3 computers not talking to each other

[Guest]

I have 3 computers:
- desktop with Win2000 Server SP4
- desktop with XP Home SP2
- laptop with XP Pro SP2

on the same network but they cannot see each other in network neighbourhood,
except Win2000 which can the XP Pro sometimes.
Here is my network setup:
The 3 computers connects to a router with the following connections:
- Win2000 Server SP4 (Wired)
- XP Home SP2 (Wireless - G with WPA encryption)
- XP Pro SP2 (Wireless - B with WPA encryption)
The router connects to the cable modem with connects to the internet. I ran
the setup home/office wizard and wireless connection wizard on both XP's but
I don't think this helped at all. I can ping both XP Home and Win2000
sucessfully but fail on XP Pro machine. Lastly, all the computers can
connect to the internet.

Please help!

Thanks.

YL

 

[Chuck]

I have 3 computers:
- desktop with Win2000 Server SP4
- desktop with XP Home SP2
- laptop with XP Pro SP2

on the same network but they cannot see each other in network neighbourhood,
except Win2000 which can the XP Pro sometimes.
Here is my network setup:
The 3 computers connects to a router with the following connections:
- Win2000 Server SP4 (Wired)
- XP Home SP2 (Wireless - G with WPA encryption)
- XP Pro SP2 (Wireless - B with WPA encryption)
The router connects to the cable modem with connects to the internet. I ran
the setup home/office wizard and wireless connection wizard on both XP's but
I don't think this helped at all. I can ping both XP Home and Win2000
sucessfully but fail on XP Pro machine. Lastly, all the computers can
connect to the internet.

Please help!

Thanks.

YL

I'll bet that the intermittent visibility is caused, at least in part, by the
browser situation.

Make sure the browser service is running on the two desktop computers. Control
Panel - Administrative Tools - Services. Verify that the Computer Browser, and
the TCP/IP NetBIOS Helper, services both show with Status = Started. Disable
the Browser service on the laptop.

The Microsoft Browstat program will show us what browsers you have in your
domain / workgroup, at any time.
http://support.microsoft.com/?id=188305

You can download Browstat from either:
<http://www.dynawell.com/reskit/microsoft/win2000/browstat.zip>
<http://rescomp.stanford.edu/staff/manual/rcc/tools/browstat.zip>

Browstat is very small (40K), and needs no install. Just unzip the downloaded
file, copy browstat.exe to any folder in the Path, and run it from a command
window.

For more information about the browser subsystem (very intricate), see:
http://support.microsoft.com/?id=188001
http://support.microsoft.com/?id=188305
<http://www.microsoft.com/technet/prodtechnol/winntas/deploy/prodspecs/ntbrowse.mspx>

How is your file sharing setup? Authentication can affect the display in
Network Neighborhood. Do you have shares setup on each computer? Remember any
computer running Simple File Sharing (the XP Home computer and optionally the XP
Pro computer) won't share "C:\Windows", "C:\Program Files", or "My Documents".
<http://www.microsoft.com/downloads/...db-aef8-4bef-925e-7ac9be791028&DisplayLang=en>

Are you running both Client for Microsoft Networks, and File and Printer Sharing
for Microsoft Networks (Local Area Connection - Properties), on each computer?

Are you running NetBIOS Over TCP/IP (Local Area Connection - Properties - TCP/IP
- Properties - Advanced - WINS) on each computer?

On the XP Pro computer, check to see if Simple File Sharing (Control Panel -
Folder Options - View - Advanced settings) is enabled or disabled. With XP Pro,
you need to have SFS properly set.

On XP Pro with SFS disabled, check the Local Security Policies (Control Panel -
Administrative Tools). Under Local Policies - Security Options, look at
"Network access: Sharing and security model", and ensure it's set to "Classic -
local users authenticate as themselves".

On XP Pro with SFS disabled, if you set the above Local Security Policy to
"Guest only", enable the Guest account, using Start - Run - "cmd" - type "net
user guest /active:yes" in the command window. If "Classic", setup and use a
common non-Guest account on all computers. Whichever account is used, give it
an identical, non-blank password on all computers.

On XP Home, and on XP Pro with Simple File Sharing enabled, make sure that the
Guest account is enabled, on each computer. Enable Guest with Start - Run -
"cmd" - type "net user guest /active:yes" in the command window.

On XP Pro, if you're going to use Guest authentication, check your Local
Security Policy (Control Panel - Administrative Tools) - User Rights Assignment,
on the XP Pro computer, and look at "Deny access to this computer from the
network". Make sure Guest is not in the list.

Do any of the computers have a software firewall (ICF / WF, or third party)? If
so, you need to configure them for file sharing, by opening ports TCP 139, 445
and UDP 137, 138, 445, by enabling the File and Printer Sharing exception, and /
or by identifying the other computers as present in the Local (Trusted) zone.
Firewall configurations are a very common cause of (network) browser, and file
sharing, problems.

There are also registry entries that further affect file sharing. If the above
settings don't provide any improvement, we can investigate that next.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

What have you done with Firewall settings?

If firewalls are activated then you won't see any PC that has an active
firewall.

 

[Guest]

Hello,

Thanks for your help. To answer your questions:
Computer Browser and TCP/IP NetBIOS are turned ON on all 3 computers.
Client for Microsoft Networks, File and Printer Sharing turned ON on all 3
comp.
NetBIOS over TCP/IP enabled on all 3 comp.
Simple File Sharing enabled on XP PRO.
Guest user account enabled on both XP desktop and XP Pro.
I disabled the Windows firewall on both XP desktop and XP Pro and the Norton
Security Firewall on XP Pro.
Finally, each of the 3 comp can see the other two comp on Network
Neighbourbood. In addition, I can access the shared items on each computer
from any computer on the network.

This has solved my initial problem. Thank you very much!

Now I am left with two more questions.
- Is there a way to turn on the Firewall on all 3 comp but allowing access
to them? Please show me the steps to turn the Firewall as well.
- I noticed that when I access the XP's, I don't need to enter userID and
password, is there a way to force the system to ask me these two pieces of
info?

Thank you again, both of you.

Yvonne

 

[Chuck]

Hello,

Thanks for your help. To answer your questions:
Computer Browser and TCP/IP NetBIOS are turned ON on all 3 computers.
Client for Microsoft Networks, File and Printer Sharing turned ON on all 3
comp.
NetBIOS over TCP/IP enabled on all 3 comp.
Simple File Sharing enabled on XP PRO.
Guest user account enabled on both XP desktop and XP Pro.
I disabled the Windows firewall on both XP desktop and XP Pro and the Norton
Security Firewall on XP Pro.
Finally, each of the 3 comp can see the other two comp on Network
Neighbourbood. In addition, I can access the shared items on each computer
from any computer on the network.

This has solved my initial problem. Thank you very much!

Now I am left with two more questions.
- Is there a way to turn on the Firewall on all 3 comp but allowing access
to them? Please show me the steps to turn the Firewall as well.
- I noticed that when I access the XP's, I don't need to enter userID and
password, is there a way to force the system to ask me these two pieces of
info?

Thank you again, both of you.

Yvonne

Yvonne,

If you're using both WF and NPF (NIS) on any computer, that's a chance for big
problems. Use one or the other, please. And disabling NPF may not be a good
idea, you may have to un install it completely. YMMV here.

You should be able to configure either WF or NPF to allow file sharing. With
WF, you simply enable the File and Printer Sharing exception, and set its Scope
appropriately (with a wireless LAN, once you have everything working, you need
to specify static, individual addresses for each computer).

With NIS, I believe you define the local (trusted) zone, and enable file sharing
for the local zone (again, with a wireless LAN, once you have everything
working, you need to specify static, individual addresses for each computer).
This may be a situation where you should RTM.

With XP Home, you are stuck with Simple File Sharing, which uses only the Guest
account for authentication. With XP Pro, you can use Advanced File Sharing
(disable SFS), and non-Guest authentication, but that still won't force you to
enter a password when connecting. AFS non-Guest simply uses the account /
password you're logged in with to authenticate you for share access.

With an all XP Pro connection (both client and server using non-Guest
authentication), you can map drives ("Connect using a different user name"), but
that still won't force you to enter an account / password each time that you
connect, so I think the answer to your second question is No.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Yvonne,

If you're using both WF and NPF (NIS) on any computer, that's a chance for big
problems. Use one or the other, please. And disabling NPF may not be a good
idea, you may have to un install it completely. YMMV here.

You should be able to configure either WF or NPF to allow file sharing. With
WF, you simply enable the File and Printer Sharing exception, and set its Scope
appropriately (with a wireless LAN, once you have everything working, you need
to specify static, individual addresses for each computer).

With NIS, I believe you define the local (trusted) zone, and enable file sharing
for the local zone (again, with a wireless LAN, once you have everything
working, you need to specify static, individual addresses for each computer).
This may be a situation where you should RTM.

With XP Home, you are stuck with Simple File Sharing, which uses only the Guest
account for authentication. With XP Pro, you can use Advanced File Sharing
(disable SFS), and non-Guest authentication, but that still won't force you to
enter a password when connecting. AFS non-Guest simply uses the account /
password you're logged in with to authenticate you for share access.

With an all XP Pro connection (both client and server using non-Guest
authentication), you can map drives ("Connect using a different user name"), but
that still won't force you to enter an account / password each time that you
connect, so I think the answer to your second question is No.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Hello Chuck,

I turned the Windows Firewall back on, left the Norton security turned off,
and everything seems to be working properly. So I am going to leave it. I
hope this is what you mean by enabling WF or NPF (NIS). As for my second
question, I can live with not having this added security as it is only a home
network and not accessed by outsiders.

Again, thank you very much for your help!

Yvonne

 

[Chuck]

Hello Chuck,

I turned the Windows Firewall back on, left the Norton security turned off,
and everything seems to be working properly. So I am going to leave it. I
hope this is what you mean by enabling WF or NPF (NIS). As for my second
question, I can live with not having this added security as it is only a home
network and not accessed by outsiders.

Again, thank you very much for your help!

Yvonne

Yvonne,

Glad to help. I think you've got the right idea. You're protected by from the
internet by the router, and by WF, now that it's working. Congrats on getting
it working.

As long as you have a LAN where all users are trusted, you don't really benefit
from Advanced File Sharing and the ability to restrict share access by userid.
Simple File Sharing will work OK for you. Except for the wireless issue.

With a wireless LAN, unfortunately, "not accessed by outsiders" is very
optimistic. On a wireless LAN, your wireless neighbors may be far away from
your front door. Even if YOU have trouble getting decent bandwidth between your
office and your bedroom with your equipment, one of your wireless neighbors
could park his van a mile away in a shopping center parking lot, and hijack your
bandwidth, using custom equipment.

Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.

The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall.

Change the router management password, and disable remote (WAN) management.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").

Enable MAC filtering.

Change the subnet of your LAN - don't use the default.

Disable DHCP, and assign an address to each computer manually.

Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Enable file
sharing only in the Local Zone.

Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.

Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.

Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Rename Administrator, to a non-trivial value, and give it a non-trivial
password. Never use the Administrator renamed account for day to day
activities, only when intentionally doing administrative tasks.

Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.