Some people predict that one day a global Internet will cover every inch of the earth’s surface, giving us an always-on, always-available stream of data they call the “Evernet.” We’re not quite there yet, but today the Internet is available in pretty much any city you might visit, and it has become easy to stay in touch with home while you’re traveling. It really is starting to matter less and less where you are because your data, services, and online life are now present just about everywhere you go.
Windows 10 supports you when you’re away from home or the office with some pretty spiffy portability and networking features, including these features that are covered in other chapters:
OneDrive, Microsoft (“online”) accounts, and other cloud services ensure that your account preferences, passwords, data, and apps are available no matter where you are and what device you’re using. This topic is covered in Chapter 5, “Windows Apps and the Windows Store.”
The Battery Saver and Windows Mobility Center tools let you easily manage your computer’s display, power consumption, and networking features. These tools are covered in Chapter 35, “Windows on Mobile Devices.”
Wireless networking support lets Windows stay connected when you’re on the go. In particular, a special new feature called Wi-Fi Sense can provide automatic connection to wireless networks and Wi-Fi hot spots as you roam. For information, see “Connecting with Wi-Fi Sense,” p. 843.
Windows 10 Pro makes it easier to use a portable or laptop computer to make business or school presentations. Presentations are covered in Chapter 38, “Meetings, Conferencing, and Collaboration.”
Windows has a nifty Remote Desktop feature that lets you use your own home-based computer from somewhere else, over the Internet. This is covered in Chapter 39, “Remote Desktop and Remote Access.”
This chapter shows how to use several Windows 10 mobile networking features that help you get the most out of mobile (laptop, notebook, netbook, or tablet) computers while you’re working away from home or the office:
Dial-up and virtual private network (VPN) networking let you access a remote network when you’re traveling, and you can even set up remote access to your own home or office network.
The Offline Files feature lets you automatically keep up-to-date personal copies of the files stored in network folders, so you really can “take them with you.”
Note
Some tablets and other small devices run a version of Windows called Windows 10 Mobile. Although many of the features and settings we discuss in this chapter apply to Windows 10 Mobile, this chapter primarily addresses portable devices with an Intel-compatible processor running Windows 10 Home, Pro, or Enterprise.
Windows can connect to a remote Windows network via a dial-up modem or via a protected connection called a virtual private network (VPN) that’s routed through the Internet. Using these services, all file sharing, printing, and directory services are available just as if you were directly connected to the remote network (albeit much slower in some cases). You can connect, open shared folders, transfer files, and use email as if you were “there,” and then disconnect when you’re finished.
The receiving end of a VPN or a dial-up networking connection is usually handled by the Remote Access Services (RAS) provided by Windows Server or third-party remote connection devices manufactured by networking companies such as Cisco and Alcatel-Lucent. Interestingly, Windows comes with a stripped-down version of RAS so you can set up your own Windows computer to receive a single incoming modem or VPN connection. You can use this, for example, to get access to your office computer and LAN from home, provided that your company’s security policies permit this.
In this chapter, you learn how to use a VPN to access a remote network over the Internet. We don’t address dial-up (modem) networking because its use has all but disappeared due to its low speed and limited bandwidth. You learn how to allow incoming connections later in the chapter.
A virtual private network lets you connect to a remote network in a secure way. A VPN creates what is effectively a tunnel between your computer and a remote network, a tunnel that can pass data freely and securely through potentially hostile intermediate territory like the Internet. Authorized data is encapsulated in special packets that are passed through your computer’s firewall and the remote network’s firewall. These are inspected by a VPN server before being released to the protected network.
Note
Several companies manufacture VPN software and hardware solutions, some of which are faster and provide better management tools than Microsoft’s VPN system. If your organization uses a VPN product purchased from a company such as Juniper Networks, CheckPoint Software Technologies, or Cisco Systems, you’ll have to follow their instructions for installing and using their VPN software.
Smaller-scale alternatives include a series of Internet Connection Sharing routers made by Linksys that have VPN capabilities built in, and a software product called Hamachi made by logmein.com. If you’re interested in setting up a permanent VPN between locations you use, you might want to check out these solutions.
Figure 37.1 illustrates the concept, showing a VPN connection between a computer out on the Internet and a server on a protected network. The computer sends your data (1) through a VPN connection that encapsulates it (2) and transmits it over the Internet (3). A firewall (4) passes VPN packets but blocks all others. The VPN server verifies the authenticity of the data, extracts it (5), and transmits the original packet (6) on to the desired remote server. The encapsulation process allows for encryption of your data as it transits the Internet and allows “private” IP addresses to be used as the endpoints of the network connection.
After you have an Internet connection established (via modem or a dedicated service), Windows establishes the link between your computer and a VPN server on the remote network. After it’s connected, in effect, you are a part of the distant LAN. The connection won’t be as fast as a direct LAN connection, but a VPN can be very useful for copying files and securely accessing Remote Desktop connections.
Both desktop and server versions of Windows come with VPN software built in. In the next section, we describe how to use Microsoft’s VPN system.
To create a VPN connection to a remote network or computer, you need a working Internet connection. You also must obtain or confirm the information shown in Table 37.1 from the remote network’s or computer’s manager.
Note
If you use your device on an Enterprise (business) network, your network manager might set up DirectAccess for you, which is an automatic VPN connection system. If so, you can skip the steps in this chapter because your VPN connection is always on.
Armed with this information, you’re ready to create a connection to the remote network. To do so, follow these steps:
1. Click or touch Start, Settings, Network & Internet, VPN.
2. Click VPN in the navigation pane at the left, and then click Add a VPN Connection to bring up the panel shown in Figure 37.2.
3. Under VPN provider, select the type of VPN to which you’re connecting. If your VPN type is not listed, you must add third-party software from the VPN vendor. Your IT department can provide this software.
4. Under Connection Name, type a name for the connection that makes sense to you.
5. Under Server Name or Address, enter the public hostname or IP address of the VPN server.
6. Fill in other connection information as provided by the manager of the remote network. You might need to scroll down to see all the input fields. Click the box if you want your sign-in information to be remembered. Finally, click Save to save the new connection.
Before you connect for the first time, you might want to check the new connection’s settings, as described in the next section.
To edit the properties of a VPN, follow these steps:
1. Click or touch the network icon in the taskbar; then, in the top of the network pop-up, select the icon for your VPN connection.
2. In the VPN Settings window, again click or touch the icon for the desired VPN connection, and then select Advanced Options.
3. Click the Edit button to change any of the information you initially entered, or change proxy settings by scrolling down.
If you are connecting to a small network that has only one subnet (one range of network addresses), and if you want to browse the Internet while you’re also using the dial-up or VPN connection, you can change the connection’s gateway setting so that Windows won’t route connections to Internet-based hosts through the VPN or dial-up connection. This will speed up web browsing considerably. To change the gateway setting, follow these steps:
1. Right-click the network icon in the taskbar and select Open Network and Sharing Center. Select Change Adapter Settings, right-click the icon for your VPN connection, and then select Properties.
2. Select the Networking tab, select Internet Protocol Version 4, and choose Properties. Then click the Advanced button.
3. Uncheck Use Default Gateway on Remote Network.
You can make this change on more complex networks as well, but you’ll have to add routing information so that Windows knows which network addresses are reached through the VPN connection and which are reached directly on the Internet. We explain how to make routing entries later in the section “Setting Up Advanced Routing for Remote Networks.”
After you’ve finished making any needed changes to the connection’s options, click OK.
To make a VPN connection to a remote network, be sure you first have a working Internet connection. Then follow these steps:
1. Click or touch the network icon in the taskbar.
2. At the top of the Network pop-up panel, click the name of the VPN connection you want to start. This opens the VPN Settings window. Click the name of the desired VPN connection again, and then click Connect.
3. If credentials are not already stored for the connection, Windows opens a dialog box or a panel to let you enter your login name, password, and (if appropriate) your account’s Windows domain name, as shown in Figure 37.3.
Enter the login name, password, and Windows domain name (if appropriate) for your account on the remote computer or network. If you do have a domain login name, you can enter it in the form myusername@mydomainname.
However, if you are connecting to a Windows 10, 8.1, or 8 computer and you have a Microsoft account, you can’t enter your account in [email protected] format. You must use the local account name, which the remote computer owner can tell you (she saw it when she set up incoming VPN access). This is described later in the chapter.
4. Click OK. Windows shows you the progress of your connection as it contacts the remote server, verifies your username and password, and registers your computer on the remote network.
If the connection fails, you’ll most likely get a reasonable explanation: The password or account name was invalid, the remote system is not accepting connections, and the like. If you entered an incorrect username or password, you are usually given two more chances to reenter the information before the other end hangs up on you.
If the connection completes successfully, and you hover your mouse pointer over the taskbar’s network icon, a small balloon will appear showing the active network connections. If you click the network icon, you’ll see the active dial-up or VPN connection in the list of active connections with the word Connected under it.
In most cases, the remote network will be a corporate network or a network you control, so if Windows prompts you “Do you want your PC to be discoverable by other PCs and devices on this network?” select Yes, indicating that you have connected to a private network.
If Windows doesn’t prompt you about discoverability the first time you connect, or to change the resulting network location from Public to Private or vice versa, see “Take Care When You Share,” p. 842. If you are connecting to a Windows domain network, you might not be prompted because this setting might be under control of the remote network.
You can now use the remote network’s resources, as discussed next.
When you’re connected through a VPN, you can use network resources exactly as if you were physically on the remote network. The Network folder, shared folders, and network printers all function as if you were directly connected.
The following are some tips for effective remote networking:
Don’t try to run application software that is installed on the remote network itself. Starting it could take quite a long time! (However, if you have previously connected directly to the network, and the Offline Files system is in use, you might have a cached copy of the application on your hard disk. Your network manager will set this up for you if it’s a reasonable thing to use.)
If you get disconnected while you are editing a document that was originally stored on the remote network, immediately use Save As to save it on your local hard disk the moment you notice that the connection has been disrupted. Then, when the connection is reestablished, save it back to its original location. This will help you avoid losing your work.
You can place shortcuts to network folders on your desktop or in other folders for quick access.
If the remote LAN has Internet access, you should be able to browse the Internet while you’re connected to the LAN, although it can be slower to do so because data from Internet sites goes first to the remote network and then through the VPN connection to you. See “Editing a VPN Connection’s Properties” in this chapter for information about an option that can speed up Internet browsing.
If you use a standalone email program, you might have trouble sending mail while you’re connected through the VPN. Your ISP might not accept outgoing mail because your connection appears to be coming from the “wrong” network. We discuss this in the next section.
If you use your computer with remote LANs as well as the Internet, or if you use different ISPs in different situations, you might need to be careful with the email programs you use. Most email programs don’t make it easy for you to associate different mail servers with different connections.
Although most email servers enable you to retrieve your mail from anywhere on the Internet, most are very picky about whom they let send email. Generally, to use an SMTP server to send out mail, you must be using a computer whose IP address is known by the server as belonging to its own network, or you must provide a username and password to the outgoing mail server (that is, you must authenticate).
If your ISP lets you (or requires you) to use authenticated SMTP (that is, if you set your email program to supply a username and password to the outgoing mail server), you should have no problem sending mail.
If you can’t use authenticated SMTP, see if your favorite email program can configure separate “identities,” each with associated incoming and outgoing servers. Set up a separate identity for each network you use, and configure each identity to use the correct outgoing SMTP server for its associated network. When you make a dial-up or VPN network connection, set your email program to use the corresponding identity.
To check the status of a VPN connection, right-click the network icon in the taskbar and select Open Network and Sharing Center. In the right side of the View Your Active Network section, click the name of your connection where it appears after the label Connections, and select View Network Status. This displays a dialog box showing the number of bytes sent and received.
To end a VPN connection, click the network icon in the taskbar, then click the VPN connection’s icon to bring up the VPN settings window. Click the VPN icon again there, and then click Disconnect.
As discussed previously, if you use virtual private networking to connect to a remote network with more than one subnet, you usually must let Windows set the default gateway to be the remote network. Otherwise, Windows won’t know which network hosts must be reached through the VPN connection and which should be reached through your Internet connection. Unfortunately, all your Internet traffic will travel through the tunnel, too, thus slowing you down. The remote network might not even permit outgoing Internet access.
The alternative is to disable the use of the default gateway and then manually add routes to all subnets known to belong to the private network.
To disable the default gateway, follow the steps under “Editing a VPN Connection’s Properties,” earlier in this chapter.
To add routes manually, you have to work in a Command Prompt window with elevated privileges. Press Windows Logo+X or right-click the Start button, select Command Prompt (Admin) or Windows PowerShell (Admin), whichever appears, and then confirm the UAC prompt.
To add information about remote network subnets, use the route
command, which looks like this:
route add subnet mask netmask gateway
The subnet and netmask arguments are the addresses for additional networks that can be reached through the gateway address gateway. To add a route, you must know the gateway address for the VPN as well as the IP address and mask information for each subnet on the remote network.
You must get the subnet information from the network administrator at the remote end. You can find the VPN gateway address from your own computer. Connect to the remote VPN and in the Command Prompt window, type ipconfig and press Enter. One of the connections printed should be labeled PPP Adapter, SSTP Adapter, or L2TP Adapter. Note the gateway IP address listed. This address can be used as the gateway address to send packets destined for all subnets on the remote network. For example, if you’re connected to a VPN or dial-up networking host through a connection named Client Net and you find the connection addresses
PPP adapter Client Net:
IP Address. . . . . . . 192.168.5.226
Subnet Mask . . . . . . 255.255.255.255
Default Gateway . . . . 192.168.5.226
the gateway address is 192.168.5.226. Now, suppose you know that there are two additional subnets on the remote network: 192.168.10.0 mask 255.255.255.0 and 192.168.15.0 mask 255.255.255.0. You can reach these two networks by typing two route
commands:
route add 192.168.10.0 mask 255.255.255.0 192.168.5.226
route add 192.168.15.0 mask 255.255.255.0 192.168.5.226
Each route
command ends with the IP address of the remote gateway address (it’s called the next hop).
Check your work by typing route print and looking at its output. In the IPv4 Route Table section, you should see only one destination labeled 0.0.0.0; if you see two, you forgot to disable the use of the default gateway on the remote network. Verify that the two routes you added are shown.
When you disconnect the VPN connection, Windows removes the added routes automatically.
To avoid having to type all this every time you connect, you can use another neat trick: Create a batch file that will automatically establish the VPN (or dial-up connection) and then make the route changes. You’ll need to find out from the remote network’s administrator the real next-hop “gateway” address used for incoming dial-up or VPN connections. In the example we’ve been using, it might be 192.168.5.1.
For the example, you could open Windows Notepad (one of the Accessories apps) and type the following:
@echo off
rasphone -d "VPN to Office"
route add 192.168.10.0 mask 255.255.255.0 192.168.5.1
route add 192.168.15.0 mask 255.255.255.0 192.168.5.1
Then you could save this to the Desktop with the name openvpn.bat
. If you do this yourself, use your connection’s actual name, rather than VPN to Office, and type your network’s address information.
Now, to open the connection, right-click the openvpn icon and select Run As Administrator. This will establish the link and then run the route
commands.
Windows has a stripped-down Remote Access Server (RAS) built in, and you can use it to connect to your computer by modem or through the Internet, from another location using any computer running Windows. (In this book, we just talk about VPN connectivity, although a modem connection could be set up using a similar procedure.) After you’re connected, you can access your computer’s shared files and printers just as you can on your home or office network. At most, one remote user can connect at a time.
Note
Setting up your computer to receive Microsoft VPN connections is fairly complex, as you can see from the following instructions, and might not even be possible if you share an Internet connection using a router. If you want to make VPN connections to your own computer or home network, you might want to check out Hamachi, an alternative “zero configuration” VPN system, available at logmeinhamachi.com.
Setting up an incoming Internet (VPN) connection requires an always-on Internet connection, whose external IP address you know and can reach from the Internet at large. We talk about ways to establish an Internet hostname using static addressing or dynamic DNS providers in Chapter 39, so we won’t repeat that discussion here. Besides a discoverable IP address, you will also have to configure your Internet router or Windows Internet Connection Sharing (ICS) service to forward VPN data through the firewall to the computer you’re going to set up to receive VPN connections. We discuss this in more detail shortly, under “Enabling Incoming VPN Connections with NAT.” We will tell you right up front that very few hardware connection-sharing routers can be set up to forward VPN connections.
Note
Windows Firewall doesn’t have to be told to permit incoming VPN connections because it knows to let them in.
1. Right-click the network icon in the taskbar, and select Open Network and Sharing Center. Then click Change Adapter Settings.
2. If the standard menu bar (File, Edit, and so on) isn’t displayed, press and release the Alt key. Then click File, New Incoming Connection.
Caution
Permitting remote access opens up security risks. Before you try to enable incoming access on a computer at work, be sure that your company permits it. In some companies, you could be fired for violating the security policies.
3. Select the user accounts that will be permitted to access your computer remotely. This step is very important: Check only the names of those users to whom you really want and need to give access. The fewer accounts you enable, the less likely that someone might accidentally break into your computer.
Note that if you have any users who have Microsoft accounts, they will appear in this list with usernames along the lines of brian_000. They will need to use these “local” names, and their Microsoft password, when they connect to your computer.
Under no circumstances should you check Guest, HomeGroupUser$, or a name that looks like IUSR_xxx or IWAM_xxx.
4. After selecting users, click Next. Then select the means that you will use for remote access. Check Through the Internet and then click Next. (If your computer has an analog modem attached to it, you can select it, too, in this step, to provide dial-up networking access.)
5. Windows displays a list of network protocols and services that will be made available to the dial-up connection. Select the Internet Protocol Version 4 (TCP/IP) entry and then click Properties. Select Specify an IP Address and then set the From value to 192.168.111.2 and the To value to 192.168.111.20. Then, click OK.
6. Make sure that Internet Protocol Version 4 (TCP/IP) is checked and that Internet Protocol Version 6 (TCP/IP) is unchecked. Then click Allow Access. When the final window appears, click Close.
Note
The Add Someone button lets you create a username and password that someone can use to connect remotely but not log on directly at the computer. A user added this way will only be able to use the network resources available to Everyone unless you explicitly grant this account access rights to the resources. You can delete such an account only by using the Computer Management Local Users and Groups tool.
Note
If you enable dial-up access, the selected modem will answer all incoming calls on its telephone line.
When the incoming connection information has been entered, a new Incoming Connection icon appears in your Network Connections window.
When someone connects to your computer, a second icon appears in the Network Connections folder showing that person’s username, as shown in Figure 37.4. If necessary, you can right-click this to disconnect this user.
Windows Internet Connection Sharing (ICS) and routers that share Internet connectivity use an IP-addressing trick called Network Address Translation (NAT) to serve an entire LAN with only one public IP address. Thus, incoming connections, such as from a VPN client to a VPN host, have to be directed to a single host computer on the internal network.
If you use a shared Internet connection, only one computer can be designated as the recipient of incoming VPN connections. If you use Microsoft’s ICS, that one computer must be the one sharing its connection. It will receive and properly handle VPN requests.
If you use a router, the VPN server can be any computer you want to designate. Your router must be set up to forward the following packet types to the designated computer:
TCP port 1723
GRE (protocol 47—not the same as port 47!)
Unfortunately, some of the cheaper routers designed for home use don’t have a way to explicitly forward GRE packets. There are several ways around this problem:
Some routers know about Microsoft’s Point-to-Point Tunneling Protocol (PPTP), and you can specify the computer that is to receive incoming VPN connections.
If the option doesn’t work, someone might suggest that you designate the VPN computer as a DMZ host so that it receives all unrecognized incoming packets. This is a bad idea because that computer becomes vulnerable to hacker attacks. You would have to designate the computer’s network location as Public to protect it, and this means it could not participate in sharing files or printers, which is what you wanted to do with the VPN to start with. Therefore, we don’t recommend that you do this. If you do, you must at least configure your router to block Microsoft File Sharing packets on TCP and UDP ports 137 through 139 and port 445. A better idea follows.
As an alternative to using Microsoft’s VPN software, you can use a router that has the capability to receive incoming VPN connections; Linksys makes some. You have to use their routers at all of your locations, however. You might also investigate a software VPN solution such as Hamachi, at logmeinhamachi.com.
To disable incoming VPN connections, follow these steps:
1. Right-click the network icon in the taskbar, and select Open Network and Sharing Center. Then click Change Adapter Settings.
2. To temporarily disable incoming connections, right-click the Incoming Connections icon and select Properties. Uncheck the modem entry and/or the Virtual Private Networking check box, and then click OK.
3. To completely disable incoming connections, right-click the Incoming Connections icon and select Delete.
You might recognize the “Offline” problem: If you have a portable computer that you sometimes use with your office network and sometimes use out in the field, you probably make copies of important “online” documents—documents stored on the network server—on your laptop. But if you make changes to one of your “offline” copies, the network’s copy will be out of date. Likewise, if someone updates the original on the network, your copy will be out of date. And, trying to remember where the originals came from and who has the most recent version of a given file is a painful job. I admit that more than once I’ve accidentally overwritten a file I’d worked on with an older copy—or worse, overwritten somebody else’s work—because I wasn’t paying attention to the files’ date and time stamps.
The Offline Files feature is available only on Windows 10 Pro and Enterprise editions. The Sync Center is present on all versions, though, because it can also work with handheld devices such as PDAs and smartphones. If your version of Windows doesn’t support Offline Files (or even if it does), you should know about Microsoft’s SyncToy tool, which is a free program you can download from Microsoft.com (search for Synctoy; you want version 2.0 or later). SyncToy can do a pretty good job of copying new and updated files back and forth between a network location and a folder on your portable computer. It’s not quite as seamless as Offline Files, but it can do just as good a job.
In many ways, Offline Files and SyncToy give you your own “private cloud,” networked file storage that you manage yourself. If you don’t want to bother, a plethora of companies provide both personal- and business-oriented cloud storage, such as Microsoft’s OneDrive, Google Drive, Dropbox, and so on. These services have applications that do the job of syncing the network’s and your personal copies of files automatically.
Windows has a solution to this housekeeping problem: Offline Files and the Sync Center. Here’s how it works: When you use a network folder and tell Windows to make it available for offline use, Windows stashes away a copy of (caches) the folder’s files somewhere on your hard drive, but all you see is the original network folder on your screen. When you disconnect from the network, the shared file folder appears to remain on your screen, with its files intact. You can still add, delete, and edit the files. For all intents and purposes, Windows makes it look as if you’re still connected to the network. Meanwhile, network users continue to work with the original, online copies. When you reconnect later, Windows will set everything right again thanks to a program called the Sync Center. Files you’ve modified will be copied to the network, and files others have modified will refresh old copies in your offline cache.
You’ll find that the Offline Files system works really well and is more powerful than it seems at first glance. The following are some of the potential applications:
Maintaining an up-to-date copy of a set of shared files on both a server (or desktop computer) and a remote or portable computer. If you keep a project’s files in a file folder marked for offline use, Windows keeps the copies up to date on all your computers.
“Pushing” application software or data from a network to a portable computer. If software or data is kept in an offline file, your portable computer can update itself whenever you connect or dock to the LAN.
Automatically backing up important files from your computer to an alternative location. Your computer can connect to a dial-up or network computer on a timer and refresh your offline files and folders automatically.
Note
The server we’re talking about might be in the next room, which isn’t very “remote” at all, but that’s what we’ll call it for simplicity’s sake. In this section, a “remote” server refers to some other computer that you access via networking.
It’s easy to make folders available offline, as you’ll see in the next section.
You can mark specific files, subfolders, or even entire shared folders from a “remote” server for offline use.
While you’re connected to the remote network, view the desired items in File Explorer. If you’ve mapped a drive letter to the shared folder, you can select the mapped drive in the This PC section; otherwise, you can see it in the Network section.
When you find the mapped drive, file, folder, or folders you want to use while offline, select it (or them), right-click, and select Always Available Offline.
You can also select a file or folder in File Explorer’s right pane—that is, the contents window rather than the left pane tree listing—and use the ribbon’s Easy Access button to select Always Available Offline. The ribbon works only on items you select in the right pane, not the left pane. (If the File Explorer window isn’t wide enough, Easy Access can be hard to find. It’s in the section labeled New.)
Be cautious about marking entire shared drives or folders available offline, though, unless you’re sure how much data they contain and you’re sure you want it all. You could end up with gigabytes of stuff you don’t need. (Remember, all of this stuff will be copied to your own hard drive.)
Note
Before you mark a folder for offline use, check to make sure you don’t have any of its files open in Word, Excel, or so on. Open files can’t be copied.
The first time you mark a file or folder for offline use, Windows copies it (and all its contents) from the network location to a hidden folder on your hard drive. This process can take awhile if there is a lot to copy or if your network connection is slow. If any files cannot be copied, you can click the Sync Center link to see their names and the reasons for the problem.
When the file, folder, or folders have been copied, you will be able to use the network folders whether you’re connected to the network or not.
Note
The most common reason a file can’t be copied is that it is open and in use by an application. If this is the case for any of your files, close the application and perform another sync, as discussed later in this section. Another common problem is that thumbs.db
, a hidden file Windows creates in folders that contain pictures, is sometimes in use by File Explorer and can’t be copied. You can ignore problems with thumbs.db
. Just right-click the file’s name in the Sync Results window and select Ignore.
When you’ve marked a file, folder, or mapped network drive as Always Available Offline, a small green Sync Center icon appears on the topmost folder or file marked for offline use, as shown in Figure 37.5. If you select any item inside an offline folder, the text at the bottom of the File Explorer window shows the item’s status.
When files and folders are marked for offline use, the marked files and folders will remain in the File Explorer display even when the network copies are unavailable.
Caution
If the files that you’re copying from your network contain sensitive information, you may want to ask Windows to encrypt the copies stored on your computer. To see how to do this, skip ahead to “Managing and Encrypting Offline Files,” later in this chapter.
Tip
If your network or VPN connection is unreliable, you might find that your applications sometimes hang when you’re trying to save your work to a network folder. If this happens to you frequently, the Work Offline feature is your new best friend. With it, you can force Windows to use a local, cached copy of a document while you edit it and then sync it back up after you’ve saved your changes. Here’s how to do it: Locate a network folder in File Explorer. Mark it Always Available Offline. Open the folder in File Explorer. In the Home tab, select Easy Access (it can be hard to find; it’s in the New section) and then select Work Offline. This tells Windows to use the folder’s local copies, not the network copies, even if the network is available. Edit the file(s) you need to edit and then, back in File Explorer, select Home, Easy Access and unselect Work Offline. This should run the Sync Center and copy your changes back to the network.
When you are offline, you can add new files and delete, view, and edit files in any folder that you marked Always Available Offline. If you had mapped a drive letter to the network folder, the drive letter still functions. Folders and/or files that were not marked Always Available Offline will disappear from the display when you disconnect from the network.
You can also rename files, and the network copy of the file will be renamed the next time you connect and sync up.
However, in most cases, you cannot rename a folder while it is offline. On some corporate networks, you may be able to rename “redirected” folders if your network administrator has enabled this feature. In general, though, it’s best not to try to rename an offline folder while you’re offline.
Overall, the Offline Files system works very well. You can happily work away as if you were really still connected to the network. All network files and folders stay right where you’re used to them being. The only difference is that your changes won’t be visible to others on the network until you reconnect.
When you do reconnect, you should promptly synchronize your offline files and folders with the network folders so that both sets will be up to date.
Caution
If you delete a file from a network folder, while you are either offline or online, it will be deleted from your computer immediately and permanently. Files stored on a network are not saved in the Recycle Bin when you delete them!
You can synchronize files anytime you are connected to the network that contains the original shared folder, whether you connect by LAN, modem, or VPN. You can start a synchronization in any of several ways:
In the taskbar’s search box, type sync center. From the results, select Sync Center and then click Sync All.
In File Explorer, right-click a specific shared file or folder and select Sync, Sync Selected Offline Files.
If you have a portable device, right-click the Start button or press Windows Logo+X, select Mobility Center, click the Sync Settings button, and then click Sync All.
Synchronization can also occur automatically:
When you reconnect to the network and Windows is idle.
At specified times and days of the week. For a scheduled synchronization, Windows can even automatically make a dial-up connection.
The Sync Center has the job of reconciling changes made to the online and offline copies of the files.
The Sync Center will automatically copy new or changed files from your computer to the network, and vice versa. However, three situations exist in which it will need some help:
If both you and another user have changed the same file, you’ll have to pick which version to keep.
If you deleted a file while you were disconnected, you’ll have to decide whether you want to also delete the network’s copy.
If a network user deleted a file from the real network folder while you were disconnected, you’ll have to confirm that you want to delete your copy.
If any problems occur while syncing files, the Sync Center icon in the notification area on your taskbar will display an exclamation mark in a yellow triangle as a warning. Double-click the Sync Center icon to display the Sync Center, and then click View Sync Conflicts in the tasks list. This displays the Conflicts page, as shown in Figure 37.6.
Double-click the first listed file. This displays an explanation of why Sync Center can’t update the file, and you see a selection of choices to resolve the issue. For example, if both you and a network user modified the same file while you were disconnected, the dialog box will look like the one shown in Figure 37.7.
Continue through the conflict list to resolve each problem.
Caution
If the sync process fails because a file is in use, you should repeat the synchronization when no one is editing files in the shared folder; otherwise, you might lose changes to some files.
To manage the Offline Files feature, in the taskbar’s search box, type sync center, and then select Sync Center from the results. In the left pane, click Manage Offline Files. The Offline Files dialog box has four tabs:
General—Here, you can enable or disable the Offline Files feature entirely. You can also see a list of all files that have been copied to your hard disk for offline use.
Disk Usage—This tab lets you monitor or limit the amount of disk space used by offline file copies.
Encryption—Here, you can select to encrypt the network files that are stored on your hard disk. This makes them safe from theft should your computer fall into the wrong hands.
If you enable encryption and your computer is not joined to a corporate network, see “Backing Up Your Encryption Key,” p. 765.
Network—If Windows detects that you have a slow network connection (dial-up, for instance), Windows can automatically elect to work with offline copies and will sync them up periodically while you continue to work. You can set the frequency with which Windows checks for a slow connection.
Finally, remember that you can uncheck Always Available Offline on a file or folder anytime to remove it from the cached file list. This will delete the cached copies of the files in that folder.
When you’ve marked a network file for offline use, Windows makes a copy of the file on your hard disk. Windows can use your local copy of the file even while you’re still connected to the network; this could really save time, for example, if you are running an application from a network folder. On the other hand, this would not be appropriate for files that change frequently or for database files that are used by multiple users concurrently.
Therefore, Windows must know whether it’s appropriate to serve up cached copies for online use, and it leaves the choice up to the person who shares, not uses, a given network folder. So, when you share a folder on your computer, you can specify the way Windows will make this folder available for offline use by others.
Normally, Windows will not give users its cached copy of a file if the network copy is available. It’s useful to change this default setting if you are sharing a folder that has “read-only” documents that don’t change often, or a folder that contains application programs. In this case, you may be able to give users faster access by following these steps:
1. Use File Explorer or This PC to locate the folder you’re sharing. Right-click it and select Properties.
2. View the Sharing tab. Click the Advanced Sharing button. If Share This Folder is not checked, check it now.
3. Click the Caching button.
4. Select one of the following caching options:
Only the Files and Programs That Users Specify Are Available Offline—Lets users make the choice of whether to make the folder contents available offline. This is the default setting.
No Files or Programs from the Share Are Available Offline—Prevents users from making the folder’s contents available offline.
All Files and Programs That Users Open from the Share Are Automatically Available Offline—Causes other computers to automatically make the contents of any file opened from the folder available for use offline. Furthermore, even while connected, if users run an application program from the network folder, their computer will use their cached copy for speedier performance. This is automatic for Windows 10, 8.1, 8, 7, and Vista computers. Check Optimize for Performance to let Windows XP computers do this as well.
5. Click OK to close the Offline Settings dialog box, and then click OK to close the Advanced Sharing dialog box.
The amount of disk space allocated to “automatically” available offline files is limited to an amount set on the Disk Usage tab in the Sync Center’s Manage Offline Files dialog box.
Most desktop computers sit where they are installed, gathering dust until they’re obsolete. But portable computer users often carry their computers from office to office, docking or plugging in to several LANs. Although Windows makes it very easy for you to manage different dial-up and VPN connections, it’s difficult to manage connections to different LANs if the network configuration settings are manually set.
IP settings are the difficult ones. If all of your networks are set up to use DHCP for automatic TCP/IP configuration, you won’t encounter any problems; your computer will absorb the local information each time you connect.
If your TCP/IP settings are set manually, things aren’t so simple. Microsoft has come up with a partial solution called Alternate Configuration. You can configure your computer for automatic IP address assignment on most networks and manual assignment on one. The way this works is that Windows looks for a DHCP server when it boots up, and if it doesn’t find one, it uses the Alternate Configuration. This can be a static IP address, or the default setting Automatic Private IP Address, whereby Windows chooses a random address in the 169.254 subnet.
This means that your computer can automatically adjust itself to multiple networks, at most one of which requires manual IP address settings.
To set up Alternate Configuration, open the Network and Sharing Center, select Change Adapter Settings, right-click your LAN connection icon (usually named Ethernet or Wi-Fi), and select Properties. On the Networking tab, double-click Internet Protocol Version 4 (TCP/IP). Be sure the General tab uses the Obtain an IP Address Automatically setting; if not, this discussion doesn’t apply to your computer. View the Alternate Configuration tab and choose User Configured to enter the static LAN’s information. Finally, click OK.
If you need to commute between multiple networks that require manual configuration, you’ll have to change the General settings each time you connect to a different network. We suggest that you stick a 3-by-5-inch card with the settings for each network in your laptop carrying case for handy reference.
3.137.215.202