This wide- and large- screen layout may not work quite right without Javascript.

Maybe enable Javascript, then try again.

Home Fiddling with PCs

Networking XP[Home]

As I used to do data communications for a living, I'm prone to think I'm still fairly knowledgeable. So I dived in to making File and Print Sharing work between the two computers in my kids house. It was a sobering experience; computer networking has changed quite a bit since I left the field, and I learned the hard way I'm really not competent any more. I fiddled for quite a few hours before I finally got it working.

Although arguably Windows XP Home Edition is not appropriate for use in schools, it is often cheaper than Professional Edition and the administrator may not have a choice. My experience with a home network should also highlight problems a school network administrator is likely to encounter. Fortunately the Home Edition vs. Professional Edition that caused so much confusion with Windows XP networking receeded into the background with later versions of Windows. In fact, later versions of Windows supposedly automatically correctly configure home networking without any issues. One should still check networking capabilities before making purchasing decisions, as what works well at home may nevertheless not be appropriate for use in schools.

What follows is an empirical description of what worked at home for me, not a theoretical description of why or how it worked. Some of the steps I took may be unneccessary (or even downright wrong). Even so, my general experience suggests any example of something that actually works may be useful to others. Once you get something working, you can take out components one at a time and see if it still works. (A general rule of thumb for computer security is if it's not really necessary for what you do, turn it off.)

Configuration

The environment presented to me was two computers, both running Windows XP Home Edition, both with wireless networking cards, sharing a connection to the Internet outside the house via a Wireless DSL Router (Linksys WRT54G) and a DSL modem. So besides the two computers I was looking at a small blue box and a small white box, both with lots of blinking lights. The computer's IPaddresses were assigned dynamically by the DHCP server in the router/NAT box. What worked in my environment may or may not be applicable to slightly different environments.

In particular a separate router/NAT box interposed in the Internet connection provides a "firewall", making some computer options that would otherwise be unacceptably unsafe okay. The "Simple Networking" provided by Windows XP Home Edition is not reasonable for use on the Internet without some sort of software or hardware firewall. If you wouldn't play Russian Roulette, don't enable File and Printer Sharing directly on the Internet with Windows XP Home Edition. The "Simple Networking" offered by Windows XP Home Edition tilts dramatically toward being simple and away from being secure.

When I worked on networking these computers, they were running plain Windows XP Home Edition with no fixes. Later when Service Pack 2 (SP2) was applied to the systems File and Printer Sharing continued to work.

Gotchas

Two things in particular really threw me. One was that Windows XP Home Edition and Windows XP Professional Edition handle networking very very differently, so much so that advice for one is often wrong for the other. The other was that a common error message from Windows XP isn't very helpful.

Windows XP Home Edition and Windows XP Professional Edition appear very similar, and folks don't have much historical experience with two OS's from Microsoft having almost the same name. So lots of advice unfortunately doesn't state clearly which version it applies to, and the experience of typical techies at an office is mostly irrelevent to networking at home, but the advisers don't realize that.

Standard networking advice with Windows XP Professional Edition is to i) disable the Guest account, ii) disable "Simple Networking", iii) make all the login accounts on the machines --including the passwords-- exactly the same, and iv) manipulate the Local Group Policy Options, partly to minimize security risks. But none of this is the right thing to do with Windows XP Home Edition. Windows XP Home Edition networking requires that the Guest account be enabled. "Simple Networking" is the only option provided so there isn't even a switch to turn it off. Login accounts and passwords are irrelevant since "Simple Networking" always uses the Guest account. And there are no user accessible Local Group Policy Options; the folder where they are stored on Windows XP Professional Edition doesn't even exist, the icon in the Control Panel for manipulating them isn't there, the relevant snap-in for MMC cannot be enabled, and none of gupdate.exe gpedit.msc or poledit.exe are present on the computer.

If anything goes wrong an error box pops up probably saying something like

MSHOME is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The list of servers for this workgroup is not currently available.

A myriad of different problems will result in this same error message, so don't try to attach any meaning to it. In particular don't conclude the problem really has something to do with permissions. The first block of text is completely generic and appears after pretty much anything goes wrong. All you can really glean from it is "didn't work". The second block of the message may actually be somewhat more specific to the circumstance. But even so you'll probably always see the same words there, and they probably won't be very helpful toward solving your problem.

Firewalls

Software Firewalls, whose job it is to keep your computer safe from the Internet, have default configurations that will almost certainly interfere with File and Printer Sharing. Although using both a hardware (ex: Linksys) and a software (ex: Zone Alarm) firewall may at first seem like overkill, the paranoia is in fact quite reasonable and may even be recommended. Recognize though that if you do this you will almost certainly have to tweak the software firewall configuration before you can get File and Printer Sharing between your computers to work.

As part of the Operating System, Microsoft offers their Internet Connection Firewall (ICF). This facility should be enabled only on the interface that leads to the Internet, not on the interface that leads to the other computers. ICF always blocks File and Printer Sharing, and if it's enabled on any of your computer's connections to your other computers, you won't be able to get File and Printer Sharing to work right.

The McAfee Personal Firewall lets you "trust" (configure the IPaddresses of) your own computers and doesn't interfere with data communication from or to the addresses you specify. (You will probably want to use IP adresses 192.168.1.100 192.168.1.101 etc. for your computers and 192.168.1.1 for your router/NAT box, as IPaddresses of the form 192.168.1.nnn are reserved as "local" and will never be forwarded over the Internet. The router/NAT box substitutes "global" IPaddresses for the "local" ones used by your computers so they can function on the Internet.) The McAfee Personal Firewall also provides a checkbox for whether or not to allow the computer to answer "ping"s. Although this option isn't necessary for File and Printer Sharing, checking it may make troubleshooting the network a lot easier and less confusing.

The Norton Personal Firewall also lets you put your computers in the "trusted zone" so their communication isn't interfered with. Although neither the documentation nor any of the interactive messages says anything about it, my own experience is that systems newly added to the trusted zone may not be really trusted until the computer is rebooted. I'm not sure rebooting is necessary. But I strongly suggest rebooting after any change to the Norton Personal Firewall "trusted zone" is prudent.

Settings

To get File and Printer Sharing to work between your Windows XP Home Edition computers:

  1. Enable the "Guest" login account
  2. Open the "properties" of the network connection to the other computers and be sure both "File and Printer Sharing" and "Client for Microsoft Networks" are checked.
  3. Disable ICF (Internet Connection Firewall) on the network connection to the other computers. To do this open the "properties" of the network connection, select the [Advanced] tab, and un-check the "Protect my computer or network" box.
  4. Ensure all your computers are members of the same "workgroup". (They probably already are as everything defaults to MSHOME.)
  5. Understand which IPaddresses your computers will use, and configure these as "trusted addresses" in all software personal firewalls.
  6. Enable NetBIOS-over-TCP/IP for the network connection to the other computers. To do this open the "properties" of the network connection, highlight "Internet Protocol (TCP/IP)" and click the <Properties> button [or double-click on "Internet Protocol (TCP/IP)], click the <Advanced> button then the [WINS] tab, check the "Enable NetBIOS Over TCP/IP" box, and back out by clicking <OK>. (Besides "Enable NetBIOS Over TCP/IP" another option "Default ..." might also work, but it requires that your router/NAT box be configured correctly.) My reading suggests this should only be necessary if some of the computers are older ones not running XP, but my experience suggests it's necessary even in an XP-only Home configuration.
  7. Use the pre-installed TCP/IP networking protocol suite for your File and Printer Sharing as well as for access to the Internet. It is apparently possible to use a different networking protocol suite for File and Printer Sharing if you have the operating system installation CD. But I don't have experience with using other networking protocol suites, and I don't see that it's necessary.

Details

The net result of all your configuration changes should be that all traffic on each of these four connections is seen by all your computers (but is not seen on the Internet outside your home). This of course assumes that you're using the pre-installed TCP/IP networking protocol suite for File and Printer Sharing rather than some other networking protocol suite.

Security Testing

Be sure your File and Printer Sharing works only within your house. Don't allow your file shares to be visible on the Internet at all; even a hint of its existence is certain to attract crackers. A variety of security testing tools is available at ShieldsUP!!. Explore the site (you may need to find and click on ShieldsUP!! a couple of times) and use the security recommendations and testing tools you find there. (You may for example find instructions for doubly securing File and Printer Sharing in the ShieldsUP!! FAQ.

Web Browsing

If you use a hardware router, it establishes one connection with your internet service provider (probably broadband) then places all your computers directly on a "local area network". In this case none of your applications should try to establish a connection since one already exists. Most applications will correctly simply go ahead and use any existing network. The Internet Explorer web browser though may be configured to "dial a connection" regardless of any existing local area network. In the case of using a hardware router, this behavior is incorrect. In this case you may need to explicitly configure your Internet Explorer networking options to "never dial".

Domain Controllers and Group Policies

Neither the Windows XP Home Edition computer itself nor any users can be controlled by a Microsoft Domain Controller. (The Domain [third box] part of the login is never available.) Group Policy control and functions are not available. (gpedit.msc is not present, and will not run even if you somehow install a copy from elsewhere.) Homes don't have a Microsoft Domain Controller and don't use Group Policies anyway, so not having these options considerably simplifies configuration and administration in the home context.

If you're trying to use Windows XP Home Edition in a school environment, the absence of any interface with a Microsoft Domain Controller and of Group Policies may present interesting problems. Since my experience was in a home environment, I never ran across any of these interesting problems and so can't address them meaningfully.

Extensions (Exercises for the Reader:-)


Location: (N) 42.680943, (W) -70.839384
 (North America> USA> Massachusetts> Boston> Metro North> Ipswich)

Email comments to Chuck Kollars
Time: UTC-5 (USA Eastern Time Zone)
 (UTC-4 summertime --"daylight saving time")

Peruse Chuck Kollars' Facebook Profile

All content on this Personal Website (including text, photographs, audio files, and any other original works), unless otherwise noted on individual webpages, are available to anyone for re-use (reproduction, modification, derivation, distribution, etc.) for any non-commercial purpose under a Creative Commons License.