Inside Windows 98

- 27 -

Integrating Windows 98 and Windows NT

• Examining Windows 98 Networking Features
  • Brief History of Windows and Networking
  • Windows 98 Networking Architecture
  • Obtaining Client Access Licenses
  • Systems Management Overview
• Installing Networking Components
  • Installing and Configuring Network Adapters
  • Configuring Client for Microsoft Networks
  • Configuring Logon for Clients for Microsoft Networks
  • Setting Up Peer Resource Sharing
  • Using User Profiles
  • Setting Up Roving Users on Windows NT Server 4.0
  • Using System Policies
• Browsing with Windows 98 on Windows NT Networks
  • Overview of the Master Browse Service
  • Using Network Neighborhood
• Examining Windows 98 Network Security
  • Understanding Share-Level Security
  • Understanding User-Level Security
  • Understanding the Windows 98 Password Cache
  • Setting System Policies to Enforce Password Security

by Mark A. Sportack Many corporations and smaller businesses are running Windows 95 as a client on their Windows NT network. Windows 95 provides numerous benefits to both users and administrators. For end users, Windows 95 provides an enhanced 32-bit operating system and easy-to-use graphical user interface (GUI) on which to run older 16-bit applications and new 32-bit applications. Administrators appreciate the built-in support for networking, remote tools for monitoring networks, and enhancements in other areas of client administration. Windows 98, the successor to Windows 95, builds on this tradition of success by more fully integrating support for networking. In fact the entire desktop has been enhanced with ActiveX technologies to create an "Active Desktop."

This chapter discusses the following topics:

• Windows 98 networking features

• Installation of Windows 98 networking components

• Using Windows 98 to browse Windows NT network resources

• Understanding Windows 98 security

Examining Windows 98 Networking Features

PCs and their operating systems were originally designed as standalone computing devices. Not surprisingly, the original Windows operating systems (releases 3.0 and 3.1) offered very little native support for networking. As PCs matured, their role in a distributed client/server architecture evolved. In response to this changing role, PC operating systems added support for networking.

Brief History of Windows and Networking

With the release of Windows for Workgroups 3.1 and 3.11, Microsoft took an incremental step toward solving the Windows networking problems by providing networking as a core component of the operating systems. Windows for Workgroups enabled users to set up peer-to-peer networks with ease as well as to hook into Windows NT and NetWare more easily than previous Windows releases. Some of the key advantages of Windows for Workgroups included allowing users to share drives and printers, to send e-mail to other users, and to use Microsoft Schedule+ to set up and manage meetings across the network; it also offered the support of multiple protocols.

Although Windows for Workgroups appeared on many desktops, it did not revolutionize the way managers set up their network environments. What users wanted was a stable and robust operating system to run on the client desktop. However, the majority of the program copies sold came bundled with new computers or were used to connect two computers in small office or home environments.

Another client operating system released during this time was Windows NT Workstation. This operating system combined the standard Windows interface with the networking power of Windows NT Server, without the administrative features. The strengths of Windows NT Workstation are its ease of integration with an NT-networked environment and its full 32-bit, multitasking operating system.

Despite these significant advantages, there was a downside to Windows NT Workstation. Its hardware and system requirements were much greater than previous Windows client operating systems. Thus, a hardware upgrade was usually a prerequisite to migrating to NT Workstation. Consequently, many users and organizations chose not to invest in Windows NT Workstation. Instead, they continued to use their traditional Windows 3.0 or 3.1 client operating systems.

When Microsoft released Windows 95 in August 1995, many of these problems were solved. For users who didn't want the overhead of Windows NT Workstation or the complexities of integrating Windows 3.1 into their networks, Windows 95 was an excellent solution. Windows 98 expands on the success of Windows 95 and adds even more networking components and administrative tools. These components and tools make it even easier to configure and administer Windows 98 clients on Windows NT networks.

Some of the major features of Windows 98 networking include the following:

• Web integration. The most significant, new feature of Windows 98 is its fully Web-enabled user interface. Virtually every aspect of the user interface now relies on a browser and hyperconnectivity.

• Active Desktop. New to Windows 98 is the Active Desktop. ActiveX and browsing technologies are incorporated extensively throughout the user interface. The browser is quite literally an integral part of the operating system's shell. It is no longer a discrete application. The Active Desktop allows you to automatically keep in touch with content changes on your favorite Web sites. By incorporating Web elements into your desktop, they can be updated automatically and viewed immediately.

• Easy network installation. Windows 98 makes extensive use of Plug and Play as well as installation wizards and dialog boxes to make installing new network protocols, adapters, and services easy. Administrators don't have to spend time editing Ini, Registry, and configuration files manually. This is done automatically with Windows 98.

• Resource sharing. Users can share files and printers when using the Client for Microsoft Networks. Modem and fax services can also be shared using the Windows 98 Outlook client.

• Long filename support. Windows 98, much like earlier Microsoft operating systems, enables you to use long filenames. Long filenames in Windows 98 can be up to 250 characters long and can include more than one period, have spaces, and use other characters not supported with the MS-DOS file allocation table (FAT) file system.
• E-mail and messaging. Each copy of Windows 98 comes with Microsoft Outlook Express for electronic mail, faxing, and messaging tasks. With Outlook Express, users can send rich-text formatted (RTF) messages, Hypertext Markup Language (HTML) formatted messages, and binary files to other users.

• NetMeeting. With Windows 98 and NetMeeting, you can hold conversations, and even multiparty meetings, over the net. Given the proper hardware, NetMeeting will also let you hold face-to-face videoconferences. More importantly, NetMeeting allows you to send mes-sages and actively collaborate on shared documents or a white board.

• Multiple protocol support. Windows 98 includes support of many protocols, including Transmission Control Protocol/Internet Protocol (TCP/IP), NetBEUI, Microsoft DLC, IPX/SPX, Novell IPX ODI, and PC-NFS. In addition, you can have simultaneous connections to as many networks as allowed by your networking software.

• Virtual private networking (VPN). Mobile users, remote users, and extranet-connected business partners can all benefit from the integration of support for VPN in Windows 98. VPN uses compression, encryption, and Microsoft's Point-to-Point Tunneling Protocol (PPTP) to create a virtually private networked connection through an otherwise public network, such as the Internet. To create a VPN connection, you must connect to a Windows NT Server 4.0 that is configured as a PPTP Server and that is PPTP-enabled.

• No DOS. Windows 98 is a true operating system and does not rely on MS-DOS. This means, among other benefits, Windows 98 networking does not consume conventional memory, leaving more for applications and services. Windows 98 uses 32-bit protected mode drivers to make network transfers much faster over Windows 3.x installations. In the past, network device drivers needed to load into conventional memory, often leaving very little memory below the first 640 KB to use for applications and terminate-and-stay resident (TSR) programs. With Windows 98, you lose very little memory to network drivers.

• Dial-Up Networking. Windows 98 includes remote access software to connect to TCP/IP, IPX/SPX, and Point-to-Point Protocol/Serial Line Internet Protocol (PPP/SLIP) networks with a dial-up connection. With the Windows NT 4.0 Server Remote Access Services (RAS) support, you can use Windows 98 to dial up a Windows NT server and access file and printer resources.

---

NOTE RAS is the physical basis for virtual private networking. To establish a VPN connection, you must first make a physical dial-up connection using PPP. PPTP can only create a logical connection through a preexisting PPP dial-up connection.

---

• Broad support for networking hardware. Windows 98 includes drivers for a number of network adapters, including 3COM, Artisoft, Compaq, Digital Equipment Corporation (DEC), Linksys, Novell-Anthem, Thomas-Conrad, Xircom, and others. Windows 98's Plug and Play support enables you to add or remove PC cards (PCMCIA) on-the-fly and lets Windows 98 assign resources automatically without rebooting the computer. (The card must use an NDIS 3.1 driver for this to work.)

• Network services. You can install a number of network services under Windows 98. These include file and printer sharing, remote Registry, Simple Network Management Protocol (SNMP) agent services, Cheyenne ARCserve Agent support, and the Arcada Software Backup Exec Agent service. You also can use the Hewlett-Packard JetAdmin printer service.

• System policies and user profiles. Windows 98 enables you to set up system policies to control how a user's system behaves when logging onto the network. You can use system policies, for instance, to disable the Control Panel on users' desktops so they cannot modify system settings on their computers, including network settings. You also can use user profiles to set up customized configurations for individual users so each time they log onto a computer, regardless of the computer they use, the same configuration displays.

For installations that include networks other than Windows NT, you'll find that Windows 98 fits comfortably with the following networks:

• Windows networking, including Windows NT, Microsoft LAN Manager (the precursor to Windows NT), and Windows for Workgroups 3.x

• Novell NetWare 3.11 and later

• SunSoft PC-NFS version 5.0 and later

• DEC Pathworks

• Artisoft LANtastic version 5.0 and later

• Banyan VINES 5.52 and later

As you can see, Windows 98 makes an ideal workstation client in any network, especially a Windows NT 4.0 network.

Windows 98 Networking Architecture

Windows 98 includes built-in peer-to-peer networking capabilities that make it easy to run a small, peer-based network between Windows 98 computers. You also can take advantage of these peer-to-peer services when you have a Windows NT 4.0 network. By using these built-in capabilities with your Windows NT network, you can relieve some of the burden put on the server by letting Windows 98 handle some of the resource sharing requests.

Windows 98 includes the following peer-to-peer services:

• File sharing. Enables you to share hard disks, files, folders, and CD-ROM drives on the network. Three protected-mode 32-bit files control file sharing on Windows 98. VSERVER is the primary device driver in Windows 98 that handles network requests. It is a virtual device driver that can handle multiple requests simultaneously. The Microsoft Share Point User Interface (MSHRUI) enables the workstation to share resources on a network. MSHRUI is a dynamic link library (DLL) file. Finally, the Installable File System (IFMS) directs requests from VSERVER to the local file system driver (FSD) or to a network FSD, depending on the request.

• Printer sharing. Most network installations have shared printers running on a print server. This allocation of printers is fine for installations that can afford dedicated print servers and software. With Windows 98, users who have local printers attached to their computers can share those printers with everyone else connected to the workgroup. This makes it handy for offices to share printers dedicated to certain printing tasks, such as printers filled with company letterhead, plain paper, and shipping forms. The key to sharing printers on the network under Windows 98 is that print jobs run in the background. This reduces much of the system drain on a computer when it receives a print job from another computer. The computer handling the print job doesn't come to a complete stop just to service the print job.

• Access control. Windows 98 enables you to control who has access to file and printer sharing on the network. You can assign user IDs and passwords for users to gain access to a shared device or file. This is called user-level security. You also can use share-level security, which enables you to designate which resource gets shared. You might, for instance, enable everyone in the workgroup to access all printers connected to workgroup computers. There might, however, be some times when a printer is off limits to the staff due to special print runs--say a mail merge using letterhead from the company president. In these cases, the person connected to that printer can turn off the share-level rights to deny access to that printer to everyone else.

Obtaining Client Access Licenses

If you use the following Windows 98 network services with Windows NT, you must obtain client access licenses:

• File services for file sharing, file managing, and disk storage

• Print services, including sharing and managing printers

• Remote access services, which enable you to access the server from a dial-up client

You can obtain a per-seat license or a per-server license, depending on your situation. A per-seat license is used to license each workstation on the network that will access the server. It enables you to have as many computers connected to the server as you want, as long as each has a client access license. The per-server license is used to license each server on the network and then assign to each one a certain number of licenses.

---

NOTE To obtain licenses or ask questions about client access licenses, contact Microsoft Sales Information at (800) 426-9400.

---

Systems Management Overview

Windows 98 includes several features that make it easy for the Windows NT system administrator to manage Windows 98 clients. The system administrator can use remote management tools to oversee almost all aspects of a remote Windows 98 workstation. This is handy when an administrator cannot physically sit in front of a computer to monitor it or modify configuration settings. Also, you can use the remote tools to log onto the network through a dial-up connection and monitor the system from there.

The system management tools enable you to monitor operating system software such as device drivers, user interface items, and configuration settings. You also can access the Device Manager to modify and repair hardware settings and watch out for possible conflicts.

The following are the key system management tools in Windows 98:

• Remote Registry editing. When running Windows 98 as a client on a Windows NT network, administrators can use the Microsoft Remote Registry service to administer Windows 98 Registry settings on remote computers. With remote Registry capabilities, you can manage remote file systems, share or restrict network folders across the network, and modify Registry settings. The primary advantage of this is that it gives managers a way of viewing and modifying a workstation's Registry from a remote site. It also lets the administrators make global Registry changes to several workstations in less time than it takes to walk from workstation to workstation to make the changes.

• Windows 98 contains a Registry Checker that automatically finds and fixes Registry problems. This utility works by automatically backing up the Registry daily and scanning the Registry for inconsistent data structures. If it finds a problem with the current version of the Registry, Registry Checker will either fix the problem or restore the Registry from a backed-up version. Registry Checker is launched each time you start Windows 98 as well as every time you upgrade your operating system.

• Managing user profiles. You read earlier about Windows 98's user profiles. The power of a user profile is realized when a user can log onto the network and always have the same configuration (including desktop icon arrangement, desktop colors, and other personal settings) regardless of the computer he or she is using. One of the keys to using user profiles on a network is to store the profiles on the server so users can always have access to them. Managers can also use a mandatory user profile (called USER.MAN) that forces each user to use the same configuration settings. You might use this if you are setting up a classroom in which consistent interfaces and desktops are required for the start of each class. You might also use USER.MAN if your organization uses a standard configuration for different divisions, such as accounting, sales, or administration.

• Managing system policies. You can use the System Policy Editor to set up system policies to control system settings. These settings can include a number of restrictions and limitations, such as restricting access to network resources and limiting workstation features (such as the Printer folder) on a computer. You can use the System Policy Editor from a remote computer to establish system policies for specific computers. These policies are downloaded from the server when a user logs on from that workstation. You might, for instance, create a system policy that restricts a workstation to run only certain applications.

• Network Monitor Agent. This agent enables you to monitor network traffic and troubleshoot network problems. Network Monitor Agent works with NDIS 3.1-compliant protected-mode network adapters as well as the Microsoft RAS server.

• Net Watcher. Net Watcher is useful when you want to see who is currently using shared resources on the network. For Net Watcher to work, you must have file and printer sharing enabled and you must be using share-level security.

• Password List Editor. If you need to remove a service from an individual user profile, you can do so using the Password List Editor in Windows 98.

• Network backup agent. Windows 98 includes built-in support for Cheyenne, ARCServe, and Arcada Backup Exec backup software. These applications enable you to back up workstations from across the network.

• System Monitor. This tool monitors several workstations on a network. Among other things, it receives statistics on client performance and network traffic congestion.

• SNMP Agent. If you use SNMP (Simple Network Management Protocol) on your network, you can install the SNMP Agent available with Windows 98 to provide systems management support so your Windows 98 workstations are displayed on the SNMP console you're using.

Many of these systems management tools are provided with Windows NT 4.0 Server as well.

Installing Networking Components

The easiest way to add networking components to your Windows 98 workstations is during its initial installation. If you are upgrading Windows 95 to Windows 98, the Install Wizard will automatically detect this upgrade and preserve your existing service, protocol, and adapter configurations.

Often, you might have to add Windows 98 networking components after you've installed and set up your Windows 98 clients. This might be because you've already upgraded your workstations to Windows 98 before establishing a Windows NT Server 4.0 network or you are adding a new workstation to the network. The process for doing so is actually very easy and is explained in the following sections. In general, the steps are as follows:

1. Install and configure network adapters (NICs).

2. Install and configure Client for Microsoft Networks, including binding protocols to the client and adapter.

3. Set up permissions.

4. Set up shares, including file and printer shares.

5. Set up user profiles and system policies.

Although you are not required to set up shares, you will probably want to do so to take advantage of Windows 98's peer resource sharing across the LAN. Likewise, not every network administrator will use user profiles or system policies.

Installing and Configuring Network Adapters

Before you begin the process of installing networking client software on your Windows 98 machines, you need to install and configure a network adapter for each machine. Overall, Windows 98 makes it easy to add hardware devices to your machine, and installing network adapters is no different. By following Windows 98 onscreen wizards, you can quickly set up the adapter and configure computer resources for it. These resources include IRQ, memory address, and input/output (I/O) port.

If the network adapter conforms to the Plug and Play specification, installing it usually means inserting the card into your computer, rebooting the computer, and letting Windows 98 find the new adapter. When found, Windows 98 automatically assigns resources to the adapter according to the hardware specifications detailed in the device itself. If you have non-Plug and Play devices installed that have specific resource requirements, Windows 98 attempts to eliminate device conflicts by freeing up any required resources that might be assigned to other Plug and Play devices.

The following steps show you how to install a non-Plug and Play network adapter in Windows 98:

1. Make any adjustments to hardware settings, such as jumper blocks or dip switches, according to the specifications provided with the adapter.

2. With the computer turned off, insert the adapter into your computer using the instructions provided with the adapter.

3. Boot the computer into Windows 98. Select Start | Settings | Control Panel, and double-click the Add New Hardware icon.

4. Click Next on the Add New Hardware Wizard screen.

5. When the Windows 98 prompt asks whether you want it to locate the new hardware device automatically, click No (see Figure 27.1). If you click Yes, Windows 98 attempts to find the network adapter for you. This is OK, but usually takes several minutes and you can do it faster manually. Click Next to continue.

FIGURE 27.1 Select No if you want to manually tell Windows 98 what type of network adapter you're installing.

6. From the Add New Hardware Wizard screen, double-click the Network adapters option. The Select Device dialog box appears.

7. In the Manufactures list, double-click the manufacturer of the Network Information Center (NIC) you are using. If it is not on this list, select the Have Disk button and tell Windows 98 the location of the setup disk(s) for your NIC. Click OK.

8. The next wizard screen to appear shows you the resource and settings Windows 98 will attempt to use to set up the device. If you know these settings conflict with other settings, you cannot change them now. You need to use the Device Manager after the NIC is installed and manually change the settings.

You can print these settings now by clicking the Print button and following the instructions onscreen. You should write down these settings in case you need to refer to them later during device conflicts.

---

NOTE To launch Device Manager, open Control Panel and double-click the System icon. From the System Properties page, select the Device Manager tab.

You can usually find resource information for your NIC in the user guide or documentation bundled with your adapter.

---

9. Click Next to continue the setup process. During this phase, Windows 98 copies files from the Windows 98 Setup CD-ROM. If you do not have this disk in your computer, you are prompted to insert it at this point.

---

NOTE During this copying phase, Windows 98 might discover that a file (usually a DLL or VxD) on your computer is newer than one being copied from the Setup disks. You are prompted to indicate whether you want to keep the current one or copy over it using the older version. In most cases, you should keep the current file and answer Yes. If you answer No, you run the risk of copying over a file installed on your computer from a newer program or device that might not work with the older file. It would be good to write down this file in case your NIC does not work after Windows 98 installs the software. You might need to go back and install the older version to make your NIC work properly.

In previous versions of Windows, applications and devices usually copied over these newer files, sometimes rendering applications and hardware useless. This built-in safety measure in Windows 98 warns you that a file is being shared by at least two devices or applications.

---

10. When Windows 98 finishes installing the software for the network adapter, a screen displays letting you know it's finished. Click the Finish button. The System Settings Change dialog box displays.

11. Click the Yes button on the System Settings Change dialog box to restart your computer now. Click No if you want to return to Windows 98 without restarting the computer. You must restart your computer for the new device to work.

After your system restarts, you're ready to install the Client for Microsoft Networks support.

Configuring Client for Microsoft Networks

When your network adapter is installed and working, you need to install the Client for Microsoft Networks to enable the Windows 98 clients to connect to the Windows NT Server. When you get ready to install the Windows 98 networking components, have the Windows 98 CD-ROMs available. You also should have information about the Windows NT Server, such as domain name and IP information if you're installing TCP/IP.

To install the client software, follow these steps:

1. Open Control Panel and double-click on the Network icon. The Network dialog box appears (see Figure 27.2).

FIGURE 27.2 The Network dialog box shows all the network devices, protocols, clients, and adapters installed on the workstation.

2. Click the Add button. The Select Network Component Type dialog box appears (see Figure 27.3).

FIGURE 27.3 Select the Client option to install networking clients.

3. Double-click the Client option to display the Select Network Client dialog box.

4. Click the Microsoft option on the Manufactures list. In the Network Clients list, select Client for Microsoft Networks (see Figure 27.4). Click OK.

You should see the client listed in the Network properties sheet. You now need to install a protocol for your client. In some cases, you might have more than one protocol you want to set up, such as IPX/SPX, NetBEUI, and TCP/IP. The NetBEUI protocol is the default protocol Windows 98 uses for peer-to-peer networking as well as Windows NT's client/server networks.

FIGURE 27.4 The finished Select Network Client dialog box.

The following steps show you how to set up a protocol for your Windows 98 client:

1. On the Network Properties sheet, click the Add button.

2. Double-click the Protocol option in the Select Network Component Type dialog box. Click Add.

3. In the Select Network Protocol dialog box (see Figure 27.5), select Microsoft from the Manufacturers list and the protocol you want to install from the Network Protocols list. In the example in Figure 27.5, the NetBEUI protocol is selected.

FIGURE 27.5 NetBEUI, TCP/IP, and IPX/SPX are common protocols from which to choose.

4. Click OK. You might be asked to reboot the computer at this point. You can click Yes to do so immediately or No if you want to wait. In most cases, you should click No so you can go ahead and set up logon information for the client, which is explained in the next section.

The protocol displays in the Network Properties sheet. You should now have the following components installed: client (Client for Microsoft Networks), an adapter, and protocol(s).

Now you're ready to configure your Windows 98 client to work with the Windows NT 4.0 network, as explained in the following section.

Configuring Logon for Clients for Microsoft Networks

Before you can connect to a Windows NT server or other Windows 98 workstation on the network, you need to configure the Client for Microsoft Networks components. The items you need to configure include the following:

• Primary network logon

• Computer identification

• Domain information

The primary network logon selections enable you to choose the default network you log onto when starting the Windows 98 client. For this case, you want to use the Client for Microsoft Networks option, which is located on the Primary Network Logon drop-down list on the Network Properties sheet.

---

NOTE The Windows Logon option on the Primary Network Logon drop-down list can be used when you want the workstation to boot into Windows without logging onto the network. When the user attempts to access network resources such as files or printers, the user's request fails and the operating system declares that the user is not logged on.

---

The computer identification information is located on the Identification tab (see Figure 27.6). On this screen, you need to fill in identification information for that Windows 98 client so it can be found on the network. Each computer must have a unique computer name and can be part of a defined workgroup. The following list explains each of the fields to fill in:

FIGURE 27.6 Fill in the Windows 98 workstation's computer name, workgroup name, and optional computer description.

• Computer name. Identifies the computer on the network. The computer name must be unique and can contain up to 15 characters without spaces. The computer name is not the same name as the username for that computer.

• Workgroup. Identifies the workgroup to which this workstation belongs. Workgroups are collections of computers running Windows 98, Windows NT, or Windows for Workgroups. Every computer on a network running Client for Microsoft Networks must belong to a workgroup or domain (see the following Note for information on domains), even if there is only one computer (itself) in the workgroup. Workgroups are usually set up in logical groupings, such as company divisions, departments, or user levels. One workgroup, for instance, can include all the marketing staff and be called something like MARKETING. Another workgroup on the network can include all accounting staff and be called something like ACCOUNTING. Computers in a workgroup differ from those in a domain in that the workgroup handles its own security and doesn't rely on the server to handle it.

• Computer Description. Includes additional information or comments about the computer for others to see when accessing shared resources on the client. This field is optional. You can include, for instance, the primary user's name here, or use a description of the types of resources available on it. If this workstation contains the master schedule for booking office resources, such as conference rooms and audio visual equipment, you might use a name like DEPARTMENT RESOURCES.

---

NOTE A domain is a collection of computers on the network in which the security of the computers is controlled by Windows NT Server 4.0. By itself, Windows 98 cannot set up a domain; you must connect to a Windows NT 4.0 computer. On the Windows NT Server, information such as passwords and user and group information is stored for central access to all computers on the network. This way users can roam between different client machines but still access custom user profiles.

---

After you fill in the Identification tab, click on the Configuration tab to set up domain information for a client. To do this, click on the Client for Microsoft Networks option and click on the Properties button. The Client for Microsoft Networks Properties page appears. On this page, you set up logon validation for the Windows NT domain for this Windows 98 client. You also set up the way you want this client to log onto the domain. Figure 27.7 shows a completed page. The following list explains the various choices:

FIGURE 27.7 Use the Client for Microsoft Networks Properties page to fill in the domain name.

• Log onto Windows NT domain. Select this check box to enable domain verification.

• Windows NT domain. Fill in this field with the Windows NT 4.0 domain name. The information you include here is verified with the domain when you log onto the network.

• Q uick logon. Use this option if you want this Windows 98 client to log onto the network but not have network drives available until they are accessed. This option (which is the default logon option) is useful for workstations not always needing access to drives and resources upon logon but still needing access to the network, such as for e-mail. Because network resources are not actually connected during the logon process, the Windows 98 logon time is significantly faster than when network connections are established at logon time (see the next option). This is balanced by the time it takes to access a resource when a user needs it. Users might see a slight lapse between the time they request a resource and the time it becomes available because the connection was not established at logon time.

• Logon and restore network connection. Use this option to have Windows 98 connect to network resources at logon time. This is referred to as restoring persistent connections. During logon time, the user might have to wait a few moments while all network connections are made. The upside to this waiting is that when the user needs access to a resource on the network (such as a shared CD-ROM drive), the connection is already established so there is no delay in accessing it.

Click OK after you fill in this page.

Setting Up Peer Resource Sharing

You read earlier that you can take advantage of Windows 98's peer-to-peer networking features even if you're running a client/server NOS like Windows NT Server 4.0. The following resources can be shared on the network:

• CD-ROM drives

• Printers

• Files

To set up peer resources sharing, use the following steps:

1. Double-click the Network icon on the Control Panel to display the Network Properties sheet.

2. Select the Client for Microsoft Networks option in the components list.

3. Click the File and Print Sharing button. This displays the File and Print Sharing dialog box (see Figure 27.8).

FIGURE 27.8 Many networks combine client/server resources with peer-to-peer capabilities, such as file and print sharing in Windows 98.

4. Select I want to be able to give others access to my files in the File and Print Sharing dialog box to enable other users on the network to access files on this client. Select I want others to be able to print to my printer(s) to enable printer sharing capabilities.

5. Click OK to close the dialog box.

6. Click OK on the Network Properties sheet. You must restart the computer for the changes to take effect.

You can now access file and printer resources across the network.

Using User Profiles

Windows 98 offers several customizable features to the user, including wallpaper files, screen savers, desktop preferences, and application settings. Everyone, including the top-level management information systems (MIS) director, can customize Windows 98 to work best for them and look the way they want it. Historically, the problem with setting user-specific preferences has been that as users move from one machine to another, the settings did not follow them. With Windows 98, you can set up user profiles that save configuration settings to use on other machines. The user profile is stored in the user's WINDOWS\PROFILES\ subfolder or on the network server.

User profiles have several parts. Their components are described in the following list:

• Start Menu folder. Contains shortcuts, folders, and applications from the user's Start menu

• Recent folder. Contains shortcuts to the last items from the most recently used folder

• NetHood folder. Contains Network Neighborhood folder shortcuts

• USER.DAT and USER.DA0. Contains user settings in the Windows 98 Registry database

• Desktop folder. Contains shortcuts to desktop items for the logged-in user

• Start Menu\Programs folder. Contains shortcuts to programs in the Start menu's Programs folder

• Start Menu\Programs\Startup folder. Contains programs in the Startup folder

---

NOTE Users can optimize their profiles to include specific applications, documents, or files that launch automatically depending on who they are.

---

A profile is created for the first time after the user or system administrator enables the User Profiles feature on the Password Properties sheet on the Control Panel. To enable user profiles, use the following steps:

1. Double-click the Passwords icon on the Control Panel and click the User Profiles tab (see Figure 27.9).

FIGURE 27.9 Select the User Profiles tab to activate user profile capabilities in Windows 98.

2. Click the Users can customize their preferences... option to activate the User profile settings options on the bottom half of the User Profiles tab.

3. Click the options under the User profile settings to tell the Windows 98 workstation what to include in each profile. Your options are

• Include desktop icons and Network Neighborhood contents in user settings.

• Include Start menu and Program groups in user settings.

4. Click OK to save your selected settings.

Windows 98 will then inform you that it has detected the system settings change but that you will need to restart the computer before they take effect. To restart your computer now, click the Yes button. Otherwise, click the No button.

When you reboot the system, you will be asked to log on using a username and password. If a password is not set for this user, create and confirm a new one now.

---

NOTE A nice feature that network administrators can set up is mandatory user profiles. Known as roaming profiles, these profiles exist on the NT Server and apply whenever a client logs onto the network server. These mandatory user profiles (named USER.MAN) cannot be modified by the user. When a user logs onto the network, the USER.MAN file is used instead of the USER.DAT file. USER.MAN (MAN is short for mandatory) contains settings used every time the user logs onto the network, regardless of any changes the user made the last time he or she used Windows 98. Users cannot save changes they've made to their desktop or environment to the USER.MAN file. Only the administrator has rights to do so.

Creating a USER.MAN file is relatively easy. Enable user profiles in Windows 98 and customize the desktop to be how you want it for all users who will be assigned the mandatory profile. Next, for each user, copy this new USER.DAT file (it's still a .DAT file at this point) into the user's home directory on the Windows NT Server. To finish, rename the USER.DAT file to USER.MAN in each of the users' home directories. Reboot Windows 98 and log on for the mandatory profile to be activated.

---

Setting Up Roving Users on Windows NT Server 4.0

To set up roving users on your network, you must perform some specific steps. Use the following steps for setting up Windows NT after you've enabled user profiles on all the attached Windows 98 computers:

1. In Windows 98, double-click the Network icon on the Control Panel.

2. In the Primary Network Logon list, make sure Client for Microsoft Networks is selected.

3. Switch to the Windows NT Server 4.0 computer and ensure that the roving user is set up and has an assigned home directory. The path for this is \\server_name\home_directory.

4. Use the NET TIME command to synchronize the clocks on all computers on the network. The following is the syntax for the NET TIME command:

NET TIME \\computer_name | /WORKGROUP:workgroup_name /SET /YES

Specify the computer name to check on or to synchronize with using the computer_name parameter. WORKGROUP tells Windows to use a time server in another workgroup. The workgroup_name parameter defines that other workgroup. Use the SET switch to synchronize the clocks, and YES to have NET TIME automatically perform the command without prompting you for information or confirmation.

The user profiles are automatically stored on the Windows NT Server in the appropriate home directories when the user logs off the server.

Using System Policies

System policies are files that establish configurations (stored in the Windows 98 Registry) on a computer when a user logs onto the network. System policies can be applied to users, groups of users, or specific computers. You can use system policies to customize the desktop, limit the number of Control Panel applets a user can use, configure network settings, and other actions. Administrators can set, change, and maintain these settings for each entity on the network. You can control the type of environment and rights a user has by combining policies assigned to a certain user, the machine he or she is logged onto, and any groups the users might belong to.

The purpose of the System Policy Editor is to create system policy templates, which are then placed on the network to be automatically downloaded to the computer when a user logs on. You can find the System Policy Editor on the Windows 98 CD-ROM in the \ADMIN\APPTOOLS\POLEDIT directory. Microsoft also provides predefined policies you can choose from to create your own system policies. You also have the option of creating your own customized policies to fit your specific needs.

Two types of files are used when you create policies: ADM and POL files. ADM files are template files that establish the scope of administrative polices. POL files enforce the policies you create. Each are explained in the following list:

---

NOTE System polices overwrite USER.DAT Registry settings; therefore, POL files take precedence over a user's profile. Remember this when you decide to create user profiles or system policies.

---

• ADM files. These files do not create the policy but allow you to create a policy file. ADM files are templates that determine the limits for the policies defined by POL files. When System Policy Editor is launched, it looks for an ADM file. You can copy the sample ADM files provided by Microsoft from the ADMIN\APPTOOLS\POLEDIT folder on the Windows 98 Setup CD-ROM.

• POL files. POL files store the configuration information and any limitations you want to set up for a user, machine, or group. POL files implement the system polices based on the options you select on the ADM templates. You create a POL file by using the System Policy Editor. When it's created, you store it on the network server so it can be downloaded to a computer when a user logs on. By default, Windows 98 looks for POL files in the \WINDOWS folder for computers not networked to a Windows NT 4.0 network or in the NETLOGON folder in Windows NT 4.0 for computers networked to Windows NT 4.0 servers.

---

NOTE After you create the POL file, you need to provide a pointer to its new location. You can do this by adding an entry in the default location and changing the Registry so that it looks in the correct location. You can do this by editing the following Windows 98 Registry subkey:

---

HKEY_LOCAL_MACHINE\Network\Logon.

To use the System Policy Editor, you must install it from the Windows 98 CD-ROM. You must install the ADMIN.ADM, POLEDIT.EXE, and POLEDIT.INF files from the Windows 98 CD-ROM. These files are located in the ADMIN\APPTOOLS\POLEDIT folder. When you install these files, the ADMIN.ADM file is placed in the INF folder in your Windows 98 folder. This file provides the system policy templates for you to use in the System Policy Editor.

After you install these system policy files, you can install the GROUPPOL.INF files to enable you to create group system polices. When you do this, the GROUPPOL.DLL is placed in the \WINDOWS\SYSTEM folder. You must have this file installed in the directory for each client on your network. Group policies can be created only for Windows NT and NetWare networks that already have existing groups set up. You cannot, for instance, use the System Policy Editor to create a new group for either of these networks. The System Policy Editor is placed on the Start menu under Programs | Accessories | System Tools folders. Figure 27.10 shows you what the System Policy Editor looks like.

FIGURE 27.10 The System Policy Editor for local computer properties.

Browsing with Windows 98 on Windows NT Networks

A network isn't worth much unless you can use it for sharing resources. In some cases, users might not spend much time accessing the network server unless files and applications are stored there. But when it's time to get something off the server or to use another resource on the network, you don't want to spend all your time training end users on how to find what they need. With Windows 98, browsing the network has never been easier. Users can use Network Neighborhood, for instance, to view shared files and printers in Explorer-like displays.

The following sections give an overview of the browsing technologies available in Windows 98.

Overview of the Master Browse Service

Windows 98 uses the master browse service technology found in Windows NT Server. The master browser maintains a list of the domains, workgroups, and computers in a workgroup. For browsing tasks, the browse service in Windows 98 minimizes network traffic by providing an updated browse master list to applications. You can see the browse list in the Connect Network Printer and Map Network Drive dialog boxes. You also can view it using the NET VIEW command at the DOS command line. Only one master browse server is available in a workgroup. There can be more than one backup browse server in a workgroup, however.

You can control the way a Windows 98 workstation is used as a browse master by using the following steps:

1. Double-click the Network icon from Control Panel.

2. Click on the File and printer sharing for Microsoft Networks option in the network components list of the Network Properties sheet.

3. Click Properties to display the File and printer sharing for Microsoft Networks Properties dialog box (see Figure 27.11).

4. Click the Browse Master option in the Property list. In the Value drop-down list, select one of the following options:

• Automatic. Specifies that this workstation can become a backup browse master or a browse master.
  
  
• Disabled. Specifies that this workstation cannot become a backup browse master or a browse master.
  
  
• Enabled. Specifies that this workstation will become the browse master when it connects to the network.

5. Click OK to have your selection saved.

FIGURE 27.11 You can control how a Windows 98 workstation is used as a browse master.

Although this process allows you to configure a Windows 98 computer to be a browse master, it doesn't guarantee that it will actually function in that capacity. The browse master function will default to the network's primary domain controller (PDC) and then to any NT servers or workstations (in that order) before a Windows 98 computer is considered.

Using Network Neighborhood

The Network Neighborhood program browses every resource and server on the network. The key to Network Neighborhood is that it makes all shared resources and servers look as if they are local resources. Users do not have to map drives to access servers. They just need to click on the name of the server in the Network Neighborhood window (see Figure 27.12) and the server displays its shared resources.

FIGURE 27.12 Network Neighborhood makes it almost too easy for users to browse the network.

You also can use Windows 98's shortcut feature to create a shortcut of a network resource on the desktop. To do this, simply open Network Neighborhood, locate the resource you want to create a shortcut to, and right-click on it with the mouse. Next, drag and drop the resource onto the desktop and select Create Shortcut Here from the Context menu that displays. Now, you can double-click the shortcut to use the resource like a local resource. (Of course if you log off the server, or the computer that contains this resource is disconnected, the shortcut will not work.)

Examining Windows 98 Network Security

Compared to Windows NT Server 4.0, Windows 98 has very little security. In fact, the lack of security in Windows 98 makes administrators for corporate and large installations wary of using Windows 98 for housing vital information and resources. If you need a highly secure operating system for your organization, Windows NT Server 4.0 and Workstation are better suited to meet those needs.

Windows 98 provides share-level and user-level security on the network, as discussed in the following sections.

Understanding Share-Level Security

Share-level security is set up by requiring passwords for each shared resource on the network. This means that if a workstation has a shared CD-ROM drive attached to it, you can assign a password to that CD-ROM drive, requiring all those who want to access it via the network to enter the password to use it. Likewise, you can assign the same or a different password to another shared resource on the same workstation (such as a printer).

Each Windows 98 workstation maintains the list of passwords for its shared resources, making it difficult for administrators to control the types of re-sources being configured with share-level security. You might, for instance, want to have all root drives (the C:\ drive, for instance) on workstations to have share-level security set up. If you have relatively few workstations, walking around to each computer and setting this up is not a burden. However, for large installations it can be a huge time sink. Also, you do not have control over users at the workstation disabling the share-level access.

To set up share-level security, use the following steps:

1. Make sure the File and Printer Sharing for Microsoft Networks is installed (see the earlier section in this chapter called "Setting Up Peer Resource Sharing").

2. Double-click the Network option in the Control Panel. On the Network Properties sheet, select the Access Control tab.

3. Select the Share-level access control option (see Figure 27.13). This is the default setting.

FIGURE 27.13 You should use share-level security only when all you require is a password for someone to have access to a shared resource.

4. Click OK.

Now you can assign a password to any shared resource, such as a printer, as shown in the following steps:

1. Locate the resource you want to share and right-click on it. This displays a Context menu with several choices on it.

2. Select Sharing. The properties page for that resource appears, with the Sharing tab selected.

3. Click on the Shared As option, which activates the rest of the Sharing tab (see Figure 27.14).

FIGURE 27.14 The Sharing tab lets you add share-level security to a resource.

4. Fill in the information in the Shared As section. Some resources, such as files, include options that let you assign access-type rights to the shared resource. These access types include read-only rights, full rights, and password-dependent rights. You then can assign separate passwords to full and read-only rights. For the latter case, the password the user enters when accessing the resource determines the type of access granted. For instance, you might have some users who need only read-only rights to a resource, while others need full access. Set the Depends on Password option and then distribute passwords to users accordingly.

The information in the Comment field appears in the Comment column in the Network Neighborhood browser window. It can be used to provide additional information about a shared resource, such as times and days when the resource is available. (Remember that a shared resource on a workstation is probably disconnected from the network each evening when the main user goes home.)

5. Click OK to save your settings.

Understanding User-Level Security

User-level security uses a list of users and groups that can access a resource and then has the password and usernames authenticated by a security provider when a user requests to use a resource. For user-level security, you must be running a Windows NT domain (or NetWare server) and have user groups set up on the domain. The list of user accounts and passwords assigned to each resource is maintained on the Windows NT Server. This eliminates the need for each Windows 98 workstation to maintain separate lists.

To set up user-level security in Windows 98, use the following steps:

1. Make sure File and Printer Sharing for Microsoft Networks is installed.

2. Double-click the Network option on the Control Panel. On the Network Properties sheet, select the Access Control tab.

3. Select the User-level access control.

4. Enter the name of the domain or Windows NT workstation where the user accounts are stored.

5. Click OK. If you set up any share-level security on any resources, these will be deleted because you're changing to a user-level security. You might have to reboot your computer to make this changes take effect.

After your computer reboots, you can set up user-level security on shared resources, as shown in the following list:

1. Locate the resource you want to set up by using Explorer or My Computer. Right-click on the resource and select Sharing. The properties page for that resource displays, with the Sharing tab selected.

2. Click the Shared As button and insert a name for the resource. You also can add a comment to the Comment field. Click the Add button. The Add Users dialog box displays (see Figure 27.15).

FIGURE 27.15 The Add Users dialog box enables you to assign users and groups access rights to resources.

3. In the Name list, select a user or group and assign it an access right by clicking on access rights options, such as Read Only, Full Access, or Custom. The rights you can assign are determined by the resource you are setting up. For printers, users or groups can have access or no access. For folders being shared, users can have read-only, full, or custom access. Custom rights lets you assign read, write, create, change file attributes, change access rights, see a list view, and delete files rights.

4. Click OK to return to the properties sheet of the shared resource with names and access rights displayed on the Sharing tab (see Figure 27.16).

FIGURE 27.16 The list of users and groups for a shared resource using user-level security.

If you included any users or groups in the Custom access rights area, the Change Access Rights dialog box displays (see Figure 27.17). In this box, you can select custom access rights, as explained in step 3. Select the access rights you want to give that user and click OK. You return to that shared resource properties sheet.

5. You can delete user or group names by selecting them and clicking on the Remove button. If you want to modify the access right for a user or group, select the one you want to change and click on the Edit button. You then can change the access rights from the Change Access Rights dialog box.

6. Click OK to save your changes.

FIGURE 27.17 The Change Access Rights dialog box.

Understanding the Windows 98 Password Cache

Windows 98 stores passwords in a password list file, which has the extension of PWL. The PWL file contains passwords for workstations that use Windows 98 share-level security, password-protected applications that use the Master Password Application Programming Interface (API), NetWare servers, and Windows NT computers not in a domain.

The password cache is activated when you first log onto Windows 98. If you bypass that initial logon screen by clicking Cancel, you won't be able to access network-attached resources. You will have to log off and then successfully complete the logon process before you can access resources via the network.

You can have the password cache save your password the first time you access a password-protected resource. Then, when you return to that resource, you don't have to remember the password for that resource. This eliminates the problem of users forgetting passwords for resources they need access to. When you install Windows 98, password caching is enabled, but you need to select the Save this password in your password list option when you first access a password-protected resource to have the password saved in the cache list.

Setting System Policies to Enforce Password Security

One way to add more security to your Windows 98 workstations is to use some of the system policy settings devoted to security. In Passwords policies you can set the following:

• Hide share passwords with asterisks. Displays asterisks (****) in the password text fields when users enter their passwords. This setting is for share-level security only and is checked by default. You should leave it set this way for most situations.

• Disable password caching. Prevents Windows 98 from saving the share-level passwords for resource applications. By default, this option is not selected, but you might want to check it for a tighter level of security.

• Require alphanumeric Windows password. Requires that users logging onto Windows 98 use passwords that include both numbers and letters.

• Minimum Windows password length. Requires that Windows 98 passwords be a specific length, such as six characters long.

You also can use the System Policy Editor to disable password caching, as shown in the following example:

1. Double-click the Local Computer icon in the System Policy Editor.

2. Select the Local Computer Properties and choose Network. Next, click Passwords.

3. Click the Disable password caching option.

4. Save your settings and exit System Policy Editor.

---

© Copyright, Macmillan Publishing. All rights reserved.