Why is it so difficult to network Vista and XP PCs?

[Guest]

I have two Dell PCs. A Dimension 9200 Desktop vith Vista Home Premium (Swiss
German version) and a Latitude D600 notebook with XP SP2 (US english
version). They are on the same workgroup (MSHOME) connected by a WPA-PSK TKIP
protected wireless link through a router. On both computers I have opened
accounts with the same user name and password. The network was ok for some
time (while the desktop was directly connected with a cable to the router and
the wireless link was running under WEP from the Latitude notebook to the
router) but started to make problems when the router had to be moved to
another room and both PCs were wirelessly connected to the network. By now,
the Vista desktop can see the XP notebook, read and write files. The XP
notebook can see that the desktop is there but it is denied authorization to
access it, use a printer aso. I tried to follow "File and Printer Sharing in
Windows Vista", even switch off the firewall on Vista, enable NetBIOS over
TCP/IP, disable IPv6 but nothing seems to do the job.

 

[Chuck [MVP]]

I have two Dell PCs. A Dimension 9200 Desktop vith Vista Home Premium (Swiss
German version) and a Latitude D600 notebook with XP SP2 (US english
version). They are on the same workgroup (MSHOME) connected by a WPA-PSK TKIP
protected wireless link through a router. On both computers I have opened
accounts with the same user name and password. The network was ok for some
time (while the desktop was directly connected with a cable to the router and
the wireless link was running under WEP from the Latitude notebook to the
router) but started to make problems when the router had to be moved to
another room and both PCs were wirelessly connected to the network. By now,
the Vista desktop can see the XP notebook, read and write files. The XP
notebook can see that the desktop is there but it is denied authorization to
access it, use a printer aso. I tried to follow "File and Printer Sharing in
Windows Vista", even switch off the firewall on Vista, enable NetBIOS over
TCP/IP, disable IPv6 but nothing seems to do the job.

Pierre,

Generally, it isn't difficult at all to network two computers. Sometimes there
are complications, though, and that's why you see people here asking for help.

Disabling IPV6 is a good start, as I don't think that Microsoft has IPV6 and
Windows Networking working together just yet.

Switching the firewall off is not a good idea. You need to have the firewall
on, and set the Network Location Type to Private. Access authorisation is
another issue. Are you using SFS (PPS disabled), or AFS (PPS enabled) on the XP
computer? PPS enabled or disabled on the Vista computer? These are details
that you need to know.

Read my tutorial and see if it helps.
<http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html>
http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[nsag]

Here is a typical user Vista/ Wireless XP networking issue:
Explorer can see all computers and exchange files. All permissions are
correctly set and double checked.
However say you want to save an Excel spreadsheet you are working on with
your Vista machine to one of those wireless XP units.
In your Vista machine you click "save as" and then click on "network"
Lo and behold, nothing you can do will make those XP sites appear so you can
save the frigging document.
However tomorrow it might or might not work like it should.
The best solution is to get rid of Vista.
All of your problems will go away and you can get back to work.
You should not be spending time troubleshooting defective Microsoft
programming.

 

[Chuck [MVP]]

Here is a typical user Vista/ Wireless XP networking issue:
Explorer can see all computers and exchange files. All permissions are
correctly set and double checked.
However say you want to save an Excel spreadsheet you are working on with
your Vista machine to one of those wireless XP units.
In your Vista machine you click "save as" and then click on "network"
Lo and behold, nothing you can do will make those XP sites appear so you can
save the frigging document.
However tomorrow it might or might not work like it should.
The best solution is to get rid of Vista.
All of your problems will go away and you can get back to work.
You should not be spending time troubleshooting defective Microsoft
programming.

Until Vista comes out in SP1, it will have these bugs. We are Beta testing it.
And we are documenting it.

There are dozens of reasons for not being able to "see" other computers in
Network Neighbourhood (or whatever else cure name is being used at the time).
Every version of Windows has had these problems, and Windows XP wasn't immune.
I wrote this for XP owners, several years ago.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

And this year, I wrote this troubleshooting guide for Vista owners.
<http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html>
http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Chuck [MVP]]

Here is a typical user Vista/ Wireless XP networking issue:
Explorer can see all computers and exchange files. All permissions are
correctly set and double checked.
However say you want to save an Excel spreadsheet you are working on with
your Vista machine to one of those wireless XP units.
In your Vista machine you click "save as" and then click on "network"
Lo and behold, nothing you can do will make those XP sites appear so you can
save the frigging document.
However tomorrow it might or might not work like it should.
The best solution is to get rid of Vista.
All of your problems will go away and you can get back to work.
You should not be spending time troubleshooting defective Microsoft
programming.

Until Vista comes out in SP1, it will have these bugs. We are Beta testing it.
And we are documenting it.

There are dozens of possible reasons for not being able to "see" other computers
in Network Neighbourhood (or whatever else cute name is being used at the time).
Every version of Windows has had these problems, and Windows XP wasn't immune.
I wrote this for Windows XP owners, several years ago. Windows XP was buggy as
hell until SP1.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

And this year, I wrote this troubleshooting guide for Windows Vista owners.
<http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html>
http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Guest]

Sir,
you did a great job telling people all the details of networking Vista and
XP computers but this is exactly my point: Why is it necessary to go though
all this jargon when I just want to share a printer and maybe read and write
a few files in the public folder of the other PC? Can't such simple
operations be allowed by default so that Mr. Average does NOT have to read
and understand all of your explanations?
I am certainly not a bloody beginner but I have other things to do than to
struggle with those issues and I certainly hope that there will be such
features and maybe a wizard to do this in Vista pretty soon, otherwise I will
simply abandon it as nsag suggested.
Kind regards,
Pierre KOHLER

Here is a typical user Vista/ Wireless XP networking issue:
Explorer can see all computers and exchange files. All permissions are
correctly set and double checked.
However say you want to save an Excel spreadsheet you are working on with
your Vista machine to one of those wireless XP units.
In your Vista machine you click "save as" and then click on "network"
Lo and behold, nothing you can do will make those XP sites appear so you can
save the frigging document.
However tomorrow it might or might not work like it should.
The best solution is to get rid of Vista.
All of your problems will go away and you can get back to work.
You should not be spending time troubleshooting defective Microsoft
programming.

Until Vista comes out in SP1, it will have these bugs. We are Beta testing it.
And we are documenting it.

There are dozens of possible reasons for not being able to "see" other computers
in Network Neighbourhood (or whatever else cute name is being used at the time).
Every version of Windows has had these problems, and Windows XP wasn't immune.
I wrote this for Windows XP owners, several years ago. Windows XP was buggy as
hell until SP1.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

And this year, I wrote this troubleshooting guide for Windows Vista owners.
<http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html>
http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[LoneStar]

Chuck,

As an outsider on this thread, thanks for a very comprehensive view into
Vista/XP file & folder sharing. Your nitecruzr blogspots were very good,
and I read them both to try fixing my Vista/XP file sharing problem. (Note:
my network is fine, Public Folder can be shared, but none other).

Anyway, after reading your two web links which apparently can fix any
Vista/XP sharing problem, I must concede defeat. I guess I'll just use the
Public Folder on Vista to use for XP file sharing ventures. To be honest,
your articles were good, but there is No Way I can spend hours trying to
figure out what you wrote, how to actually apply it to my two computers, and
trying to read between the lines. My XP and ME shared perfectly -- no
problems.

Anyway, thanks for putting out the info, really.

EW

Here is a typical user Vista/ Wireless XP networking issue:
Explorer can see all computers and exchange files. All permissions are
correctly set and double checked.
However say you want to save an Excel spreadsheet you are working on with
your Vista machine to one of those wireless XP units.
In your Vista machine you click "save as" and then click on "network"
Lo and behold, nothing you can do will make those XP sites appear so you
can
save the frigging document.
However tomorrow it might or might not work like it should.
The best solution is to get rid of Vista.
All of your problems will go away and you can get back to work.
You should not be spending time troubleshooting defective Microsoft
programming.

Until Vista comes out in SP1, it will have these bugs. We are Beta
testing it.
And we are documenting it.

There are dozens of possible reasons for not being able to "see" other
computers
in Network Neighbourhood (or whatever else cute name is being used at the
time).
Every version of Windows has had these problems, and Windows XP wasn't
immune.
I wrote this for Windows XP owners, several years ago. Windows XP was
buggy as
hell until SP1.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

And this year, I wrote this troubleshooting guide for Windows Vista
owners.
<http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html>
http://nitecruzr.blogspot.com/2006/12/windows-xp-and-vista-on-lan-together.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Chuck [MVP]]

Sir,
you did a great job telling people all the details of networking Vista and
XP computers but this is exactly my point: Why is it necessary to go though
all this jargon when I just want to share a printer and maybe read and write
a few files in the public folder of the other PC? Can't such simple
operations be allowed by default so that Mr. Average does NOT have to read
and understand all of your explanations?
I am certainly not a bloody beginner but I have other things to do than to
struggle with those issues and I certainly hope that there will be such
features and maybe a wizard to do this in Vista pretty soon, otherwise I will
simply abandon it as nsag suggested.
Kind regards,
Pierre KOHLER

Pierre,

Your point is well made. The biggest problem is that networking computers is
NOT a simple process. I've been working with it for 30 years, and it changes
constantly.
<mode=rant>
Right now, half the complexity in most computers is security software, that
keeps our computers doing OUR work. Not the work of some asswit sitting in his
bedroom somewhere else, hawking v1agruh.

Networking computers isn't simple. Occasionally the boys with smoke and mirrors
make it look that way, but the smoke dissipates and they are left with broken
mirrors.

If you own a car, you learn to drive the car. You don't buy the car, go to
another store, buy a "repair your car yourself" manual, take it home and rebuild
the engine. You take it to a ****ing mechanic for engine repairs.

Right now, everybody with a Visa card can go to WalMart (of all places), buy a
computer, take it home, install it, and then get pissed off because they don't
know what they are doing and can't be arsed to read a damn manual, or take it to
an expert.

Maybe it's time to license computer usage.

We'll still be here, probably, for those who will work with us. But if you
don't understand Microsoft products, can't buy a manual, and don't want to read
the manuals that we write (for free), you're free to find any forum where people
produce the manuals that suit your fancy.

I'll repeat my point. Networking computers is not simple - it's hard work. The
complexity, when applied properly, may make it look simple. That's all. It
looks simple. It's not at all simple. Regardless of what the merchandisers
make it look like.</mode>

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Chuck [MVP]]

Chuck,

As an outsider on this thread, thanks for a very comprehensive view into
Vista/XP file & folder sharing. Your nitecruzr blogspots were very good,
and I read them both to try fixing my Vista/XP file sharing problem. (Note:
my network is fine, Public Folder can be shared, but none other).

Anyway, after reading your two web links which apparently can fix any
Vista/XP sharing problem, I must concede defeat. I guess I'll just use the
Public Folder on Vista to use for XP file sharing ventures. To be honest,
your articles were good, but there is No Way I can spend hours trying to
figure out what you wrote, how to actually apply it to my two computers, and
trying to read between the lines. My XP and ME shared perfectly -- no
problems.

Anyway, thanks for putting out the info, really.

EW

Thanks for the feedback, EW.

My rant to Pierre aside, I'm betting that there's at least one more key setting
in Windows Vista that I haven't written about, and Microsoft hasn't thought to
tell us about. The Network and Sharing Center GUI is a wizard (a pretty mini
app), for setting dozens of individual settings in a database called Local
Security Policy (in a domain, it's a piece of Active Directory, called
policies).

Even listing the policies, much less identifying them with any description,
isn't done anywhere that I can find. They are supposedly self identifying (ha
ha). And my suspicion is that you will find YOUR problem buried deep in a
policy.

So, as you think more of your problem, drop by here again. We may know more
next week. Maybe your involvement will help us learn more, and help others too.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[JRB Associates]

Chuck,

I will mention Active Directory Domains only, as that is what I have done.
Vista integrates without difficulty. Essentially all that is done is, join
the Domain, turn on Network Discovery, turn on File Sharing, then actively
share the folders desired. When creating the shares, assign Domain Groups to
the share (with desired permissions), and remove Everyone. At that point
Vista (depending on who is logged in) can see and be seen without
difficulty. Depending on what other client PCs are on the network, things
may be different, but with the correct Group Policy settings, Vista can see,
be seen by, and communicate with everything from other Vista PCs (Home Basic
and Premium cannot be Domain joined, so I omit those) down to MS-DOS 6.22
(running a TCP/IP stack).

John Baker

 

[Chuck [MVP]]

Chuck,

I will mention Active Directory Domains only, as that is what I have done.
Vista integrates without difficulty. Essentially all that is done is, join
the Domain, turn on Network Discovery, turn on File Sharing, then actively
share the folders desired. When creating the shares, assign Domain Groups to
the share (with desired permissions), and remove Everyone. At that point
Vista (depending on who is logged in) can see and be seen without
difficulty. Depending on what other client PCs are on the network, things
may be different, but with the correct Group Policy settings, Vista can see,
be seen by, and communicate with everything from other Vista PCs (Home Basic
and Premium cannot be Domain joined, so I omit those) down to MS-DOS 6.22
(running a TCP/IP stack).

John Baker

John,

My growing suspicions are that many complaints that folks like Pierre have,
about how complicated Windows Networking is, would be solved if everybody would
setup and use a domain. Between standardising local security policy, and
turning off "Simple" File Sharing, life would be so much simpler.

Of course, there would be less traffic here and it might get a bit boring. You
can't have everything.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Tom Dacon]

My growing suspicions are that many complaints that folks like Pierre

have,
about how complicated Windows Networking is, would be solved if everybody
would
setup and use a domain. Between standardising local security policy, and
turning off "Simple" File Sharing, life would be so much simpler.

I suppose you'd rather spend about a million keystrokes and the next five
years of your life educating people here on how to set up a domain
controller, right?

Tom Dacon
Dacon Software Consulting

 

[Chuck [MVP]]

I suppose you'd rather spend about a million keystrokes and the next five
years of your life educating people here on how to set up a domain
controller, right?

Tom Dacon
Dacon Software Consulting

In the long run, and if a domain was the only option, I'd bet that a domain
would be made a bit simpler. And either folks WOULD learn how to do it, or they
would hire a pro to do it.

The problem is when they won't hire a pro, want to do it themselves, and don't
want to spend any time reading about the details. But they WILL spend time
bitching about it "Why does Microsoft make it so complicated?".

And I've written about why it's so complicated, and occasionally someone will
read what I wrote.
<http://nitecruzr.blogspot.com/2005/07/windows-networking.html>
http://nitecruzr.blogspot.com/2005/07/windows-networking.html

And if you spend ANY time here, you'll know that I was being SLIGHTLY facetious.
But just slightly.

If you have less than 6 computers, AND one person / computer AND no sharing of
computers either locally or remotely AND no sharing of passwords, a workgroup is
a simple choice. If any one of the above conditions doesn't apply, that may or
may not be true. Workgroup "authentication" isn't scalable. Domains make more
sense, as the size of the LAN increases.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[JRB Associates]

Chuck,

Your facetiousness comes through quite clearly . Since I spend probably
99% of my time in the business realm, AD domains are what I use, but even
there I have seen folks have trouble with Vista. I do assist friends and
family in the workgroup and computer-to-computer scenario, but it is not my
primary choice. Vista ironically has actually made it more difficult in many
ways, not easier. In a pure Vista-to-Vista scenario, it is not too bad, but
almost everyone I know (everyone actually...) has a mix of PCs, going back
to Windows 95 (the sweet spot is probably 98SE), that they want to connect.
In the workgroup or computer-to-computer scenario, it can be challenging,
especially since some folks don't want to have user accounts or passwords,
and Vista gags with that. That is why I am quite content in the AD domain
realm. With a few Group Policy settings, everything works with no difficulty
at all, even older operating systems which predate AD. But that said,
without support, most folks I know at a personal level would be in an even
greater abyss with a domain.

John Baker

 

[Chuck [MVP]]

Chuck,

Your facetiousness comes through quite clearly . Since I spend probably
99% of my time in the business realm, AD domains are what I use, but even
there I have seen folks have trouble with Vista. I do assist friends and
family in the workgroup and computer-to-computer scenario, but it is not my
primary choice. Vista ironically has actually made it more difficult in many
ways, not easier. In a pure Vista-to-Vista scenario, it is not too bad, but
almost everyone I know (everyone actually...) has a mix of PCs, going back
to Windows 95 (the sweet spot is probably 98SE), that they want to connect.
In the workgroup or computer-to-computer scenario, it can be challenging,
especially since some folks don't want to have user accounts or passwords,
and Vista gags with that. That is why I am quite content in the AD domain
realm. With a few Group Policy settings, everything works with no difficulty
at all, even older operating systems which predate AD. But that said,
without support, most folks I know at a personal level would be in an even
greater abyss with a domain.

John Baker

John,

Frankly, in a business environment, where a standardised platform of hardware
and software is used, and new computers are bought in bulk, I won't recommend
Vista just yet. But remember, Windows XP was the same when it was released;
until SP1 came out, most large LANs were still deploying Windows 2000.
Screaming about XP, how complex, slow, unstable, it was could be heard
everywhere.

The issue of Microsoft, currently publicising sunset dates for XP, makes this
somewhat more urgent.

Keeping all of this in perspective, how many people do you see in this forum
right now, complaining of specific issues networking computers running Vista?
How many copies of Vista are out there right now (ballpark figure, to the
nearest 100,000 or so will do). Subtract the first figure from the second,
please.

But the historical mix of ancient computers has to end one day. The legendary
joke:
"Q: How many Virginians does it take to change a light bulb?
A: At least 3. One to do the work, the others to remember how great the old one
was."
even that is drawing to a close. The great State Of Virginia is rebuilding
everywhere.

And so should computer owners. We have to let go of the past, and get rid of
computers running Windows 95, 98, and yes ME. Or at least stop requiring
Microsoft to "support" them. Windows simply can't retain backward compatibility
to every historical edition forever; sometime, computer owners have to roll
forward, into the present.

If you can't network your computer running Windows 98 with a computer running
Windows Vista, because the computer running Windows 98 "locks up", why is that a
Vista problem? The Windows 98 operating system has limits. Those limits may
not be seen until you try to exceed them, but they are limits in the Windows 98
operating system.

Move forward.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Tom Dacon]

And if you spend ANY time here, you'll know that I was being SLIGHTLY

facetious.
But just slightly.

Oh yeah, I got your point. I was being equally facetious, although perhaps
it didn't come through.

Tom

 

[cquirke (MVP Windows shell/user)]

My growing suspicions are that many complaints that folks like Pierre have,
about how complicated Windows Networking is, would be solved if everybody would
setup and use a domain.

Get real!

With domains go server OS licenses, extra boxes, not to mention MSCE
skills to make everything work. If you have MCSE skills, you could
prolly make simple peer networking work too, which is what we want.

Since XP, we've seen attempts to drop pro-IT solutions into
consumerland. It has never worked, and is not working now.


I think the answer to the subject Q may have more to do with:
- retiring dangerous authentication technologies (LM hashes)
- a long-overdue curbing of hidden admin shares
- IPv6 over IPv4

With respect to the last, this may also explain why "some routers
don't work with Vista" (routers are supposed to be OS-agnostic, so
that's like saying "some roads don't work with new Ford cars") and why
MS went to the trouble of providing a useful online tester to see
whether your router would match Vista's compat/performance needs.

Teredo Overview

http://www.microsoft.com/technet/network/ipv6/teredo.mspx

But then, I'm reading this thread because I want the answer, too

Seriously, the "domain thing" may solve issues with authentication who
can do what over a LAN, but if the packets aren't flowing due to
deeper glitches - including the basic first-step of authentication
that has to work before domains become relevant - it may miss the spot

-------------------- ----- ---- --- -- - - - -

Tip Of The Day:
To disable the 'Tip of the Day' feature...

 

[cquirke (MVP Windows shell/user)]

The problem is when they won't hire a pro

Hiring a pro to set up a domain may not be enough, if he just walks
away when done, leaving you without the skills to manage it.

And I've written about why it's so complicated, and occasionally someone will
read what I wrote.

http://nitecruzr.blogspot.com/2005/07/windows-networking.html

On My Way... ah, this looks like a great read!

It looks as if we have the same objectives in terms of "blogging",
i.e. to create blogs that are also effective as traditional link-rich
websites, offering timeless top-down navigability - as blogged here:

http://cquirke.spaces.live.com/blog/cns!C7DAB1E724AB8C23!346.entry

("Permalinks Are Your Friends")

And if you spend ANY time here, you'll know that I was being SLIGHTLY facetious.

I confess I missed that ;-)

If you have less than 6 computers, AND one person / computer AND no sharing of
computers either locally or remotely AND no sharing of passwords, a workgroup is
a simple choice. If any one of the above conditions doesn't apply, that may or
may not be true.

I draw the line at 11+, being the point beyond which all MS desktop
OSs have been deliberately prevented from scaling up.

IOW, if you need a server, then it's time to get serious about your
networking. You're already obliged to expend significant resources on
it, either the money for an MS server OS or the study to use a free
Linux alternative; may as well get some value out of it?

I see domains as being more about user management than networking per
se, and if you have no interest in user management, then a powerful
user managemenmt system may become a risk in itself.

If folks have no interest in using a rich and risky functionality,
they won't understand it, set it up properly, keep it patched, monitor
what it is doing, and maintain it.

So the benefits of a domain system - e.g. the ability to override
control over users and workstations from a single point of
administration, irrespective of LAN or Internet "remoteness" - can
become a serious risk, if there's no-one at the helm.


My old approach to small LANs, was:
- LAN card <- NetBEUI <- F&PS
- Dial-up <- TCP/IP <- ICS

By keeping F&PS off TCP/IP, I don't have to worry about whether
firewall will appropriately scope between LAN and Internet routes when
passing or blocking F&PS. That's a #1 headache gone, right there, and
with it I saw a lot less "I had to turn off the firewall" stuff.

By using NetBEUI for F&PS, I'm harnessing the safety effect of what is
usually seen as a NetBEUI weakness; that it cannot be routed beyond
the LAN to other networks via gateways.

Two things went wrong with this simple arrangement:

1) Use of same LAN card for Internet and LAN access

This broke the ability to selectively bind F&PS to LAN card while
keeping it off the Internet point of access. But this didn't matter,
until (2) kicked in and stuffed everything up.

2) XP's useless at anything other than TCP/IP

Believe me, I tried to get F&PS working on anything other than TCP/IP
on XP, and it was a total failure, especially in mixed XP and Win9x
environments. So I was now forced to wave F&PS on the same TCP/IP
that - due to (1) - also potentially reached the Internet. BAD IDEA.


MS has an unfortunate tendency to design like this:
- create an "ultimate" product with everything working everywhere
- apply band-aids to limit what works where

MS claims to now "get" the "safe by default" thing, but they haven't,
really. Yes, things have improved, but the basic idea that consumers
can be fobbed off with a diluted pro-IT-orientated product persists.

That's always been a bad idea for consumers, but it didn't matter to
MS's big enterprise clients (where MS was competing with Linux and
pre-PC "big iron"). These big clients get massively complex
infrastructure, along with detailed documentation. Consumers get a
"wipe and rebuild" OEM disk, if they're lucky.

But consumers have broadband now, and so they are in a position to
impact on the enterprise as well. Suddenly it matters that a large %
of consumer PCs have been overrun by malware, because all that malware
and spam traffic is gunking up pro-IT networks, not to mention the
targeted DDoS and cat's-paw hacking attacks made via zombies.

We complain if it takes months to fix a known code vulnerability, but
it can take many years to fix a bad design (e.g. HTML email scripts in
Internet Zone, autorunning macros in MS Office "documents").

To fix flaws in basic design policy may take forever :-/

---------- ----- ---- --- -- - - - -

When Occam's Razor meets the Halting Problem,
the Halting Problem wins

 

[Chuck [MVP]]

Hiring a pro to set up a domain may not be enough, if he just walks
away when done, leaving you without the skills to manage it.



On My Way... ah, this looks like a great read!

It looks as if we have the same objectives in terms of "blogging",
i.e. to create blogs that are also effective as traditional link-rich
websites, offering timeless top-down navigability - as blogged here:

http://cquirke.spaces.live.com/blog/cns!C7DAB1E724AB8C23!346.entry

("Permalinks Are Your Friends")


I confess I missed that ;-)


I draw the line at 11+, being the point beyond which all MS desktop
OSs have been deliberately prevented from scaling up.

IOW, if you need a server, then it's time to get serious about your
networking. You're already obliged to expend significant resources on
it, either the money for an MS server OS or the study to use a free
Linux alternative; may as well get some value out of it?

I see domains as being more about user management than networking per
se, and if you have no interest in user management, then a powerful
user managemenmt system may become a risk in itself.

If folks have no interest in using a rich and risky functionality,
they won't understand it, set it up properly, keep it patched, monitor
what it is doing, and maintain it.

So the benefits of a domain system - e.g. the ability to override
control over users and workstations from a single point of
administration, irrespective of LAN or Internet "remoteness" - can
become a serious risk, if there's no-one at the helm.


My old approach to small LANs, was:
- LAN card <- NetBEUI <- F&PS
- Dial-up <- TCP/IP <- ICS

By keeping F&PS off TCP/IP, I don't have to worry about whether
firewall will appropriately scope between LAN and Internet routes when
passing or blocking F&PS. That's a #1 headache gone, right there, and
with it I saw a lot less "I had to turn off the firewall" stuff.

By using NetBEUI for F&PS, I'm harnessing the safety effect of what is
usually seen as a NetBEUI weakness; that it cannot be routed beyond
the LAN to other networks via gateways.

Two things went wrong with this simple arrangement:

1) Use of same LAN card for Internet and LAN access

This broke the ability to selectively bind F&PS to LAN card while
keeping it off the Internet point of access. But this didn't matter,
until (2) kicked in and stuffed everything up.

2) XP's useless at anything other than TCP/IP

Believe me, I tried to get F&PS working on anything other than TCP/IP
on XP, and it was a total failure, especially in mixed XP and Win9x
environments. So I was now forced to wave F&PS on the same TCP/IP
that - due to (1) - also potentially reached the Internet. BAD IDEA.


MS has an unfortunate tendency to design like this:
- create an "ultimate" product with everything working everywhere
- apply band-aids to limit what works where

MS claims to now "get" the "safe by default" thing, but they haven't,
really. Yes, things have improved, but the basic idea that consumers
can be fobbed off with a diluted pro-IT-orientated product persists.

That's always been a bad idea for consumers, but it didn't matter to
MS's big enterprise clients (where MS was competing with Linux and
pre-PC "big iron"). These big clients get massively complex
infrastructure, along with detailed documentation. Consumers get a
"wipe and rebuild" OEM disk, if they're lucky.

But consumers have broadband now, and so they are in a position to
impact on the enterprise as well. Suddenly it matters that a large %
of consumer PCs have been overrun by malware, because all that malware
and spam traffic is gunking up pro-IT networks, not to mention the
targeted DDoS and cat's-paw hacking attacks made via zombies.

We complain if it takes months to fix a known code vulnerability, but
it can take many years to fix a bad design (e.g. HTML email scripts in
Internet Zone, autorunning macros in MS Office "documents").

To fix flaws in basic design policy may take forever :-/

A real pro, Chris, will document and train, at least for the day to day tasks.

Depending upon the network you CAN go as high as 15 before you really need a
file server (and a domain controller becomes easier to justify).
# X employee works from home, or only on weekends.
# Y employee only surfs the web.
# Everybody powers their computer off when not in use.

Every workgroup is unique. There's no forcing a domain on anybody. I know
that.

The OP was complaining about how complicated Windows Networking is. I was
pointing out why. It's complicated because everybody's needs are different, and
change periodically.

And I remember NetBEUI, and how slick it was. And how slick it wasn't. I
remember Token Ring too. But times have changed - Token Ring is a memory, and
NetBEUI almost so.

And Windows 98 needs to be a memory too.

And I love hosting my web site on Blogger One Button Publishing. Though
Permalinks are being superceded by Labels (I call them "Topics") which are way
easier to manage, and make the text look cleaner. Labels (and "New" Blogger)
have been available for slightly less than a year now.

Consumer Broadband (I call that the Walmart effect) is running the show. Except
in large corporations with hardware and software models that don't change,
there's always something better. And sometimes, it was on sale last night at
Walmart. %-)

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[cquirke (MVP Windows shell/user)]

A real pro, Chris, will document and train, at least for the day to day tasks.

Hmm... sounds expensive. Well, it would be expensive to teach me how
to maintain a domain setup... a lot of small networks still use the
physical security model, which everyone understands, i.e.
- if you're at the keyboard, you can do anything
- if you're not at the keyboard, you can do nothing
- we physically secure access to the keyboard

Where the nature of the work is that folks create value on their PCs
and use the network only for printing, Internet and automated peer
backups, then combining the physical model with tight control over
what is shared, can do away with the need for "authentication".

IOW, assume authentication control will be sloppy, and avoid relying
on it where it serves no purpose.

And I love hosting my web site on Blogger One Button Publishing.

How does that differ from the usual Blogger, as I'm using at...

http://cquirke.blogspot.com

....? I did the conversion to Google sign-in, but haven't digged much
deeper as yet. I do like multiple labels, though.

Though permalinks are being superceded by Labels

I hope you don't mean they'll be dropping permalinks? They're still
the best way to link to specific articles from arbitrary places like
these newsgroups, after all.

(I call them "Topics") which are way easier to manage

They're nice and flexible, yes, but how do you retro-fit them to old
content? Permalinks still work there...

and make the text look cleaner.
?

Labels (and "New" Blogger) have been available for slightly less
than a year now.

I'm still not sure if I'm on the same rig as you are. Is this the
production Google blogging platform, or still beta?

------------ ----- ---- --- -- - - - -

The most accurate diagnostic instrument
in medicine is the Retrospectoscope