . . . . . : Monday, January 17, 2005 10:24:29 PM Lease Expires
.. . . . . . . . . . : Tuesday, January 18, 2005 10:24:29 PM

2. without 801.11g

Windows IP Configuration Host Name . . . . . . . . . . . . :
FALCON-II Primary Dns Suffix . . . . . . . : Node Type . . .
.. . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Network Bridge
(Network Bridge): Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : MAC Bridge Miniport Physical
Address. . . . . . . . . : B2-3E-25-7F-9B-23 Dhcp Enabled. . . . . . .
.. . . . : No IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . .
.. . . . . . . :

3. The "problem" machine: Windows 98 Section Edition 4.10.2222 A

Windows 98 IP Configuration Host Name . . . . . . . . . : FALCON
NW.mshome.net DNS Servers . . . . . . . . : 192.168.0.1 Node Type . . . . . .
.. . . : Mixed NetBIOS Scope ID. . . . . . : IP Routing Enabled. . . . . :
No WINS Proxy Enabled. . . . . : No NetBIOS Resolution Uses DNS : No0
Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical
Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP
Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . :
0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . :
255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . :
Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 1 Ethernet
adapter : Description . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet
Adapter Physical Address. . . . . . : 00-80-C8-FB-83-AC DHCP Enabled. . . . .
.. . . : Yes IP Address. . . . . . . . . : 192.168.0.179 Subnet Mask . . . . .
.. . . : 255.255.255.0 Default Gateway . . . . . . : 192.168.0.1 DHCP Server .
.. . . . . . . : 192.168.0.1 Primary WINS Server . . . . : Secondary WINS
Server . . . : Lease Obtained. . . . . . . : 01 17 05 10:33:16 PM Lease
Expires . . . . . . . : 01 24 05 10:33:16 PM

4. Finally, the other Windows 98 machine - Windows 98 4.10.1998

Windows 98 IP Configuration Host Name . . . . . . . . . : MICRON
PC.mshome.net DNS Servers . . . . . . . . : 192.168.0.1 Node Type . . . . . .
.. . . : Mixed NetBIOS Scope ID. . . . . . : IP Routing Enabled. . . . . :
No WINS Proxy Enabled. . . . . : No NetBIOS Resolution Uses DNS : No0
Ethernet adapter : Description . . . . . . . . : D-Link DFE-530TX PCI Fast
Ethernet Adapter Physical Address. . . . . . : 00-80-C8-FB-90-92 DHCP
Enabled. . . . . . . . : Yes IP Address. . . . . . . . . :
192.168.0.43 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . .
.. . . . : 192.168.0.1 DHCP Server . . . . . . . . : 192.168.0.1 Primary WINS
Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . .
: 01 16 05 10:16:51 PM Lease Expires . . . . . . . : 01 23 05 10:16:51 PM1
Ethernet adapter : Description . . . . . . . . : PPP Adapter. Physical
Address. . . . . . : 44-45-53-54-00-00 DHCP Enabled. . . . . . . . : Yes IP
Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . :
0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . :
255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . :
Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 2 Ethernet
adapter : Description . . . . . . . . : PPP Adapter. Physical Address. . . .
.. . : 44-45-53-54-00-01 DHCP Enabled. . . . . . . . : Yes IP Address. . . . .
.. . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway . . .
.. . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS Server .
.. . . : Secondary WINS Server . . . : Lease Obtained. . . . . . . : Lease
Expires . . . . . . . : 3 Ethernet adapter : Description . . . . . . . . :
AOL Adapter Physical Address. . . . . . : 44-45-53-54-61-6F DHCP Enabled. . .
.. . . . . : Yes IP Address. . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . .
.. . : 0.0.0.0 Default Gateway . . . . . . : DHCP Server . . . . . . . . :
255.255.255.255 Primary WINS Server . . . . : Secondary WINS Server . . . :
Lease Obtained. . . . . . . : Lease Expires . . . . . . . : 4 Ethernet
adapter : Description . . . . . . . . : AOL Dial-Up Adapter Physical Address.
.. . . . . : 44-45-53-54-61-70 DHCP Enabled. . . . . . . . : Yes IP Address. .
.. . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . : 0.0.0.0 Default Gateway
.. . . . . . : DHCP Server . . . . . . . . : 255.255.255.255 Primary WINS
Server . . . . : Secondary WINS Server . . . : Lease Obtained. . . . . . .
: Lease Expires . . . . . . . :
 
Next steps. As you suggested, I totally shut down both the XP and W98SE
machines. Then I rebooted. No different outcome.

Late this afternoon, my son booted up another PC on the same network - a
Windows 98 machine. Oddly enough, it was able to see the XP machine on the
network - no problem. I doublechecked the Master Browser, and it was set to
Automatic, not Disable. Because it was working, I didn't touch a thing.

So, below, I give you 4 ipconfig files - two on the XP machine, one with an
802.11g network adapter attached, and one without, one on the problem Win98SE
machine, and one on the Win98 machine that's networking fine.

Let me know what you think,

Daddy Schlich

Daddy,

You have an intriguing network. Lots of fun there. ;-)

Node Types either Hybrid or Mixed, no problem there. The dual personality of
Falcon-II is interesting - Configuration 1 (with 802.11g) puts it on the
192.168.1.0/24 subnet, Configuration 2 (without 802.11g) puts it on
192.168.0.0/24 subnet - as 192.168.0.1. And you're using a bridge in both
configurations.

Is Falcon-II providing internet service for Falcon using the bridge? When does
Falcon-II run on 802.11g? What does Falcon do when Falcon-II is on 802.11g?

Falcon, OTOH, is on the 192.168.0.0/24 subnet. What does Falcon do for browsing
when Falcon-II is on 802.11g?

You disabled the browser on Falcon. Did you test its ability to see Falcon-II
(and Micron) when Micron is on the network, and when it's off?

What is the master browser (per Browstat from Falcon-II)?

I note that Micron also has its own internet service.

Let's get a diagnosis of your problem. Take the following code (everything
inside the "#####"). (Did I get the names and ip addresses right)?

Please disable the browser on Micron, and power everything off again to reset.

Highlight then Copy the code (Ctrl-C), precisely as it is keyed, and Paste
(Ctrl-V) into Notepad. Ensure that Format - Word Wrap is not checked.
Save the Notepad file as "cdiag.cmd", as type "All Files", into the root folder
"C:\".
Run it by Start - Run - "c:\cdiag".
Wait patiently.
When Notepad opens up displaying c:\cdiag.txt, first check Format and ensure
that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C)
and paste (Ctrl-V) into your next post.

Do this from all computers, please, with all computers powered up and online.

#####

@echo off
set FullTargets=FALCON-II 192.168.0.1 FALCON 192.168.0.179 MICRON 192.168.0.43
set PingTargets=127.0.0.1
Set Version=V1.05
@echo CDiagnosis %Version% >c:\cdiag.txt
@echo Start diagnosis for %computername% (Targets %FullTargets%) >>c:\cdiag.txt
for %%a in (%FullTargets% %PingTargets%) do (
@echo. >>c:\cdiag.txt
@echo Target %%a >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
@echo "ping %%a" >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
ping %%a >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
@echo "net view %%a" >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
net view %%a >>c:\cdiag.txt
)
@echo End diagnosis for %computername% >>c:\cdiag.txt
notepad c:\cdiag.txt
:EOF

#####


--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Chuck said:
Daddy,

You have an intriguing network. Lots of fun there. ;-)

Node Types either Hybrid or Mixed, no problem there. The dual personality of
Falcon-II is interesting - Configuration 1 (with 802.11g) puts it on the
192.168.1.0/24 subnet, Configuration 2 (without 802.11g) puts it on
192.168.0.0/24 subnet - as 192.168.0.1. And you're using a bridge in both
configurations.

Is Falcon-II providing internet service for Falcon using the bridge? When does
Falcon-II run on 802.11g? What does Falcon do when Falcon-II is on 802.11g?

Falcon, OTOH, is on the 192.168.0.0/24 subnet. What does Falcon do for browsing
when Falcon-II is on 802.11g?

You disabled the browser on Falcon. Did you test its ability to see Falcon-II
(and Micron) when Micron is on the network, and when it's off?

What is the master browser (per Browstat from Falcon-II)?

I note that Micron also has its own internet service.

Let's get a diagnosis of your problem. Take the following code (everything
inside the "#####"). (Did I get the names and ip addresses right)?

Please disable the browser on Micron, and power everything off again to reset.

Highlight then Copy the code (Ctrl-C), precisely as it is keyed, and Paste
(Ctrl-V) into Notepad. Ensure that Format - Word Wrap is not checked.
Save the Notepad file as "cdiag.cmd", as type "All Files", into the root folder
"C:\".
Run it by Start - Run - "c:\cdiag".
Wait patiently.
When Notepad opens up displaying c:\cdiag.txt, first check Format and ensure
that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C)
and paste (Ctrl-V) into your next post.

Do this from all computers, please, with all computers powered up and online.

#####

@echo off
set FullTargets=FALCON-II 192.168.0.1 FALCON 192.168.0.179 MICRON 192.168.0.43
set PingTargets=127.0.0.1
Set Version=V1.05
@echo CDiagnosis %Version% >c:\cdiag.txt
@echo Start diagnosis for %computername% (Targets %FullTargets%) >>c:\cdiag.txt
for %%a in (%FullTargets% %PingTargets%) do (
@echo. >>c:\cdiag.txt
@echo Target %%a >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
@echo "ping %%a" >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
ping %%a >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
@echo "net view %%a" >>c:\cdiag.txt
@echo. >>c:\cdiag.txt
net view %%a >>c:\cdiag.txt
)
@echo End diagnosis for %computername% >>c:\cdiag.txt
notepad c:\cdiag.txt
:EOF

#####


--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

Chuck,

My "intriguing" network? - a story of accretion, and making as minimal
changes as possible for things to work. Short story: Bought the Micron,
Falcon, and Falcon-II over a period of 7 or so years. So each came with an
independent ability to access the Internet. Falcon-II and Falcon have 56k
modems, Micron has a 28.8k modem. After losing battles with Internet
connection sharing a few years back, we basically logon to the Internet
separately from each machine. (Micron and Falcon II have Compuserve, which
has a separate DUN, or something.) The 802.11g adapter is a recent
inexpensive gift and is an addition on a USB port. Turns out there are
indeed unprotected access points in our neighborhood. On an experimental
basis, we use it on and off.

In fact, the impetus for this whole exercise, and my original question, was
a concern that others could see folders on Falcon-II, and so I was hoping to
set it up so that anyone logging onto the Falcon or Micron through our wired
LAN would have access to Falcon-II files, but no one else. Don't know
whether I should be worried, or even worried about Falcon and Micron files.

On my home network problem, I think I've found a fix. I successfully ran
cdiag on the XP machine, but it wouldn't run on the 98SE or 98 machines. The
98SE machine just pulled the file up in Wordpad; the 98 machine said it
needed to have the program associated with file. So I looked at the content
of the file, and it seemed that it was checking to see whether all 3 machines
could ping one another. A-ha.

Last fall, I had to reinstall Win98SE on the Falcon, and had home network
problems after that, which I now remembered trouble-shooting through the
Win98 community newsgroup. I found my lengthy notes, and succeeded in
pinging the other two machines from the network from each of the three. OK.

I then found in my notes that a common problem when you can't browse the
network but can ping the other machines is that a user isn't logged on. As I
think I mentioned earlier in this chain, I had added a "Test" user on the
98SE machine to see whether I could limit access to that user from the XP
machine. (I noticed at that point that the machine had a "user" logged on,
but it was not in Control Panel - Users screen.) No luck in making that
solution work to selectively share folders, so I deleted the Test user. So
in logging on, I was getting the Windows logon screen with no users listed,
and was hitting "Cancel."

So I've gone to Users and created a "DaddySchlich" user with no password.
Booted up that way, and full access was restored. Yea!!

Of course, now I had to hit enter to logon every time! nuts. So I
downloaded TweakUI 1.33. Activated Autologon and Client for Microsoft
Networks as Primary Network Logon, so a Logon screen shows, but it disappears
automatically. Not nearly as elegant as before - when it just booted
straight to Desktop with no logon screen. And there's a beep at the end of
the bootup routine that suggests that something's still not quite right.

So, where I now stand,

1. should I worry about others looking at my files over the wireless link?
(I have a firewall on the XP machine.) If so, should I pursue the Safe Mode
option you first suggested to disable Simple File Sharing? Can I set it up
so that the Falcon boots directly to Desktop, and there is a logged on User
that the XP can validate without more?

2. independently, is there a way to set up the Falcon so it boots directly
to Desktop without showing a Logon screen at all, as it was set up at the
beginning? (Coincidentally, I made an image of my Boot partition this past
weekend, just before starting all this, so I can just restore that image if
need be.)

Chuck, thank you for all your help on this matter. This certainly is not
easy stuff.

What do you think are my options at this point?

Thanks,

Daddy Schlich
 
Chuck,

My "intriguing" network? - a story of accretion, and making as minimal
changes as possible for things to work. Short story: Bought the Micron,
Falcon, and Falcon-II over a period of 7 or so years. So each came with an
independent ability to access the Internet. Falcon-II and Falcon have 56k
modems, Micron has a 28.8k modem. After losing battles with Internet
connection sharing a few years back, we basically logon to the Internet
separately from each machine. (Micron and Falcon II have Compuserve, which
has a separate DUN, or something.) The 802.11g adapter is a recent
inexpensive gift and is an addition on a USB port. Turns out there are
indeed unprotected access points in our neighborhood. On an experimental
basis, we use it on and off.

In fact, the impetus for this whole exercise, and my original question, was
a concern that others could see folders on Falcon-II, and so I was hoping to
set it up so that anyone logging onto the Falcon or Micron through our wired
LAN would have access to Falcon-II files, but no one else. Don't know
whether I should be worried, or even worried about Falcon and Micron files.

On my home network problem, I think I've found a fix. I successfully ran
cdiag on the XP machine, but it wouldn't run on the 98SE or 98 machines. The
98SE machine just pulled the file up in Wordpad; the 98 machine said it
needed to have the program associated with file. So I looked at the content
of the file, and it seemed that it was checking to see whether all 3 machines
could ping one another. A-ha.

Last fall, I had to reinstall Win98SE on the Falcon, and had home network
problems after that, which I now remembered trouble-shooting through the
Win98 community newsgroup. I found my lengthy notes, and succeeded in
pinging the other two machines from the network from each of the three. OK.

I then found in my notes that a common problem when you can't browse the
network but can ping the other machines is that a user isn't logged on. As I
think I mentioned earlier in this chain, I had added a "Test" user on the
98SE machine to see whether I could limit access to that user from the XP
machine. (I noticed at that point that the machine had a "user" logged on,
but it was not in Control Panel - Users screen.) No luck in making that
solution work to selectively share folders, so I deleted the Test user. So
in logging on, I was getting the Windows logon screen with no users listed,
and was hitting "Cancel."

So I've gone to Users and created a "DaddySchlich" user with no password.
Booted up that way, and full access was restored. Yea!!

Of course, now I had to hit enter to logon every time! nuts. So I
downloaded TweakUI 1.33. Activated Autologon and Client for Microsoft
Networks as Primary Network Logon, so a Logon screen shows, but it disappears
automatically. Not nearly as elegant as before - when it just booted
straight to Desktop with no logon screen. And there's a beep at the end of
the bootup routine that suggests that something's still not quite right.

So, where I now stand,

1. should I worry about others looking at my files over the wireless link?
(I have a firewall on the XP machine.) If so, should I pursue the Safe Mode
option you first suggested to disable Simple File Sharing? Can I set it up
so that the Falcon boots directly to Desktop, and there is a logged on User
that the XP can validate without more?

2. independently, is there a way to set up the Falcon so it boots directly
to Desktop without showing a Logon screen at all, as it was set up at the
beginning? (Coincidentally, I made an image of my Boot partition this past
weekend, just before starting all this, so I can just restore that image if
need be.)

Chuck, thank you for all your help on this matter. This certainly is not
easy stuff.

What do you think are my options at this point?

Thanks,

Daddy Schlich

The ethics, and legality, of hijacking a wireless signal (unprotected, unknown
sources) for internet access are heavily discussed in other forums (maybe
alt.internet.wireless and / or microsoft.public.windows.networking.wireless), so
I won't get into that. What I will say is that, IMHO, if your're going to
connect any computer to a wireless network, you should protect it as well as a
computer connected directly to the internet.

Simple File Sharing is a bad idea here, which in my book says NO XP Home. But
yes, if you can disable SFS under XP Home using the recommended (but
unsupported) procedure, then try it.

If you use ICS, instead of a bridge, on Falcon-II, then Falcon and Micron would
be protected by the NAT in Falcon-II, at least. As it stands right now, if
Falcon-II is running a bridge, I would suspect that Falcon and Micron are
visible to the world outside Falcon-II. Which means your wireless neighbors,
unknown as they are.

I should note that some of the discussions (mentioned above) include the ethics
of hacking any computer connected to one's wireless LAN without permission.
IOW, your computers may be targets, more so than if you were operating the
wireless LAN. Please protect yourself.

Install a software firewall on Falcon and on Micron, and use fixed ip addresses
on both. Put manually assigned ip addresses in the Local (highly trusted) Zone.
Open the firewalls for file sharing, only in the Local Zone, to assigned
addresses.

You could go back to skipping the logon screen on Falcon, yes. But that won't
give you authentication for file sharing with Falcon-II. Not without Guest
access, anyway, but Guest access on an unprotected wireless LAN is also a bad
idea. Which again means disabling SFS. You should explicitly disable the Guest
account, and rename the administrative account, whenever possible.

You need to have two accounts for all 3 computers. One administrative (full),
the other normal (limited). You should use the full account only when
installing software, and only when not connected to the LAN. Which means,
again, having to enable Windows Logon.

In short, I don't think I would personally do what you're doing, at least with
Windows 9x. But, if you're going to do this, please let us know how you set it
up. This is, at least, a lesson in unconventional LAN topology. Which many
here can learn from.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
Chuck,

Thanks. You've given me a lot to think about, which is as it should be. As
I mentioned earlier, we were using the wireless connection on and off -
largely because of the potential problems caused. I'm comfortable with the
network doing dial-up; not so with wireless. And you're telling me I've got
that right.

A few nuts-and-bolts questions that reflect my level of knowledge/ignorance:

1. can you explain further what you mean by "bridge" and by "NAT" early on,
or give me a references? I basically have a cabled Ethernet LAN with a 100
Mbps switch at the center, wtih printers plugged into PCs. As I mentioned
earlier, ICS was not a whole lot of fun (or successful or simple) the last
time I tried, which is why we've been using three separate dial-up
connections.

2. I understand the idea of putting firewalls on all three machines and
putting only these three PCs in the Local Zone, and using manually assigned
IP addresses to make sure those are the only three PCs included.

Alternatively, where I started this exercise was restricting access to all
but selected files on the XP machine to others on the wired LAN, figuring the
same would hold for any wireless connection. Even better would be disabling
SFS for those few files to limit access to specific selected Users. With
user-level access possible on the Win98 machines, limiting access to files on
those machiens to specific selected Users would appear to be easier.

I am bit fuzzy about the reasons for having to have both firewalls and
separate logons. If the wall around the PC prevents any non-trusted source
from getting inside the PC, why is it necessary to ask for a passworded
login? Alternatively, if files are limited to selected Users, why the wall?
Similarly, if I have a wall on the XP machine, the only one with wireless
access, why do I need separate walls on the other PCs?

Similarly, I am a bit unclear about your suggestion that, if I am logged on
as an Administrator, someone from outside can breach the wall and step into
my shoes to wreak havoc as an Administrator on the PC. There must be
something here I'm not understanding.

In short, I have been aware that I need to worry these issues. If you can
help me directly by answering or giving references to read, that would be
most helpful. At the end of the day, I may decide to bag the wireless access
altogether.

If I ultimately do set something up, I would be happy to share with the
group.

Thanks for your help, and your willingness to answer my questions.

DaddySchlich
 
Chuck,

Thanks. You've given me a lot to think about, which is as it should be. As
I mentioned earlier, we were using the wireless connection on and off -
largely because of the potential problems caused. I'm comfortable with the
network doing dial-up; not so with wireless. And you're telling me I've got
that right.

A few nuts-and-bolts questions that reflect my level of knowledge/ignorance:

1. can you explain further what you mean by "bridge" and by "NAT" early on,
or give me a references? I basically have a cabled Ethernet LAN with a 100
Mbps switch at the center, wtih printers plugged into PCs. As I mentioned
earlier, ICS was not a whole lot of fun (or successful or simple) the last
time I tried, which is why we've been using three separate dial-up
connections.

2. I understand the idea of putting firewalls on all three machines and
putting only these three PCs in the Local Zone, and using manually assigned
IP addresses to make sure those are the only three PCs included.

Alternatively, where I started this exercise was restricting access to all
but selected files on the XP machine to others on the wired LAN, figuring the
same would hold for any wireless connection. Even better would be disabling
SFS for those few files to limit access to specific selected Users. With
user-level access possible on the Win98 machines, limiting access to files on
those machiens to specific selected Users would appear to be easier.

I am bit fuzzy about the reasons for having to have both firewalls and
separate logons. If the wall around the PC prevents any non-trusted source
from getting inside the PC, why is it necessary to ask for a passworded
login? Alternatively, if files are limited to selected Users, why the wall?
Similarly, if I have a wall on the XP machine, the only one with wireless
access, why do I need separate walls on the other PCs?

Similarly, I am a bit unclear about your suggestion that, if I am logged on
as an Administrator, someone from outside can breach the wall and step into
my shoes to wreak havoc as an Administrator on the PC. There must be
something here I'm not understanding.

In short, I have been aware that I need to worry these issues. If you can
help me directly by answering or giving references to read, that would be
most helpful. At the end of the day, I may decide to bag the wireless access
altogether.

If I ultimately do set something up, I would be happy to share with the
group.

Thanks for your help, and your willingness to answer my questions.

Explaining bridges vs NAT is not easy. Here are a couple mentions about NAT, to
start:
http://compnetworking.about.com/b/a/071937.htm
http://www.internet-sharing.com/nat_faqs/what_is_nat.html

A bridge simply connects two or more physically separate networks (such as the
Wireless LAN of your neighbor and your Ethernet LAN). All components on each
network are visible to all other components on each network.

With a bridge (if Falcon-II is providing one), the ip addresses of Falcon
(192.168.0.179) and Micron (192.168.0.43) are visible to any computer connected
to Falcon-II at the other end of the wireless link (ie to the owner of the
WLAN). Thus, Falcon, Falcon-II, and Micron are all open to hacking and other
abuse by the WLAN operator (and possibly the internet, if the WLAN isn't
properly secured).

If you setup ICS properly, it operates as a NAT router, and only the upstream
side of Falcon-II (probably 192.168.1.104) is visible to the bad guys (rest of
the WLAN etc). Falcon and Micron are accessible only to ICS on Falcon-II.

I, and various other paranoiacs, recommend a layered (redundant component)
security strategy. All individual security components are subject to abuse, and
potentially, to breach. The recommendation is for multiple layers to protect
you.

NAT is a good protective outer layer. There is no known vulnerability of NAT in
general, though there have been reported weaknesses in specific NAT hardware
that causes some concern. But NAT operates at the network layer.
http://networking.ringofsaturn.com/Protocols/sevenlayer.php

If you were to import hostile code (such as spyware, trojan, or virus), it would
enter your network as data, and would not be filtered by a NAT router. Once
inside your network, it could attack any unprotected computer.

For protection inside the NAT router (assuming that you have one), I recommend
protection of a firewall on each computer, and use of non-administrative
accounts except when intentionally installing software. A software firewall
protects each computer individually, similarly to a NAT router protecting the
LAN as a whole, from network level threats.

Unfortunately, a software based firewall can be bypassed too, by data level
threats. If you import spyware onto your computer, and you are logged in as an
adminstrator, it is that much easier for spyware to install, and operate, on
your system. By logging in as a non-administrator, you make it a little harder
for malicious software to attack your system, and maybe interfere with your
software firewall.

Since the Administrator and Guest accounts have well known names, they are
frequently used in a network based attack. Deleting the Guest account, and
renaming the Adminisrator account, are recommended so a bad guy (maybe the owner
of the WLAN) can't access your system thru brute force password guessing.

None of this is to say that you WILL be attacked if you don't use every one of
these protective strategies. But, recognising that none of these strategies are
100% invulnerable, I generally recommend using as many as possible. And, if you
intend to connect your network to another, unknown network, I absolutely
recommend as many layers as possible.
 
Chuck,

Thanks, yet again, for the follow-up. You've given me some more to read,
and some steps to consider. Just what I needed.

Daddy Schlich
 
Thanks, Chuck, for the extra lead. The .about article seems to lead to a
number of other useful articles.

In fact, I think that someone may have tried to illustrate for me some of
the vulnerabilities. I'm thinking that sticking to the dial-up connection
with my home LAN may well be the safest course. Even then, I think it's
worth reading up on Windows Networks, so I appreciate the leads.

I now have a password-protected Limited User Account name "ASP.NET Machine
A..." on my XP machine. Might that a legitimate use by the .NET, by which I
login to the Newsgroups? Or is that a User Account I should delete ASAP?

Thanks,

Daddy Schlich
 
Thanks, Chuck, for the extra lead. The .about article seems to lead to a
number of other useful articles.

In fact, I think that someone may have tried to illustrate for me some of
the vulnerabilities. I'm thinking that sticking to the dial-up connection
with my home LAN may well be the safest course. Even then, I think it's
worth reading up on Windows Networks, so I appreciate the leads.

I now have a password-protected Limited User Account name "ASP.NET Machine
A..." on my XP machine. Might that a legitimate use by the .NET, by which I
login to the Newsgroups? Or is that a User Account I should delete ASAP?

It's related to the .Net framework - some say you can delete it safely, but if
you're using .Net to login to the newsgroups, you're probably better off leaving
it. It doesn't sound like something to "delete ASAP" anyway.
http://www.mvps.org/marksxp/WindowsXP/aspdot.php

I think you're better off sticking to dial-up, at least getting off the unknown
WLAN. Tell me, please, why haven't you gotten broadband, and a SOHO router?

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net
 
Chuck said:
It's related to the .Net framework - some say you can delete it safely, but if
you're using .Net to login to the newsgroups, you're probably better off leaving
it. It doesn't sound like something to "delete ASAP" anyway.
http://www.mvps.org/marksxp/WindowsXP/aspdot.php

I think you're better off sticking to dial-up, at least getting off the unknown
WLAN. Tell me, please, why haven't you gotten broadband, and a SOHO router?
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net
Chuck,

Thanks for putting my mind at ease about the "ASP.NET Machine..." User.
It's nice to know it's probably not a sign of incursion after all. I bought
two Windows networking books today, so I can better understand all this. As
mentioned earlier, I've added through accretion. If something works, I
generally don't touch it. Unfortunately, you can inadvertently cause
yourself problems that way.

As far as why I haven't bit the bullet thus far, a few reasons: 1) dial-up
seems to satisfy our email and surfing needs just fine, 2) I can use
broadband at work (my home network of PCs 2 1/2 to 8 years old were purchased
for home/game use) during lunch or outside workhours to download big files,
and 3) I've suspected that it will make the security issue a lot more
complicated, with a dedicated IP address, compared to getting on and off
through dialup.

I think I got the 802.11g adapter, which is not expensive, for Xmas from the
family as an effort to nudge me toward broadband. ;^) Don't think it's
working!!

All the best,

Daddy Schlich
 
Chuck,

Thanks for putting my mind at ease about the "ASP.NET Machine..." User.
It's nice to know it's probably not a sign of incursion after all. I bought
two Windows networking books today, so I can better understand all this. As
mentioned earlier, I've added through accretion. If something works, I
generally don't touch it. Unfortunately, you can inadvertently cause
yourself problems that way.

As far as why I haven't bit the bullet thus far, a few reasons: 1) dial-up
seems to satisfy our email and surfing needs just fine, 2) I can use
broadband at work (my home network of PCs 2 1/2 to 8 years old were purchased
for home/game use) during lunch or outside workhours to download big files,
and 3) I've suspected that it will make the security issue a lot more
complicated, with a dedicated IP address, compared to getting on and off
through dialup.

I think I got the 802.11g adapter, which is not expensive, for Xmas from the
family as an effort to nudge me toward broadband. ;^) Don't think it's
working!!

The idea of protecting yourself by using dial-up, with an ever changing ip
address, is totally fallacious.

A NAT router will protect all three computers, and share internet service to all
three, far better than dial-up service, ICS, and WF. Plus, a NAT router is
easier to setup, and more stable.

All computers will be safer. A NAT router will block any malevolent internet
traffic. This further protects the internet, from your becoming infected and
spreading the infection.

All computers will run better, with the router blocking the trash infection
traffic. Any personal firewall on either computer will have less to do, because
the router will block most malevolent traffic.

All computers will run independent of each other. Right now, if you have
internet connectivity on multiple computers, either you are going to have 2 or 3
internet accounts, you'll have to take turns accessing the internet from each
computer (Falcon-II and Micron anyway), or you'll have to have Falcon-II on
whenever you wish to access the internet from Falcon. With a router, neither is
true.

If you can afford to have more then one computer, you can afford a router. For
many reasons.

Oh yes, if you still don't want broadband, consider getting a PPP-compatible NAT
router, and an external modem. Disable the modems inside Falcon-II and Micron.
A better solution than using the internal modems, and ICS.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net
 
Back
Top