Time to deal with Networking using Windows, the Wo…

Time to deal with Networking using Windows, the WorkGroup way of things (or peer-2-peer if you prefer).

PREFACE-FOREWORD

This thread is not about setting up and establishing the connection since it would require a series of tutorials on hardware (routers, switches, hubs, UTP cabling etc) and protocol aggreement. Post a search on Google and you will find lots of sources on these…

This thread is about common questions regarding the way Windows authenticate users who try to access resources on the Local Network (LAN).

Keywords to remember as we go by: Pass-through authentication (not saying much now but will prove useful later on). Let’s see what’s in store shall we?

USER AUTHENTICATION EXPLAINED – WORKGROUP SCENARIO

You see, when YOU with username: YOU and password: YOUPWD work on a PC, to actually enter the PC you provide these credentials on your LOCAL LOGIN windows-User interface. These credentials are examined against a so-called Security Accounts Manager (SAM) database to ensure correct and secure usage.

Windows need a VALID set of credentials even when you try to access another user’s PC. It all depends on the security settings of the remote machine you try to access.

For example’s sake let’s assume that you browse the LAN using My Network Places and upon double-clicking the corresponding remote PC icon you can view the resources that are shared on that particular machine.

This happens when GUEST account is enabled on the remote machine. GUEST = anyone who hasn’t been approved as an authenticated user for that machine. You can qualify as a guest when username: YOU and password: YOURPWD DON’T MATCH any of the credentials
of the remote PC’s user accounts. In case GUEST was disabled (a good security practise i may add) then you would be presented with a Window asking Username and Password. Pretty straightforward huh? The remote machine doesn’t know you (as a user with
YOU and YOUPWD) and still complains by asking you for credentials. If a user with username: YOU and password: YOUPWD existed on the remote PC then (voilah!) PASS-THROUGH authentication, meaning that NO WINDOW WOULD APPEAR and you would instantly and
transparently be able to access the resources you want on the other machine.

Whenever i mention PASSWORD please try to use a non-blank one. It’s VERY IMPORTANT since as i read somewhere Windows XP don’t allow blank password authentication across the Network yet ONLY for local user login.

THE GUEST FACTOR

There have been many to say the least tutorials on the GUEST account feature of Windows and how it can affect the security model: the Classic Security Model or the one with the descriptive name: Simple File Sharing.

Just remember that on Windows XP Home Ed. Simple File Sharing is always ON and has to do with PERMANENT usage of GUEST account for network access to the PC’s local resources.
On Windows XP Pro you can accept or deactivate Simple File Sharing when working on a Workgroup and (goes without saying) you can forget the whole thing when working on a domain (see EPILOGUE below on the benefits of working on a domain).

The chapter “GUEST” account can get more complicated and my intention is not to make things complicated. Just thought it would be appropriate to mention it so as to have a clear picture…

EPILOGUE

So, bear in mind the workaround of identical pair of username and password co-existence on both the local and target-remote PC’s on the LAN. Of course, when the LAN consists of >2 entities-PC’s you have to apply the same technique throughout the collection of PC’s. And you ask my friend: how can i bypass this cumbersome (yet practical in it’s right) approach? Make the move to a DOMAIN-client/server topology instead of a WORKGROUP. Active Directory (AD) technology will take on the burden of user/password management and REPLICATION of info across the LAN.

Again, search, search, search on Google (or any other search engine to your liking) for more info and remember that access and rights on the remote machine depend highly on the control & security settings thereby set (especially when you are dealing with W2K/WinXP machines and NTFS formatted disks-partitions).

Hope the above was fun for you reading as it was for me writing and explaining.Links to respective sources on the WEB will be posted soon….