Showing posts with label Windows Vista. Show all posts
Showing posts with label Windows Vista. Show all posts

Windows Vista and Explicit Congestion Notification

With one of the most popular use for computers being Internet access, changes in Windows Vista, to support improved TCP networking, are significant. I've written about Scalable Networking, which contains 3 identified options - Receive-Side Scaling, TCP AutoTuning, and TCP Offload. Scalable Networking contains changes that are implemented from the client, and only require support from the client equipment.

There are more changes to the Vista TCP stack, though, and some of them require support from equipment outside the client network. Explicit Congestion Notification (ECN) is an option that reduces network problems caused by dropped packets, by letting the routers in the network (which drop packets, when overloaded) warn the client and server that they are approaching overload ("congestion").

Rather than experience packet drop (and require packet retransmission), the client and server can be warned before packet drop is necessary, and voluntarily reduce network use. If the endpoints (client and server) reduce network use, the routers in the network path between the endpoints become less overloaded, and are less likely to drop packets. This reduces network problems, and benefits all members of the network, including other endpoints and routers in other connections. By reducing packet retransmission, ECN can reduce Internet congestion in general.

Used inappropriately, however, ECN can actually increase Internet congestion. All Internet equipment is not ECN friendly, and WikiPedia mentions how enabling ECN might actually cause a problem, rather than preventing one.

Some outdated or buggy network equipment drops packets with the ECN bit set, rather than ignoring the bit[1].


ECN isn't granular - either you enable it, or you don't - and it potentially affects access to all web sites that you wish to visit. It may be more useful in specialised computers, that are intentionally used for high speed communication with specific web sites. It doesn't appear too useful for web surfing in general, right now.

For this reason, Vista is installed with ECN Disabled. If you try ECN Enabled, and you lose access to one web site, you'll have no choice but to Disable ECN, or face loss of access to the web site in question. As network hardware is upgraded, and becomes ECN friendly, enabling ECN will become a more practical option.

If you wish to use ECN, enter in a Vista command window (Run as Admin)
netsh interface tcp set global ecncapability=enabled
If you detect problems, such as lack of access to various web sites, enter similarly
netsh interface tcp set global ecncapability=disabled


>> Top

0 comments

Topics: , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista and Scalable Networking

Over a year ago, I explored an issue of Windows Vista and its problems with using default networking settings relevant to Windows Scaling. The first known problem with Windows Scaling was an exciting networking option called Receive Window AutoTuning, which became a problem when an older router was in use.

Besides AutoTuning, which is a problem with older routers, there are two additional networking options - TCP Offload ("Chimney") and Receive-side Scaling ("RSS"), which are a similar problem with older networking adapters. If your computer suffers from symptoms similar to the well known MTU setting problem, and you get no relief from disabling RWin AutoTuning, consider disabling TCP Offload and Receive-side Scaling.

In a Vista command window (Run as Admin), enter

netsh interface tcp set global chimney=disabled
netsh interface tcp set global rss=disabled


TCP Chimney Offload takes a portion of the TCP/IP network stack, currently run on your computer as part of the Windows operating system, and runs it in a dedicated processor on a TOE capable network adapter. Less work for the operating system + processing as part of the physical networking adapter = better performance.

Receive-side Scaling allows processing of incoming network traffic to be properly run on a multi-processor computer, by ensuring that all packets from a single TCP network connection are consistently processed by the same processor. All incoming packets for each TCP connection processed by the same processor = packets never getting out of sequence, which can be a problem otherwise with multiple processors. Obviously, you'll need a multiple processor system, to get any benefit here.

Try Internet access with TCP Offload and Receive-side Scaling disabled, and see if network performance improves. If it does, see if you can upgrade or replace your network card with one that is TOE capable, which was stated to cost $25 - $50 earlier this year. Once you have the right network hardware, or if the above change doesn't provide any relief from your symptoms, you can re enable TCP Offload and Receive-side Scaling
netsh interface tcp set global chimney=enable
netsh interface tcp set global rss=enable


If you do see a bandwidth improvement and / or network utilisation drop after enabling chimney and / or rss, restart the system. You may see still more improvement after restarting. Use of proper tools for objective measurement of bandwidth and network utilisation, access to high speed Internet service, and use of high bandwidth network applications like streaming video, will make the success of this change a bit easier to assess.

Besides Scalable Networking, look at other possible problems with Windows Vista Networking Innovations, in Windows Vista and Explicit Congestion Notification.

For more details about this issue, see

0 comments

Topics: , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista, and Network Location Awareness, With Multiple Network Adapters

Some owners of laptop computers, running Windows Vista, are reporting an inaccurate network status indicator when the computer is first started, and connected to the network.

When a Vista computer is started, the network status indicator - the little globe icon in the tooltray - will indicate "Local Only" status. If you go ahead and start a browser, or other Internet client component, you'll get a connection, but it may be very slow for a while. Eventually, the network status indicator will change to show "Local and Internet", and connectivity will return to normal.

This is a problem with the Network Connectivity Status Indicator (NCSI) component of the Network Location Awareness (NLA) service, and how it determines Internet connectivity when there is no active network traffic. Even if the NLA is able to verify Internet connectivity, when there is more than one network adapter on the computer, NLA can't determine which adapter has connectivity, so NCSI shows all adapters as being connected locally only. This is a problem when connectivity is through a router, and a DNS probe is used to determine connectivity.

Many late model (which is what you would want running Vista, after all) computers have an IEEE 1394 (Firewire) port. Similar in function to USB (but receiving less consumer support), a 1394 Firewire port is supported as a network adapter in many desktop and laptop computers. If your desktop or laptop computer has the problem with "Local Only", and it has only one network adapter, run "IPConfig /all", and examine the log.

If you see an entry for "IEEE 1394", this could be a problem. You can disable this device from the Network wizard (called in Windows XP, "Network Connections"), or using the Device Manager under System Properties, if you don't intend to use a 1394 network. Not a lot of us use (or intend to use) 1394 networking.

Firewire is the best known alternative networking adapter, which is part of what is being called Personal Area Networking (PAN). Two other possibilities include InfraRed and USB.

Another possible contribution to the problem would be the IPV6 Tunnel adapters. You may get relief from the problem by (KB929852): disabling IPV6.

Microsoft Help and Support: (KB947041): The network connectivity status incorrectly appears as "Local only" on a Windows Server 2008-based or Windows Vista-based computer that has more than one network adapter describes the problem in more detail, and should eventually identify a solution.

>> Top

0 comments

Topics: , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista And The Network Map

Most of us who have computers in our homes also have Internet service (what else is the computer for anyway?). Many of us who have computers have more than one computer, and some of us who have more than one computer need a network management product, like The Dude (what a name for something priced so nicely) to keep track of our computers.

Auto discovery, which automatically generates a graphical display and inventory of the computers on the network, is an expected feature in many network management products like The Dude. Now Auto Discovery is a built in feature of our favourite new operating system, Windows Vista. One of the shiniest features of Windows Vista is The Network Map - its ability to show you a semi graphical display of all of the computers, routers, and switches on the network.

The Network Map uses a new protocol - Link-Layer Topology Discovery (LLTD). Regardless of what firewalls, or other hardware or software protective devices we have on our network, LLTD discovers all devices connected. LLTD has basically the same strengths and weaknesses as other well known alternate protocols IPX/SPX and NetBEUI (neither of which are available for Vista).

  • Regardless of what Windows Networking protocol you're using - IP, IPX/SPX, or NetBEUI, LLTD will show you a map of all computers running Windows Vista and Windows XP (when equipped).
  • Regardless of what firewalls or routers you may have setup to segment your network, and protect some computers from others, LLTD will pass through to each segment, and will inventory all computers on the segment.
  • Regardless of whether LLTD shows you a computer, you won't necessarily have the ability to access that computer, or even determine its network address, for Windows Networking.


The Network Map presents additional challenges.
  • It is only available on Windows Vista (and Windows XP, with (KB922120): the optional LLTD Responder).
  • Its availability, and the fact that "it simply works", can cause confusion among computer owners, who can't get Windows Networking to work, when a Windows Vista computer is installed.
  • People confuse the Network Map with the "Network" wizard (previously known as Windows Explorer in Windows XP and previous Windows editions), which provides a similar functionality, but will display different information.


It's a great tool, but you need to be aware of its limitations.

>> Top

0 comments

Topics: , , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Setting The MTU In Windows Vista

Long ago, when I first heard of the dynamic tuning in the Windows Vista TCP/IP stack, I envisioned the manual setting of the static MTU to be a thing of the past. Unfortunately, I was wrong - the MTU is still a fixed setting, in Vista.

The legendary tool, DrTCP, which is used by everybody to change the MTU in Windows 2000 and XP, doesn't work under Windows Vista. Fortunately, Microsoft now allows us to adjust the MTU using the "netsh" command. As other commands in Windows Vista, you run "netsh" using the command window, in Administrative mode.

To see what interfaces you have on your computer, type

netsh interface ipv4 show subinterfaces

To change the MTU, type
netsh interface ipv4 set subinterface "Local Area Connection" mtu=nnnn store=persistent

where
Local Area Connection is the name of the network connection on your computer, from the list obtained above.
nnnn is the desired value for MTU.

Reboot after making the change.

>> Top

9 comments

Topics: , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista And The IPX/SPX Protocol

Along with providing IPV6 as a default network protocol in Windows Vista, Microsoft made another major change to the protocol stack there - they eliminated the optional IPX/SPX selection. Microsoft now does not support IPX/SPX, in any way.

Note:
Windows Vista does not provide a NetWare client or the IPX/SPX protocol.


You can get a Novell client, from Novell. We haven't confirmed that this is IPX/SPX, though.

>> Top

0 comments

Topics: ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista Is Maturing

Windows Vista is maturing, and based upon various complaints about different issues, Microsoft has started issuing comprehensive updates.

In September, Microsoft issued (KB938979): An update is available that improves the performance and reliability of Windows Vista. Last week, Microsoft updated that update, with (KB941649): An update is available that improves the compatibility, reliability, and stability of Windows Vista.

Among the issues hoped to be mitigated by this update are the Vista Printing problems of various symptoms. We'll be watching the effects of this update, closely.

>> Top

0 comments

Topics: , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista - Which Edition Should I Choose?

The choice of whether to choose Windows Vista Home or Business, or any other edition, or any similar edition of Windows XP, varies - and not always strictly according to network environment, or to intended use. Some business people claim to be using Vista Home (Basic, in some cases), in their operations.

Based on help requests, I'd guess that the most relevant distinctions, between the various editions of Vista (and XP), are:

  • Backup solutions. Vista Business, Enterprise, and Ultimate include integrated "Complete PC Backup". Vista Home only allows for data backup.
  • Choice of file sharing. A computer running XP Home will only use Simple File Sharing. All editions of Vista will let you select Password Protected Sharing On, or Off. This was a significant issue in XP, that isn't relevant in Vista.
  • Domain membership. A computer running Vista Home (Basic or Premium), cannot join a domain.
  • Number of simultaneous incoming connections. Vista Home Basic limits you to 5 simultaneous incoming connections, while Vista Home Premium, Business, Enterprise, and Ultimate will limit you to 10.
  • Remote access to the desktop. Vista Business, Enterprise, and Ultimate, provide Remote Desktop, which integrates tightly into the Windows structure. For Vista Home, and for other operating systems, you will need VNC, or a similar product.
  • Remote access to the operating system. A computer running XP or Vista Home can't be managed remotely, nor can its problems be diagnosed remotely.
  • Token based access. A computer running Vista Business, Enterprise, or Ultimate, will use token based access. You'll authenticate once (possibly automatically) to a server, the client will setup a token, and use that token in the future. With Vista Home (Basic or Premium), you'll authenticate each time that you create a connection to a server.


As always, Your Mileage May Vary.

Identify Your Edition Of Windows Vista
Windows Vista has 5 significant editions. The 5 are not directly comparable to the 5 editions of Windows XP. A sixth edition, Vista Starter, is available only in developing countries, and has rather limited networking capabilities.
  • Vista Home Basic.
  • Vista Home Premium.
  • Vista Business.
  • Vista Enterprise.
  • Vista Ultimate.


If you want to make a detailed comparison, and look at other decision making possibilities, you may want to read additional articles:


>> Top

0 comments

Topics: , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

A Computer For Virginia, USA

Are you into jokes? If you live in the East Coast region of the USA, you've probably heard this one.

Q: How many Virginians does it take to change a light bulb?
A: At least 3. One to do the work, the others to remember how great the old one was.


But the Great State of Virginia is moving into the future, and so should computer owners. We have to let go of the past, and get rid of computers running Windows 95, 98 - and yes, ME and 2000. At least, we need to stop requiring Microsoft to "support" them. Microsoft simply can't retain backward compatibility to every historical edition of Windows, forever; sometime, computer owners have to roll forward, into the present.

If you can't network your computer running Windows 98 with a computer running Windows Vista, because the computer running Windows 98 "locks up", is that a Vista problem? The Windows 98 operating system (and the aged hardware running it) has limits. Those limits may not be seen until you try to exceed them, but they are limits in the Windows 98 operating system (or the hardware).

If Internet Explorer Version 6 won't display certain web sites, is that a fault of Microsoft, of the web site producer, of the web site host, or maybe should you accept just a bit of the blame too - since you keep using it? Internet Explorer V6 is very old software - it's buggy, it lacks features, and it's frequently patched to foil the bad guys. Microsoft can't patch it forever, though.

Every computer system contains internally located parts, or externally attached devices. Internally located parts, classically located on "expansion cards", are designed to be swapped in and out, in cases where one has failed or you simply want a better unit. Mass storage (aka "disk drive" controllers) processors, multimedia (aka "sound" / "video") processors, network ("Ethernet" / "WiFi") processors, are internally located parts. Fax machines, modems, and printers are externally attached ("peripheral") devices.

Internal and peripheral devices require drivers, a set of programs that connect a specific device (processor) to a specific operating system. If your computer is going to support your video card, you have to have the drivers for that video card, written to support that operating system.

Generally, the drivers are written by the manufacturer of the component in question. Possibly (but not always) they will be certified by Microsoft, for the operating system.

Every component, internal or external, like every person, is mortal. One day, the video processor, on your computer running Windows 98, will die. When that happens, what chance is there that you can go buy a replacement? You can maybe find a newer model by the same vendor, but what chance is there that the vendor will have written drivers, for that model, that support Windows 98?

Go to your favourite computer store this week, and look.

Then think about what you're doing, and move forward.

1 comments

Topics: , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista And Personal Storage Space

Except for the flashy new GUI, Windows Vista is similar to Windows XP and earlier versions of Windows. This allows people who are used to Windows to adjust to Windows Vista. But there are subtle differences, such as where personal data is stored.

In Windows XP and earlier versions of Windows, your personal storage would be part of your user profile. Your documents might be stored in a folder in "C:\Documents and Settings\(Your AccountName)\My Documents".

In Windows Vista, "C:\Documents and Settings\" has been reorganised, and your personal storage will now be part of "C:\Users\(Your AccountName)\". To provide backward compatibility with older versions of Windows, Vista still will recognise the path "C:\Documents and Settings\(Your AccountName)\", but will retain it as what it calls a "junction point". A junction point is the Vista term for an object that doesn't exist, except virtually.

When you use Windows Explorer (or its Vista equivalent), and try to open "C:\Documents and Settings\(Your AccountName)\My Documents\", you should get "C:\Users\(Your AccountName)\My Documents\", labeled as "C:\Documents and Settings\(Your AccountName)\My Documents\", assuming that you have permissions properly setup.

This is more complicated, when a computer running Windows Vista is a client, and a computer running Windows XP is a server. If the client reports getting "access denied" when trying to open a file in "C:\Documents and Settings\(Your AccountName)\My Documents\", it may be referring to "C:\Users\(Your AccountName)\My Documents\" on the server. "C:\Users\" doesn't exist in Windows XP.

0 comments

Topics: , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista And Routers

As I've written separately, the networking stack in Windows Vista is significantly different from the networking stack in previous versions of Windows. These differences are discussed, in detail, by experts like Joe Davies of Microsoft.

Like any improvements, the many improvements in networking, in Vista, use more resources - memory and processor - on the host computer. Resources on any peripherally connected computer - or router - will likewise be used more intensively. In testing Vista, Microsoft engineers found out that older routers won't perform as well when used with computers running Vista, as with computers running earlier versions of Windows.

As you integrate your computer running Windows Vista with the rest of your network, you'll find a few challenges with the various computers running other operating systems. Those differences you'll have to work around, with configuration changes.

If you get a new computer running Vista, and your router is a few years old, it's time to replace the router too. Or at least upgrade the firmware - if any is available - obtained from the vendor.

For more discusssion:



>> Top

0 comments

Topics: , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows Vista, And Administrative Shares

Under Windows XP and earlier versions of Windows, any administrator of a server could gain access to any portion of any drive on the server, through the network. Even if no share was defined, any drive was always available, in its entirety, to anybody with administrative access.

This ability was known as an administrative share. Besides any explicitly defined shares, every server would have a "C$" share (and a "D$", etc, for additional drives). The shares weren't browsable - they wouldn't show up in Network Neighbourhood, and a server with no explicitly defined shares would even show up, at all, under Windows XP. But anybody with administrative access could map a share to "C$" and have access to the entire C drive, instantly.

Windows Vista has removed the administrative share from the default server configuration. Fortunately for many, this ability can be restored, with a simple registry entry.

For registry key [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ system], add a DWord value LocalAccountTokenFilterPolicy of "1". Then restart the computer.

>> Top

0 comments

Topics: , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

The Command Window, In Windows Vista

Many problems in Windows can best (or sometimes only) be resolved by commands entered in a command window. This is still true, on computers running Windows Vista. Under Vista, you will use the command window slightly differently from earlier versions of Windows.



A Command Window (the title may vary, widely)



  • Click the Start button.
  • Click All Programs.
  • Click Accessories.
  • Right Click on "Command Prompt".
  • Left click on "Run as Administrator".
  • Click the Allow button if it asks you for permission.
  • A new window, with varying title, will open.
  • Now type whatever you need, into the Command Prompt window, with the cursor positioned for you after the ">", and hit the Enter key after each command.
  • Remember to allow for the Path, and the location of the program that you're running, if necessary.
  • Close the window when convenient.


If you run ipconfig, for instance, as

C:\Users\YourAccount>ipconfig /all

you will get the ipconfig output there in the command window. This is good to look at briefly, but isn't very good to copy. Copying from the command window can be done, but will be hard to read.

Redirected Output
By redirecting the output, you can view it and / or copy it in a more convenient way, so it's suitable for posting online. Instead of typing

C:\Users\YourAccount>ipconfig /all

type

C:\Users\YourAccount>ipconfig /all >ipconfig.txt


With the latter command, instead of getting the ipconfig output there in the command window, all you'll see in the command window is another "C:\Users\YourAccount>". Then, type

C:\Users\YourAccount>notepad ipconfig.txt

and Notepad will open with the ipconfig output in a more viewable, and copyable, format.

(Note): If you get an error "Access denied" when you run a command and redirect the output, you may be attempting to redirect output into a file in a folder that you aren't permitted to write into.

Try redirecting into a folder that you are permitted to write into. If the command window opens in "C:\Users\YourAccount", just redirect there.

C:\Users\YourAccount>ipconfig /all >ipconfig.txt

then
C:\Users\YourAccount>notepad ipconfig.txt


Concatenated, Redirected Output
Do you need the output from two commands, run one after the other, presented in a text file? Be sure to concatenate the output from the second onto the first, don't overlay the first.

C:\Users\YourAccount>browstat status >browstat.txt
C:\Users\YourAccount>browstat listwfw pchucklan >>browstat.txt

Note the ">>" in the second command; that concatenates the output from the second command, after the output from the first command.

Finally, type

C:\Users\YourAccount>notepad browstat.txt

and Notepad will open with both browstat outputs, one following the other, in browstat.txt.

>> Top

0 comments

Topics: ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

AutoTuning In Vista Maybe Not Ready For Prime Time

As you surf the web, you will be in conversation with dozens of web servers, and each conversation might have different latency and stability issues. On a less stable (or low bandwidth) connection, a small Receive Window would be a good idea; on a more stable (or high bandwidth) connection, a larger window gives much better performance. With Windows XP and previous, you were limited to a single Receive Window setting, which would apply to all Internet connections, all of the time.

One of the long awaited features in Windows Vista was the ability for it to dynamically determine the Receive Window size, by individual connection. Receive Window Auto-Tuning is one of the many significant improvements in Windows Vista, in my opinion.

For a few owners of computers running Windows Vista, connectivity to the local network, or the Internet, may be problematic. Symptoms are very like the well known MTU Setting problem - some servers, some of the time, can't be contacted, or give poor performance. Copying files locally, from one computer to another, may be fast in one direction, and agonizingly slow in another.

But we know that your local network isn't running through a router, so how would an MTU setting affect your local connection?

The MTU isn't always the culprit in this case. If you have an older firewall or router, that doesn't support Windows Scaling (an essential component in Receive Window Auto-Tuning), you may have this problem. Apparently the lack of Windows Scaling can affect local performance too.

If you are faced by symptoms like an MTU setting problem, that involve a computer running Windows Vista, first try disabling Auto-Tuning. In a Vista command window (Run as Admin), enter

netsh interface tcp set global autotuning=disabled
or
netsh interface tcp set global autotuninglevel=disabled

Then shutdown and restart.

Try Internet access with Auto-Tuning shut off, and see if things stabilise. If they do, see if you can upgrade or replace your router. Check with the vendor, and see if a firmware update is available; if not, consider replacing the router. If your router is incapable of supporting Windows Scaling, it may lack other features that you will also enjoy.

Besides RWin AutoTuning, look at other possible problems with Windows Scaling, in Windows Vista and Scalable Networking.

If you see no improvement in your symptoms, turn Auto-Tuning back on before making other changes. Layered Troubleshooting principles suggest one change at a time.
netsh interface tcp set global autotuning=normal
or
netsh interface tcp set global autotuninglevel=normal


Note the lexicographical variations expressed, above. Some experts state that the relevant keyword is "autotuning", others state "autotuninglevel". There is also a confusion about the value for "autotuning" / "autotuninglevel", which may be either "enabled" or "normal". I suspect that there are two possibilities, "autotuning=enabled" and "autotuninglevel=normal", but I haven't found an authoritative reference, discussing the possibilities.

For more information, see

>> Top

3 comments

Topics: , , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Network Printing From A Windows Vista Computer

Long ago, a printer would be a device, attached directly to your computer. The earliest computers called a printer a "Line Printer", and let you connect your printer to a physical post on your computer. Some computers might have up to 3 physical ports - labeled "Line Printer 1", "Line Printer 2", or "Line Printer 3", abbreviated as "LPT1", "LPT2", or "LPT3".

Then network printing was made possible. You could setup a printer, locally attached to your computer on LPT1, and share it with your neighbours. You had YourComputer, and you could designate your printer to be shared as YourPrinter1. Similarly, your neighbour might have TheirComputer, and a printer shared as TheirPrinter1. If you wanted a second printer to use occasionally, you could setup your programs to print to LPT2 on your computer. You could redirect your LPT2 to print to "\\TheirComputer\TheirPrinter1".

Then somebody else started writing programs to print directly to "\\TheirComputer\TheirPrinter1", without involving "LPTn".

Now, accessing either a directly attached printer ("LPT1"), a network attached printer redirected (LPT2 redirected to "\\TheirComputer\TheirPrinter1"), or a directly networked printer ("\\TheirComputer\TheirPrinter1") involves specific code in the printer drivers, both in your computer (the client), and in the other computer (the server).

None of these options are magical, and not all printers will have drivers that will support all 3 ways of using the printer. Some drivers will claim to support all 3, but depending upon how your computer, and your neighbours computer is setup, one may work better than another. That's reality.

It appears that not all printer drivers, written for Windows Vista, support the old LPTn standard. If you can't get your network printer to work as "LPTn" redirected to "\\TheirComputer\TheirPrinter1", try bypassing the LPTn redirection.

  1. Install the Vista printer driver on your Windows Vista computer.
  2. During installation, you'll be prompted to connect the printer to your computer. Choose the option to proceed with installation without connecting the printer.
  3. After installation completes, open the Printers wizard from the Windows Vista Control Panel.
  4. Right click on the entry for the new printer, and choose Properties.
  5. Go to the Ports tab.
  6. Click Add Port, select Local Port, then click New Port.
  7. For the port name, enter the network path and share name of your printer (ie "\\TheirComputer\TheirPrinter1").
  8. Click OK, and verify that the new port is selected.
  9. Click OK to close the printer properties.

(Update 10/30): If you're experiencing these, and similar problems with printing, try the Vista Compatibility, Performance, and Reliability Comprehensive Update.

>> Top

8 comments

Topics: , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Driver Problems Causing Intermittent Network Problems

Recently, on computers running Windows Vista, and occasionally on computers running Windows XP, you might start the process of copying a relatively large file from one computer to the other. The copy process starts out smoothly (ruling out complex issues like name resolution, or permissions, or even visibility).

Well into the copy process, with several Megs of file content copied, the process abruptly terminates with a monolithic message

The network location is no longer available

Well, what now? Did the other computer go off the network?

So, you start layered diagnostics.
And, you find no problem, with either the copy source, or target. Maybe you try copying in the other direction, or start the copy from the other computer, and sometimes this will make a difference.

Frequently, the cause of this problem will be simple. With Windows Vista having been on the market for a rather brief amount of time, the vendors of the various networking adapters are still developing drivers for their products. Either the vendor of the network adapter in your Vista computer has not produced a driver specifically written for Vista, or the driver produced has not been sufficiently tested.

So now, you contact the vendor, and ask about a newer driver. But go to the vendor, not to Microsoft.

>> Top

0 comments

Topics: , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Microsoft Windows And Authentication Protocols

How many of you use an ATM (here we're discussing an Automated Teller Machine, not an Asychronous Transfer Mode network) in public, casually? If someone is waiting in line behind you, to use the machine next, do you let him (her) stand immediately behind you, and possibly shoulder surf your PIN, as you enter it?

Not if you're smart.

Long ago, in the beginning of computer use, you'd use a simple password to protect your secrets. Entering the password would use a protocol called Challenge Handshake Authentication Protocol.

  • Who are you?
  • What's your password?
  • Thank you, you may Enter the secret chamber now.


But CHAP was insecure, similar to using your ATM PIN in public, casually. So more secure protocols were developed. Kereberos was an initial attempt at surpassing CHAP. For an allegorical (easy to read) discussion about Kereberos, see Designing an Authentication System.

From the early days of Windows, LAN Manager, the key network component on your Windows computer, eventually developed into a portion of Windows Networking. With LAN Manager, Microsoft developed LAN Manager challenge / response, aka LM Authentication. LM Authentication became part of Windows 95 and 98 ("Windows 9x").

With Windows NT, which was the first Business Class Operating System, Microsoft developed NTLM ("New Technology LAN Manager") Authentication, and added Kereberos. And with NT V4.0 SP4, they developed VTLM V2 Authentication. Computers running Windows 2000, and Windows XP, will negotiate individually with every other computer, and use either LM, NTLM, or NTLM V2 Authentication, the best protocol that's mutually usable, in all conversations with that computer.

Vista, by default, only uses NTLM V2 Authentication. If you have Windows 9x computers, this won't work out of the box, since Windows 9x is limited, in default, to LM authentication. If you're networking Windows 2000 and XP with Vista, they will all use NTLM V2, with no problem. If you add a computer running Windows 9x, or an NAS device with an unknown operating system, into the discussion, you have 2 choices.
  • Downgrade Vista. Let it use LM Authentication, when necessary. Microsoft doesn't recommend this. To do this, edit the registry, and set value LmCompatibilityLevel, in [ HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Lsa ] to "1". If you're having a problem with your NAS device, this may be your only solution, since not all NAS devices can be easily upgraded.
  • Upgrade your Windows 95 / 98 computer, to (KB239869): use NTLM V2. Microsoft recommends this solution.

Choice of which workaround to use must center around your personal plans, and details of your network. If you have more computers running Windows 9x than Vista, downgrading Vista (to that of Windows XP and 2000) would be the obvious choice. If your long term picture involves getting more computers running Vista, and retiring the Windows 9x computers (which would make a lot of sense for several reasons), then upgrading Windows 9x makes more sense. Of course, with Windows 9x as it is, I'd not be too anxious to disturb its configuration any more than necessary. Maybe learning repetitively how to tweak Windows Vista isn't a bad idea.

For more details, see Microsoft: File and Printer Sharing in Windows Vista: Cannot Authenticate to a Shared Folder....

>> Top

0 comments

Topics: , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Windows XP And Vista On The LAN Together

File and Printer Sharing in Windows Vista is not extremely different from File and Printer Sharing in Windows XP. There are new features, and wizard procedures, that work on top of Windows XP features and procedures. If you have a working network, with one or more computers that use Windows Networking, you probably know enough to get started.

There will be challenges though. One predictable challenge is the availability (or lack of availability) of drivers for devices that are operating system sensitive, like network adapters. This has inspired various attitudes, even rants, among the user community.

Computers running Windows Vista use the same layered network as previous versions of Windows, so start by reviewing the principles of layered network design and installation, and of layered network problem solving. And review various issues that affected Windows Networking on computers running Windows XP.

>> Top

System Updates Issues
With Windows Vista, as with Windows XP, Microsoft will issue periodic (and monthly) updates. Most updates are for security issues, and others for operability and / or stability. All updates are necessary, if recommended for your edition of Vista, and some may have a direct effect on your problem.

As an interim measure, possibly before an actual Service Pack, Microsoft has started issuing compatibility, performance, and reliability fixes, covering a variety of issues with Vista.

>> Top

Connectivity Issues
By default, computers running Vista will set the Broadcast flag, in the DHCP Discover packets, On. If your DHCP server (NAT router, or non-Microsoft dedicated server) doesn't support DHCP Broadcast, you'll have various problems - your computer may never get an IP address, or your IP connectivity may come and go unpredictably. To make your Vista computer compatible with Windows XP, (KB928233): turn the DHCP Broadcast flag Off. Besides the DHCP Broadcast difference, be aware of an interesting (KB931550): timing difference between the Windows Vista and XP DHCP clients.

One of the most interesting features in Vista (my opinion anyway) is the ability to dynamically determine Receive Window size for each individual Internet connection. Users of high speed broadband connections will be especially interested in this. Unfortunately, it appears that RWin AutoTuning may be a bit problematic. This setting has been observed to affect both LAN and WAN connectivity, and can cause instability, or lack of connectivity.

On laptop computers, and other computers with multiple network adapters, you'll see an inaccurate / inconsistent network status indicator, when the computer is first started.

Like every newer version of Windows, Windows Vista will use more resources on the host computer, and on any peripherally connected computers and routers. If your peripheral network equipment like routers are becoming aged, you'll be advised to upgrade or replace whatever you can.

The IPX/SPX Protocol is not provided in Windows Vista, though Novell does now provide a Netware client for Vista. NetBEUI, on the other hand, is now a part of history.

>> Top

Visibility Issues
One of the new features of Windows Vista is the Network Map, which runs at the Link Layer of the OSI Network Model, and offers functions similar to The Dude. The Network Map uses a discovery protocol called Link-Layer Topology Discovery (LLTD), which is not a normal part of Windows XP.

To be able to see a Windows XP server from a Vista client, using the Vista Network Map, you need to install (KB922120): the LLTD Responder on any Windows XP computers. The LLTD Responder isn't available for Windows 2000, so you won't be able to see a Windows 2000 server from a Vista client, using the Vista Network Map.

Even if you can't see a Windows XP or 2000 computer in the Network Map, though, you'll still be able to see it in Network Neighborhood / My Network Places, aka the Network window (Start - Network) in Windows Vista. And even if you can see a computer in the Network Map, you may still have to work on name resolution, or on sharing permissions, if you are going to actually access its resources.

The simplest visibility will be enjoyed with all computers in the same workgroup. By default, Windows Vista uses "Workgroup", while Windows XP uses "MSHome". If you leave workgroup names at default, the other computers will be visible in the Network (My Network Places aka Network Neighbourhood) wizard, but they won't be seen immediately, when you open the wizard. You may have to look under Entire Network - Microsoft Windows Network, for the different workgroups used by each set of computers. And with having multiple browse domains (workgroups), your browser infrastructure will be slightly more complex.

>> Top

Using A Windows Vista Client
Under Windows Vista, the personal storage (personal profile and other files and folders) container has been changed, from "C:\Documents and Settings", to "C:\Users". The folder "C:\Documents And Settings" will continue to exist, for backward compatibility, only as a junction point. On a mixed LAN, I would very carefully test sharing of either "C:\Documents and Settings" (with a Windows Vista client), or "C:\Users" (with a Windows XP client), before committing myself.

>> Top

Setting Up A Windows Vista Server
If you're adding a computer running Windows Vista to your network, you have to set it up as a server, so you can access it from your other computers. You do this using the Network and Sharing Center wizard, accessed by Start - right-click on Network, and select Properties. This is equivalent to running the Network Setup Wizard, in Windows XP.

  • Set the Network Location Type to "Private". This requires that your computers are secure, behind a perimeter firewall or a NAT router, and opens the standard Vista personal firewall to allow Server Message Blocks (SMBs) to pass between the computers. If your computer is directly connected to your Internet service, either get a NAT router, or leave the Network Location Type set to Public (which will prevent you from networking this computer).
  • Having set the NLT to "Private", you must now designate which services you wish for your server to provide or use. You should verify each setting before continuing, and change it if necessary.
    • File sharing.
    • Public folder sharing.
    • Printer sharing.
    • Password Protected Sharing (PPS) affects the above 3 services. Disabling PPS is the equivalent of enabling Simple File Sharing, in Windows XP.
  • Setup shared folders and printers. If you enabled PPS, you should setup access for individual users. If you disabled PPS, you setup access for "Guest" or "Everyone". Since Vista security is "deny by default (permit by demand)", "Everyone" doesn't automatically have access to newly created shares. Check the Security tab, for each share created, if you disable PPS.
  • Whether you setup the server with PPS Enabled (aka Advanced File Sharing, in Windows XP), or PPS Disabled, make sure that the account used for sharing is activated for network use.
    • If you Enable PPS, you can use either the Guest account, or a non-Guest account of your choice, but the chosen account has to be activated for network use.
    • If you Disable PPS, then the Guest account must be activated for network use. By default, Guest is disabled. If your server provides network access through the Guest account, be aware of its limitations.
    • Whether you use Guest, or a non-Guest account for access, the account used has to be added, explicitly, under Security, and under Sharing.
  • On a server running Windows Vista, the Administrative (Hidden) volume share of "C$ ("D$", etc) isn't defined, by default.

For an overview of the above, see Microsoft: File and Printer Sharing in Windows Vista

>> Top

Setting Up A Windows XP Server
If you have just one computer besides your computer running Vista, you may have to setup your first computer as a server too. On a computer running Windows XP, run the Network Setup Wizard. For a server connected behind a NAT router, select
This computer connects to the Internet through another computer on my network or through a residential gateway.
Running the NSW, and making that selection, is similar to setting the Vista NLT to "Private".

>> Top

Common Issues
Other than the network setup wizards used, Vista will be pretty similar to XP. You'll have the same challenges with Windows Networking.

>> Top

Editions Of Windows Vista and XP
There are 5 editions of Windows XP, which are basically 2 variants - Home and Pro.
  • XP Home is the equivalent of Vista Basic Home, with PPS permanently disabled.
  • XP Pro can use Advanced File Sharing (similar to PPS Enabled), or Simple File Sharing (similar to PPS Disabled).
  • The other 3 editions - Media Center, Tablet, and Pro x64 - are all variants of XP Pro, in terms of file sharing functionality.
  • With XP Pro, and with all editions of Vista, you can have Guest or non-Guest authentication. Note the limitations of Guest authentication carefully, some limitations aren't as obvious as they should be.
  • Whether you use the Guest account, or a non-Guest account, for authentication, make sure that the account used is properly prepared for network access.

There are also 5 well known editions of Windows Vista, plus several obscure ones which we probably won't encounter. The different editions of Windows Vista are completely different from Windows XP, in feature set differentation.

>> Top

Windows Vista and Older / Other Operating Systems
If you also have one or more computers running Windows 9x (95, 98, ME), you'll need to be aware of a significant difference between Windows XP and Vista, in Microsoft Windows And Authentication Protocols. But focus your mind on the future - Windows 95 / 98 / ME have a limited life span.

This will be a problem, too, if you have a Network Attached Storage (NAS) device. Many NAS devices, with unknown authentication abilities, will be a similar challenge. Some NAS devices will also try to act as a master browser on your network, and will cause master browser conflicts, and unreliable displays in Network (aka My Network Places).

>> Top

Windows Vista and Printers
If you are setting up your mixed LAN specifically to share a printer, note the additional challenges involved in sharing printers. Get file sharing working, first, then concentrate on getting working printer drivers that support Windows Vista. On a mixed network, the printer will have to support both Windows Vista, and Windows XP. And drivers for the client will probably differ from drivers for the server.

If you're having problems with printing from a computer running Vista, and the printer is shared by another computer, read Network Printing From A Windows Vista Computer.

>> Top

Windows Vista and Security
Depending upon what personal firewall you are using on your Windows Vista computer, you may have to set the firewall manually. It appears that Windows OneCare does not setup seamlessly, as Windows Firewall does, when you set the Network Location Type. And a recent change (September 2007) in Internet Explorer appears to affect Windows Networking access between computers.

>> Top

More References
For the above issues, and more, see

>> Top

20 comments

Topics: , , , , , , , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

NAS Has Its Own Limitations

I needed a larger hard drive to store my movie collection. My server was maxed out, and I didn't feel like buying a new computer, so I bought a computer in a box, aka Network Attached Storage.

But what makes NAS so attractive is also a limitation. Since NAS is, by design, accessible to all operating systems, you'll find that it's not predictable, like NTFS, and Windows Networking.



So NAS is a great solution, if you need a quick, inexpensive storage boost. But know the limitations, and choose your NAS solution carefully.

>> Top

0 comments

Topics: , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

File Sharing Under Windows XP / Vista

Depending upon your specific needs, you can get Windows XP in any one of five editions. Of those five, the choice of the two best known ones - XP Home and XP Pro - will differently affect your ability to share files. Both the Home and Pro editions have their advantages and disadvantages. There are also 5 well known editions of Windows Vista, though the distinctions between the Home and Business (not Professional) edition groups will be less relevant to Windows Networking issues.

This article will focus on how Windows XP and Vista are similar, with specific differences noted. In Windows XP And Vista On The LAN Together, I focus on differences in Windows Vista.

Please spend a few minutes deciding how you wish to use your computer, and whether you wish others to use your computer. If your computer is running Windows XP, make sure that you know which edition of Windows XP it is.

Windows XP Home has few options, and is easier for the typical home user to setup. Windows XP Pro / Vista (in its various editions) is more versatile, and can be used in different ways, depending upon what other computers are on the LAN, and how secure you want your shared data to be.


Simple File Sharing

If your computer runs XP Home, then it has Simple File Sharing already. SFS, which only uses Guest authentication, cannot be disabled under XP Home, without some work.

If your computer runs XP Pro, or XP Media Center Edition, it may have SFS. If you want to enable Simple File Sharing on a computer running XP Pro or MCE, from Windows Explorer:

  • Select Tools - Folder Options.
  • On the Views tab, scroll to the end of the long Advanced settings list.
  • Check "Use simple file sharing".

To use Simple File Sharing on any XP server, Home or Pro, make sure that the Guest account is properly activated, and the password is consistently set (blank or non-blank), on both the client and the server.

On a computer running Windows Vista, you disable Password Protected Sharing, giving the equivalent of Simple File Sharing.

Please note the limitations of Guest authentication, when working with Simple File Sharing / PPS Disabled.

>> Top

Advanced aka Classic File Sharing

Advanced aka Classic File Sharing is available, as an alternative to Simple File Sharing, on XP Pro or MCE. To use AFS to it's full advantage, you need to have formatted the drives, on the server, with NTFS. You then need to disable Simple File Sharing. From Windows Explorer:

  • Select Tools - Folder Options.
  • On the Views tab, scroll to the end of the long Advanced settings list.
  • Uncheck "Use simple file sharing".

On a computer running Windows Vista, you enable Password Protected Sharing, giving the equivalent of Advanced File Sharing. Unlike Windows XP, the option to enable PPS is available in all editions of Windows Vista.

Next, identify a folder that you want to share on the network, but share selectively.

  • Setup and use an account (with matching password) on both the client and the server.
  • Make sure that the account is properly activated on the server.
  • In Windows Explorer, right click on the folder in question, and select Properties.
  • On the Sharing tab, select "Share this folder" and give the share a name.
  • Hit Permissions, and make sure Everyone has full rights.
  • On the Security tab, find and select your account in the "Group or user names" list. If your account isn't in the list, Add it.
  • In the Permissions list, make sure your account has the appropriate permissions. And make sure that no other accounts have inappropriate permissions.

Note that, if you want some openly available shares also, this can be done quite easily.

  • On the Sharing tab, select "Share this folder" and give the public share a name.
  • Hit Permissions, and make sure Everyone has full rights.
  • On the Security tab, find and select the group "All Users", "Everyone", or "Users", in the "Group or user names" list.
  • In the Permissions list, make sure the group selected has the appropriate permissions.
  • Setup Guest, (with matching or no password) on both the client and the server.
  • Make sure that Guest is properly activated on the server.

Please note the limitations of Guest authentication, when setting up any share for non-selective access. And if you have a LAN with both XP Home and XP Pro systems, be careful when enabling Advanced File Sharing on an XP Pro system. Unbalanced authentication can have complex results.

>> Top

Get The Terminology Right Here

When you look at the Welcome screen, and you have multiple users setup on your computer, you'll see a list (or group) of users, identified by User Name. When you change a password, or the picture associated with that user, you'll use the User Accounts wizard in Control Panel. Here too, you'll see a list of users, identified by User Name.

If you rename a user, or if you use any advanced procedures or wizards, there is another very relevant term - account. When you setup a user, using the User Accounts wizard in Control Panel, Account = User Name. For each account / user, a set of subfolders, under "C:\Documents and Settings" is created. This is the user profile.

  • You can change a User Name at any time, but the account, and the user profile, stays the same.
  • You can make much more versatile changes using the Control Panel - Administrative Tools - Computer Management - Local Users and Groups - Users wizard. Here you can change the account name, and profile path.
  • If you disable the Welcome screen, you login using the account name and password.

So, if you ever rename a User, and see elements of the previous name, you now know why.

>> Top

Activate An Account Properly For Network Access

Whether you're depending upon the Guest account, or a non-Guest account, for authentication, the account that you use has to be properly activated. You use the Control Panel - User Accounts applet, to activate (or deactivate) an account for local use.

There are two possible ways to activate (or deactivate) an account for network access:

  • Run the "net user" command. Enter, in a command window (which will be slightly different, for Windows Vista):

    net user AccountName /active:yes

    • (Substitute actual account name for "AccountName").
    • (Substitute "no" to deactivate).


    NOTE:There are 4 "words" (sequences of non-blank characters, separated by spaces) in the command. If you have any doubt about where a space is needed, copy and paste as above (substituting the account name, and "no" or "yes", as appropriate).
  • Alternatively, for Vista Business or Ultimate, or XP Pro, run (Control Panel - Administrative Tools - ) Computer Management. Under System Tools - Local Users and Groups - Users, find the account (Guest or non-Guest) in question. Doubleclick (or rightclick, and select Properties), and clear (or check) "Account is disabled".

Finally, for XP Home, for XP Pro using Simple File Sharing, or for Vista with PPS Disabled, make sure that Guest, in addition to being activated, has the appropriate rights.
>> Top

Synchronise Passwords On Accounts

Always synchronise passwords (for the Guest or non-Guest account) on all computers - make them identical (or blank) on each. For best results, make your password policy consistent throughout your network.

To set the password, you need to run the UserPassword applet.

  • Enter, in a command window, "control userpasswords2" (less the "").
  • Select the account of interest in the User Accounts list.
  • Hit the Reset Password button.
  • Type either a blank, or non blank password, identically, into both "New password" and "Confirm new password" fields.
  • Hit OK twice.

Synchronising passwords can be tricky in a mixed LAN (home and business/pro operating system editions together). With home editions (Vista or XP Home), the default is to have no password on the Guest account (it is, after all, anonymous). With business / professional editions (Vista Business / Enterprise / Ultimate, XP Pro), you have to Disable the Local Security Policy setting, under Security Options, "Accounts: Limit local account use of blank passwords to console logon only", if your server is going to allow network access using accounts with blank passwords.

>> Top

Making File Sharing Work

Once you get past the issues involved in accessing the server, such as browsing and name resolution, there are the issues of accessing the data itself - authentication ("Who are you?"), and authorisation ("Do we want you to have access here?").

What authentication method are you using?


The message

Logon failure: the user has net been granted the requested logon type at this computer.

is easy to resolve under XP / Vista Pro, but may require extra effort under a home edition. Remember, the edition of the operating system on the server is what's relevant here.

With XP / Vista Pro, there are a pair of Local Security Policy lists, under User Rights Assignment.

  1. "Deny access to this computer from the network".

  2. "Access this computer from the network".




Authentication varies depending whether this is a domain or a workgroup.

  • In a domain, you need an activated account on the domain controller.
  • In a workgroup, you need identical, activated accounts, with identical passwords, on both the client and the server.


Authorisation is described in Server Access Authorisation.

If the files and folders in question have been properly setup and shared as above, and you're getting only partial access (maybe Read, although you intend to grant Write access), check both the Share and NTFS Authorisation lists.

Remember that if you grant access, to the share in question, to "Everyone", that refers to Everyone who is properly authenticated. Either a properly setup Guest account (on the server), or non-Guest account (for a workgroup, on both the client and server, with matching passwords), is still required.

Note: Vista uses deny by default, so if you want "Everyone" (Guest) to have access, you have to explicitly add permission - new shares don't give Full permission automatically (though in some cases, "Everyone" may have read access by default). Always check Security and Sharing, when there is a question.

With XP / Vista Home, you don't have the Local Security Policy Editor. And Simple File Sharing doesn't give you the ability to set access rights either. In that case, you'll have to use extra software and procedures.

If you're using Guest authentication, and still getting "access denied" after all of the above steps, check the restrictanonymous setting.

Even with all of the above advice, there are known scenarios, with varying symptoms, with but one common factor - recent (or not) application of certain Windows Updates.

Next, look at the complete and exact text in any observed error messages. Some very obscure errors have very simple resolutions.

And finally, repeat Troubleshooting Network Neighborhood.

>> Top

Windows XP / Vista In A Domain

If you have a network with more than 3 or 4 computers, running Windows XP or Vista, a domain is worth considering. Both Windows XP Home and XP Pro (and their related editions), and the various editions of Vista, can be used in a domain, but in different ways.

A Windows XP / Vista Home edition computer can only join a workgroup, it can not join a domain. Windows XP Media Center has the same internal components as XP Pro; however, XP MCE 2005 (KB887212): will not join a domain either.

If a Home edition client computer is on the same network with a domain, the computers in the domain should be visible, in Network Neighborhood, under Entire Network - Microsoft Windows Network - (name of domain). The Home edition computer(s) will not, however, be visible from other clients, or from the servers, in the domain, unless there is a browser server available for the workgroup of which the computer is a member (or if that computer is running the browser on its own).

If a Home edition client computer is on the network with a domain, the computer can be made a Member of a workgroup, with the workgroup name the same as the domain name. This will allow the servers in the domain to be visible, in Network Neighborhood, and will make the client visible from other clients, or from the servers, in the domain.

Users on a Home edition client will have to authenticate to any domain servers as they would in a workgroup - using accounts defined locally on each client and server.

A Windows XP Professional computer can join a domain, just as any other Windows NT based computer, and can access domain resources in the same way. However, several XP features will be unavailable:

  • Fast User Switching.
  • Simple File Sharing.
  • Logon Welcome Screen.


Depending upon how your domain is setup, an XP / Vista computer may have problems logging in to the domain, and may require changes in the domain itself.

>> Top

Guest Authentication

Guest authentication is an option under Windows XP Pro with Advanced File Sharing, and for Windows Vista with Password Protected Sharing Enabled. For Vista with PPS Disabled, XP Pro with Simple File Sharing, and XP Home, Guest is the only available authentication. Guest authentication is part of the authentication decision process, in general.

With Guest authentication, you have normally two choices for any otherwise shareable folder: whether to allow access to it, and whether to allow read-only or read-write access. All shared folders and files are equally accessible by everybody who has access to the network.

If your server only uses Guest authentication, any shared data is offered, on the network, based upon the status of the Guest account on the server. Other accounts on the server, and on any clients, will not be relevant. Make sure that the Guest account is properly activated for network access.

The Guest account, by definition, is a limited access account, and is similar to anonymous access under Windows. If your server only uses Guest authentication, your computer can't be accessed with administrative authority, thru the network.

Shares which require administrative access, such as C$, "C:\Program Files", and "C:\Windows", can't be accessed thru the network, if shared using Guest authentication. No matter what authority you are logged in with, to a client computer, when you access any server using the Guest account, those shares, and any folders and files within those shares, will be inaccessible. Any files that you want to be accessible thru the network should be kept in the Shared Documents folder, and they will be accessible to everybody.

Remember that the various folders in "C:\Documents and Settings" ("C:\Users" in Windows Vista) contain the personal data for each user of that computer. Those folders, by design, can only be accessed by the owner of the data, or by an adminstrator. Guest is neither of those, and shouldn't be expected to have access. The public portions of "C:\Documents and Settings" ("C:\Users"), if at all accessible to Guest, may be read only.

If a computer using Guest authentication is providing browser services for other computers, those other computers, when running browstat, and having no other errors, will show an "error = 5" (access denied) when trying to access the registry on the browser.

Master browser name is: PChuck1
could not open key in registry, error=5 unable to determine build of browser master:5


Other network related tasks, like remote registry access, and remote shutdown, won't work either. Those tasks require administrative access. Utilities like CPSServ won't be able to diagnose problems on a computer using Guest-only access, through the network.

The Guest account may not provide network access if the restrictanonymous setting has the wrong value. The Guest account may not provide network access to specific shares, if the RestrictNullSessAccess setting has the wrong value.

For more information about the Guest account, see Microsoft: Description of the Guest account in Windows XP.

If you need to do so, you can give additional authority to Guest. How to add authority will depend upon your edition and file sharing.

>> Top

Non-Guest Authentication

Non-Guest authentication is much more granular than Guest authentication, on a server using NTFS. It is possible on a server running Windows 2000, Windows XP Pro, with Advanced File Sharing, or Windows Vista with Password Protected Sharing (PPS) enabled. If your server has XP Home, XP Pro with Simple File Sharing, or Vista with PPS disabled, you'll be using Guest authentication. Like Guest authentication, it's part of the same decision process.

Once you're authenticated, whether with a Guest or a non-Guest account, you need to be authorised. Authorisation, under AFS / PPS, is much more granular than Guest authorisation under SFS.

>> Top

The Authentication Process - Step By Step

You authenticate in 4 possible scenarios, based upon the status of both the client and the server

  1. If
    • The client is running Windows Vista Pro (Business, Enterprise, or Ultimate), XP Pro, or Windows 2000.
    • You previously logged in to this server from this client, and selected "Reconnect at login".
    your computer will have cached a token for server access. Your computer will supply the token, and you will be given server access transparently ("transparent token caching").
  2. IfYour computer will supply the token, and you will be given server access transparently ("transparent first time login").
  3. If automatic non-Guest authentication is not possible, the server is checked for the Guest account having been activated for network access. If Guest is activated, and has no password, you will be given automatic Guest access.
  4. If neither automatic non-Guest, nor Guest, access is possible, you will have to supply the token manually. You will have to login to the server, interactively, using an account that is activated for network access on the server, with correct password. You may have the opportunity, here, to select "Reconnect at login" (based on Rule 1).
  5. If there is no account activated for network access, you will see the old
    ... access denied.
    or similar well-known error.


>> Top

Windows XP And Other Operating Systems

Windows XP was designed to allow the merger of the two older operating system families - Windows 9x (Windows 95 / 98 / ME - predominantly home systems), and Windows NT (NT / 2000 / 2003 - predominantly business systems). By carefully choosing Advanced vs Simple File Sharing on your computer, it can better operate on the LAN with your computers running older systems. And, looking forward, it can operate fine on the LAN with your computers running Vista.

Simple File Sharing, which is selectable under XP Pro but not under XP Home, uses Guest authentication only. It makes it easier to setup sharing with Windows 9x systems, by simply creating openly available shares.

Advanced aka Classic File Sharing is directly compatible to file sharing under Windows NT / 2000 / Server 2003. It can use Guest, or it can use non-Guest, authentication.

Windows XP will share files with an XBox 360, given a small amount of work.

For additional details describing file sharing issues relevant to Windows XP and to other operating systems, see:

>> Top

Authentication Protocols

As described above, any connection created between a client and a server involves some form of authentication. The person using a client computer must prove who he / she is, so the server can decide whether to allow access. The simplest form of authentication is a simple account / password exchange. The user inputs the account (public secret) and password (private secret), these are passed to the server, which matches the two against its database.

Original versions of Windows, before NT V4.0, used LAN Manager Authentication, which used this strategy. Starting with Windows NT V4.0, authentication protocols of increasing complexity have been used.

>> Top

Local Access Issues

If you follow recommended procedures, and setup your accounts to allow file sharing, you will have identical, non-blank passwords on the accounts. As I said above, by default, Windows XP Pro requires non-blank passwords for accounts used for network access.

Maybe you're accustomed to not logging in at all when you turn your computer on - just start it, it comes up with the desktop, and you get to work. Or maybe you'd like to do this, but don't know how. Well, Ramesh, another MVP, has written up the procedure for making your computer login automatically, in his article Configure Windows XP to Automatically Login.

>> Top

7 comments

Topics: , , , , , , , ,

Share This Post! Del.icio.us Del.icio.us Digg Digg Facebook Facebook StumbleUpon StumbleUpon Technorati Technorati Twitter Twitter

Subscribe to: Posts (Atom)