Home

Pauline's Pages

Howto Articles

Uniquely NZ

Small Firms

Search

A Guide to Painless Networks

Mixing Windows 9x and XP

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Introduction to the Networking Changes in Windows XP

Windows XP is the first major change in interface since the step from Windows 3.1 (aka Windows for Workgroups) to Windows 95. In some ways it is simpler with many Wizards and more consistent. The support for earlier systems is being rapidly reduced so there are no fixes or patches any more for Windows 95, on sale less than 5 years ago and furthermore XP no longer supports the networking protocols that used to believe to be the most logical and secure choice. Windows 3.1 and Windows 95 used NetBEUI as the prime choice of Network protocol, by Windows 98 IPX/SPX was perhaps the favoured choice although NetBEUI, IPX/SPX and TCP/IP were all loaded by default with any network adapter. Now only TCP/IP is loaded by default, IPX/SPX can installed easily although the name has been subtly changed to put one off and NetBEUI is not offered as an option but can be hunted out from the CD (or via Microsoft Technical Support Articles) at your own risk and without guaranteed ongoing support.

The case against TCP/IP for simple LANs Superficially it may seem a very attractive and logical solution to use TCP/IP for local area networks as well as for Internet access but it has a major flaw - it makes it very easy for a machine to be hacked into from the Internet. The whole philosophy behind the way I set up Networks in Painless Networking I was that of Gibson at the Gibson Research Corporation who produces the definitive Internet Connection Security analysis Software (Shields UP!). The philosophy was basically to totally separate the protocols used for external access to the Internet (TCP/IP) via a DialUp Adapter (Modem or similar) and Local Area Network access via at Network Adapter Card by using NetBUI and/or IPX/SPX and ensuring there were no "bindings" between TCP/IP and any non-essential Internet Services, in particular the "File and Printer Sharing" Services. If that was rigorously enforced then a Firewall was a luxury rather than an essential.

A world without NetBEUI The lack of support for NetBEUI in a Windows XP machine make adding one to an existing Network between Windows 9X machines a bit of a minefield. Running the Network Wizard in Windows XP and using the option to create a floppy disk to run on the other machines, providing they are new enough to run Windows 98, is the Microsoft proposal. If they are older then they are considered unsupported and useless and there are no suggestions on how to proceed.

What you need to do: I do not agree that older and less powerful machines have no role and and have modified the first part of Painless Networks to cover the minor changes to allow easy expansion to Windows XP machines. You should carry them out first. This part covers the changes needed to the default XP configuration to match a typical existing Network. It took me a long time to do it the first time as the XP interface is rather different. I therefore provide step by step notes so hopefully your new shiny XP machine can be got up and running quickly without you having to climb the steep learning curve.

Configuring Windows XP to match an existing Network

1. Disable your firewall and virus checking: Before removing, installing or making significant modifications to anything to do with the Network, you should disable your firewall and virus checking. They may link into TCP/IP and give problems when their links disappear. Most Firewalls and Virus checkers have a flag to say if they should load automatically on startup which should be unticked and the system rebooted. After you have finished they should be re-enabled before you take too many risks.

2. Disable the Internet Connection Firewall: To disable ICF on the Local Area Network (LAN) Connection,
   • Open Network Connections,
   • Right click LAN Connection at the bottom and click Properties.
     The Properties sheet shows the network components associated with the connection.
   • Select the Advanced tab, then un-check the "Protect my computer and network by limiting or preventing access to this computer from the Internet" box.
   • Windows XP asks you to confirm your decision to disable the firewall - Click OK to disable it.
   This step should also be done for the Internet Connections if you intend to use a separate Firewall such as ZoneAlarm.

3. Set up Names: Firstly set up the Computer Name, Workgroup Name and Computer Description - on XP this is via the Network Connections I prefer to
   • Go to the Control Panel and to change it to Classic View
   • Open Network Connections
   • Select LAN Connection at the bottom
   • Click Network ID on the Advanced drop down Menu at the top
     • Enter a Computer Description
     • A unique Computer Name and
     • the same Workgroup Name for all machines on the same network

     If you are selecting and setting the Name and Workgroup for the first time on a new network it is best to use Upper letters and numbers only and to keep them less than 12 characters for

4. Add the IPX/SPX Protocol: IPX/SPX is fully supported in XP and is my prefered "safe" protocol which is used on networks set up as in Painless Networking. The name is slightly different with NW (for Netware) in the front.
   • Click Start, click Control Panel, and then Open Network Connections.
   • Right-click the LAN Connection and then click Properties.
   • On the General tab, click Install.
   • Click Protocol, and then click Add.
   • Click NWLink IPX/SPX/NetBIOS Compatible Transport Protocol and click OK.
     Two NWLink items are added to the connection's Properties
   • Restart your computer even if not requested and The IPX/SPX protocol should now be installed and working.

5. Set up Bindings: By default, Windows XP binds all installed protocols to each network connection and service. We need to remove various bindings to limit the services using each protocol. The mechanism is very different to Win9X and in XP one should:
   • Open the Network Connections folder and on the Advanced drop down menu click Advanced Settings
   • Click the connection name under Connections. The appropriate bindings appear under Bindings.
   • To remove a binding, un-check the corresponding box. For example, we want to use IPX/SPX instead of TCP/IP for file sharing,so we un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks.
   • It is also necessary to right click the LAN Network Connection and click properties then untick the TCP/IP box to completely prevent TCP/IP being used instead of IPX/SPX.
   • Restart your computer even if not requested

6. Sharing: The existing network will already have shared folders but you will need to set them up on the XP machine before you will see it over the Network. If you can not see the Sharing Tabs on the Properties of a Folder check File and Printer Sharing is enabled in the LAN configuration

7. Testing: The Configuration should now be complete and you should be able to see the XP machine from the existing network and vice versa in Network Neighborhood/Network Places. One thing to note is that it can take a long time before Network Neighborhood/My Network Places fully updates for new machines and reconfiguration - this is because a Browse Master is automatically selected to retain Network configuration information and organise traffic and that process is not repeated until a change is recognised which can take a while. It took a long time before the XP machine was displaying up to date information although the Network was working fine from the other machines. Turning all the machines off and starting together may help.

8. Security Testing and Firewalls: The use of the IPX/SPX protocol and breaking of all bindings between TCP/IP should now have closed the security holes inherent in the use of TCP/IP over a LAN but it is still wise to check the security both with and without the firewall using the the Shields Up tests at the Gibson Research Corporation.

9. Windows XP Internet Connection Firewall: If you do not have a firewall it may now be possible to (re-)enable the simple built in Firewall on the Dial-up Connection without affecting the LAN - see above for the proceedure. I have not tried as I use ZoneAlarm, the excellent free firewall. If you do so repeat the Shields Up tests at the Gibson Research Corporation.

10. Re-enable Virus checkers: Remember to re-enable any virus checking you earlier disabled once you are sure you have finished making changes.

Feedback

The first part of this guide has been around a long time. The results have stood the test of time and I and others have set up many simple networks on Windows 95 and 98 machines very quickly and without hassle or problems. This part is, by definition, less mature and any feedback and comments by sending me a quick message would be appreciated.

A Guide to Painless Networks | Extra considerations when using Windows XP | Microsoft Internet Connection Sharing Software | Adding ADSL Broadband and Wireless Access (Wi-Fi)

A Guide to Painless Networks | Extra considerations when using Windows XP | ADSL Broadband | Microsoft Internet Connection Sharing Software | ADSL Wi-Fi Router Firewalls

Copyright © Peter and Pauline Curtis 24th September 2004