Re: help understanding authentication on workgroups

Your web site links were great. I'd suggest (if it's not availabe in a way I
didn't see) that all the forum moderator's links be grouped in a way that
they could be separately searched for info before a question is submitted.
In all my searching I didn't end up seeing the links you provided. Instead,
searching Google, Google groups and the MS Knowledge base provided either
related but not directly useful material, or info that was too detailed to
understand. And a big waste of time.

Based on info in the links you provided on computer browsers, I now have
turned off the computer browser on my laptop (wireless connection), but left
it on on the two desktops (wired connection). I'm surprised that MS can't
figure out a way to make the whole browser process deterministic and stable.

My problem with workgroup authentication is that I'm using a router on my
vacation that has one ethernet port going to a PC in another condo. So I can
see another workgroup (not mine) on the network. I don't want that person to
be able to access any shared folders on my 3 PCs on my workgroup (desktop1,
desktop2, and laptop).

I have all my 3 PCs setup with guest accounts, all with the same password.
This morning I restarted all PCs (all with simple file sharing on) and found
that for any of the PCs to access the other on my workgroup, I had to supply
a password at a login window that had "computername/guest" user ID; however,
there was one exception: desktop1 was able to see laptop's shared folders
without having to through a login window. I don't understand this. This
makes me wonder if my (unknown) neighbor could actually see any of my 3 PC's
shared folders w/o going through the login process. That's why I want to
understand how the authentication process works.

I know I can probably use "hidden" folders or get rid of simple file
sharing, but I want to keep things as simple as possilbe to avoid maintenance
hassles.




"Chuck" wrote:

On Sun, 2 Apr 2006 16:44:01 -0700, Greg Nash
<GregNash@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I've spent a lot of time trying to understand the concept of simple
workgroups (all PCs's with XP pro service pak 2, simple file sharing on,
network client services on and print/file sharing on), but none of the
networking internet help sites appear to address some of the issues:

1. Does the computer browser service (adminstrative tools/services) have to
be started on all but one ("host") of the PC's in the workgroup (I've seen
conflicting recommendations; it doesn't seem to make much difference anyway).
If so are there any other special settings required for this "host"? In any
case should the computer browser be set to "manual" or "automatic".

2. From reading MS documentation, workgroup authentication is said to be
"local". I understood this to mean that if you can log onto any PC in the
network then you can see all other PCs in the workgroup, plus any files that
they share. However, I generally get a login window with username
"computername\guest" when I try to access PC "computername". When I supply
the password for that guest account on that computer, I get access to that PC
in the workgroup. At the same time one PC on the workgroup has no guest
account (only administrator account) and the other PCs can see it and it's
shared files without being forced to go through the login process.

What is going on here with respect to authentication?

Thanks
Greg Nash

Greg,

The browser provides visibility.

The rule of the browser is simple. If you're going to use browser services,
there must be a browser on the network for each computer to get the browse list
from. If there is just one computer running the browser, then that computer
will be the master browser. If there are two or more computers running the
browser, then those computers have to decide which one will be the master
browser.

If the master browser computers stays online constantly, there will be no
problem. If the master browser ever drops offline, you have the possibility for
problems. If you have more questions after reading my article, I'd appreciate
the feedback.
<http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html>
http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html

Authentication provides access.

By local authentication, the meaning is for network access by non-Guest
accounts, you have to use an identical non-Guest account on both the client (the
computer that you're logged in to), and any server (the remote computer that you
need to access). Authentication is required, whether or not you use the browser
(Network Neighborhood), or just do an adhoc mapping by name or even by IP
address).
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html

Now things get complicated when you setup accounts with or without passwords.
It is possible to setup network access on any account with no password required
(ie a blank password). If you're going to use blank passwords, you should do
consistently, or you may run into problems. Maybe this is part of your problem.

When you refer to the computer that "has no guest account", what specifically do
you mean? Was Guest deleted? Or was Guest disabled for local access? Remember
local and remote access is potentially different for any account.

Do my questions raise any more questions from you? Ask away. Windows browsing
and authentication has many possible problems, and I don't think it's possible
to document all of them.
<http://nitecruzr.blogspot.com/2005/07/windows-networking.html>
http://nitecruzr.blogspot.com/2005/07/windows-networking.html

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

.

Relevant Pages

  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... shared files on the PCs in my workgroup, I don't have any shared files there ... network client services on and print/file sharing on), ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
  • RE: xp home -> xp home
    ... > After installation of xp home, the network became a one way thing only. ... > no account login ever asked for, no account on machine b of any shape or sort ... > see itself in the workgroup list of computers let alone access machine a. ... > access permissions. ...
    (microsoft.public.windowsxp.network_web)
  • Re: help understanding authentication on workgroups
    ... network client services on and print/file sharing on), ... workgroup authentication is said to be ... the password for that guest account on that computer, I get access to that PC ... The browser provides visibility. ...
    (microsoft.public.windowsxp.network_web)
Loading