- May 27, 2009
Configuring a Workgroup Network
After your network hardware has been installed, whether it’s wired or wireless, the next step is to make sure that Windows’ networking software is set up correctly. This procedure is different for XP and Vista, so I’ll go through the steps for each operating system separately. If you have both XP and Vista computers on your network, they’ll work together just fine, as long as you set up both types using the following instructions. I cover XP first, then Vista.
After you’ve set up basic networking, you may want to make some optional settings. So after covering initial setup for XP and Vista, the remainder of this section covers the following topics:
- IP addressing options
- Networking with Windows 9x and Me
- Designating a master browser
- Providing a shared Internet connection
You may want to review all these topics before starting to set up your network.
Setting Up a Network on XP
Windows XP comes with a Networking Setup Wizard program that can automatically configure file sharing and Internet access for each of the computers on your network. The wizard lets you make a few basic choices, but otherwise takes care of all the technical details for you. You have to run this wizard at least once, whether you want to or not. For security reasons, Windows doesn’t enable file and printer sharing until this wizard has been run at least once.
To start the wizard on XP, click Start, Control Panel, Network and Internet Connections, and Set Up or Change Your Home or Small Office Network. Read the “Checklist for Creating a Network” if you want, and then click Next. Follow the wizard through the following steps.
Select a Connection Method
The wizard asks you to select a statement that best describes your computer. The choices can be confusing, so consider them each carefully. They are
- This Computer Connects Directly to the Internet. The Other Computers...Connect...Through This Computer—Choose this if you want this computer to share its Internet connection with the rest of your LAN using Windows Internet Connection Sharing, which is discussed later in the chapter. This computer will connect to the Internet through a dial-up modem or a cable/DSL modem. In the latter case, you’ll need two network adapters in this computer: one for the LAN connection and one to connect to the DSL or cable modem. In any case, be sure that you’ve already configured and tested your Internet connection before setting up the LAN.
This Computer Connects to the Internet Through Another Computer on My Network or Through a Residential Gateway—Choose this if your network has a hardware Internet connection-sharing router, or if you’ve set up some other computer to share its connection with Internet Connection Sharing.
Also, use this choice if your LAN has routed Internet service, such as that provided by a DSL, cable, ISDN, or Frame Relay router connected to your network hub, and the router for that service has been configured to filter out Windows networking traffic, which we’ll discuss later in this chapter.
To get to the next three options, click Other. These alternatives are as follows:
This Computer Connects to the Internet Directly or Through a Network Hub. Other Computers on My Network Also Connect [this way]—Select this if your computer uses its own dial-up or direct DSL/cable Internet connection, but you do not want to use Windows’s Internet Connection Sharing to share the connection with the rest of your LAN.
Also, use this selection if you use “multiple-computer” cable Internet service with no router. (I strongly urge you not to use this sort of connection—please read “Providing Shared Internet Access” later in this chapter for important warnings.)
This Computer Connects Directly to the Internet. I Do Not Have a Network Yet—You would use this choice if you had a direct Internet connection (that is, a cable or DSL modem that uses a network adapter), but no LAN. Because you’re setting up a LAN, this choice probably isn’t appropriate.
You do want to use this choice if you are setting up a network only to use a shared Internet connection, and don’t want to share files with other computers. This might be the case if you are sharing an Internet connection in an apartment building or other public space, for instance. In this case, this choice indicates that you consider your network to be as untrustworthy as the Internet itself.
- This Computer Belongs to a Network That Does Not Have an Internet Connection—Select this if your computer will connect to the Internet using dial-up networking or AOL, or if your computer will never connect to the Internet.
Make the appropriate selection and click Next.
Select Your Internet Connection
If you chose one of the “This computer is directly connected to the Internet” choices, Windows presents a list of options for making that connection, listing your network adapters and your configured dial-up connections. Choose the connection that is used to reach the Internet and click Next. If you use a dial-up or PPPoE connection (frequently used with DSL service), choose the appropriate dial-up connection. Otherwise choose the network adapter that connects to your broadband modem.
Give This Computer a Description and Name
Enter a brief description of the computer (such as its location or primary user) and a name for the computer. Choose a name using just letters and/or numbers with no spaces or punctuation. Each computer on your LAN must have a different name.
If you’re hard pressed to come up with names, try the names of gemstones, composers, Impressionist painters, or even Star Wars characters, as long as Mr. Lucas’ lawyers don’t hear about it. I use the names of islands in the Indonesian archipelago—with more than 25,000 to choose from there’s little chance of running out of unique names!
Some Internet service providers, especially cable providers, require you use a name that they provide. (If you have a hardware connection-sharing device hooked up to your cable modem, enter that name into the hardware device and use any names you want on your LAN.)
Name Your Network
Choose a name for your network workgroup. This name is used to identify which computers should appear in your list of network choices later on. All computers on your LAN should have the same workgroup name. The wizard puts MSHOME into the name field, but I strongly suggest that you change it to WORKGROUP, which is the default on both earlier and later versions of Windows.
File and Printer Sharing
The wizard asks whether you want turn file and printer sharing on or off. Select Turn On File and Printer Sharing unless your network will contain computers that you don’t trust; that is, computers in a public area, computers on a public wireless network, computers whose users you don’t know, and so on. (If you later change your mind, or move your computer from one network to another, you can turn file sharing on or off using the Exceptions tab on the Windows Firewall control panel.)
Ready to Apply Network Settings
The wizard lets you review your selections. Click Next to proceed.
You’re Almost Finished...
You need to run the wizard on all the computers on your LAN at least once. If all the computers use Windows XP, select Just Finish the Wizard, and then run the wizard on each of your other computers. If you have computers running versions of Windows 95, 98, Me, NT, or 2000, you can create a disk that lets you run the wizard on these older machines, or you can use your Windows XP CD-ROM on these computers.
To use a disk, choose Create a Network Setup Disk, and insert a blank, formatted floppy disk. If you ran the wizard earlier and just changed some of the settings, choose Use the Network Setup Disk I Already Have, and reinsert the setup disk you created earlier. Otherwise, choose Just Finish the Wizard; I Don’t Need to Run the Wizard on Other Computers.
Now, continue with the next section to review the IP addressing choices made on your network, as discussed in the section titled “IP Addressing Options.”
Setting Up a Network on Vista
Surprisingly, Windows Vista does not have a network setup wizard to walk you through setting up file sharing for a home or small office network. If you’ve just set up a wireless network, the procedure I described earlier under “Wireless Networking” took care of the wireless connection itself. But, after the wireless connection is set up, or if you’ve just installed a wired Ethernet or HomePNA (phoneline) network, you have to check or change a few other settings before you can share files and printers on your new network.
If your network is going to be used only to share an Internet connection, you don’t need to perform these steps. But, if you do want to share files and/or printers among the computers on your network, you must check the following settings:
- Ensure that each computer has the same workgroup name.
- Enable file and printer sharing.
- If you use a third-party firewall product, permit file and printer sharing data to pass through the firewall.
I take you through these steps in detail in the following sections.
Each computer on the network must have a unique computer name. In addition, each computer has a workgroup name that should be the same on each of your computers. I recommend that you use WORKGROUP as the workgroup name—yes, it’s unimaginative, but most Windows computers come with this name preset, so we’ll go with it.
To check the workgroup name on your Vista computers, click Start, right-click Computer, and select Properties. The workgroup name is shown under the heading Computer Name, Domain and Workgroup Settings. If any computer has a different workgroup name, click the Change Settings button and approve the User Account Control prompt. When the System Properties dialog appears, click Change and type WORKGROUP under the Workgroup button. Click OK, and then let Windows restart.
Enable File and Printer Sharing
To enable File and Printer Sharing on Vista, click Start, Control Panel. Select Network and Internet, and then Network and Sharing Center, shown in Figure 6.5.
Figure 6.5 The Network and Sharing Center lets you control Vista’s sharing features.
The first thing to note is the network type that you originally selected when you started Windows after installing your network. When you connect Vista to any network, wireless or wired, it probes the other devices on the network to see whether it’s been connected to the same network before, or if the network is new. The first time Vista is connected to a new network, it asks you whether the network is Public or Private. If you label the network Public, it’s considered to be “dangerous” in that you wouldn’t want to trust other users to see the contents of your computer, and so file sharing, network device discovery, and other services are disabled on that network connection. If you label the network Private, network services such as file sharing can be enabled.
So before you can share files, check the label next to your network’s name (which is usually just Network). If the label is Public, click the word Customize. Check Private, click Next, confirm the User Account Control prompt, and then click Close.
Now, check the following settings:
- Network Discovery—Should be On.
- File Sharing—Should be On.
- Public Folder Sharing—The Public Documents folder is used for files that you want all users on your computer to be able to see and use. Set Public Folder Sharing feature to On if you want the Public Documents folder to visible to other users on your network as well.
- Printer Sharing—Should be On.
- Password Protected Sharing—I discuss this feature in more detail later in this chapter under “Simple File Sharing.”
- Media Sharing—Set to On if you have a library of music and video that you want to make available to other users and to media playback devices on your network (such as the Roku Soundbridge).
If you need to change any of these settings, click the small v in the circle to the right of the feature name and change the setting. You will probably need to confirm a User Account Control prompt.
At this point, file and printer sharing is ready to go. There is one more step only if you’ve added a third-party firewall program to your computer.
If you’ve added a third-party network firewall program to your computer, just setting File and Printer Sharing On may not be enough to let other computers “see” your computer or use any folders or printers you share. You may need to take extra steps to open your firewall to Windows file sharing data. You’ll have to check the manufacturer’s instructions for the specifics, but what you want to do is to permit inbound and outbound Windows File Sharing data traffic. If your firewall requires you to specify TCP and UDP port numbers, be sure that the following protocols and ports are open:
- UDP port 135
- UDP port 136
- TCP port 137
- TCP port 445
Open these ports to other computers on your same network (same subnet).
IP Addressing Options
Windows uses TCP/IP as its primary network protocol. Each computer on the network needs to have a unique IP address assigned to it. There are three ways that IP addresses can be assigned:
- Manually, in what is called static IP addressing. You would select an address for each computer and enter it manually.
- Dynamically, through the DHCP service provided by Internet Connection Sharing, a Windows NT/200x server, or a hardware connection-sharing router.
- Automatically, though Windows’ Automatic Private Internet Protocol Addressing (APIPA) mechanism. If Windows computers are configured for dynamic IP addressing but there is no DHCP server present, Windows automatically assigns IP addresses. This is the least desirable option.
By default, a newly installed network adapter will be set up for dynamic addressing. I recommend that you do not rely on APIPA to configure your network. In my experience, it can cause horrendous slowdowns on your computers. If you don’t have a device or computer to provide DHCP service, configure static TCP/IP addresses.
Configuring Dynamic (DHCP) IP Address Assignment
By default, Windows sets up newly installed network adapters to use dynamic IP address assignment, so for new adapters, you don’t need to take any additional configuration steps.
You will need a computer or hardware device to provide DHCP service (which provides configuration information) to all your other computers. This is provided automatically by any Windows computer that runs Windows Internet Connection Sharing (there can be at most one such computer on a network), by the addition of an Internet connection-sharing router, or a wireless access point that includes an Internet connection-sharing feature. (Alternately, you could run the DHCP service on a Windows Server computer. These operating systems can be used on workgroup networks as well as domain networks, although setting them up is beyond the scope of this book.)
If you are using Windows Internet Connection Sharing, it assigns IP address 192.168.0.1 with a network mask of 255.255.255.0 to the network adapter in the sharing computer. Other computers should be configured for dynamic addressing and receive addresses from 192.168.0.2 on up.
If you are configuring a hardware Internet Connection Sharing router, you may need to enable and configure its DHCP server. Usually, the DHCP feature is enabled by default, so you do not need to configure it. If you do, you can use the following settings:
Server IP address:
DHCP starting address:
Number of addresses:
(As provided by your ISP)
Some routers prefer to use a different subnet (range of network addresses)—for instance, 192.168.1.x. Whichever range you use, be sure to use the same subnet range for any static IP addresses you assign. There is more information on setting up IP address ranges in the online Appendix C, “Remote Desktop and Remote Assistance” in the discussion of enabling Remote Desktop.
Configuring Static IP Addresses
You’ll want to set up static (fixed) IP addresses for some or all of your computers in three situations:
- If your network has no shared Internet connection and no router, you’ll want to assign static IP address for all your computers, so you won’t be slowed down by the Automatic IP configuration mechanism.
- If you have computers that you want to reach from the Internet—for example, one or more computers that you want to be able to use via Remote Desktop—you’ll want to assign a static IP address at least to those computers; the others can have their IP addresses assigned automatically.
- If you have network-attached printers or print servers, you’ll need to assign static IP addresses to these devices. You need to enter these addresses when you’re setting up Windows to use the printers.
The goal in assigning static IP addresses is to ensure that each computer on your network has a unique IP address, shared by no other, and that all the other TCP/IP setup information is the same on every computer.
I suggest you make a worksheet that lists the setup information for your network. Determining what settings to use depends on the type of network you have, which will be one of the following three choices:
If your network does not have a router, and you are not using Windows Internet Connection Sharing, use the following values for your computers:
192.168.0.x, where x is a number from 200 on up
If your network has a router, connect it and turn on one of your computers. Be sure that the router is configured and working, according to the manufacturer’s instructions, and be sure that you can view web pages from the attached computer. Then click Start, All Programs, Accessories, Command Prompt. In the command prompt window, type ipconfig /all and press Enter. Make a note of the IP address, network mask, gateway address, and DNS server listed in the window. (On Vista, ignore the IPv6 information, and ignore the information for networking adapters that have the word Tunnel or Teredo in their name.)
Then use the following values for any computers and devices that need a static IP address:
a.b.c.x, where a.b.c are the first three numbers of the IP address you saw in the Command Prompt window, and x is a number from 200 on up. This might end up being something like 192.168.1.200.
As noted in the Command Prompt window, usually 255.255.255.0.
As noted in the Command Prompt window, usually something like 192.168.0.1.
As noted in the Command Prompt window, usually the DNS addresses supplied by your ISP, or in some cases the same as the gateway address.
If you are using Windows Internet Connection Sharing, use the following values for those computers and devices that need a static IP address:
192.168.0.x, where x is a number from 200 on up
I suggest that you then list on your worksheet all your computers and any printer devices. Next to each, write down “automatic” if you are letting the computer get its address automatically, or write down the IP address that you will be setting manually. This way you can keep track of which numbers have been used already. The finished worksheet might look something like this:
My Network: Information from command prompt window: IP Address: 192.168.0.2 (so: all IP addresses will start with 192.168.0) Network Mask: 255.255.255.0 Gateway Address: 192.168.0.1 DNS Servers: 10.11.12.13 10.21.22.23 My IP Address assignments: java 192.168.0.200 (want to access from Internet with Remote Desktop) sumatra automatic bali automatic HPJetDirect 192.168.0.201 (print server)
With this worksheet in hand, configure each computer or device that requires a static IP address.
To assign an IP address to a computer running Windows XP, use the following steps:
- Log on as a Computer Administrator.
- Open the Network Connections window. Right-click the entry or icon for your LAN adapter (usually labeled Local Area Connection) and select Properties.
- Select Internet Protocol (TCP/IP) and click Properties.
On the General tab, enter the selected IP address, subnet mask, default gateway, and one or two DNS server IP addresses, as shown in Figure 6.6.
Figure 6.6 Enter static IP address information on the General tab.
You can configure your preferred Internet domain name (called the preferred DNS suffix) on the Network Identification page in the System Properties dialog. To get there, right-click [My] Computer and select Properties, or select Advanced, Network Identification in the Network Connections window. View the Computer Name tab, click Change, and then click More.
You can also enter a preferred Internet domain name for each individual network or Internet connection. You might want to use your company’s domain name on the network connection, and your ISP’s domain name on a dial-up connection. To do this, view the network connection’s properties dialog, click the Advanced button, select the DNS tab, and enter the domain name under DNS Suffix for This Connection, as shown in Figure 6.7.
Figure 6.7 Enter per-connection DNS information on the connection’s Advanced Properties DNS tab.
Also, if your ISP has provided you with more than two DNS server addresses, click Add to enter additional addresses on this same tab.
- Unless your network’s DNS server supports dynamic IP address registration, uncheck Register This Connection’s Addresses in DNS.
- Click OK to close the dialogs.
On Vista, follow these steps:
- Click Start, right-click Network, and select Properties.
- Select Manage Network Connections.
- Locate the icon corresponding to your LAN adapter. It is probably named Local Area Connection or Wireless Connection. Right-click this icon and select Properties.
- Confirm the User Account Control prompt.
- Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
Then follow the steps previously described for assigning an IP address on Windows XP, starting at step 4.
Configuring Additional Useful Network Services
Besides the TCP/IP protocol and network services that are installed by default with Windows, you may want to install some additional services manually as part of your network setup.
Link Level Topology Discovery (LLTD) for XP
Windows Vista includes a network map feature that shows a diagram of the devices and computers on your network. The map is constructed from data collected by the Link Level Topology Discovery (LLTD) protocol. Vista comes with LLTD software preinstalled, but to get it in XP you must have Service Pack 3 installed. Thus, if you have computers running both Windows Vista and XP Service Pack 2 on your network, the XP SP2 computers don’t show up on Vista’s Network Map.
To install LLTD support on XP without installing Service Pack 3, perform the following steps on each of your XP computers:
- Visit microsoft.com and search for “KB922120.” Select the search result titled “Download Details: Link Layer Topology Discovery (LLTD) Responder (KB922120).”
- Click Continue to perform Windows license validation.
- Download and then run the small installer program.
Internet Gateway Device Discovery and Control Client
If you are using a hardware Internet-sharing router or Windows Internet Connection Sharing, you should install the Internet Gateway Device Discovery and Control Client on all your Windows XP computers. This service places an icon in each computer’s Network Connections folder that lets users monitor and manage the Internet connection that is hosted on the sharing computer or the router.
To install the Discovery and Control Service, follow these steps on each XP computer:
- Log on as a Computer Administrator.
- Open the Network Connections window.
- From the menu, select Advanced, Optional Networking Components.
- Select Networking Services and click Details.
- Check both Internet Gateway Device Discovery and Control Client and UPnP User Interface, and click OK.
- Click Next.
When this service has been installed, an icon appears in your Network Connections window for your router or other network devices. You can double-click this icon to open the device’s setup and control page. What appears varies from device to device, but it’s usually the device’s built-in setup web page.
Universal Plug and Play
If you use a hardware connection-sharing router or Internet Connection Sharing, you may also want to consider enabling a feature called Universal Plug and Play (UPnP). UPnP provides a way for software running on your computer to communicate with the router. Here’s what UPnP can do:
- It provides a means for the router to tell software on your computer that it is separated from the Internet by Network Address Translation. Some software—Remote Assistance and the video and audio parts of Windows Messenger in particular—ask the computer on the other end of the connection to establish a connection back to your IP address. On a network with a shared connection, however, the IP address that the computer sees is not the public IP address that the shared Internet connection uses. UPnP lets software such as Remote Assistance find out what its public IP address is. It also provides a way for the router to suggest alternate port numbers if several computers on the network want to provide the same service (for example, if several users send Remote Assistance requests).
- It provides a means for software running on the network to tell the router to forward expected incoming connections to the correct computer. Remote Assistance and Windows Messenger again are two good examples. When the computer on the other end of the connection starts sending data, the router does not know to send it to your computer. UPnP lets UPnP-aware application programs automatically set up forwarding in the router.
- UPnP provides a means for printers and perhaps other types of as-yet-undeveloped hardware devices to announce their presence on the network so that Windows can automatically take advantage of the services they provide.
UPnP has a downside, however: It has no built-in security mechanism, so any program on any computer on your network could potentially take control of the router and open “holes” for incoming connections (and there are already some viruses and Trojan horses that take advantage of this). However, Windows Firewall or your third-party firewall package will still provide some protection. Windows Firewall warns you if an undesired program prepares to receive incoming network connections, and this cannot be disabled as long as you are not using a Computer Administrator user account. In addition, most third-party firewalls inform you if an unrecognized program requests either incoming or outgoing network connections. UPnP abuse is not yet a serious problem. If you use Remote Assistance or Windows Messenger, the benefits that UPnP provides mostly outweigh the risks.
To use UPnP, you must enable the feature in your router. It’s usually disabled by default. If your router doesn’t currently support UPnP, you may have to download and install a firmware upgrade from the manufacturer. Most routers now do support UPnP.
On Windows XP, UPnP is enabled by default. If you have a UPnP router or Windows Internet Connection Sharing running on your network, the Network Connections screen should display an icon for the router as shown in Figure 6.8.
Figure 6.8 If your router supports UPnP, an Internet Gateway icon should appear in Network Connections.
On Vista, UPnP is controlled by the Network Discovery setting, which is enabled by default on private networks and disabled on public networks. To manually control Network Discovery on Vista, follow these steps:
- Click Start, Control Panel.
- Select the Network and Internet link, and then select Network and Sharing Center.
- At the bottom of the page, check the setting for Network Discovery. To change it, click the round v button, select Turn On or Turn Off Network Discovery, click Apply, and then confirm the User Account Control prompt.
When UPnP is working, on XP you should see an icon for your router or gateway under the title Internet Connection in the Network Connections window. If you right-click this icon and select Status, you’ll see a dialog similar to the one shown in Figure 6.9, displaying the status of the router’s connection. If your Internet service uses a connection-based system such as PPPoE or standard dial-up service via a modem, this dialog may display a button that lets you connect to and disconnect from your ISP.
Figure 6.9 Router status displayed via UPnP.
Click Properties and then Settings to display a list of network services for which the router is forwarding incoming connections to computers on your network. This list shows only forwarding settings made via UPnP. Services you’ve forwarded using the setup screens on your router, such as Remote Desktop, as discussed in the online Appendix C, do not appear here and new settings should not be made here—they usually disappear when the router is reset.
On Vista, the icon appears in the Network Map in the Network and Sharing Center. All you can do with it is select Properties, and from the properties log, View Device Web Page. (The capability to monitor port forwarding is not available on Vista.)
Designating a Master Browser
Windows uses a database of known online computers to build the display known variously as Network Neighborhood, Computers Near Me, or View Workgroup Computers. The database is managed by a software service called the Browser Service. It runs on one of your computers, which is designated the “master browser.” The master browser is selected by an automatic election held by the computers on the network. In addition, on a larger network some computers may be elected as backup browser servers.
When you are running a network with different versions of Windows, or if your computers don’t all have the exact same list of protocols installed, this service sometimes malfunctions: The election goes haywire (perhaps because of the Windows equivalent of the hanging chad), or the database is filled incorrectly, or other problems occur. The result is that the Network Neighborhood display doesn’t function correctly even though the computers clearly can communicate with each other (for example, one can map network drives to folders shared by the invisible computers).
If you find that this occurs on your network, you may want to force the master browser service to run on a designated Windows XP or Vista computer that is always left on. This can help stabilize the list of local computers.
To make this work you have to configure one computer to always be the master browser, and configure all the other computers never to offer to be the master. To make these settings on a computer running Windows Vista, XP, 2000, or NT you have to edit the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Browser\Parameters. Two values can be altered (refer to Chapter 5, “Tweaking and Tuning Windows,” for more details on editing the Registry):
True—This computer will be the master browser
False—Master is determined by election
No—Never serve as master
Yes—Ask to be the preferred master
Auto—Offer to be master if needed
If you want to force one computer to be the master browser in all circumstances, set the IsDomainMasterBrowser value to True on that computer and False on all others. If you want to set one computer to be the preferred browser, but let others step in if the master is unavailable, just set the MaintainServerList key to Yes on the preferred computer, and be sure to turn it on before the others.