18. Mix and Match with Old Windows and Macs

Networking with Other Operating Systems

Most Microsoft online help and websites tell you how well Windows 7 networking works with Windows 7 and Windows Server computers, but these instructions consider only “vanilla” Windows networks. Real-life networks are seldom so simple, even at home. Often networks have a mix of operating systems, and Windows often has to be coaxed into getting along with them.

On a real-life LAN with multiple OSs, it’s not enough that computers be capable of coexisting on the same network cable at the same time. They need to actually work with each other, or internetwork, so that users of these various systems can share files and printers. At best, this sharing should occur without anyone even knowing that alternative platforms are involved. Achieving this kind of seamlessness can range from effortless to excruciating.

If a network appliance isn’t in the cards, you need to get your computers to interoperate directly. This chapter shows you how to get computers running Windows, Mac OS X, UNIX, and Linux to play together nicely.

Some new features have been added to Windows 7 networking, and support for some old features has been removed. With respect to internetworking, this list provides a summary of the most significant changes since Windows Vista and XP:

• Windows 7 behaves differently from previous versions of Windows when Password Protected Sharing is turned off. This is discussed later in the chapter under “Password Protection and Simple File Sharing.”

• The NetBEUI network protocol is not available under Windows 7. This could impact you if your network includes computers running Windows XP, 2000, Me, 98, or earlier versions. I’ll discuss this in more detail when I talk about networking with older versions of Windows later in this chapter.

• The Link Level Discovery Protocol (LLDP) is relatively new to Windows. LLDP lets Windows 7 eke out a map of the connections between your computers and the other hardware on your network. LLDP support is currently available only for Windows 7, Vista, XP (via a download), Server 2003, and Server 2008. Connections to computers running older versions of Windows will not be diagrammed on the network map. Computers running Linux and Mac OS X probably won’t appear, either—LLDP support was not available at the time this book was written, but I suspect that it will eventually be provided in a future Mac or Linux version or update. An Open Source effort to bring LLDP to Linux and the Mac was underway at the time this was written (see http://openlldp.sourceforge.net) and some commercial network mapping applications (such as LANsurveyor at www.solarwinds.com) also have a Mac LLDP responder.

• Microsoft does not provide out-of-the-box support for Novell NetWare (an industrial-strength corporate networking system) with Windows. Novell Corporation has a NetWare client that works on Windows 7, but its installation and use is beyond the scope of this book.

However, although some things change, other things stay the same. You probably won’t be surprised to learn that the Network Browser service (the relatively obscure software component responsible for collecting the list of names of the computers on your network, the list upon which the old Network Neighborhood display was based) is still present, and it still doesn’t work worth a darn.

In addition to covering internetworking issues, this chapter discusses some of the advanced and optional networking features provided with Windows 7. These features are not needed for “vanilla” Windows networks, but they are used for the more complex networks found in corporate environments.

Internetworking with Windows Vista, XP, and 2000

Windows 7’s file and printer sharing services work quite well with Windows Vista, XP, and Windows 2000 Professional. All three OSs were intended from the start to work well with the TCP/IP network protocol favored by Windows 7.

If your network has computers running these older versions of Windows, the differences in OSs show up in these areas:

• Default networking protocols—You might have configured older computers to use the NetBIOS or SPX/IPX protocols as the primary networking protocol. Windows 7 and Vista require that you use TCP/IP. And, it’s best if you use only TCP/IP.

• LLDP mapping—By default, Windows XP and Windows 2000 computers did not come with support for LLDP; without LLDP, these computers will appear as “orphans” on the network map display. You can download and install an LLDP add-on for Windows XP, but not for Windows 2000.

• Password Protected Sharing (Simple File Sharing)—Windows 7, Vista, XP, and 2000 can provide username/password security for shared files and folders. Windows 7, Vista, and XP also have a “passwordless” option that Windows 2000 doesn’t have. You might need to work around this.

• HomeGroup networking—Windows 7 lets you join your computers in a homegroup, which simplifies file sharing security. A Windows 7 homegroup member can still share files and printers with older versions of Windows, but there are some subtleties that we explain in this chapter.

We cover these topics in the next four sections.

Setting TCP/IP as the Default Network Protocol

When installed, Windows 2000 and XP were set up to use the TCP/IP network protocol for file and printer sharing. If your network previously included Windows 95, 98, or Me computers, you might have changed the network protocols to simplify internetworking with the older operating systems.

Because Windows 7 and Vista support only TCP/IP, you need to make sure that TCP/IP is enabled on your Windows 2000 and XP computers. Also, Windows networking works much more reliably when every computer on the network has the exact same set of protocols installed. You should ensure that TCP/IP is the only installed network protocol.

Follow these steps on all your computers that run Windows 2000 Professional, XP Home Edition, or XP Professional:

1. On Windows XP, log on using a Computer Administrator account. On Windows 2000, log on using the Administrator account.

2. On Windows XP, click Start, Control Panel, Network and Internet Connections; then click the Network Connections icon. On Windows 2000, click Start, Settings, Network and Dial-Up Connections.

3. Right-click the Local Area Connection icon and select Properties.

4. Look in the list of installed components and make sure that Internet Protocol (TCP/IP) is listed. If not, click Install, select Protocols, click Add, and select Internet Protocol (TCP/IP). If your network uses manually assigned (static) IP addresses, configure the Internet Protocol entry just as you configured your Windows 7 computers.

5. Look in the list of installed components for the NWLink IPX/SPX or NetBEUI protocols. Select these entries and click Uninstall.

6. Click OK to close the Local Area Connection Properties dialog box.

7. From the menu in the main window (Network Connections on Windows XP, Network and Dial-Up Connections on Windows 2000), select Advanced, Advanced Settings. Select the Adapters and Bindings tab.

8. In the top list, select Local Area Connection. In the lower list, make sure that Internet Protocol (TCP/IP) is checked under both File and Printer Sharing for Microsoft Networks and Client for Microsoft Networks.

9. Click OK to close the dialog box.

After checking all your computers, restart all your computers if you had to make changes on any of them.

Installing the LLDP Responder for Windows XP

Windows 7 and Vista include a graphical network map feature that’s pretty and might even be useful. The problem is that it diagrams only Windows 7 and Vista computers and most, but not all, network hardware devices such as routers, switches, and hubs.

Computers and network appliances that offer Windows file sharing and are part of the same workgroup also show up on the display, but they appear as disconnected icons at the bottom of the map. You can’t do anything about this for Windows 2000 computers, but Microsoft did create an add-on to Windows XP called the LLDP Responder for Windows XP that lets XP computers appear on the network wiring diagram.

To download the software, search Microsoft.com or Google for “Link Layer Topology Discovery (LLTD) Responder.” You need to install it on each of your XP computers while logged on as a Computer Administrator. After you install it, it starts to work immediately—no configuration steps are needed.

Password Protection and Simple File Sharing

On small Windows networks (that is, networks that aren’t managed by a Windows Server computer using the Domain security model), each computer is separately responsible for managing usernames and passwords. Before Windows XP, this made it difficult to securely share files across the network—you had to create accounts for each of your users on every one of your computers, using the same password for each user on each computer.

Windows XP introduced a concept called Simple File Sharing; when enabled, it entirely eliminated security for file sharing. All network access was done in the context of the Guest user account, regardless of the remote user’s actual account name. Essentially, anyone with physical access to your network could access any shared file. This made it much easier for other people in your home and office to get to each other’s files. (Horrifyingly, it was enabled by default, and there was no Windows Firewall when XP first came out—so everyone on the Internet also could get to your files, until Windows XP Service Pack 2 was released. But I digress.)

Windows 7 and Vista also include Simple File Sharing, although it’s now called Password Protected Sharing. And, the effect of disabling and enabling the feature is reversed on the two newer operating systems. Table 18.1 shows the settings and the results.

Table 18.1 File Sharing Settings on Windows 7, Vista, and XP

This setting is not always changeable. In Windows XP Home Edition, Simple File Sharing cannot be turned off. In all other versions of Windows it can be turned on or off, except if the computer is a member of a domain network. In this case, passwords are always required.

Finally, Windows 7 has a new twist in the way that security works when Password Protected Sharing is turned off. On Vista and XP, when passwords are not required, all network access uses the Guest account. Thus, anyone on the network can access any file in a shared folder only if the file can be accessed by Guest, or by the user group “Everyone.”

But on Windows 7, it works this way: When a remote user attempts to use a folder or file shared by a Windows 7 computer with Password Protected Sharing turned off,

• If the remote user’s account matches an account in the Windows 7 computer and that account has a password set, that account is used for file access.

• If the remote user’s account matches an account in the Windows 7 computer but that account has no password set, then the Guest account is used.

• If the remote user’s account matches no account in the Windows 7 computer, the Guest account is used.

This might seem convoluted, but this is actually a very useful change. First of all, this change was necessary to support the new HomeGroup feature. All homegroup member computers use a special, password-protected account named HomeGroupUser$ to access other member computers, and this change lets it work whether Password Protected Sharing is turned on or off. Second, it gives you the option of giving designated users additional access privileges, without requiring you to set up a full-blown security scheme.

I know this has probably given you a headache by now. You probably just want to know how to get at the library of pictures stored on your old computer. In the end, it can be pretty easy to decide how to set things up, based on how concerned you need to be about security.

To see how to set up your network, decide which of the following three categories best describes your environment:

1. My computer is part of a corporate domain network.

In this case: Accounts and passwords are always required. Your network administrator sets these up. Use the Security tab on any folder that you share to select the users and groups to which you want to grant access.

2. Ease of use is my priority, and network security is not a great concern.

In this case: Turn off Password Protected Sharing on your Windows 7 and Vista computers, and enable Simple File Sharing on Windows XP Professional computers. This lets anyone on the network access any shared folder.

Alternatively, you can create an account named, for example, “share” on each of your computers and assign a password to it, using the same password on each computer. When you share folders, be sure that you give Everyone or this “share” account permission to use the folder, as discussed in Chapter 20 under “Sharing Resources.” When you want to use a shared folder or printer stored on another computer, Windows will prompt you for a username and password. Enter username share and the password you chose for the share account.

In any case, you must make sure that a firewall is set up to block File and Printer Sharing access over your Internet connection. Use a connection-sharing router, Windows Firewall, or a third-party firewall program to do this. If you have a wireless network, you must enable WPA or WEP security.

If you have Windows 2000 computers on your network, see if you can get by without sharing any printers or folders from those computers—let them use resources shared by your XP and Windows 7 computers. Otherwise, you must create an account on the Windows 2000 computers—everyone can use a single account (for example, “share,” as described previously), or create an account for every user.

3. Network security is important to me; I want specific control over which users can use which shared files and folders.

In this case: Turn on Password Protected Sharing on your Windows 7 and Vista computers, and disable Simple File Sharing on any XP Professional computers. Do not share sensitive resources from any computer that runs Windows XP Home Edition (or do not use XP Home Edition at all). Do not create a homegroup.

On every computer that does share sensitive folders or printers with the network, you need to create an account for every user who needs access to the shared folders or printers. For each user, be sure to create an account with the same name and the same password as on that user’s own computer.

To change the Simple File Sharing setting on Windows XP Professional, follow these steps:

1. Log on as a Computer Administrator.

2. Click Start, My Computer.

3. Press and release the Alt key to display the menu. Select Tools, Folder Options, and then select the View tab.

4. Scroll to the bottom of the Advanced Settings list. Simple File Sharing is the last entry in the list. Check or uncheck the entry as desired.

More discussion of file sharing password arrangements is found in Chapter 17, “Creating a Windows Network,” and in Chapter 32, “Protecting Your Network from Hackers and Snoops.”

Using Windows Vista and XP with a Homegroup

If you have two or more Windows 7 computers, you can set up a homegroup (as described in Chapter 17) to simplify sharing libraries, folders, and printers. The HomeGroup system is based on regular Windows file sharing, so computers running other operating systems can also participate in your network.

The easiest way to make XP and Vista fit in is to disable password protected sharing on all your computers. (Password protected sharing is discussed in the previous section.) Here are the instructions for doing this on various versions of Windows:

• Windows 7—Click Start, Control Panel, View Network Status and Tasks (under Network and Internet), Change Advanced Sharing Settings. Scroll down, select Turn Off Password Protected Sharing, and then click Save Settings.

• Windows Vista—Click Start, Control Panel, Set Up File Sharing (under Network and Internet). Click the circular icon to the right of Password Protected sharing, click Turn Off Password Protected Sharing, and then click Apply. You might need to confirm a user account control prompt.

• Windows XP Professional—Log on as a computer administrator. Click Start, My Computer. In the menu, select Tools, Folder Options, and then select the View tab. Scroll the list down to the bottom, check Simple File Sharing, and then click OK.

• Windows XP Home Edition—No adjustments are necessary.

Now Windows 7 computers will connect to other Windows 7 computers using the special HomeGroupUser$ account, but all other combinations will use the Guest account. This means you need to make sure that resources are shared so that “Everyone” can use them. In particular, the file security settings for the shared folder and its contents must be set so that Everyone has read or read and write permission.

To ensure that this happens, use the following procedures when you’re sharing folders on various versions of Windows:

• Windows 7—Right-click a folder or library and select Share With, Share with Homegroup (Read) or Share with Homegroup (Read/Write). Then, right-click it again and select Share With, Specific People. Type or select Everyone in the drop-down list, and click Add. If you want other users to be able to change the contents of the folder, next to Everyone, click the word Read in the Permissions column and select Read/Write. Click Share to finish.

• Windows Vista—Right-click a folder and select Share. Type or select Everyone in the drop-down list, and click Add. If you want other users to be able to change the contents of the folder, next to Everyone, click the word Reader in the Permissions column and select Contributor. Click Share to finish.

• Windows XP Professional or Home Edition—Right-click a folder and select Sharing and Security. Select Sharing This Folder and click Apply. Select the Security tab. Under Group or User Names, if there is an entry for Everyone, select it; otherwise, click Add, type the word Everyone, press Enter, and select the entry for Everyone. In the lower section, in the Allow column, Read & Execute, List Folder Contents, and Read should be checked. If you would like to let other network users modify the contents of the folder, check Modify. Click OK to finish.

If you want to use passwords to protect access to shared folders, you should leave password-protected sharing turned on. There are two ways in which you can deal with the Windows XP and Vista computers:

• Set up accounts on every computer using the same account name and password for each person, on each computer. This will give you complete control over who has access to which folders shared by Windows 7, Vista, and XP Professional. (Per-user security is not available on folders shared by XP Home.)

• Set up a single account that you’ll use for file sharing, perhaps named share, on every computer, with the same password on every computer. Use this account when you set the permissions on shared folders, and use this account when Windows asks for an account and password when you connect to another computer.

If you share your printer, it’s enough just to enable sharing. By default, all versions of Windows enable Everyone to print to every installed printer, so anyone on the network should be able to print to any shared printer without changing the security settings.

Internetworking with Windows 95, 98, and Me

Internetworking between Windows 7 and Windows 95, 98, or Me requires some additional setup work.

First, Windows computers have difficulty “seeing” each other if you don’t have the exact same set of networking protocols installed on every computer on the network. You need to ensure that every Windows 95, 98, and Me computer has the TCP/IP protocol installed, and you also must uninstall the NetBEUI and IPX/SPX protocols from them.

Second, the default password security settings used when Windows 7 is installed make Windows 7 harder for a network hacker (or hardware hacker) to break your Windows 7 passwords. Unless you turn off Password Protected Sharing, you need to change one of Windows 7’s security settings. This significantly increases the risk that someone could break into your computer.

If you really must use Windows 95, 98, or Me on your network, you most likely need to change the protocol settings on the older computers, using the following steps. You might be asked to insert your Windows installation CD, unless your computer manufacturer copied its entire contents to your hard drive.

1. On your Windows 9x or Me computer, click Start, Control Panel, and then open the Network icon.

2. In the components list, select entries whose names start with “NetBEUI” or “IPX/SPX Compatible Protocol,” and click Remove. Repeat for any additional entries.

3. Make sure that Client for Microsoft Networks appears in the list. If it does not, click Add, Client, and select Client for Microsoft Networks. Click OK as necessary to return to the Network control panel dialog box.

4. If your Windows 9x/Me computer is a member of a corporate domain network, view the Access Control tab and select User-Level Access Control. Enter the name of a domain controller computer. (Your network administrator will help with this.)

On home or small-office networks, view the Access Control tab and make sure that Share-Level Access Control is selected.

5. Click OK to close the dialog boxes. You might be prompted to insert your Windows installation CD if you had to add the Client for Microsoft Networks in step 3.

6. Let Windows restart.

If you need to share printers or folders from your Windows 9x or Me computers for use by computers running Windows 2000, XP, Vista, or 7, do not set a password for the shared folder. These newer versions of Windows cannot supply a password in the way that Windows 9x or Me expects. The only security option you have is whether to select Read-Only or Full on the Sharing tab of the folders you select to share. “Full” lets other network users add to, change, or delete files in the shared folder.

You should not expect to be able to access folders or printers shared by computers running Windows 7 from computers running Windows 9x or Me, unless you’ve turned Password Protected Sharing off and use the username Guest. (Windows 9x/Me cannot provide valid username and password information to Windows 7 unless you make unacceptably risky changes to Windows 7’s password database.)

Internetworking with UNIX and Linux

The UNIX operating system, originally developed in the 1970s at AT&T’s Bell Laboratories as a platform for internal software development and as a “workbench” for programmers, is still evolving and growing. Most of the Internet software you’re familiar with today was originally developed on UNIX systems, in fact. The Open Source phenomenon (which is by no means new but is certainly resurgent) has also produced no-cost UNIX clones such as NetBSD and Linux. Perhaps hundreds of millions of people use these UNIX-type OSs every day, sometimes without even knowing it. For example, the Apple Mac and iPhone OSs are based on NetBSD, and Linux can be found in home computers, network routers, TiVo digital video recorders, engineering workstations, Internet servers, cell phones, IBM mainframes, laptops for children in the developing world, and space probes.

This section looks at ways to network Windows 7 with UNIX-type OSs. Although many of the examples involve Linux, most of the examples can be translated to almost any UNIX-type OS. And because typing “UNIX-type” is already getting tiresome, from here on, I sometimes write just “UNIX,” but I always mean “UNIX and/or Linux and/or Mac OS X.”

Samba

Samba is an open source (free) software suite available on most UNIX-like OSs. The Samba server program makes it possible for UNIX computers to share folders and printers that Windows users can access, and the Samba client tools let UNIX users access folders and printers shared by Windows computers. Samba is included with Apple’s OS X, which is how Macs get their Windows file sharing capability. The names of the Samba programs start with the letters smb, which stands for Server Message Block. This is the name of the network protocol on which Windows file sharing is based.

Samba Client Tools

To access file services on a Windows server from UNIX, you must know exactly what resources are available from a given host on the network. Samba includes a command-line program called smbclient for just that purpose. This application enables you to list available Windows shares and printers from within UNIX. For example, the command smbclient -L //lombok lists all the folders and printers shared by the computer named lombok.

When you know the name of the desired shared folder, the smbmount command enables you to mount the Windows share on the local (UNIX) file system. The command

smbmount //lombok/shareddocs /mnt/winshare -U brian

mounts the SharedDocs folder shared by computer lombok to the local directory /mnt/winshare. The -U switch tells smbclient what username to use when trying to mount the share. You are prompted for a password.

You also can use a Windows printer from a UNIX client, but the procedure is complex, and is beyond the scope of this chapter. Some Linux distributions include a GUI print configuration tool to simplify the process. In any case I recommend that you read the SMB How-To at http://en.tldp.org/HOWTO/SMB-HOWTO.html.

Samba Server Tools

Samba also includes tools and servers to make your UNIX system look just like a Windows-based network server; this capability lets your Windows computers use files and printers shared by UNIX systems.

The parameters for configuring Samba in a server capacity are contained in the file /etc/smb.conf on the UNIX host. The default file included with Samba has comments for every parameter to explain each one. Configuring the Samba server is beyond the scope of this book. However, I can offer a few pointers:

• Some OSs, such as the Mac OS X, include a GUI tool to configure Samba file sharing. These tools make the job a lot easier.

• If you have to set up file sharing by hand, read the documentation and FAQs for your Samba version before starting the setup procedure. A good place to start is http://en.tldp.org/HOWTO/SMB-HOWTO.html.

• Configure Samba for user-specific passwords with the security option. You need to set up UNIX user accounts for each of your Windows users. Alternatively, you can set up a single UNIX account that all Windows user will share; Windows users need to supply the selected username and password when they use UNIX shares.

• Either way, set encrypt passwords = yes in smb.conf. You also need to set up a user and password file for Samba’s use, which is usually specified with the smb.conf entry smb passwd file = /etc/smbpasswd. Your Samba documentation explains how to do this.

• Alternatively, you can use share-level security without a password. This makes Samba behave similar to Windows 7 with Password Protected Sharing turned off. However, in this case, you must take care to prevent SMB access to your UNIX computer from the Internet. To be precise, you must be sure that TCP port 445 is blocked.

When you have finished editing the smb.conf file, you can test to see that the syntax is correct by using the Samba program testparm. testparm checks smb.conf for internal “correctness” before you actually use it in a production environment.

Printing to UNIX Queues from Windows

You can configure Samba to offer standard Windows shared printer service. As an alternative, Windows 7 has built-in support to send output to UNIX-based printers using the Line Printer Remote (LPR) protocol. You can install a standard Windows printer whose output is directed to a UNIX system and can use this printer just as you would any local or networked Windows printer.

For instruction on connecting to an LPR-based printer, see “Using UNIX and LPR Printers,” p. 555.

Printing to Windows Printers from UNIX

You can install software on Windows 7 to let UNIX users print to any local printers shared by your computer. This is the receiving end of the LPR protocol, and it’s called Line Printer Daemon (LPD) Print Service.

To install this service, log on as a Computer Administrator and follow these steps:

1. Click Start, Control Panel, Programs, Turn Windows Features On or Off.

2. Scroll through the list of features and open Print and Document Services.

3. Check LPD Print Service, and then click OK.

Services for NFS

Windows 7 Ultimate and Enterprise editions come with client support for the network file system (NFS) file sharingsystem used on many UNIX systems. By “client support,” I mean that Windows 7 Ultimate and Enterprise editions can use files and folders shared by NFS file servers, but they cannot share files to the network using NFS. It’s an optional component and is not installed by default.

To install client support for NFS file resources, follow these steps:

1. Log on as a Computer Administrator.

2. Install Services for NFS by clicking Start, Control Panel, Programs, Turn Windows Features On or Off. Expand the Services for NFS entry and check both Administrative Tools and Client for NFS. Click OK to complete the installation.

3. Click Start, Control Panel, System and Security, Administrative Tools.

4. In the tool list, double-click Services for Network File System (NFS).

This displays the Services for Network File System management tool. The tool is not put together in the usual way. The right pane contains only help information. It’s useful, though; click on any of the links to display the Windows Help pages for NFS. The management functions are found in the left pane.

To configure the client, follow these steps:

1. To select the method that NFS should use to map Windows logon names to UNIX logon names, right-click Services for NFS in the left pane and select Properties. If your network provides UNIX name-mapping information through Active Directory, check Active Directory and enter the name of the Windows domain. If a User Name Mapping Service server exists on the network, check Use Name Mapping and enter the hostname of the mapping server. Either way, your network administrator should provide you with this information.

If you select neither Active Directory nor User Name Mapping, the NFS client will access shares anonymously. The NFS server might restrict or reject anonymous access.

2. To select whether to use “hard” or “soft” mounts, right-click Client for NFS in the left pane and select Properties. This setting determines how many times the client service will attempt to reconnect to a server that goes offline or becomes unreachable. Microsoft recommends using soft mounts, although your network administrator might advise otherwise.

This Properties dialog box also lets you determine whether the client uses TCP, UDP, or TCP and UDP for NFS access. You should be able to use the default TCP/UDP setting.

3. To set the UNIX access mask that the client should use when creating new files or folders in an NFS share, right-click Client for NFS in the left pane, select Properties, and view the Permissions tab. Check the boxes corresponding to the permissions that you want to grant on new files that you might create. (This setting corresponds to the umask setting in a UNIX shell; the default Client settings correspond to a umask of 755.)

To start or stop the client service, right-click Client for NFS and select Start Service or Stop Service. Normally, it should start immediately on installation and whenever you start Windows.

Subsystem for UNIX-Based Applications

With Windows 7 Ultimate and Enterprise editions, Microsoft offers a free set of tools called the Subsystem for UNIX-based Applications (SUA). SUA provides almost all the utilities you need to seamlessly glue together a network that includes Windows, UNIX, and Linux computers and services.

The “Subsystem” part of the name is significant. The Windows NT kernel on which Windows 7 is based was designed to allow direct support of other OS models in addition to Windows. SUA is actually a full-fledged UNIX OS environment that runs in parallel to Windows, not “over” it. SUA runs UNIX executable files directly and provides a mostly POSIX-compatible environment with complete case-sensitive filenames, fork() and pthreads support, a single-root file system, and so on.

When the optional Software Development Kit (SDK) component is downloaded and installed, a full UNIX toolkit is available, containing over 300 standard UNIX programs. (About all that’s missing is an X Window server.)

To install SUA on Windows 7 Ultimate or Enterprise, follow these steps:

1. Click Start, Control Panel, Programs, Turn Windows Features On or Off, and check Subsystem for UNIX-Based Applications. Click OK to perform the installation.

If you need to run only a few specific UNIX applications that you already possess, you can stop at this point.

If you want to install the full complement of UNIX utilities and development tools and/or the X Window System environment, proceed to step 2.

2. Click Start, All Programs, Subsystem for UNIX-Based Applications, and select Download Utilities for Subsystem for UNIX-Based Applications. Download and save the installation package to a temporary location.

3. Right-click the downloaded file and select Run As Administrator. If you want to install the package on only one computer, take note of the temporary file location displayed in the Unzip to Folder field, and then click Unzip. This unzips the files to the temporary folder and automatically runs the setup program. Then proceed to step 4.

If you want to install the package on several computers, follow these additional steps:

a. Uncheck the option When Done Unzipping Open Setup.exe.

b. Create a folder named SUA SDK Setup on a network-shared folder.

c. Set the Unzip to Folder path to this new folder. Then click Unzip to unzip the setup files.

d. To install the utilities and SDK programs on a given computer, locate and open the SUA SDK Setup folder. Right-click setup.exe and select Run As Administrator.

4. Click Next to start the installation wizard. Successive wizard pages ask you to enter your name and organization, and approve the license agreement. In the fourth page, you are asked whether to perform a standard or custom installation. The standard installation installs the base SUA utilities (a set of BSD UNIX programs) and base SDK components (mostly standard include files, libraries, and build utilities).

If you select custom installation, you can additionally elect to install the SVR-5 utilities (a set of programs deriving from UNIX SVR-5), GNU compilers and utilities, the GNU SDK, Perl, and a Visual Studio debugger add-in. To select a component, click the red X and select Will Be Installed on Local Hard Drive.

In most cases, you probably want to select the custom installation and install all components.

5. Click Next until you reach the Security Settings page. Here, you can enable setuid behavior and case sensitivity for filenames and system objects.

With setuid, you can mark a program so that when anyone runs it, it runs with the security context of the program’s owner. In Windows terms, it automatically uses “run as” whenever it’s run, and the user doesn’t need to enter a password. Case sensitivity lets the Windows file system treat upper- and lowercase letters as distinct; for example, Note.txt and NOTE.TXT are considered to be different filenames, and both can exist in the same folder. UNIX applications treat them as different files. (However, Windows applications do not and just open a file arbitrarily.)

Both setuid and case sensitivity are the norm on UNIX systems. Some UNIX programs require them, but they are foreign concepts to most Windows users, and they have both positive and negative security implications. Microsoft recommends disabling setuid unless you are sure that your UNIX applications or daemons (services) require it. Case sensitivity is usually required for correct operation of UNIX software-development tools (makefiles).

For more information, open and read install.htm, which was unzipped into the temporary folder or network shared folder in step 3. Also remember that you can change these settings after installation by editing the Windows Registry and rebooting, as noted in install.htm.

6. After the installer finishes, if you enabled case sensitivity or setuid, restart Windows. When Windows is back up again, log on as a Computer Administrator.

7. Click Start, All Programs, Subsystem for UNIX-Based Applications, Check for Critical Updates. This takes you to a Microsoft web page that lets you check for security updates to the utilities.

Although updates for the UNIX Subsystem itself are delivered through Windows Update and Automatic Updates, security fixes for the downloaded utilities are not. You need to remember to periodically use this menu selection to check for security updates to the utilities.

When the utilities and SDK have been installed, you can start a UNIX shell (Command Prompt window) by clicking Start, All Programs, Subsystem for UNIX-Based Applications, and either C Shell, Korn Shell, or SVR-5 Korn Shell, depending on your preference. The What’s New menu item provides information on how SUA differs from the Windows XP Services for UNIX and provides an overview of SUA features.

For detailed help information, click Start, All Programs, Subsystem for UNIX-Based Applications, Help for Subsystem for UNIX-Based Applications. The UNIX man, apropos, and other standard help programs are available within the UNIX shells.

Internetworking with Macintosh

The Apple Macintosh is arguably the computer of choice in the music, graphic arts, design, and publishing worlds. Apple has even moved to the Intel processor platform, and you can run Windows on a Mac, if you want to. But if you’re a Mac fan, you probably don’t want to.

Although Macs used to live pretty much in a world apart, it’s common now for both Macs and Windows computers to need to coexist on the same network. However, Macs normally use a proprietary file sharing system called AppleTalk File Protocol (AFP), while Windows computers use a protocol called Server Message Block (SMB).

To link Macs and PCs on a network, either the Macs must learn to “speak” SMB or the Windows computers must speak AFP. Both solutions are possible. On a corporate network based on Windows Server, your network administrator can install a component called Services for Macintosh (SFM), which speaks AFP to make Windows-based resources visible to Macs, and resources shared by Macs visible to Windows users. The process of installing and configuring SFM is not complicated, but it needs to be done by the administrator of a Windows Server computer; as such, it’s beyond the scope of this book.

Microsoft appears to have lost interest in providing support for Mac users in the home and small office. Fortunately, Apple has stepped up and provided Windows-compatible networking support as a standard part of OS X. You can also add Windows networking support to older Mac OS computers. We cover these options in the next several sections. First, though, let’s talk about other issues that come up when Windows and Macs need to work together.

Compatibility Issues

If you share files between Macs and Windows computers on your network, there are some compatibility issues that you should be aware of.

Resource Data Issues

The first issue arises because Mac files actually consist of two separate parts, called forks:

• The data fork, which contains data, document text, program code, and so on

• The resource fork, which in applications contains language-specific strings and dialog box layouts for programs, and in documents contains the association information that links a document to the application that created it

The two parts can be read and written to completely independently. It’s as if each Mac file is composed of two bundled but separate files.

Windows also supports this concept. On Windows, the separate parts are called streams rather than forks. But, for reasons unknown, they’re not used for Mac file sharing. When a Mac file is copied to a Windows shared folder, the resource fork data is stored in a separate hidden file. If the Mac file is named special.doc, the resource data is put into a file named ._special.doc. It’s invisible unless you enable the display of hidden files in Windows Explorer.

The problem is that if you move, edit, or rename the main document or application file in Windows, the resource file might be left behind or end up with the wrong name. Then, on the Mac side, the Mac will no longer know what application to use to open the document, or, in the case of an application program, the application will not run. Thus, it’s best not to store Mac applications on Windows shares if they will be renamed or moved.

Filename Compatibility Issues

Mac filenames can have up to 255 characters and can contain any character except the colon (:).

Windows permits filenames up to 256 characters in length but has a longer list of unacceptable characters: the colon (:), backslash (), forward slash (/), question mark (?), asterisk (*), quotation mark ("), greater-than symbol (>), less-than symbol (<), and pipe symbol (|).

Therefore, for files that will be shared, it’s best to avoid all of these characters when you name files on your Mac.

Multiple-Use Issues

Some Mac applications don’t properly install themselves when they’re installed into a Windows shared folder. An error occurs when more than one user tries to run the application at the same time.

Application Concurrency Issues

When a Mac application is installed on a shared folder stored on a Windows computer, an “Unable to Open File” error occurs on Macs when more than one Mac user attempts to run the application concurrently.

Working with Mac OS X

Mac OS X comes with Windows-compatible networking support built in, via the Samba software mentioned earlier in the chapter. This means that Macs running OS X can connect directly to drives and folders shared by Windows computers. You don’t even need to use the command line; the Mac GUI manages the Samba client and server components for you.

Using Windows Shared Files on the Mac

On OS X 10.5 and later editions, you can easily browse folders shared by Windows computers from any Finder window. In the left pane, under Shared, you can select a Windows computer from the list of detected computers, and then browse into its shared folders, as shown in Figure 18.1. When you select a remote computer, OS X will attempt to connect to the computer using your Mac account’s username and password so that it can display a list of available shared folders. If this fails, you can use a different account by clicking the Connect As button that will appear in the upper-right corner of the Finder window.

Figure 18.1 The Finder in OS X 10.5 and later lets you easily select and connect to both Mac and Windows computers.

If you are using OS X 10.4 or earlier, or if the Windows computer does not appear in the list of local computers that the Finder displays under Shared, there is an alternative way to connect. Select the Finder and choose Go, Connect to Server. The dialog box shown in Figure 18.2 appears.

Figure 18.2 The Connect to Server dialog box lets a Mac OS X computer connect directly to a folder shared by Windows. Enter smb: followed by the share’s UNC path, or click Browse.

You can enter the UNC name of the shared folder directly, in the format smb://computername/sharename, where computername is the name of the Windows computer or its IP address, and sharename is the name of the shared folder. For example, the Public folder on a computer named MyVPC-U could be entered as smb://myvpc-u/public, or using the computer’s IP address, as something like smb://192.168.0.12/public. Click Connect to proceed.

You can click the + button to add the path to the Favorites list.

Click the Browse button to select from a list of detected Mac and Windows computers.

Whichever method you use, when you connect, a login dialog box may appear. If you’re connecting to a Windows 7 computer on a home or small office network, the following applies:

• If Password Protected Sharing is enabled, or to access files that are shared only to specified user accounts, choose Connect As Registered User. Enter a username and password that is valid on the Windows 7 computer. (On a home or small office workgroup network, you can ignore the Workgroup or Domain entry, if it appears. Fill in just the Name and Password entries.) You will connect with the file and folder access rights associated with this account.

• If you have disabled Password Protected Sharing, select Connect As Guest; or, enter the username Guest with no password. (Actually, you can enter any invalid username, with any password.) This gives you the file and folder access rights granted to Everyone. In most cases, this means that you will have access to the Public folder but no other shared folders, unless the person who shared the other folders explicitly granted rights to Everyone.

If you are connecting to a Windows computer on a Windows domain network, enter a valid domain username and password.

When the Mac has made the network connection, the shared folder is displayed in a Finder window like any other folder.

To disconnect from the network share on OS X 10.5 or later, click the eject button next to the computer’s name under Shared in the Finder window. On OS X 10.4, drag the shared folder desktop icon to the trash, or locate it in the Finder and click the Eject button.

Now, recall the point I made earlier about Mac files having two parts, or forks. If you copy a file from a Mac to a shared Windows folder, Windows might create an extra hidden file to contain the resource information for the file. The resource file’s name will consist of a period and an underscore followed by the name of the main file. Windows users need to move and rename these files together; otherwise, Mac users will receive errors when they try to access the files.

Using Windows Printers on the Mac

If you are using a Mac, to use a printer that is shared by a Windows computer, follow these steps:

1. On the Windows computer, when you share the printer, be sure to use a share name that’s no more than 12 letters long. If you use a longer name, the printer might not appear in the list of printers on the Mac.

2. On the Mac, open System Preferences and select Print & Fax.

3. If the page is locked, click the lock icon and enter an administrator’s credentials.

Click the + button to add a printer.

On OS X 10.4, at the bottom of the Printer Browser dialog box, click More Printers.

4. At the top of the next Printer Browser dialog box, select Windows (on OS X 10.5 and later) or Windows Printing (on OS X 10.4), and underneath, select the appropriate Windows workgroup name. In the computer list, choose the name of the computer that is sharing the printer you want to use.

5. In the Connect To dialog box, enter a username and password that is valid on the Windows computer. If you turned off Password Protected Sharing on Windows 7, you can select Connect As: Guest, or enter username Guest with no password.

6. Select the desired shared printer in the list. Open the Print Using list (on OS X 10.5 and later), or the Printer Model list (on OS X 10.4), and select the correct printer manufacturer name and model. Finally, click Add.

This adds the Windows printer to the list of available printers on your Mac.

Using Mac Shared Files on Windows

Mac OS X computers can share folders with Windows computers over the network, thanks to the Samba file server software that is installed as part of OS X.

To enable Windows-compatible file sharing on OS X 10.5 (Leopard), follow these steps:

1. Open System Preferences and select Sharing. If the panel is locked, click the lock icon and enter an administrative password.

2. If File Sharing is not checked, check it. Select folders to share, and for each selected folder, choose the user accounts that can access the share. This much is standard for file sharing on the Macs. The next step lets you use these same folders from Windows computers.

3. Click Options, and check Share Files and Folders Using SMB, as shown in Figure 18.3.

Figure 18.3 Enable Windows-compatible file sharing from the Options button on the System Preferences Sharing page.

To enable Windows-compatible file sharing on OS X 10.4 (Tiger), follow these steps:

1. Open System Preferences and select Sharing. Check Windows Sharing.

2. Click the Accounts button and check the names of the accounts that you want to permit to be used for Windows Sharing connections.

3. Click Show All and select Accounts.

On Windows, you can use Mac shared folders just as you use folders shared from any Windows computer. Macs appear in the list of available computers in the Network folder, and you can open the shared folders from those icons.

You can also specify a Mac shared folder directly using its UNC pathname. By default, OS X 10.5 shares users’ Public folders, with share names based on each user’s full name. For example, the path to my Public folder might be \computernamerian knittel’s public folder. OS X 10.4 shares users’ entire home directories by default, using each users’s short name, so on OS 10.4 my home directory’s UNC path might be \computernameknittel.

Using Mac Shared Printers on Windows

After enabling Windows Sharing in System Preferences, you can share your Mac’s printer(s) with Windows users by selecting Show All and then clicking Print and Fax. View the Sharing tab, click Share These Printers with Other Computers, and check the printers that you want to make available to others.

To use a printer shared from a Mac on Windows, follow these steps:

1. Set up accounts on both the Mac and on Windows, using the same account name and the same password on both computers.

2. On the Mac, enable SMB File Sharing on the Mac as described under “Using Mac Shared Files on Windows,” earlier in this chapter. Then, enable Printer Sharing on the System Preferences Sharing page. Select at least the printer that you want to use from Windows.

3. Follow the strange procedure that I describe next.

The strange bit is that you must trick Windows into using a PostScript printer driver, no matter what type of printer the Mac is really sharing. The Mac accepts only PostScript printer codes and converts the PostScript to the appropriate codes for its installed printer.

To connect to the Mac printer from Windows, follow these steps:

1. Click Start, Devices and Printers, Add a Printer, Add a Network, Wireless, or Bluetooth Printer.

2. Wait for the desired Mac printer to appear in the list. Double-click it. If requirements 1 or 2 from the previous list aren’t met, the printer won’t appear.

It also won’t appear if the Mac is on a different subnet than the Windows computer. In this case, click The Printer That I Want Isn’t Listed, check Select a Shared Printer by Name, and then enter the printer share name as \ipaddresssharename, where ipaddress is the IP address of the Mac and sharename is the name of the Mac printer.

3. When the message “The server for the printer does not have the correct printer driver installed” appears, click OK.

4. In the Manufacturer list, select HP. In the Printers list, if the Mac printer is a color printer, select HP Color LaserJet 2800 Series PS. If the Mac printer is a black and white printer, select HP LaserJet 2300 Series PS. Then click OK.

Installing Optional Network Components

Windows 7 comes with some networking features or services that are not used in most networks but can be essential in others. I don’t cover these features in great detail because your network manager will probably install them for you if they’re used on your LAN.

Table 18.2 describes the optional features. Not every component is available on every version of Windows 7.

Table 18.2 Windows 7 Optional Networking Features

To enable any of the components, click Start, Control Panel, Programs, Turn Windows Features On or Off. Check the box next to each desired feature, and then click OK.

The Reliable Multicast Protocol is installed using a different procedure from that used to install the other services listed in Table 18.2. If required, it can be installed for a specific network adapter using these steps:

1. Click Start, Control Panel, View Network Status and Tasks (under Network and Internet), Change Adapter Settings.

2. Right-click a network adapter and select Properties.

3. Click Install. Select Protocol, and click Add.

4. Select Reliable Multicast Protocol and click OK.

The Hosts File

If you have an office LAN, especially one with mixed and matched computers, you probably, like me, have a chart of computer names and IP addresses posted on your wall—not just computers, but routers, firewalls, monitored devices, and all manner of devices. Who knows? Soon the espresso machine might be wired in, too.

On a corporate or enterprise LAN, the LAN administrators will probably enter each device into the organization’s domain name system (DNS) so that you can type a command such as ping firewall instead of needing to type ping firewall.mycompany.com or, worse, something like ping 192.168.56.102.

On a home or small office LAN, though, you probably don’t have your own domain name server. The hosts file is the answer to this annoying situation. You can add entries to the file windowssystem32driversetchosts to associate names with IP addresses. The Windows domain name lookup software looks first in the hosts file before consulting the network, so you can add entries for your own workgroup’s computers and devices, regardless of OS.

The format is simple, but editing it is a bit tricky. The hosts file has become a target for adware hackers, who put fake entries in it to hijack your web browser.

To edit it, click Start, All Programs, Accessories, and right-click Notepad. Select Run As Administrator and confirm the User Account Control prompt. Then, when the Notepad window opens, open windowssystem32driveretchosts.

Add lines to the file, listing IP addresses at the left margin, followed by some whitespace (tabs or spaces), followed by one or more names. You can enter simple names or full domain names. Simple names are assumed to belong to your own domain.

My hosts file looks like this:

The first entry is the default entry shipped with Windows. localhost stands for “my own computer” and is used for internal testing of the network software.

I added the second entry myself to give a name to my network’s firewall. I can now configure the firewall by typing telnet firewall instead of needing to look up at that sheet on the wall and type a bunch of numbers.

Finally, there’s an entry for my Mac computer, macmini. This way, I can view its web server’s home page from Internet Explorer using http://macmini instead of needing to remember its IP address.

This file also serves as a sort of documentation of my network because it records important IP addresses. One thing you must watch out for, though, is that Windows checks this file before using the real DNS system to look up names. If you put a name in your LAN’s (or the Internet’s) DNS system and the computer’s IP address later changes, your hosts file will be incorrect. It’s best to use this file only for machines that are in nobody’s DNS system.