To install file and printer sharing after setup
This section describes how to configure and use peer resource sharing.
When a computer is running file and printer sharing services, other users running a compatible network client can connect to shared printers, volumes, CD-ROM drives, and directories on that computer by using the standard techniques for connecting the network resources, as described in "Browsing on Microsoft Networks" and "Browsing on NetWare Networks" earlier in this chapter.
Using computers running Windows 98 as peer servers allows you to add secure storage space and printing to the network at a low cost. The peer service is based on a 32-bit, protected-mode architecture, which means all the Windows 98 benefits for robust, high performance are available. In addition, administrators can take advantage of tools, such as system policies (included in the Windows 98 Resource Kit) and Net Watcher (included in Windows 98) to centrally administer peer servers. In addition, user-level security is available as an additional enhancement beyond the peer server capabilities built into Windows for Workgroups.
Tip
Using Net Watcher, a network administrator can remotely monitor and manage files on any computer running file and printer sharing services if remote administration has been enabled for that computer. Net Watcher allows an administrator to disconnect users, change access rights, and administer the file system on remote computers. For more information, see Chapter 23, "System and Remote Administration Tools."
If you use custom setup scripts, you can specify that file and printer sharing services be installed with Windows 98. Otherwise, you can add the service later by using the Network option in Control Panel.
Tip
For a computer that will share resources with other users on the network, choose which file and printer sharing service to install based on what other users require:
To install file and printer sharing after setup
– Or –
If you are installing File and Printer Sharing for NetWare Networks, select File and printer sharing for NetWare Networks, and then click OK.
For information about enabling file and printer sharing in custom setup scripts, see Chapter 3, "Custom Installations." For information about controlling peer resource sharing capabilities using system policies, see Chapter 8, "System Policies."
Figure 18.1 shows how Windows 98 supports share-level and user-level security for File and Printer Sharing for Microsoft Networks. Windows 98 supports share-level security similar to the security provided with Windows for Workgroups. This level of security associates a password with a shared disk directory or printer. Share-level security for peer resource sharing can be implemented in a Windows 98 – only peer-to-peer network or on a network supported by Windows NT or other Microsoft Windows network-compatible servers.
Figure 18.1 Security for peer resource sharing under Windows 98
For file and printer sharing services on both Windows NT and NetWare networks, Windows 98 supports user-level security by linking a peer server directly to another server for user account validation. For network administrators, the user account list is centrally controlled at the Windows NT domain controller or NetWare server; on a Windows NT network, the user account list on a single server can also be used for validation. The resources on the Windows 98 peer server can be accessed only by users with accounts in the central database. Users can also be assigned specified access rights in Windows 98 for particular resources. For more information about using and managing security, see Chapter 9, "Security."
The 32-bit, protected mode-network client and the file and printer sharing service are separate network processes, but they share connection information and pass requests to each other when validating a user-level security request.
For user-level security on a computer running either version of file and printer sharing service, you specify the server that contains the database of user accounts that are allowed to connect to this peer resource sharing server. You can do the following to customize access to a shared resource:
When a user requests access to a shared resource under user-level security, Windows 98 checks for the user’s logon name against the list of user accounts maintained on the server. If this is a valid user logon name, Windows 98 then checks whether this user has access privileges for this resource. If the user has access privileges, then the requested operation is allowed.
For an example of how pass-through validation works with peer resource sharing, see Chapter 9, "Security."
File and Printer Sharing for Microsoft Networks is the 32-bit, protected-mode Windows 98 SMB server (Vserver.vxd) that supports all networking products that use the SMB file-sharing protocol, including Windows for Workgroups, Windows NT, LAN Manager, Samba, IBM LAN Server, IBM OS/2 Warp Server, and DIGITAL PATHWORKS 32. Windows 98 enhances the features of Windows for Workgroups peer services by providing administrative control over whether peer sharing services are enabled, by adding user-based security capabilities, and by supporting long file names.
The following summarizes some requirements for File and Printer Sharing for Microsoft Networks:
The default settings for File and Printer Sharing are correct for most installations. You should need to change these settings only in the following circumstances:
Use the Network option in Control Panel to configure the Browse Master and LM Announce parameters for the file and printer sharing service. For information about configuring security in the Access Control tab of the Network dialog box, see Chapter 9, "Security."
To specify Browse Master settings
Table 18.5 Browse Master settings for Microsoft networks
| Option | Description |
|---|---|
| Automatic | Specifies that this computer will maintain the browse list if Windows 98 determines that it is necessary. This is the default. |
| Disabled | Specifies that this computer is never used to maintain the browse list. Use this setting if the computer has little free memory, if it is connected by a slow link (such as a dial-up connection), if it is frequently disconnected from the network, or if other conditions create special performance problems. |
| Enabled | Specifies that this computer is to be used to maintain the browse list for computers in this workgroup. |
At least one computer in the workgroup must have the value of Automatic or Enabled for this parameter to ensure the browse list is available to network computers. This parameter is equivalent to the MaintainServerList= entry in the [network] section of System.ini in Windows for Workgroups 3.11.
The LM Announce property controls whether a computer running File and Printer Sharing for Microsoft Networks can be seen by LAN Manager 2.x clients.
To specify LM Announce settings
Table 18.6 LM Announce settings for Microsoft networks
| Option | Description |
|---|---|
| No | Specifies that you do not want this computer to broadcast its presence to other computers by using LAN Manager broadcast announcements. Setting this value to No minimizes the level of network traffic. The Browse Master ensures that this computer appears in its browse list. |
| Yes | Specifies that you want this computer to announce its presence to other Microsoft networking computers in the workgroup multiple times, because there is a LAN Manager 2.x domain on the network. This value should be set to Yes if other computers in your workgroup need to see this computer when browsing the network. |
This parameter is the equivalent of the LMAnnounce= entry in the [Network] section of System.ini in Windows for Workgroups 3.11. This value should be No unless there is a LAN Manager 2.x domain on your network.
A LAN Manager 2.x domain is known by browse servers in a workgroup only if at least one computer running Windows 98 (or Windows NT in the domain) is a member of that LAN Manager 2.x domain.
To make a computer running Windows 98 a member of a LAN Manager 2.x domain
You can share a folder (or other resource) by selecting it in Windows Explorer or in My Computer and then configuring the related options. The following procedure describes how to share a directory on a computer where user-level security has been specified in the Network option in Control Panel. The steps for sharing resources with share-level security are similar to those for user-level security except that you do not select specific users. Rather, you specify the type of access and define a password for the shared resource.
To share a directory (folder) with user-level security
Tip
If you add a dollar sign ($) to the end of the share name, the resource will not appear in Network Neighborhood or elsewhere when people browse network resources.
For more information about sharing folders on a Microsoft network, see Help.
If you want to use File and Printer Sharing for NetWare Networks:
A computer configured with File and Printer Sharing for NetWare Networks uses the NCP file-sharing protocol to share resources with MS-DOS- based Novell NetWare computers, computers running Windows NT, and computers that have Client for NetWare Networks installed.
File and Printer Sharing for NetWare Networks supports long file names and is Plug and Play – aware. This implementation differs from peer resource sharing in Windows for Workgroups in two fundamental ways:
This feature means that hundreds of NetWare users can, for example, access a shared CD-ROM using a single NetWare server connection. Also, trustee or other access rights can be defined per directory for a shared CD-ROM.
When File and Printer Sharing for NetWare Networks is running on a computer, how that peer server appears to users browsing the network depends on how the peer server advertises itself:
To allow NETX and VLM clients on the network to access resources on the peer server, you must enable SAP Browsing in the properties for File and Print Sharing for NetWare Networks. The computer then appears as a server in SLIST or NLIST, and users can map drives to connect to this computer. To see a list of volumes, users can use the VOLINFO command.
Note
Administrative control over File and Printer Sharing for NetWare Networks is coupled with the printer sharing control — the option controlling the user’s ability to share a local printer. If these sharing options are not selected in the Network option in Control Panel, then the file and printer sharing service is not loaded. However, if the administrator disables printer sharing or file sharing by setting the related option in a system policy file, the file and printer sharing service still runs on the computer, but the related sharing options are not available.
After you install File and Printer Sharing for NetWare Networks, you must choose the method that computers browsing on the network will use to find this computer. You can browse by using either of two options:
Note
SAP Browsing has a theoretical limit of 7000 systems for browsing, and a practical limit of about 1500 systems. For a large peer network, use Workgroup Advertising.
For a general discussion of browsing when using NetWare-compatible clients, see "Browsing on NetWare Networks" earlier in this chapter.
To specify the browsing preference
– Or –
If you want NETX and VLM clients to be able to connect to this peer server Select SAP Advertising and set the Value box to Enabled.
Table 18.7 Workgroup Advertising settings for NetWare networks
| Option | Description |
|---|---|
| Disabled | This computer will not be added to the browse list, and it cannot be seen by other members of the workgroup using any method for browsing network resources. |
| Enabled: May Be Master | This computer is added to the browse list and can be promoted to master browse server if the preferred master is not available. |
| Enabled: Preferred Master | This computer is the master browse server for the workgroup. |
| Enabled: Will Not Be Master | This computer is added to the browse list by the master browse server, but it cannot be promoted to master browse server. |
For more information about master browse server options, see "Building the Browse List for Microsoft Networks" earlier in this chapter.
Note
If Workgroup Advertising is used, each workgroup must have a master browse server at all times to track names and addresses for computers in the workgroup.
If you select SAP Advertising, you can set the options shown in Table 18.8.
Table 18.8 SAP Advertising settings for NetWare networks
| Option | Description |
|---|---|
| Disabled | This computer will not advertise its presence, and NETX or VLM clients cannot see it by using SLIST or other browsing options, and cannot connect to it. Users running Client for NetWare Networks can see it if Workgroup Advertising is enabled on the peer server. |
| Enabled | This computer will advertise its presence. It will appear in the Entire Network list. Users running VLM, NETX, and Client for NetWare Networks can see it by using any browsing methods, and they can connect to it as they do for any server. |
By default, computers running File and Printer Sharing for NetWare Networks are placed in and browsed by workgroups. To specify the workgroup and computer name for the computer, in Control Panel, double-click Network, and then click the Identification tab.
Although computers that use SAP Advertising appear in the list of NetWare servers, you cannot use them in all the same ways that you use NetWare servers.
In Windows 98, you can do the same things to resources on computers running File and Printer Sharing for NetWare Networks as you can to any other network resource.
Note
Each computer configured with File and Printer Sharing for NetWare Networks logs on to the NetWare server that provides security, to get access to the bindery, using the Windows_Passthru account. This logon process takes place in the background, without user intervention.
If a connection to the server already exists, Windows 98 uses that connection and makes a new connection only when required.
You can add to the list of users who can access the resources on the peer server. To do this, add the users to the NetWare pass-through server that provides security. You can then give these users access to the peer server by adding them to the Sharing properties associated with the shared resource.
Passwords for users’ resources on the peer server are the same as those for the NetWare pass-through server. Passwords must be changed at that server, as described in "Unified System Logon Overview" earlier in this chapter.
To make sure all users have the required server access
To share a directory and specify users on a NetWare network
Notice in the illustration that the list of users shown in the Add Users dialog box is from the SHRIKE server’s bindery. This means two things:
For more information about using the Add Users dialog box, see Help. For more information about specifying directory access rights, see Chapter 9, "Security."
When the computer running Windows 98 receives a request from a user attempting to access a shared device, Windows 98 uses the NetWare server to validate the user name or group membership. If the name or group membership is validated, Windows 98 then checks to see if this validated name or group has been granted access rights to the shared resource, and then it grants or denies the connection request.
| Share Names Versus NetWare Volume Names When you share resources on a local hard disk drive using File and Printer Sharing for NetWare Networks, the share name associated with the shared directory structure becomes a volume name in the Novell designation server/volume: or the UNC designation \\server\volume. You can use the UNC designation with net commands to connect to and disconnect from \\server\sharename shares. Windows 98 does not make the distinction between shares and volumes because all shares and volumes appear as directories (also called folders). This distinction becomes important when you use NETX or VLM and NetWare utilities. NetWare does not use or understand the concept of share names. NetWare uses volumes for drive resources and print queue names for print resources. Therefore, for a shared drive or printer resource to be available to all the different types of clients, when a computer configured with File and Printer Sharing for NetWare Networks shares a drive resource, the share name becomes equivalent to a NetWare volume. When this same computer shares a printer resource, the share name becomes equivalent to the NetWare print queue.
|
File and Printer Sharing for NetWare Networks grants access to printers and directories on a per-user basis, which requires the name of the server to retrieve the names of users on a network. For NetWare versions 2.15 and 3.x servers, all the information for users, groups, passwords, and rights is stored in a database on the server called the bindery. NetWare version 4.x servers can appear to have a bindery using bindery emulation, which is enabled by default. Windows 98 can use the bindery of one NetWare server.
Usually, companies have multiple NetWare servers for different departments, and individual users log on to a different server by department. Problems can occur when the list of accounts differs between NetWare servers. For example, assume that Pat and Yoshi log on to the SALES server, and Hanna is on the R&D server. Pat can select only one server for pass-through validation, so she must select the SALES server, because that is where this account is located for log on. She can grant access to Yoshi, but not to Hanna.