Delve into the nuts and bolts of
networked sharing with Neil Mohr
Networking has become one of the most
essential elements of computing. Forget processors. Forget graphics cards.
Forget memory. If you can't get networked at home and onto the internet, we're
pretty sure we know what your reaction is going to be. While you can live
without 3D graphics and even the cutting edge multi-core processor, try living
without your home network for half an hour and you’ll run screaming into the
night with the wail of "Wikipedia" trailing after you.
We know you can string together your own
home network. A wired network is sheer block-building child's play. A wireless
network isn't much more strenuous, largely thanks to WPS reducing the
complicated bit to little more than a button press or two. Or if you're like us
you might memorise your WPA key, being able to think for ourselves and all.
A
wired network is sheer block-building child's play.
We're actually here to delve into the murky
world of Windows networking and file sharing. We’re not talking the Homegroup
system here; Microsoft has done a decent job of making that easy enough to use.
We're going to delve into the Windows NT networking system that underpins this
and indeed all of Windows file sharing. That's the key here not only does it
arm you with the knowledge to twiddle with network shares on Windows 7, but
without too many complications, everything from Windows NT, XP Server right
through to Vista and Windows 8.
It's a reassuringly complex system, which
once you understand the basic elements, is easy to deploy with total control,
allowing you to decide who, how and exactly what is shared and accessible over
your network. Let's not also forget the ability to limit, monitor and revoke
access too. Like we said, Homegroup is fine if you're seeking the basic
control. For complete control you want to unleash the full Windows network file
sharing goes to all that time and trouble to provide an easy route, should you
care to learn the hard way? Frankly because it offers far more flexibility for
a little more investment of your time. Besides, once you've nailed the more
complex systems, they work with and are the Homegroup system anyway. So you can
pick and choose depending on how tiered you want to make your file sharing
access.
The truth is that the networking that
exists inside all of Microsoft's current products is the same underlying system
that was built into Windows NT back in 1993. As you should know, Windows NT
became the core of Windows 2000 aka NT v5 and then Windows XP as NT 5.1. The
whole Windows range was effectively merged with Windows Vista as NT v6 and
onwards. Technically, Windows 8, RT and Server 2012 will all be based on
Windows NT v6.2.
This underlying architecture for Windows NT
has remained the same then, with security handled through the Security
Reference Monitor system, using Access Control Lists and unique Security
Identifiers called SIDs to orchestrate this symphony.
Home nuisance
Over the years Microsoft has attempted to
simplify the job of managing networked file shares, which in our opinion only
helped to confuse the situation. We'll take advantage of some of these
interface changes, since they offer shortcuts to sharing folders, but we're going
to avoid Homegroup.
Homegroup is a streamlined way of getting
file sharing to work over a home network. Similar to wireless networking WPS,
it uses a PIN to prove valid authentication between systems. This is great if
you can be bothered with difficult to remember 10-digit pins and having to
change all those default folders, so you don't share them with every Tom, Dick
and Harriet each time you initiate it.
Homegroup
is a streamlined way of getting file sharing to work over a home network
It's not a bad system but it's still riding
on the coat tails of something that's more flexible. We also worry that it
hands access to remote systems without any additional credential checking,
which is to say once a PC is given access it always has access no matter who's
using it. So if PC A used by Bob is given access to PC B, when little Timmy
gets on PC A, Timmy's going to be able to access everything on PC B. It also
doesn't help that networking issues are painful to diagnose, while the
easy-to-use interface elements plug into the traditional networking anyway.
Part of this new system is the somewhat
pointless Set Network Location selection. Get to it by selecting ‘Start’ >
'Control Panel' > 'Network and Internet’ > 'Network and sharing' and
under 'View your active networks' select the current Home/Work/Public network
link. The only reason to select Home network is that it enables Homegroup,
while Work network disables Homegroup.
The Public network option is handy as it
locks down network access to the system when on an untrusted network. Despite
its semi-hidden nature this does present a useful way of turning off the
Homegroup, though the additional Homegroup home will stay visible in the
Navigation pane till the sun engulfs the earth in its fiery embrace. Thanks Microsoft.
Group hug
With that unpleasantness done away with, we
can focus our attention on how the core Windows networked file-sharing works.
We're not starting at the beginning, as you were expecting. Instead we're going
to look at Windows User Accounts. What on God’s green earth has that got to do
with networking? Well, Groups, Users and Login sessions are core to the Windows
security system. You're going to be able to enable remote access to systems on
three levels.
The first is the Public shared folders that
anyone can access. The next is Guest group access. This is for anyone who
doesn't have a user account. Finally there's User Account access, which
requires that you enter credentials to access shared folders from a remote
system.
This complex arrangement ultimately results
in a highly flexible one, the small amount of initial user and group set up is
easy enough to manage. It enables you to create groups that all have the same
access privileges or provide personalised access to files and folders on an individual
user basis. This also goes hand in hand with password protection and policy
control over the password usage.
Homegroup
requires a 10-digit pin every time that it's initiated for file sharing
On a basic level users can be created and
managed via the standard User Accounts Control Panel and if you want it, it's
easy to enable the Guest Account access level here too. However, we find the
best method is to do this via the Computer Management console. Access this by
either typing compmgmt.msc into the Run dialog or else right-click 'Computer' -
the desktop icon or Start Menu entry - select 'Manage' and select the 'Local
Users and Groups' section.
It’s also worth mentioning at this point
the Shared Folders section that lives, handily, just above Local Users and
Groups. As you create file and folder shares these will become listed under the
Shares section. This makes the Computer Management Console a good way to manage
most aspects of networked file sharing from one place. Over time, if you're
sharing a good number of folders, it can become confusing as to exactly what
you’ve shared and with who.
The Shares section offers a list of
everything shared in one place and with all the controls you need. Right-click
the share you’re interested in and you can immediately stop sharing or choose
'Properties' to adjust the sharing options.
This Users Properties dialog enables you to
limit the number of users that can have active sessions. For the most part this
won't be of use for home users, but there are times when this could be useful,
if bandwidth is an issue or you have a high number of users for some reason.
The Share Permissions tab is also useful for easily changing the access
permissions for groups and users. It's unlikely you'll need to delve into the
Security tab, but this does offer more detailed control over what users can do
within shares.
