Recent Class notes 05 Sharing Resources March 24, 2004

Sharing folders and printers makes them available to other domain or workgroup members. Since Windows XP supports various networks and simultaneous use of multiple networking protocols, systems running other types of operating systems can share resources with other on the network. Windows XP support two basic types of sharing concepts: • Simple • Classic Sharing

Simple File Sharing Windows XP introduced a new concept called “simple file sharing” which removes confusion from sharing resources over a network. Therefore, simple file sharing makes sharing your resources easy, but limits your ability to configure sharing options and permissions. When you select the share option, Windows XP uses the guest account for all network logins.

Classic Sharing Similar to file sharing in , when resources are shared, you grant users permission for using the resource. You can also limit the number of simultaneous connections. This type of sharing requires more experience and effort to configure. Each networked system must be set up with the appropriate user accounts.

By default, the guest account is disabled (i.e. sharing is disabled). Also, Windows XP home edition supports only Simple File Sharing. Windows XP professional supports both sharing models.

There are two types of sharing permission control: • permissions • NTFS permissions

Shared Resource permission Control network access to a shared resource. These permissions do not affect local users. This type of permission control is defined in the sharing tab of a folder’s properties window.

NTFS permission Apply to folders and files on an NTFS formatted drive. These permissions provide detailed control over an object. Users who are granted access can be given specific types of permissions, including the following: • Run programs • View folder contents • Create new files • Change existing files

1 NTFS permission is also defined on the sharing tab of a folder’s properties window. Both types of permission controls are combined in a restrictive manner. The user permission is first determined by the shared resource permissions. The NTFS permissions can “strip away” some of those permissions but cannot extend them.

Enabling Simple File Sharing To enable Simple File Sharing, use the following steps: 1. Open Windows Explorer and right click the file or folder you want to share. 2. From the pop-up menu, choose sharing and security. 3. On the file or folder’s Properties window, click the sharing tab. 4. Under Network Sharing and Security, check the Share This Folder on the Network check box. 5. Enter a share name in the Share Name text box. Add a dollar sign to the end of the share name to make it invisible but can still be accessed. 6. If you want users to view the files only on this share, uncheck the Allow Network Users to Change My Files check box. If you leave this check box checked, users will be able to read and write to the share.

Sharing Folders with Classic Security If you are logged on as an administrator, you can share resources with others on the network. To set file sharing with the classic security model, use the following steps: 1. Open Windows Explorer and right click the file or folder you want to share. 2. From the pop-up menu, choose sharing and security. 3. On the file or folder’s Properties window, click the sharing tab. 4. Under Network Sharing and Security, check the Share This Folder on the Network check box. 5. Enter a share name in the Share Name text box. Add a dollar sign to the end of the share name to make it invisible but can still be accessed. 6. If you want users to view the files only on this share, uncheck the Allow Network Users to Change My Files check box. If you leave this check box checked, users will be able to read and write to the share. 7. Click the Allow This Number of Users option to limit the number of users who can connect to the resource. 8. Click the permission button to open the Permission Window. 9. In the group or User Names list, select the name or the user or group you need to set permissions for when accessing this resource. 10. Select one or more of the following permissions: 1. Full Control: Lets users create, read, write, rename, and delete files in the shared resource. Users can also change permission settings and take ownership of files on NTFS volumes. 2. Change: Lets users read, write, rename, and delete files in the shared resource. 3. Read: Lets users read files in the shared resource. 11. Click the OK to return to the Sharing tab. 12. When done assigning permissions, click OK.

2 With Windows XP professional, you can also use the Shared Folders Snap-In, which provides a centralized approach to managing shared folders. To use this snap-in, you must be logged in as an administrator and have simple file sharing disabled. To use the shared folders snap-in, use the following steps: 1. Right click My and choose manage from the pop-up menu. 2. Navigate to the System Tools\Shared Folders . 3. View or modify the permissions for a shared folder by right clicking the folder and choosing properties from the pop-up menu.

You can also send messages to users that are connected to shared resources on your system. To send a message: 1. Right click My Computer and choose Manage from the pop-up menu. 2. In the computer management window, navigate to the Systems Tools\Shared Folders directory. 3. Right click the shares folder, and then choose All Tasks | Send Console Message from the pop-up menu. 4. The send console message dialog box, shown next, automatically inserts the names of users with active session and open files in the recipients list. Type the message and click send.

Windows XP also offers managing resource sharing via command line options using the .exe utility. To get more information using the Net.exe command see “net help” or “net help share”. See table below for examples:

Table one: Examples of net share commands Net Command Description Net share Displays a list of system’s shared resources Net share sharename Displays information regarding the shared resource Net share sharename/delete Deletes the specified shared resource Net use Displays a list of resources to which you are currently connected to. Net session Displays a list of clients that are accessing your shared resources Net file Displays a list of open shared files including file ID Net file ID/close Closes the file specified by the ID

Internet Connection On a small network with only one connection, you can share that Internet connection with other systems on the network using the Internet Connection Sharing (ICS) feature. If you enable ICS, the Internet Connection Firewall (ICF) is automatically enabled. The firewall protects your shared resources from unauthorized users. If your system is isolated from the Internet by a residential gateway, proxy server, or another firewall, you can disable the firewall feature. The firewall monitors inbound and outbound communication between the computers it protects. To enable the firewall: 1. Open the control panel and select Network and Internet Connections.

3 2. Click Network Connections to open a list of network connections in the Network Connections window. 3. Right click the network connection that directly connects to the Internet, and then choose properties from the pop up menu. 4. On the Connection Properties window, click the advanced tab. 5. Make certain the “Protect my computer and network by limiting or preventing access to this computer from the Internet” option is checked.

Sharing Printers To share your , which is attached to your computer, use the following steps: 1. Open the control panel and select Printers and Other Hardware. 2. Click view installed printers or fax printers. 3. Right click the printer you want to share, and then select sharing from the pop-up menu. 4. In the sharing folder of the properties window that opens by default, click the share this printer option. 5. Type a printer name in the share name text box. This is the name the users will see when connecting to the device. 6. If some users are running other operating systems, click the additional drivers button and install the required drivers. 7. Click the advanced tab to specify the times when the printer will be available. 8. Click OK.

NetBIOS/NetBEUI The original networking model used by IBM, Microsoft, and others was created in 1984. IBM and Sytek released a LAN () message interface system named the Network Basic Input/Output System (NetBIOS). NetBIOS is a generalized program- to-program communication facility that enables peer-to-peer and /server communication between PCs operating in a LAN environment. NetBIOS communicates through three key services: 1. Name Service: Each PC using NetBIOS is assigned a logical name, and other PCs use that name to communicate with that PC. PCs learn about each other’s names by listening to announcements PCs make when they join the LAN or by broadcasting a discovery request for a name. Each PC keeps track of the names of other PCs in a local dynamic table. 2. Session Service: A PC can establish a session with another PC by “calling” it by name. Once the target PC agrees to communicate with the requesting PC, the two PCs can exchange message with one another until one of them “hangs up”. Session service is a connection-oriented service. NetBIOS provides message sequencing and message acknowledgements to insure that all messages sent are properly received. 3. Services: Datagram service is a connectionless service that does not require a PC to establish a session with another PC in order to send messages, and does not guarantee the receipt of any messages sent. Datagram services can be used to deliver broadcast or informational messages. Application level session controls and

4 acknowledgements can also be placed on top of datagram services to make them more reliable.

When NetBIOS was first released, the term NetBIOS encompassed both protocol level and service level functions. As the industry moved toward using well defined computing models that separate protocols and services (among other things), the NetBIOS protocol and service aspects were separated, and the term NetBIOS Extended User Interface (NetBEUI) was adopted to define the protocol level functions.

Server Message Blocks NetBIOS provides a generalized interface for program-to-program communications. NetBIOS does not provide specific services for files, print, and other user related services in a peer-to-peer or client/server LAN. That task is provided by SMB (Server Message Blocks). Like NetBIOS, SMB is an interface system. SMB enables file sharing, print sharing, and user-based messaging. Other examples SMB services include: create/delete directory, search for file name(s), open/close files, query print queue, send message to user, etc.

Limitations of SMB/NetBIOS/NetBEUI architecture The two major limitations are: • NetBIOS uses system names to enable and manage end-to-end connections. Under NetBIOS, names are resolved using broadcast oriented techniques. Broadcasting creates overhead in a LAN and can diminish the overall performance. • NetBEUI does not use any addresses other than the physical LAN adapter address (MAC address). In contrast, protocols like TCP/IP add a second level of addressing that defines a network address. The second level address allows TCP/IP to determine if a transmitted message needs to be routed to another network. NetBEUI does not use second level address, and therefore, cannot distinguish between local and non-local messages (i.e. NetBEUI is a non-routable protocol).

Microsoft provides three LAN level protocols that can carry NetBIOS and SMB traffic: • NetBEUI frames (NBF): This is an enhanced version of NetBEUI that supports a larger number of systems than the original NetBEUI protocol. • IPX/SPX: IPX and SPX are the main protocols used in Netware networks. IPX is a connectionless protocol and SPX is a connection-oriented protocol. • TCP/IP: TCP/IP also includes UDP (). TCP is a connection-oriented protocol and UDP is a connectionless oriented protocol. Both TCP and UDP rely on IP to resolve network addresses.

Microsoft also includes other type of protocols such as: Link Control (DLC), AppleTalk, PPTP, etc. DLC is used for IBM traffic and network printer connectivity. AppleTalk is used for connectivity to Apple computers. PPTP is used in conjunction with RAS (Remote Access Service) to carry LAN traffic over a wide area link.

5

NetBIOS operates above the LAN layer protocol and therefore name resolution is handled by broadcasting techniques regardless of which LAN layer protocol is in use. Microsoft resolved this issue by two ways: • You can configure a LMHOSTS file in each Windows system. LMHOSTS is a simple text file that contains a list of NetBIOS names and the corresponding TCP/IP address for each name. • You can implement a Windows Internet Name Service (WINS) server. A WINS server provides a centralized database that maps NetBIOS names to TCP/IP addresses. When a WINS client wants to know the address for a NetBIOS name, it simply asks a WINS server.

Also, there is support for DHCP (Dynamic Host Configuration Protocol). Using DHCP in connection with WINS results in a network that is easy to administer and troubleshoot.

Windows Protocols and Services There are five major areas: 1. Adapter: The network adapter that is physically installed in the system. 2. Protocol: The LAN level protocols (e.g. TCP/IP, IPX, NetBEUI) 3. Service: The services that can be used in conjunction with the protocol sets. 4. Identification: The logical NetBIOS name of the system and the name of the workgroup or domain the system belongs to. 5. Bindings: The exact association between services, protocols, and the available network adapter(s). The bindings restrict the operation of specific services over specific protocols, and similarly to restrict the operation of specific protocols over specific network adapters. For example, you can allow file and print services to operate over the NetBEUI protocol and not the TCP/IP protocol.

6