Microsoft Windows XP Networking Inside Out
.pdf
1: Windows XP Networking
1 Chapter
Part 1: Windows XP Networking
The domain controller might be running a server version of Microsoft Windows NT or Microsoft Windows 2000. These advanced versions of Windows contain the additional software programs required to centrally administer a larger network. Once authentication is successful, the user can access whatever network resources the user has been granted permission to use. If authentication is not successful, the user does not gain access to the network. As you might imagine, domain-based networking can be rather complex, and professional network administrators are usually needed to manage servers on larger networks. However, this complexity is usually balanced by the convenience that comes from managing resources and user authentication centrally rather than on a computer-by-computer basis.
A Windows domain provides a number of benefits that are not found in workgroups, especially when the client computers in the domain are running Microsoft Windows 2000 Professional or Windows XP Professional. Although Windows NT is still used in some networks, the focus of this book will be on technologies made available by Active Directory, the domain management system introduced with Windows 2000 Server, because it offers many newer and more powerful features. For more information on Active Directory, see Chapter 11, “Understanding Domain Connectivity.”
A Windows domain provides the following specialized benefits for both users and the enterprise:
●A domain provides security. Using Active Directory, a number of security features can be enforced uniformly including advanced security features such as digital certificate authentication and IP Security.
●A domain provides organization, centralized administration, and control.
A domain helps organize and manage users and resources. User accounts and resources are centrally maintained, greatly easing the burden of managing permissions, which enable individual users to access and manipulate local and network resources. Using an administrative tool known as Group Policy, network administrators can even control the way in which users’ computers are used. This control ranges from what software can be installed to such details as the appearance of users’ desktops.
●A domain is highly extensible. The concept of extensibility means that a domain can grow to the size you need it to as your business grows. In other words, if you need to add a thousand computers to the domain, the domain is capable of handling the growth.
●Domains are flexible. As the number of resources managed within a domain grows, you can delegate management tasks over particular pieces of it to others, using organizational units. Domains can also be grouped together in trees and forests, and managed across wide geographic areas using sites.
Domains and their related technologies are covered in more detail in Chapter 11, “Understanding Domain Connectivity.”
8
1: Windows XP Networking
Chapter 1: Introduction to Windows XP Networking
Windows XP Networking Features
Windows XP contains the networking software features that you need for most any network you might want to join. However, there are important differences in the networking capabilities of Windows XP Home Edition and Windows XP Professional. Windows XP Home Edition supports workgroup networking, but does not support domain networking, meaning that a computer running Windows XP Home Edition cannot be part of or log on directly to a domain-based network. If you plan to set up a domain-based network using Active Directory, make sure all the workstations that will be part of the domain run Windows XP Professional.
note Windows 2000 Professional workstations can also fully participate in an Active Directory domain; however, configuring them to do so is outside the scope of this book.
Overall, you’ll see the same networking support in Windows XP Professional as you might be familiar with in Windows 2000 Professional along with some new tricks as well. The following sections provide a quick primer of the major networking features and components supported in Windows XP. You’ll also find cross-references to the chapters where these features are discussed in more detail.
TCP/IP Protocol
Chapter 1
TCP/IP is a suite of protocols (over 100) that provides computers with the vast networking capabilities you see today. All of the functions you perform on the Internet are made available by TCP/IP, or more specifically, by some protocols in the TCP/IP protocol suite. In fact, there are many protocols in the TCP/IP protocol suite that you will immediately recognize, ranging from HTTP (used for Web page transfer) to IMAP (used for e-mail access).
As the Internet has grown and become more integrated into all of our lives, TCP/IP has grown in its application as well. TCP/IP was originally designed by the United States Defense Advanced Research Projects Agency (DARPA), to support large networks with large numbers of individual segments. Today, it serves as the standard not only for Internet traffic, but for the more customized features used in major network operating systems.
As part of this shift to TCP/IP, Windows networks now use TCP/IP as the default protocol for both workgroup and domain environments. TCP/IP’s power as a standard protocol used across the Internet has traditionally been counterbalanced by the difficulty involved in installing and configuring it; however, newer industry-standard systems for automatically managing client configurations greatly reduce these management burdens, as do the features for configuring and monitoring TCP/IP built into Windows XP.
9
1: Windows XP Networking
1 Chapter
Part 1: Windows XP Networking
The TCP/IP protocol suite itself, along with the tools provided by Windows XP to best take advantage of it, are covered in Chapter 2, “Configuring TCP/IP and Other Protocols.”
NTFS File System
Windows XP supports the NTFS file system. Although a file system is a feature of a local computer, not the network service, there are many benefits in using NTFS when you are networking a computer.
All computers use a file system of some kind to organize and maintain data on a hard disk. In Windows 9x and Windows Me, the File Allocation Table (FAT) file system was used. However, the FAT file system does not provide several important features and functionality provided by NTFS. With Windows XP, even home users can use the NTFS file system and take advantage of its benefits, many of which are of great utility in a network environment including:
●Compression. NTFS drives support file compression under Windows XP. You can compress entire drives or folders and even individual files in order to save hard disk space. If you are transferring many files across your network, the compression feature can help users conserve local hard disk space.
●Encryption. NTFS drives support file and folder encryption in Windows XP Professional, but not in Windows XP Home Edition. You can encrypt files and folders so that other users cannot access them, and you can also encrypt files and folders so that only a certain group of users can access the data, but users outside the group cannot. The security features are obvious. When encryption is enabled, you simply use the data as you normally would (the data is automatically decrypted for you when you open a file and then encrypted again when you close the file), but other users cannot access it.
●Security. NTFS provides security for shared folders through user permissions. Using NTFS, you can determine which users can access a shared folder and exactly what they can do with the contents of the shared folder when it is accessed. Windows XP Home Edition only provides a few simple options, but Windows XP Professional provides all of the features of NTFS security.
To learn more about the NTFS file system and setting file and folder permissions, see Chapter 14, “Understanding Resource Sharing and NTFS Security.”
Internet Access
As with previous versions of Windows, Windows XP supports Internet connectivity and usage by providing you with a number of different tools. You can easily create Internet connections to your ISP using the New Connection Wizard. Once the connection is in place, you can share it with other computers in your workgroup using Internet Connection Sharing (ICS). You can even protect your Internet connection
10
1: Windows XP Networking
Chapter 1: Introduction to Windows XP Networking
from external hackers by using Internet Connection Firewall (ICF). These features, all of which are designed for the workgroup, enable you to easily configure Internet access and protection as needed.
Aside from the basic Internet connection, Windows XP includes a wide range of built-in tools for accessing resources on the Internet, including Microsoft Internet Explorer 6 for Web surfing and Microsoft Outlook Express 6 for e-mail and newsgroup access. Additionally, if you want instant messaging and an easy collaborative tool, Microsoft Windows Messenger provides text messaging, voice and video transmission, a whiteboard application, and other helpful features you can use over the Internet or an intranet.
All of these applications provide enhanced features, particularly security features that help you control content and privacy settings. As the Internet has developed, more dangers have developed as well, and Windows XP goes to greater lengths than any previous version of Windows to secure your computer against malicious content and potentially dangerous downloads.
For detailed information about Internet networking, including Internet connections, ICF, Internet Explorer 6, Outlook Express 6, and Windows Messenger, see Part 2, Internet Networking. You can also learn more about configuring ICS in Chapter 10, “Managing Workgroup Connections.”
newfeature!
Remote Control and Remote Troubleshooting
Chapter 1
Windows XP provides some new remote networking features that can make life easier, depending on what you need to do. Remote Desktop and Remote Assistance provide access to other Windows XP computers using either a corporate LAN or the Internet. These features are new, but are actually based on Terminal Services, so if you have worked in an environment that uses Terminal Services, you’ll see some similarities.
Remote Desktop
Remote Desktop provides a way for you to run your computer from another computer. For example, suppose you use a Windows XP Professional computer at work. When you come home, you can use another Windows computer (including Windows XP, Windows 2000, Windows NT, Windows Me, or Windows 95/98) and a dial-up or broadband connection to your LAN to access the Windows XP Professional computer. You can then see the remote desktop and run applications or open files, just as if you were sitting at the remote computer.
note Remote Desktop is not provided in Windows XP Home Edition. You can use Windows XP Home Edition to access and control a Windows XP Professional computer, but a Windows XP Professional computer cannot access and control a Windows XP Home Edition computer using Remote Desktop.
11
1: Windows XP Networking
1 Chapter
Part 1: Windows XP Networking
Remote Desktop has a number of potential applications including collaboration and console sharing, and perhaps most importantly, you can work from home or a different location and still access your office PC. Only Windows XP Professional computers can be Remote Desktop servers, but you can run the client on any Windows 95 or later computer with Remote Desktop Connection software, which you can install on any
of the previously mentioned Windows versions from your Windows XP CD.
tip Using Remote Desktop over the Internet
Remote Desktop is designed for LAN connections where you access a computer on a corporate network. However, you can also access a computer over the Internet if you know the computer’s IP address, and the computer is currently online. To connect, you’ll need to find the computer’s Internet IP address (assigned by the ISP), and if the computer uses ICF, the receiving computer will have to configure ICF to allow the Remote Desktop connection. Intrigued? Check out Chapter 5, “Using Internet Connection Firewall,” to learn more about discovering a dynamically assigned IP address and configuring ICF for Remote Desktop.
Remote Assistance
The second type of remote networking feature is Remote Assistance, which is provided in both Windows XP Professional and Windows XP Home Edition. Remote Assistance is a help and support feature that enables a user to connect to another user’s computer for troubleshooting purposes. The user requesting help can even give control of his or her computer to the helper who can remotely view and control the computer, hopefully being able to fix the user’s problem.
Remote Assistance has a number of applications. In corporate environments, Remote Assistance can provide more flexibility and faster service from support technicians. Instead of having to blindly provide support or physically walk to a client’s computer, the technician can use Remote Assistance to see the computer and fix it remotely.
In the same manner, users can get help from friends and relatives over the Internet. Let’s say your cousin lives in Washington, but you live in Dallas. You want to provide some help with a computer problem, but resolving technical problems via a phone conversation can be frustrating. Using Remote Assistance, your cousin can send you a Remote Assistance invitation, and you can connect to his computer using your
Windows XP computer. With the proper permission in place, you can remotely configure his computer to fix problems.
To learn more about Remote Desktop and Remote Assistance, see Chapter 16, “Remote Desktop and Remote Assistance.”
12
1: Windows XP Networking
Chapter 1: Introduction to Windows XP Networking
Virtual Private Networks and Remote Networking
Windows XP supports virtual private network (VPN) connections to access corporate networks remotely. A VPN connection enables one computer to connect securely to another computer over the Internet (or an intranet). The difference, however, is that local network data is encrypted and encapsulated (known as tunneling) to create a secure session with another computer using a free public network, such as the Internet.
There are a number of important uses of VPNs. Suppose you run a small workgroup in one location, but you have added an office on the other side of town. Your small company cannot afford a dedicated WAN link between the two offices. You can use a VPN connection that uses the Internet’s backbone for the cost of an Internet account so that the two offices can exchange data securely over the Internet.
You might also travel frequently with a laptop. Although you can access your LAN over a dial-up or remote broadband connection, you might want a more secure connection. In this case, you can use a VPN to create a secure tunnel. In the same manner, you can also create VPN connections over an intranet for extra security. VPN connections use either the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP). You can learn more about setting up and using VPN connections in Chapter 17, “Remote Access and Virtual Private Networking.”
The Routing and Remote Access Service (RRAS) runs on server versions of Windows 2000 and allows remote clients to dial into a private network directly (not using the Internet as a transit route). When you travel with your laptop, you can use the laptop modem to dial up to a designated number on the corporate LAN and use the LAN’s resources, just as though you were locally connected to the LAN from your office computer. Windows XP provides all of the security protocols you need to remotely access a domain environment. You can learn more about these security protocols in Chapter 17, “Remote Access and Virtual Private Networking.”
Support for Internet Information Services
Chapter 1
Microsoft Internet Information Services (IIS) enables you to host Web services either internally over a LAN intranet or publicly over the Internet. IIS is included with Windows XP Professional (but not with Windows XP Home Edition), and it runs as a Web hosting service with limited usage features. IIS running on server versions of Windows 2000 provides the capability to host Web sites over the Internet, whereas IIS on Windows XP Professional allows for only one Web site and one FTP site and is limited to a maximum of 10 simultaneous connections. This might be enough connections to run a lightly accessed Web site, but IIS is actually included in Windows XP Professional as a way to share documents or printers on an intranet and to serve as a tool for users who develop Web content. See Chapter 9, “Using Internet Information Services,” to learn more about the features and limitations of IIS in Windows XP Professional.
13
1: Windows XP Networking
1 Chapter
Part 1: Windows XP Networking
Wireless Networking
Windows XP provides built-in support for wireless networking. Over the past few years, the buzz about wireless networking has continued to grow. If you browse through the networking section of any computer store, you are likely to see a number of wireless network adapter cards and hubs for both home and small office use.
The purpose of wireless networking is obvious: You can set up a network without the mess, expense, and complication of running wires. Many airports, railways, hotels, and other public areas now provide network and Internet access over wireless links if your laptop is equipped for wireless communications.
Windows XP supports two types of wireless networks:
●Wireless Personal Area Network (WPAN). The simplest wireless network connects devices directly without an intermediary hub in what is called an ad hoc network. WPANs are short range, ad hoc networks using protocols such as Bluetooth or infrared light and are intended to be used within an extremely short distance (less than 10 meters). With Windows XP, the key method to create a WPAN is to use infrared-enabled devices over short distances with a clear line of sight between devices. Infrared devices enable fast and convenient transfer from one computer to another or between one computer and communication devices such as personal digital assistants (PDAs), digital cameras, cellular phones, and infrared-enabled printers.
●Wireless Local Area Network (WLAN). This wireless network can use either a hubless, ad hoc network or a central access point similar to the hubs used in wired LANs, in which each wireless computer communicates with other devices on the network through the access point. WLANs offer higher speeds and greater range, and are not limited to line of sight. Windows XP fully supports the IEEE 802.11 standard and the security features that the standard provides. This evolving standard is the primary WLAN solution.
There is a lot to learn and consider with wireless networking. Chapter 19, “Wireless Networking,” is dedicated to this topic.
newfeature!
Universal Plug and Play
Windows XP provides a new feature called Universal Plug and Play (UPnP). UPnP is a feature that allows Windows XP to automatically detect, manage, and control network devices that are UPnP compliant. For example, suppose you have a UPnP printer.
When you plug another device supporting UPnP into the network, such as a PDA or a laptop, the device is able to find the printer and use it automatically.
UPnP is the backbone for many advanced networking features including those provided by Windows Messenger and Remote Desktop. For more information on Universal Plug and Play, see “Connecting Through a Firewall,” page 222.
14
Chapter 2
OSI Reference |
15 |
Model Overview |
|
Understanding |
24 |
TCP/IP in Depth |
|
Internet Protocol |
32 |
Addressing |
|
Configuring |
|
IP Settings in |
35 |
Windows XP |
|
Understanding |
|
Internet Protocol |
41 |
Version 6 (IPv6) |
|
Other |
|
Networking |
42 |
Protocols |
1: Windows XP Networking
Configuring
TCP/IP and
Other Protocols
The Transmission Control Protocol/Internet Protocol (TCP/ IP) suite is a critical component of modern networking. Since its introduction, TCP/IP has proven to be flexible and robust enough for virtually any networking use, which has made it the most popular networking protocol in the world. IP is used to address the overwhelming majority of private networks, and it is the only addressing method used on the Internet.
To understand TCP/IP, it is important to start with the big picture. In this chapter, the TCP/IP protocol suite and the Open Systems Interconnection (OSI) reference model are examined. The OSI reference model closely intertwines with TCP/IP and its associated network features. Additionally, this chapter surveys other common networking protocols. Throughout this chapter, you’ll learn how to implement the various protocols and features within Microsoft Windows XP.
OSI Reference Model Overview
When the first networks were developed, communication between computers was a delicate process. In most cases, a computer from a given manufacturer could only communicate with another computer from that same manufacturer. The few computers that were on networks at the time were on homogenous networks; that is, all the devices on these networks were (for the most part) from the same manufacturer. For example, a shop using IBM mainframes would only use IBM terminals so that computers could communicate with each other. If the network had the misfortune of needing equipment from multiple vendors, users would be lucky if one manufacturer’s system
15
1: Windows XP Networking
Part 1: Windows XP Networking
2 Chapter
could understand the data created on the system of another manufacturer. Even if the data formats were compatible, most of the data had to be moved via sneaker net (a humorous term meaning you had to put the data from one system on a disk and actually walk—presumably in your sneakers—to the other machine to insert the disk and copy the data onto that system) because few devices could communicate on a network at all, let alone interoperate with different makes and models of equipment.
However, a solution was on the horizon. In 1978, the International Organization for Standardization (ISO) introduced the OSI reference model. This model provided a common blueprint for all makers of networking hardware and applications. Using a layered approach, the model defines how networking hardware and software should function and how data should be handled and controlled. By using this blueprint, manufacturers could ensure that their equipment and software would interoperate with systems and applications from other makers. The OSI model specifies how certain parts of the network should work to support communication between applications on different computers. The actual mechanics of how the specification is implemented are entirely up to the manufacturer. In the end, manufacturers had a tool that helped them design their network standards for cross-platform compatibility and at the same time gave them flexibility in their implementation of the standard.
Using Layers in the OSI Model
A hierarchy of layers are used in the OSI model to ensure that developers focus on a single component, such as a program that converts files from one format to another, without worrying about how other components at other layers work. The OSI model also specifies how items operating at one layer of the design should interface with items at adjacent layers of the design. By using this model, equipment and software can be developed in a modular fashion.
Suppose a developer needs to specify how data is encrypted before being transmitted between hosts. Using the OSI model’s layer approach, the developer does not have to worry about how the data is packaged for transmission across the network after
encryption because that issue is dealt with by another layer. This allows the developer to focus solely on making sure that the piece he or she is working on interacts correctly with the layers above and below it in the manner specified by the OSI model.
The structure of a shipping company provides a good analogy for how a layered system works. A shipping company usually has a general management department, a sales department, distribution managers, warehouse workers, and truck drivers. Each of these groups can be thought of as a separate layer. Each one depends on the services of the departments (layers) adjacent to them, and for the most part, they are unconcerned about the needs of departments (layers) that are not directly related to them. The truck drivers need the services of the warehouse crew to locate and deliver materials. However, the truck operators are not likely to be concerned with the details of how the sales people operate. Each department (layer) might change how it accomplishes its tasks, and a department might turn over employees, but the general rules for interlayer com-
munication do not change. The management team still needs to notify sales if there is
16
1: Windows XP Networking
Chapter 2: Configuring TCP/IP and Other Protocols
a new customer making inquiries. Distribution must make sure it relays information to and from both the sales and warehouse layers in the appropriate form. Sales might need to know if the warehouse crew is shorthanded. The warehouse crew probably needs to know if sales are decreasing and fewer laborers will be needed. In the same manner, each layer of the OSI model has specific job duties and functions. By using this layered approach, network communication is broken down into manageable pieces.
The Seven Layers of the OSI Model
Within the OSI model, there are seven distinct layers; each defines how a specific piece of the communication process is supposed to occur. Each of these layers has unique functions, data types, and protocols. All data using the OSI model flows vertically up and down the layers, yet each layer only communicates with (or is really aware of)
its corresponding (horizontal) layer on the remote computer. This communication between computers can be thought of as logical communication (because the layers
on each computer are only concerned with communicating with one another), whereas the process of data flowing up and down the layers can be described as physical communication (because in reality data must be physically communicated between the layers on each computer for it to arrive at its destination). Layer 3 on the transmitting computer is only aware of layer 3 on the receiving computer; layer 2 on the transmitting computer is only aware of layer 2 on the receiving computer and so on. The seven layers of the OSI model are physical, data-link, network, transport, session, presentation, and application. The following illustration shows how the corresponding layers of the OSI model communicate when data is sent over a network.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Workstation 1 |
|
Workstation 2 |
|||||||
|
|
|
|
OSI Layers |
|||||
Application |
|
Application |
|||||||
|
|||||||||
Presentation |
|
Presentation |
|||||||
|
|||||||||
Session |
|
Session |
|||||||
|
|||||||||
Transport |
|
Transport |
|||||||
|
|||||||||
Network |
|
Network |
|||||||
|
|||||||||
Data-link |
|
Data-link |
|||||||
|
|||||||||
Physical |
|
Physical |
|||||||
|
|||||||||
Chapter 2
17