Windows XP must be aware of the two weaknesses

The first reason people want to build a home network is to share Internet connections. Windows XP Pro and Home provide direct support for this; another reason is for file sharing.

However, if you have carefully considered this issue, you will find that things are not that simple. For example, it is convenient to access all resources from any PC, and to prevent children at home from operating the stock software —— this requires file sharing to be open only to some members of the family. For this requirement, Win9x is sufficient to allow passwords for shared resources; most Win NT family operating systems are also available, allowing access to individual users and groups —— with one exception, Windows XP Home Edition . If you plan to build a home network, be sure to consider it carefully before deciding to use Windows XP Home Edition.

I. Shared Folders with Insecure Security

Windows XP Home Edition has designed a technology that Microsoft calls "Simple File Sharing" for shared folders. Open the “Share” tab of any folder in the “Properties” dialog box. As shown in Figure 1, you can see that the options here are very different from the previous Windows. Although the dialog box in Figure 1 can prevent users from modifying the files in the shared folder, it lacks the authorization options provided by other versions of Windows.

Figure 1

Since Windows XP Home does not allow you to set a password for a shared folder, either make the folder open to everyone or open to everyone. . Obviously, this does not meet the requirements of most home network users, because once the shared properties of the folder are set, there is no way to prevent anyone from accessing it.

If a folder belongs to a user's private profile (eg “My Documents”), the "Simple File Sharing" feature allows you to lock the folder by selecting "ld"; The folder is set to the dedicated ” option. Enabling this option prevents other users from accessing the folder, but it requires the file system to be NTFS. On the other hand, after the folder is set to dedicated in the NTFS file system, the user can no longer access it from the remote PC.

On PCs using NTFS, Windows XP Home allows users to be licensed separately, just like in Windows XP Pro or Win 2K. The problem is that in the Windows XP Home NTFS volume, the "Properties" dialog for the drive or folder does not have the "Security" tab. The only way to set permissions is to log in as Administrator, which can only be done in secure mode (the way to boot the system in secure mode is to hold down the F8 key while booting the system and then select the secure mode with network connection). After logging in to the system as Administrator, open the "Shared" tab of the shared folder <;Properties" dialog box, and click "Permissions". As shown in Figure 2, you can set full control, change, and read permissions for users and groups on the network. If you want to set permissions for users who are not included in the list, click “Add”,“Advanced","Find Now”, select a user from the user list (only local users only), and then set their permissions .

Figure 2

Some people say that even on the FAT32 system, you can set the permissions according to the above steps. That's right, Windows XP does let you do every step of the way, and the dialogs you see are exactly the same as the previous ones —— but the problem is that these settings don't work for FAT32. The FAT32 system does not allow separate authorizations in this way, but it does not prompt for error messages when you set them up.

For remote file access, the main difficulty with Windows XP Home is that Windows XP Home's network is a P2P network (ie, peer-to-peer), not a network built into a domain. Due to the lack of a domain server, the authorization of the file is for local user names, and these local user names are unique to each PC. For example, suppose you have a user WuKong on a machine named GAME, and the user's full name is GAME\\WuKong. However, if WuKong logs in to another machine WORK to access GAME, he is WORK\\WuKong, WORK\\WuKong and GAME\\WuKong are considered to be two different users. In a P2P network, there is no user at the "network level". If you want the user's permissions to be valid across the network, you must have a global name directory, which is only possible on networks with domain servers.

Therefore, even in Windows XP Home with the NTFS file system, the access settings are only valid locally, as all network users are logged in remotely with the Guest account. As a workaround, you can protect the shared folder by setting the password of the Guest account. The steps are as follows:

(1) Log in to the system as an administrator. Select the menu “ Start -> Settings -> Control Panel & rdquo;, select “ User Account & rdquo;, click “ Guest Guest Account & rdquo;. Make sure the account is enabled.

(2) Select Menu “Start->Run”, enter cmd, press Enter to enter the command line state. Execute the Net user guest password command in the command line environment.

(3) Return to the “User Account” setting screen in the Control Panel and select the Guest account. You can now set a password for the Guest account. After setting the password, restart the machine.

Second, too simple firewall

Windows XP has a simple firewall built in. When you use the Network Wizard to configure your network and share your Internet connection, the Internet Connection Firewall (ICF) is automatically enabled.

ICF prohibits all incoming communications that are unsolicited and unsolicited, but does not process outgoing traffic (that is, if there is a virus on this PC that is sending out messages, ICF will not pay attention) ). Because Windows XP's firewall does not distinguish between incoming traffic from the Internet and incoming traffic from other nodes in the LAN, there is a conflict between ICF and the home LAN. (Strictly speaking, users can configure ICF to open certain services for specific systems. Port, but this part of the operation is more complicated, so I won't repeat it here.)

To solve this problem, an easy way to do this is to install two NICs on a PC with an Internet connection and a connection share. Assuming that the Internet connection uses ADSL, one network card is connected to the DSL modem and ICF is enabled; the other network card is connected to the internal network and ICF is disabled.

If all PCs and ADSL modems on the LAN are connected to the same Hub, another effective method is to install a non-TCP/IP protocol for the internal network. The NetBEUI protocol is An ideal choice, both small and fast. In previous versions of Windows, NetBEUI was the default supported protocol and could be installed with a few clicks. The Windows XP network protocol list no longer lists NetBEUI, but the Windows XP CD still contains the files needed to install the NetBEUI protocol. These files are located in the Valueadd\\MSFT\\Net\\NetBEUI folder, copy the Nbs.sys file to the Windows\\System32\\Drivers directory, and copy Netnbf.inf to the Windows\\Inf directory. Then in the Control Panel, open “Network Connections  select the connection to the internal network and open its <Properties" dialog. In the "General" tab, select “Install ",“Agreement","Add”, then select the NetBEUI protocol. In this configuration, the ICF will continue to disable TCP/IP communication on the local network, but now the local network communication can be done through NetBEUI.

The last option is to disable ICF, install a router with a built-in firewall, or install a third-party firewall such as Norton Internet Security or Sygate Personal Firewall. These products offer comprehensive features and configuration options that should be preferred when conditions permit, giving up simple ICF.

Compared with previous versions of Windows, the stability of Windows XP is very attractive to home users, and the rich multimedia features make many people feel excited. Still, strictly speaking, Windows XP Home is a simplified version of the feature in many ways. Users who plan to build a home network should be aware of Windows XP Home's lack of LAN support and, if necessary, switch to Windows XP Pro or even the previous Windows version.