Windows XP And Vista On The LAN Together

File and Printer Sharing in Windows Vista is not extremely different from File and Printer Sharing in Windows XP. There are new features, and wizard procedures, that work on top of Windows XP features and procedures. If you have a working network, with one or more computers that use Windows Networking, you probably know enough to get started.

There will be challenges though. One predictable challenge is the availability (or lack of availability) of drivers for devices that are operating system sensitive, like network adapters. This has inspired various attitudes, even rants, among the user community.

Computers running Windows Vista use the same layered network as previous versions of Windows, so start by reviewing the principles of layered network design and installation, and of layered network problem solving. And review various issues that affected Windows Networking on computers running Windows XP.

>> Top

System Updates Issues
With Windows Vista, as with Windows XP, Microsoft will issue periodic (and monthly) updates. Most updates are for security issues, and others for operability and / or stability. All updates are necessary, if recommended for your edition of Vista, and some may have a direct effect on your problem.

As an interim measure, possibly before an actual Service Pack, Microsoft has started issuing compatibility, performance, and reliability fixes, covering a variety of issues with Vista.

>> Top

Connectivity Issues
By default, computers running Vista will set the Broadcast flag, in the DHCP Discover packets, On. If your DHCP server (NAT router, or non-Microsoft dedicated server) doesn't support DHCP Broadcast, you'll have various problems - your computer may never get an IP address, or your IP connectivity may come and go unpredictably. To make your Vista computer compatible with Windows XP, (KB928233): turn the DHCP Broadcast flag Off. Besides the DHCP Broadcast difference, be aware of an interesting (KB931550): timing difference between the Windows Vista and XP DHCP clients.

One of the most interesting features in Vista (my opinion anyway) is the ability to dynamically determine Receive Window size for each individual Internet connection. Users of high speed broadband connections will be especially interested in this. Unfortunately, it appears that RWin AutoTuning may be a bit problematic. This setting has been observed to affect both LAN and WAN connectivity, and can cause instability, or lack of connectivity.

On laptop computers, and other computers with multiple network adapters, you'll see an inaccurate / inconsistent network status indicator, when the computer is first started.

Like every newer version of Windows, Windows Vista will use more resources on the host computer, and on any peripherally connected computers and routers. If your peripheral network equipment like routers are becoming aged, you'll be advised to upgrade or replace whatever you can.

The IPX/SPX Protocol is not provided in Windows Vista, though Novell does now provide a Netware client for Vista. NetBEUI, on the other hand, is now a part of history.

>> Top

Visibility Issues
One of the new features of Windows Vista is the Network Map, which runs at the Link Layer of the OSI Network Model, and offers functions similar to The Dude. The Network Map uses a discovery protocol called Link-Layer Topology Discovery (LLTD), which is not a normal part of Windows XP.

To be able to see a Windows XP server from a Vista client, using the Vista Network Map, you need to install (KB922120): the LLTD Responder on any Windows XP computers. The LLTD Responder isn't available for Windows 2000, so you won't be able to see a Windows 2000 server from a Vista client, using the Vista Network Map.

Even if you can't see a Windows XP or 2000 computer in the Network Map, though, you'll still be able to see it in Network Neighborhood / My Network Places, aka the Network window (Start - Network) in Windows Vista. And even if you can see a computer in the Network Map, you may still have to work on name resolution, or on sharing permissions, if you are going to actually access its resources.

The simplest visibility will be enjoyed with all computers in the same workgroup. By default, Windows Vista uses "Workgroup", while Windows XP uses "MSHome". If you leave workgroup names at default, the other computers will be visible in the Network (My Network Places aka Network Neighbourhood) wizard, but they won't be seen immediately, when you open the wizard. You may have to look under Entire Network - Microsoft Windows Network, for the different workgroups used by each set of computers. And with having multiple browse domains (workgroups), your browser infrastructure will be slightly more complex.

>> Top

Using A Windows Vista Client
Under Windows Vista, the personal storage (personal profile and other files and folders) container has been changed, from "C:\Documents and Settings", to "C:\Users". The folder "C:\Documents And Settings" will continue to exist, for backward compatibility, only as a junction point. On a mixed LAN, I would very carefully test sharing of either "C:\Documents and Settings" (with a Windows Vista client), or "C:\Users" (with a Windows XP client), before committing myself.

>> Top

Setting Up A Windows Vista Server
If you're adding a computer running Windows Vista to your network, you have to set it up as a server, so you can access it from your other computers. You do this using the Network and Sharing Center wizard, accessed by Start - right-click on Network, and select Properties. This is equivalent to running the Network Setup Wizard, in Windows XP.

  • Set the Network Location Type to "Private". This requires that your computers are secure, behind a perimeter firewall or a NAT router, and opens the standard Vista personal firewall to allow Server Message Blocks (SMBs) to pass between the computers. If your computer is directly connected to your Internet service, either get a NAT router, or leave the Network Location Type set to Public (which will prevent you from networking this computer).
  • Having set the NLT to "Private", you must now designate which services you wish for your server to provide or use. You should verify each setting before continuing, and change it if necessary.
    • File sharing.
    • Public folder sharing.
    • Printer sharing.
    • Password Protected Sharing (PPS) affects the above 3 services. Disabling PPS is the equivalent of enabling Simple File Sharing, in Windows XP.
  • Setup shared folders and printers. If you enabled PPS, you should setup access for individual users. If you disabled PPS, you setup access for "Guest" or "Everyone". Since Vista security is "deny by default (permit by demand)", "Everyone" doesn't automatically have access to newly created shares. Check the Security tab, for each share created, if you disable PPS.
  • Whether you setup the server with PPS Enabled (aka Advanced File Sharing, in Windows XP), or PPS Disabled, make sure that the account used for sharing is activated for network use.
    • If you Enable PPS, you can use either the Guest account, or a non-Guest account of your choice, but the chosen account has to be activated for network use.
    • If you Disable PPS, then the Guest account must be activated for network use. By default, Guest is disabled. If your server provides network access through the Guest account, be aware of its limitations.
    • Whether you use Guest, or a non-Guest account for access, the account used has to be added, explicitly, under Security, and under Sharing.
  • On a server running Windows Vista, the Administrative (Hidden) volume share of "C$ ("D$", etc) isn't defined, by default.

For an overview of the above, see Microsoft: File and Printer Sharing in Windows Vista

>> Top

Setting Up A Windows XP Server
If you have just one computer besides your computer running Vista, you may have to setup your first computer as a server too. On a computer running Windows XP, run the Network Setup Wizard. For a server connected behind a NAT router, select
This computer connects to the Internet through another computer on my network or through a residential gateway.
Running the NSW, and making that selection, is similar to setting the Vista NLT to "Private".

>> Top

Common Issues
Other than the network setup wizards used, Vista will be pretty similar to XP. You'll have the same challenges with Windows Networking.

>> Top

Editions Of Windows Vista and XP
There are 5 editions of Windows XP, which are basically 2 variants - Home and Pro.
  • XP Home is the equivalent of Vista Basic Home, with PPS permanently disabled.
  • XP Pro can use Advanced File Sharing (similar to PPS Enabled), or Simple File Sharing (similar to PPS Disabled).
  • The other 3 editions - Media Center, Tablet, and Pro x64 - are all variants of XP Pro, in terms of file sharing functionality.
  • With XP Pro, and with all editions of Vista, you can have Guest or non-Guest authentication. Note the limitations of Guest authentication carefully, some limitations aren't as obvious as they should be.
  • Whether you use the Guest account, or a non-Guest account, for authentication, make sure that the account used is properly prepared for network access.

There are also 5 well known editions of Windows Vista, plus several obscure ones which we probably won't encounter. The different editions of Windows Vista are completely different from Windows XP, in feature set differentation.

>> Top

Windows Vista and Older / Other Operating Systems
If you also have one or more computers running Windows 9x (95, 98, ME), you'll need to be aware of a significant difference between Windows XP and Vista, in Microsoft Windows And Authentication Protocols. But focus your mind on the future - Windows 95 / 98 / ME have a limited life span.

This will be a problem, too, if you have a Network Attached Storage (NAS) device. Many NAS devices, with unknown authentication abilities, will be a similar challenge. Some NAS devices will also try to act as a master browser on your network, and will cause master browser conflicts, and unreliable displays in Network (aka My Network Places).

>> Top

Windows Vista and Printers
If you are setting up your mixed LAN specifically to share a printer, note the additional challenges involved in sharing printers. Get file sharing working, first, then concentrate on getting working printer drivers that support Windows Vista. On a mixed network, the printer will have to support both Windows Vista, and Windows XP. And drivers for the client will probably differ from drivers for the server.

If you're having problems with printing from a computer running Vista, and the printer is shared by another computer, read Network Printing From A Windows Vista Computer.

>> Top

Windows Vista and Security
Depending upon what personal firewall you are using on your Windows Vista computer, you may have to set the firewall manually. It appears that Windows OneCare does not setup seamlessly, as Windows Firewall does, when you set the Network Location Type. And a recent change (September 2007) in Internet Explorer appears to affect Windows Networking access between computers.

>> Top

More References
For the above issues, and more, see

>> Top

Controlling, And Watching, The Services Running On Your Computer

The Services are the various low-level system processes, that all programs and applications depend upon. Services run independently of who is logged in to a computer; most services start when the computer is started, not after login.

While there are many services provided with the Operating System, all services are not essential on any given computer, and may not be running at any given time.

The essential services must be running, yet other services may have to be NOT running, on your computer. You must make the decision, based upon how your computer is to be used. You set each service in question appropriately.

You can start, stop, change startup status, and / or query the status of a service interactively (using the Services wizard), or from a command window (using the Services Controller CLI). You can use Process Explorer, to find out many details about any service, since (as I wrote above) services are the low level processes running on your computer.

The Services Wizard
You start the Services wizard from Control Panel - Administrative Tools - Services.

You may use the Services wizard presented in Standard, or Extended, mode. The choice is yours.

Find the service that concerns you, and double click on it (or right click, and select "Properties").

The Service name and Display name are two descriptors which are used, alternately, in various places. You should be aware of both values.

You may find Path to executable useful when you are researching an instance of "svchost.exe", using Process Explorer.

Startup type determines when, or if, it will ever be started.

Service status determines whether it is, or should be, running now.

  • If the service in question is running, and you want it stopped, hit "Stop", and wait while it stops.
  • If the service is not running, and you want it running, hit "Start" and wait.
  • If you want the service in question to start the next time the system starts, set Startup type to "Automatic".
  • If you want the service to be started the next time it is needed, set Startup type to "Manual".
  • If you want the service to never start, set the Startup type to "Disabled".

Dependencies shows other services that this service requires to be running, and other services that require this service to be running, before they themselves will start.
If the service wouldn't start, or if its Startup Type wouldn't change, it may have a dependency. Look on the Dependencies tab, under "This service depends upon the following system components". Make sure that everything there is present on the computer, and all services listed are Started. Also check the Event Viewer logs for clues. The Services Controller CLI You can also use the Services Controller, aka "SC", from a command window. Observe the spaces in the examples below; they are essential.
  • To find ot the status of the browser service, enter
    sc query browser
  • To stop the browser service, enter
    sc stop browser
  • To start the browser service, enter
    sc start browser
  • To disable the browser service at startup, enter
    sc config browser start= disable
  • To enable the browser service at startup, enter
    sc config browser start= auto
For more information about the Services Controller, see (KB166819): Using Sc.exe and Netsvc.exe to Control Services. If no help yet, check Event Viewer for additional clues. For more information about the many services, the Internet expert is BlackViper, and you can (currently) refer to his websites, Windows Vista Service Configurations, and / or Windows XP Service Configurations. Note that each service has TWO identities. Some utilities and wizards might use one identity to refer to a service, others might use the other. The Browser Service has, for instance,
  1. Service Name: Browser.
  2. Display Name: Computer Browser.
The Workstation Service has,
  1. Service Name: lanmanworkstation.
  2. Display Name: Workstation.
Don't be confused if you can't find a particular service in a list, or if the SC command doesn't seem to work. Make sure that you know both identities for the service that you're interested in. >> Top

Connecting Two Dissimilar Networks, Intentionally

Microsoft Windows operating systems in general, and Windows NT (2000, XP, 2003) in particular, use Internet Protocol for connectivity. In most cases, when I'm providing advice about connecting two dissimilar networks, I'll advise using a router.

  • With two different networks, using a different medium, the differing nature of the network traffic justifies use of a router, for efficiencies sake.
  • With two dissimilar networks, with differing security levels, the security differences justifies use of a router.

But what about those cases where you own and control both networks, and you intentionally want to keep the traffic on both networks equal? If you have a LAN, you want all computers on the LAN to be able to access each other, seamlessly. But Windows Networking in general, and NetBIOS Over TCP in particular, doesn't pass thru a router transparently.

What you need is a simple switch, but for two different network mediums. And that is called a bridge.

Now if you do WiFi, you may have already read about making a WiFi bridge from a NAT router. That's a standard solution. But what if you only have a computer, but with 2 different network connectors? Pick 2 of any:

If you have 2 computers, and a network, and only one of the 2 computers has the proper equipment to connect to the network, but both computer can connect to each other, what do you do? If the one computer (with 2 connections) is connecting to a public network, and the second computer needs access to that public network, you can run Internet Connection Sharing on the first computer.

But ICS provides a routed connection. When the first computer is connecting to a public network, connecting the second computer thru a router makes sense - a router is the outer layer in a layered security strategy.

>> Top

NAS Has Its Own Limitations

I needed a larger hard drive to store my movie collection. My server was maxed out, and I didn't feel like buying a new computer, so I bought a computer in a box, aka Network Attached Storage.

But what makes NAS so attractive is also a limitation. Since NAS is, by design, accessible to all operating systems, you'll find that it's not predictable, like NTFS, and Windows Networking.

So NAS is a great solution, if you need a quick, inexpensive storage boost. But know the limitations, and choose your NAS solution carefully.

>> Top

NetCheck Source

Besides using network monitoring tools like The Dude, sometimes you need detailed information. Occasionally, having the same detailed information, for all computers on the network, is useful. If you need to extract that same bit of information, repeatedly, scripting the extract is the only thing to do.

This is where NetCheck comes into use.

NOTE: Using NetCheck successfully requires that you have a working administrative account setup, and in use, on your LAN. Make sure that you have the authority, before wasting your time.

Take the following code (everything INSIDE the "#####" lines). Please DO NOT include ANY portion of the "#####" lines. Follow instructions below, precisely.

  1. Create folder C:\Utility on your computer, and make that folder part of the Path.
  2. Download PSTools (free) From SysInternals. Copy all components of PSTools, unzipped, into C:\Utility.
  3. Open Notepad. Ensure that Format - Word Wrap is not checked. Highlight then Copy the code (Ctrl-C), precisely as it is presented below, and Paste (Ctrl-V) into Notepad.
  4. Add a list of your computers - substituted for "pc1 pc2 pc3" - into the third command. Note: This list is case insensitive - "PC1" is the same as "pc1".
  5. Save the Notepad file as "netcheck.cmd", as type "All Files", into C:\Utility.
  6. Run it by Start - Run - "netcheck".
  7. Wait patiently.
  8. When Notepad opens up displaying c:\netcheck.txt, first check Format and ensure that Word Wrap is NOT checked! Then, copy the entire contents (Ctrl-A Ctrl-C) and paste (Ctrl-V) into your next post. Or, examine the file yourself.

Do this from each computer, please, with all computers powered up and online. Running this code from each computer will give us a more complete picture of how each computer is setup, and what each computer can see from the others. On a completely working LAN, the multiple copies produced should be symmetrical. Running this, repeatedly, would be redundant. Since you're here, it probably won't be for you.

##### Start NetCheck Base Code

@echo off
@echo NetCheck V1.00 >c:\NetCheck.txt
for %%a in (pc1 pc2 pc3) do (call :Loop1 %%a)
notepad c:\netcheck.txt
goto :End

set NetCheckCmd=psexec \\%1
if /i %1!==%computername%! set NetCheckCmd=
@echo NetCheck %1
@echo. >>c:\NetCheck.txt
@echo NetCheck %1 >>c:\NetCheck.txt
@echo. >>c:\NetCheck.txt
%NetCheckCmd% ipconfig /all >>c:\NetCheck.txt
@echo. >>c:\NetCheck.txt
%NetCheckCmd% net config server >>c:\NetCheck.txt
@echo. >>c:\NetCheck.txt
%NetCheckCmd% browstat status >>c:\NetCheck.txt


##### End NetCheck Base Code

>> Top

Centralised (Structured) Wiring In Your Home

If you have two computers, you connect the two computers with a single cable, Computer A to Computer B. I'll bet (hope) that you don't have just that, though. You probably have at least one more computer - your router (which is connected to the broadband modem). So you have a cable from the router to each computer. This is assuming that you aren't using WiFi to connect either computer, and again I'll point out that WiFi is not a good substitute for Ethernet cable.

So you have your router, and a couple computers, in the same room, and you run Ethernet cables between them. But are all computers in the same room? Not if you have a well planned house. You'll probably have one or more of

  • An office computer, for financial and secure activities.
  • An entertainment computer, in the den / family room, for fun.
  • A second computer, in the den / family room, for music / videos, with a large screen (what used to be called a television / stereo / home entertainment center).
  • In your kitchen, you need a computer for recipe access, maybe for inventorying and ordering food.
  • How about one in the garage, for reference when you work on the car?
  • The bedroom, for late night web surfing (no, we won't discuss that any further).

Now, there are so many reasons why having separate computers, with different designs, will be relevant.
  • Locational convenience. Why walk into another room, to use a computer in there, if you have one in front of you?
  • Redundancy. One computer will not last forever. Maybe last year's office computer is now in the bedroom, and your first computer, old and grungy, is in the garage. If one computer dies, it will be inconvenient to walk into the other room to continue the current activity, but you can do that easier than having to fix the one computer on the spot.
  • Security. The web is full of dangers. Each different website may have its own dangers, and I'd bet that different types of websites will focus those dangers. Restricting different activities to different computers makes sense. Keep your office computer, with financial secrets, safe and secure, by keeping it very clean. Other computers, other activities.
  • Sharing house space. One person can be in the office, doing financial chores, another in the garage, doing auto or home maintenance, and a third in the kitchen, preparing a meal. And each using a separate computer.

So now that we've admitted to needing computers all over the house, how do you plan to wire them to each other? One long cable - Garage to kitchen to den to living room to office to bedroom? Please don't do that.

Any properly planned business has one or more centralised and secured rooms for wiring and for central equipment (servers). The home of the future will too. The hub room will be where the video communications ("cable TV") and voice communications ("telephone") services will enter from the outside. There you connect your internal cabling. And from there, you make home runs to each room.

This is where you start. More and more homes are being built, with network cabling designed and installed just as coax ("television"), electrical, and voice ("telephone") cabling is. A requirement, not a luxury.

And by the way, if your garage (or maybe a shed) happens to be separate from the house itself, be aware of one specific wiring safety issue.

>> Top

Using The Internet As A WAN Link? Use A VPN.

Stable and secure Windows Networking depends upon properly designed, routed, subnets. IP routing was designed to make Local Area Networks connect, yet still observe geographical relationships. Using routers between LANs allows localisation of some domain services (browsing, name resolution), but wide spread availability of others.

When you route IP connectivity thru wiring that you own and control, that's behind a firewall, each connected LAN is as safe as any of the other LANs. Threats on the outside (Internet) stay on the outside. Two geographically separate LANs, connected by a dedicated, leased communication line, are as safe as each other is safe.

What if you have 2 LANs, distant from each other, and can't justify the expense (initial or ongoing) of a leased or owned communication line? If both LANs have Internet access, you can still connect them; just use the Internet as the WAN link.

But wait! I hope you know how dangerous the Internet can be. It's bad enough when accessing it as clients. Plain old web browsing is bad enough, how about running a server on the Internet? OK, how about running all of the computers on your LANs thru the Internet? Why not hold up a $100 bill, and stroll thru Times Square in New York City? See if you get anywhere alive.

But you can connect your LANs thru the Internet, if you design the connection properly. A controlled, encrypted tunnel between your LANs, using routers that support a Virtual Private Network (aka VPN) will do this fine.

A VPN will be a lot easier to setup, and more stable and secure, when properly planned.

>> Top

Each LAN Is Addressed By Its WAN Address.
The VPN routers setup static tunnels between each other. Setting up a VPN router requires identifying the other router(s), by its IP address as well as by a pre installed certificate (aka pre shared authentication key). If you can't provide a fixed IP address for each router, you'll have to use a domain name, registered with a dynamic DNS service like DynDNS, TZO, or the like.

>> Top

Hardware Compatibilty Is A Must.
There are various conventions and standards for establishing, and conducting, authentication and encryption in a VPN. Each router manufacturer will likely have some variation, however small. The easiest, and most stable, VPNs will use router hardware of the same make, model, and firmware level at each end of a VPN tunnel.

>> Top

LAN Subnets Must Be Unique.
A VPN provides a routed connection between LANs. In order for routing to work best, you have to have different subnets on each LAN. When you setup a VPN between LANs that were setup before being connected, you may have some LANs using the same subnet. You can't have stable LANs, each having the same subnet, connected by a router.

>> Top

Use DNS For Reliable Name Resolution.
On most small LANs, you'll use broadcasts for name resolution. Broadcasts aren't routable; each IP subnet is, by definition, a broadcast domain. If you want computers on one subnet to access computers on another (which is, presumably, why you're setting up a VPN), you'll find computer names more convenient than IP addresses. Some VPNs will, if configured, pass SMBs for name resolution and browsing, but this will likely slow down Windows Networking. DNS based name resolution is the best way to go, for anything more complex than a single local cluster of computers.

>> Top

Use Domains, Not Workgroups.
If you use Network Neighbourhood to identify and access other computers, you'll need browsing to work between the subnets connected thru the VPN. A properly designed domain structure will make browsing work much better.

>> Top

Connectivity Between Any LAN And The Internet Can Affect Its Connection With The Others.
A VPN connection between any two LANs requires regular interchange of control information, and irregular application data. Balanced connectivity makes both more predictable. If one LAN has a dual WAN business class DSL service, and the other has residential class dialup, how secure and stable will that VPN be?

>> Top

Security On Any LAN Can Affect The Others.
VPNs are used to connect geographically separate LANs, and imply some degree of trust between those LANs. The computers on any LAN, connected to a VPN, are only as secure as the computers on the LAN with the weakest security policies. Review, and synchronise security policies before setting up a VPN.

If you wish to setup a VPN between your home network and your work network, security at your work may be compromised. You should always get permission from LAN administration, before doing this. You may be legally at risk without such precautions.

>> Top

Increased Sophistication and Excess Bandwidth Mitigates These Issues.
As availability of VPNs has increased, with VPN capable hardware sold in WalMart and similar convenience stores, and as VPN firmware becomes more sophisticated, each endpoint in a VPN relationship will be better able to adjust to differences between its own environment and the environment present at the other end. Many of the above issues won't be quite as relevant in the future. But if you start out being aware of the issues, you will be prepared to deal with them when they do become relevant.

>> Top

Knowing What's On Your LAN

Whenever you are diagnosing a network problem, whether it involves simple Windows Networking connectivity, or file sharing, you can run native Windows commands like "net view". This tells you what servers can be seen on the LAN.

Unfortunately, "net view" is an application level diagnostic, and requires Server Message Blocks aka SMBs. Lack of SMBs, frequently caused by a misconfigured or overlooked personal firewall, is a common symptom. When you're diagnosing a network problem, you have to start at the lower levels, and work upwards. What about some diagnostics at a lower level, just to verify IP connectivity?

For an immediate scan of the subnet, I rely upon two free products - AngryZiber Angry IP Scanner, and Softperfect Research Network Scanner. Both tools will start with the subnet that your computer is attached to, and scan each possible IP address on that subnet. For each IP address responding, you can find out host name, MAC address, and response time. This is a good start, for finding, and tracking, computers on your network.

Remember, though, both of these products list hosts using Internet Protocol. If your LAN uses alternate transports like IPX/SPX or NetBEUI, neither will be very useful.

If you need to associate a MAC address with its vendor, the IEEE OUI / Company_id Assignments database can be searched for this information.

>> Top