18

CREATING A WINDOWS NETWORK

This chapter should give you all the information you need. Then check out Chapter 19, “Connecting Your Network to the Internet,” and if you have computers with older versions of Windows or other operating systems, Chapter 20, “Networking with Other Operating Systems.”

If you’re just adding a computer to an existing Ethernet network, you can skip ahead to the section “Installing Network Adapters.” If you’re joining an existing wireless network, see “Joining a Wireless Network” in Chapter 36, “Wireless Networking.”

Also, there’s a housekeeping item to mention here. Throughout this chapter we give this instruction for getting to the networking settings panel: Click the network icon in the taskbar, and then select Network & Internet Settings, Status. On small screens, or if you’ve made the Settings window narrow, you’ll need to touch or click the word Status to see the settings we discuss. In most cases, though, Windows will show you the Status page automatically, so you won’t actually need to click Status (no harm if you do, though). We want the instructions to work for everyone, so we include the step of clicking Status. On mobile phones, where there is no taskbar, you get to Network & Internet Settings from the main Settings screen.

Share printers, files, optical (Blu-ray, DVD, and CD) drives, music, and videos between your devices

Share an Internet connection

Provide wireless Internet access to laptops and mobile devices

Receive faxes directly on one computer and print or route them to individuals automatically

Provide access to another network at another location

Provide remote access so that you can reach your LAN from elsewhere, via the Internet or even a modem

Host a website

Operate a database server

Play multiuser games

You should make a list of your networking goals. You must provide adequate capacity to meet these and future needs, but you also don’t need to overbuild.

On the other hand, if you need access to large databases, require the centralized user account control provided by the Windows Server operating system, or require centralized backup of all workstations, you must plan and invest more carefully. We discuss some of the issues you should consider in the next section.

Table 18.1 lists the primary trade-offs between the regular desktop versions of Windows and Windows Server.

Table 18.1 Primary Differences Between Desktop Versions of Windows and Windows Server

Desktop Windows	Windows Server
Allows up to 20 file and printer sharing connections with other computers.	Can provide unlimited connections, but there are client licensing fees.
Cost is low.	Requires an extra computer, a copy of Windows Server, and possibly additional fees for client access licenses. The added costs will easily exceed $1,000. For example, a copy of Windows Server Essentials, which can serve 25 clients, costs $500 (though you can find it for less), and you must buy a computer on which to run it.
Configuration is simple.	Is complex to configure and administer.
Each computer must be administered separately (setting up user accounts, for example).	Has centralized administration.
Managing file security can be difficult when you have more than one user per computer.	Centralized user management eases the task of managing file security.
Two levels of user security: standard and administrator.	Provides extremely fine-grained control of what each user can and cannot do.
Only one signed-in user can work at a time.	Supports multiple simultaneous users via Remote Desktop or Thin Client devices, subject to client access license fees.
Fax modem can’t be shared with other computers.	One fax modem and phone line can be shared by multiple computers.
Rudimentary remote access, connection sharing, and WAN support are provided.	These features are more sophisticated.

For us, manageability is the main issue. As you add more and more users, centralized management becomes more and more important. If you have a network of 10 or more computers, we recommend using at least one copy of Windows Server.

You can certainly use Server with smaller networks, too. The following are reasons for doing so:

You want to join your network to a Server domain somewhere else. This is often the case in a business’s branch office.

You want to support multiple simultaneous remote desktop or virtual private network (VPN) users. (Alternatively, you could buy inexpensive VPN routers or software to handle this task.)

You want to exercise strict security controls, support multiple signed-in users on one computer, restrict your users’ abilities to change system settings, or use automatic application installation.

You want to take advantage of advanced networking services such as Group Policy, DHCP, DNS, and so on.

If you decide you need or want Windows Server, you should get a book dedicated to that OS, and a big box of Alka-Seltzer, before you go any further.

For a home network, you should definitely try to set it up yourself. Call it a learning experience, get friends to help, and, if you run into problems, a high-school–aged neighbor can probably get them straightened out in 15 minutes. As long as you don’t have to run wires through the wall or construct your own cables, you should be able to manage this job even with no prior networking experience. When something is called “Plug and Play” now, it really is.

The balance tips the other way for a business. If you depend on your computers to get your work done, getting them set up should be your first concern, but keeping them working should be your second, third, and fourth. When your business is hanging in the balance, you should consider the cost of computer failure when you’re deciding whether it’s worth spending money on setup and installation. Hiring a good consultant or contractor will give you the following:

An established relationship. If something goes wrong, you’ll already know whom to call, and that person will already know the details of your system.

A professional installation job.

The benefit of full-time experience in network and system design without needing to pay a full-time salary.

Documentation that describes how your network is set up.

Time you can spend doing something more productive than installing a network.

If you do hire someone else to build your network, you should check out that person’s references and credentials first. You also should stay involved in the process so that you understand the choices and decisions that are made.

10/100BASE-T Ethernet over CAT-5 cables—These cables look like telephone cables, with a fatter version of a telephone modular connector at each end. This networking scheme is dirt cheap and ultra-reliable and can carry data at up to 100Mbps.

1000Mbps (Gigabit) Ethernet over CAT-5E or CAT-6 cables—These cables look like CAT-5 cables, but they are capable of carrying the higher-speed signals required by Gigabit Ethernet. The higher speed is great but worth the extra cost only if you routinely back up hard disks or copy huge video files over your network, and if the devices you’re copying to and from can keep up with gigabit speeds. (Many can’t.) You’ll also want to consider using Gigabit Ethernet if you have Internet service that provides 50 Mbps or more. We talk more about this in the following sections. You’ll often see Gigabit Ethernet referred to in computer specs as 10/100/1000Mbps.

802.11n, -ac or -g wireless networking—Wireless (Wi-Fi) networking sends data over a radio signal, so no cabling is necessary. It’s easy to set up, but it can’t be used over long distances, and in some buildings, the signal might not go as far or as fast as the advertising leads you to believe it will.

Powerline networking—You can purchase network adapters that send data signals between your electrical outlets. In most cases, though, you might be better off using Wi-Fi.

For most homes and offices, a combination of 10/100 Ethernet and wireless is a winning combination, but any of these four options will provide perfectly adequate performance.

In the following sections, we go over each type in a little more detail. Then we discuss additional network features you might want to consider, such as printing and Internet connectivity.

The 10/100 part of the name means that the equipment can run at 100Mbps, but it can automatically slow down to 10Mbps if it’s connected to older 10BASE-T equipment. However, 10BASE-T equipment hasn’t been made in more than a decade, so that’s unlikely to be an issue.

The cables look like telephone cables, and the connectors look like wider versions of telephone modular plugs, but it’s a dangerous comparison because the electrical properties of the cables and connectors are specifically tuned for networking, and ordinary telephone cabling will not work.

These networks require you to use cable designated CAT-5 or better. They have labels on the wire that state this clearly. CAT-5, CAT-5e, CAT-6, and CAT-6a are all fine. You can buy premade network cables in lengths of 3–50 feet, or you can buy bulk cable and attach the connectors yourself. We discuss this more in the “Installing Network Wiring” section, later in this chapter. All cable connectors and data wall jacks must be certified at (at least) the same level as the cable.

A cable is run from each computer to a switch, which routes the signals between each computer. You must get a switch that has at least as many ports (sockets) as you have computers, plus a spare or two. 10/100BASE-T switches cost roughly $5–$10 per port.

No 10/100 BASE-T cable can be more than 100 meters (328 feet) in length. To extend farther than that, you must add an additional switch in the middle of a longer cable run or use fiber optic cabling.

For the rare computer that doesn’t have a built-in Ethernet adapter, 10/100BASE-T network interface cards (NICs) are available for as little as $5 each (if you catch a sale) and are made by dozens of companies. Most generic-brand, cheap-o NICs are based on one of a handful of standard circuit chips, so they’ll usually work just fine, even if they’re not listed in the Windows Compatibility Center at www.microsoft.com/windows/compatibility.

Overall, 10/100BASE-T networking is as inexpensive as it gets. Hooking up three computers will set you back between $20 and $75. It’s easy to set up, and it’s very reliable. On the down side, though, you do need to run those wires around.

There are three common standards for wireless data networking: 802.11g (or Wireless-G), 802.11n (or Wireless-N), and the latest generation of wireless titled 802.11ac (Wireless-AC), named after the industry standard documents on which they’re based. (I should say “the latest generation in common use.” Faster, more advanced Wi-Fi standards are always in the pipeline). Networking hardware is labeled and marketed using the fastest standard it supports, so for example, you might see a router labeled as an 802.11n router, but the software in the devices can typically also support at least some older, slower standards.

802.11g supports data speeds up to 54Mbps and is compatible with older equipment designed for 802.11b (11Mbps). Some manufacturers offer Wireless-G equipment that operates at up to 108Mbps, but you get this speed boost only if you buy all your equipment from the same manufacturer (and even then, you must read the packaging carefully to see whether the double-speed function will work with the particular parts you’re buying). Wireless-G can transmit data about 100 feet indoors and up to 300 feet outdoors—at most. And at these longer distances, lower signal strengths will result in data errors, so the equipment will switch down to lower data speeds.

A better level of service is offered by the newer 802.11n (Wireless-N) standard. It comes with higher speeds—150Mbps or more, depending on the number of antennas used—and greater range than Wireless-G. Here’s the skinny on Wireless-N:

Devices designed for Wireless-N, -G, and -B are compatible and can be used together on the same network. That is, a -G network adapter in a computer can talk with an -N router, and vice versa. However, they’ll communicate with each other at the lower -G speed. Older -B equipment can be used, too, but again, at the lower -B speed.

Having -G or -B equipment on the network can drag down the speed as much as 25%, even for -N devices talking to -N, if the older devices are transmitting at the same time.

Wireless-N signals should travel about twice as far as Wireless-G: about 200 feet indoors and about 600 feet outdoors. However, this applies only when an -N device is talking to another -N device. Getting a Wireless-N router won’t improve reception for a distant Wireless-G or -B device.

Wireless-N can operate in the 2.4GHz frequency band and the 5GHz band. Only “dual-radio” routers can operate at both frequencies at the same time, however. Single-radio routers must switch back and forth, slowing performance if both frequencies are used at the same time. The 5GHz band tends to work better than 2.4GHz at shorter distances. At 5GHz, the signal can’t travel as far, but there tends to be less interference from neighboring networks, cordless phones, and so on.

Most Wi-Fi equipment sold today is Wireless-N.

The newest standard in production use is 802.11ac, which offers transfer rates of 500Mbps to well over 1Gbps—staggeringly fast for a wireless connection, at a commensurately high price. To get the top speeds, you need an expensive multiple-antenna router and a multiple-antenna wireless adapter on each computer and home entertainment device. Considering that most home Internet service can feed your network at less than one-tenth of Wireless-AC’s speed, unless you have ultra-high-speed Internet service or you’re distributing video to multiple ultra-high-def televisions, for most users this level of Wi-Fi service is overkill.

Whichever version you use, Wi-Fi networking products in real-world operating conditions typically provide data throughput at about half the advertised speed. If your computer doesn’t have Wi-Fi built in, the cost of adding a USB or internal adapter is about $25–$70. You also must add a device that coordinates the communication between Wi-Fi–enabled computers, the Internet, and any computers that have wired Ethernet connections. There are four types of devices:

Router—These devices transfer data to and from Wi-Fi–connected devices, and typically also have Ethernet jacks for wired computers. In addition, they have one designated Ethernet port that connects to a DSL or cable Internet modem or other external network. The routing function isolates your wireless and Ethernet-wired computers from that Internet connection so that you can safely share files and other content on your network. Many broadband (cable or DSL) modems have a Wi-Fi router built in.

Access Point or Wireless/Ethernet Bridge—These are like routers except they simply pass data back and forth between Wi-Fi devices and a wired, Ethernet network, without the firewall function that a router provides.

Wireless Range Extender—These simply relay data between Wi-Fi–connected devices and another router or access point. If you find that your computer or tablet can’t get a good signal when it tries to connect directly to your router or access point, you might be able to get better performance by installing a range extender halfway between them.

Mesh router—This is a fairly new category of device that combines the functions of a router and range extender. The concept is that you distribute several identical devices around your home or office, to provide strong Wi-Fi signals wherever you might have connectivity problems. Only one has to be connected to the Internet. The devices automatically connect to each other and route data between your devices, each other, and the Internet using the best signal available. Google, Linksys, and other manufacturers sell mesh devices. They’re somewhat pricey (well over $100 per device), but they tend to require very little effort to set up or expand.

Some manufactures make devices that can perform more than one or even all three of these functions by changing software settings in the device.

Wi-Fi works well in typical home environments where you don’t have solid metal sheeting separating rooms or floors, over distances of several rooms. For longer distances, or in office settings, you might need to install multiple Wi-Fi devices (called routers, repeaters, or access points) to get good coverage. We talk more about these shortly. Wi-Fi equipment tends to lose the signal every so often, struggling for a few seconds to regain the connection. For this reason, wired Ethernet is the more reliable, faster option for computers that are within easy wiring distance. You can use both because most Wi-Fi routers have Ethernet jacks that let you plug in wired computers.

Figure 18.2 shows a typical family of wireless products: a wireless access point (Wireless- Ethernet bridge), a wireless router that can also share a DSL or other broadband Internet connection, an internal wireless network adapter for desktop computers, and a PC card adapter for older laptops.

Also, you can get HomePlug devices called bridges, which are specifically designed to link a wired network to the powerline network, for about $80. You can use one of these to connect with a router or wired computers. Figure 18.3 shows how this would look in a typical home network.

Adapters that can piggyback network signals on your home’s telephone wiring (called HomePNA or HPNA equipment) also are available, but this technology has fallen out of favor and is not manufactured by the major networking companies anymore.

It sounds great at first, but here are some things to consider:

It won’t speed up your Internet connection (unless, perhaps, you have Fiber-to-the-Home service), and it won’t improve the streaming of regular HD video within your home. Standard 100Mbps Ethernet will do just fine for these applications.

Most Internet modems/routers have a built-in Ethernet switch that supports only 100Mbps connections. So, any computers plugged in to them won’t get gigabit throughput to each other. We discuss this in the accompanying note.

You will realize a speed benefit only when a large amount of data is moving between two devices that both have gigabit connections and when both can actually feed data to the network at high speed.

If you have to buy a gigabit Ethernet adapter for a desktop computer (that is, if the adapter built in to the computer’s motherboard is only 10/100Mbps), it makes sense to go gigabit only if you can install a PCI-e adapter. Regular PCI cards and USB adapters can’t move data to and from the CPU fast enough to make gigabit worthwhile.

Most consumer/small office network-attached storage (disk) devices are way too slow internally to benefit from gigabit connections. You should see a benefit when backing up to or copying files to or from another Windows computer’s shared drive.

If you want to use Gigabit Ethernet, you must use CAT-5E, CAT-6, or CAT-6a certified connectors and cabling; CAT-5 gear might work for very short cable lengths, but don’t chance it. You should use only commercially manufactured patch cables or professional-quality custom wiring.

Use a network-capable printer and connect it directly to your network. Most new printers have Ethernet or wireless networking capability built in. For some printers, you can buy an add-on network printer module.

Alternatively, you can buy a “print server” module, which connects to the printer on one side and to a network cable on the other, for about $40. Network supply catalogs list myriad such devices. Some newer Internet routers and wireless access points have a print server built in.

Get a really long cable and take your chances. The electrical signal for a USB or parallel printer connection is not supposed to be extended more than a few feet (10 feet for USB, 12 feet for USB-2). Buy a high-quality shielded cable. You might get data errors (bad printed characters) with this approach.

The first two approaches are very nice because they allow any computer to communicate directly with the printer. They don’t require you to leave one computer turned on all the time. With standard printer sharing, the computer that “owns” the printer must be turned on for other computers to use the printer.

If several people on your network need to send or receive faxes, you might want to set up a network-based faxing system. (Faxes, you ask? People still send faxes? Well, yes, some people do.) Unfortunately, Windows 10 does not let you share your fax modem with other users on your network, as Windows Server does. If you want to share a single fax line with several users on your network, you must use a third-party solution. The easiest approach is to use a “network-ready” all-in-one printer/scanner/fax unit. If you shop for one of these, be sure that its faxing features are network compatible.

Third-party software products are available that can give network users shared access to a fax modem. The former gold standard product was Symantec’s WinFax Pro, but it has been discontinued, and most of the products still on the market seem to be oriented toward large corporations. For a small office network, you might consider products such as Snappy Fax Network Server from www.snappysoftware.com or ActFax from www.actfax.com.

Windows has a built-in Internet Connection Sharing feature that lets a single computer use a dial-up, cable, or DSL modem and make the connection on behalf of any user on your LAN. You can also use an inexpensive hardware device called a router to make the connection. I strongly prefer the hardware devices over Windows Internet Connection Sharing. This topic is important enough that it gets its own chapter. If you want to share an Internet connection on your network, you should read Chapter 19 before you buy any equipment.

You should also study Chapter 33, “Protecting Your Network from Hackers and Snoops,” and pay close attention to the section titled “Preparation: Network Security Basics” to build in proper safeguards against hacking and abuse. This is especially important with full-time cable/DSL connections.

If you want to access your home network while you’re away, you might also consider getting a connection-sharing router with built-in VPN support, as mentioned in the next section. These days, most people use a cloud-based file storage system, such as OneDrive or Google Drive, to eliminate the need for this kind of remote access, but you must weigh the convenience they provide against the potential loss of privacy that comes with the cloud services.

You could also permanently tie your entire LAN to a network in another location so that you and the other network’s users can share files and printers as if you were all in the same room, without having to establish individual temporary connections. Windows Server has many features to support this capability, but you can also do it with smaller networks without Windows Server. There are two straightforward ways to do this: by getting routers that have built-in virtual private networking (VPN) support and by using a software service. For a hardware approach, Linksys, Asus, Trendnet, and other manufacturers sell inexpensive routers with VPN capability. The router in one office is set up as the VPN “host” or server, and the routers in other offices are set up to connect to that. This ties the separate networks together. For a software solution, check out the Hamachi product from logmein.com. You can tie individual computers into a VPN, or you can set up one computer on each network to act as a “gateway.”

1. If you have purchased an internal card, shut down Windows, shut off the computer, unplug it, open the case, and install the card in an empty slot. Close the case, plug in the cord, turn back on the computer, and then restart Windows.

If you are adding an external USB adapter, be sure you’re logged on with an administrator account, plug it in while Windows is running, and skip ahead to step 3.

2. When you’re back at the Windows sign-in screen, sign in using an account with administrator privileges. Windows displays the New Hardware Detected dialog box when you log in.

3. In most cases, Windows should already have the software it needs to run your network adapter. If Windows cannot find a suitable driver for your adapter, it might ask you to insert the driver disc that your network card’s manufacturer should have provided. It also might offer to get a driver from Windows Update. If you have an Internet connection up at this time, this online option is very useful.

If you are asked, insert the requested disc and click OK. In the unlikely event that Windows says that it cannot locate an appropriate device driver, try again, but this time click the Browse button. Locate a folder whose name resembles that of your version of Windows, and click OK. If both 32-bit and 64-bit folders are listed, be sure to choose the version that matches your version of Windows.

4. After Windows has installed the card’s driver software, it automatically configures and uses the card. Check the Device Manager, as described in the next section, to see whether the card is installed and functioning. Then you can proceed to “Installing Network Wiring,” later in this chapter.

1. Press Windows Logo+X (or right-click the Start button) and select Device Manager. Expand the Network Adapters section by clicking the triangular arrow icon to the left of its name.

2. Look for an entry for your network card. If it appears and does not have a yellow icon with an exclamation point (!) in it to the left of its name, the card is installed and correctly configured. In this case, you can skip ahead to “Installing Network Wiring.”

If an entry appears but has a yellow exclamation point icon by its name, the card is not correctly configured.

3. If no entry exists for the card, the adapter is not fully plugged in to its connector, it’s damaged, or it is not Plug-and-Play capable. Be sure the card is installed correctly. If you can’t get it to appear, replace it.

You simultaneously connect to two or more different networks with different IP addresses or protocols. You’d use a separate adapter to connect to each network.

You want to share a broadband cable or DSL Internet connection with other computers on your LAN without using a router. We strongly recommend using a router, as discussed in Chapter 20, but you can also do this using one adapter to connect to your LAN and another to connect to your cable or DSL modem.

You have two different network types, such as powerline and Ethernet, and you want the computers on both LAN types to be able to communicate. You could use a hardware bridge or access point, but you could also install both types of adapters in one of your computers and use the Bridging feature to connect the networks. We discuss bridging later in this chapter.

We suggest you use the following procedure to install multiple adapters:

1. Install, configure, and test the first adapter. (If you’re doing this to share an Internet connection, install and configure the one you’ll use for the Internet connection first. Be sure you can successfully browse the Internet before you proceed.)

2. Click the network icon at the right end of the taskbar and select Network & Internet Settings, Status, Change Adapter Options. Select the icon for the network adapter—it will likely be named Ethernet or Local Area Connection—and choose Rename This Connection in the ribbon. (Or right-click the icon and select Rename.) Change the connection’s name to something that indicates what it’s used for, such as “Connection to Cable Modem” or “Office Ethernet Network.”

3. Write the name on a piece of tape or a sticky label and apply it to the back of your computer above the network adapter or on the edge plate of the network card.

4. Install the second adapter. Configure it and repeat steps 2 and 3 with the new connection icon. Rename this connection appropriately—for example, “LAN” or “Wireless Net”—and label the adapter socket.

If you follow these steps, you’ll be able to easily distinguish the two connections instead of needing to remember which connection icon is which.

If you’re using wireless adapters, of course, you don’t need to worry about wiring. Lucky you. You can just skip ahead to “Installing a Wireless Network,” later in this chapter.

If you’re using a powerline networking adapter, follow the manufacturer’s installation instructions. If you’re using a powerline bridge, plug in the bridge to a wall socket and connect it to your computer or other networked device with a CAT-5 (or higher) cable. Follow the manufacturer’s instructions for configuring the adapter’s security features. You should enable encryption if it’s available. Then skip ahead to the “Configuring a Peer-to-Peer Network” section, later in the chapter.

If you’re using wired Ethernet adapters, you must decide how to route your wiring and what type of cables to use.

The remainder of this section discusses Ethernet wiring.

Cabling for Ethernet Networks

If your computers are close together, you can purchase Ethernet cables to connect your computers to a switch or router. (They are often called patch cables, a term that originated in the telephone industry. In the old days, switchboard operators used flexible cables to connect, or “patch,” one phone circuit to another.) You can run these cables through the habitable area of your home or office by routing them behind furniture, around partitions, and so on. Just don’t put them where they’ll be crushed, walked on, tripped over, run over by desk chair wheels, or chewed by pets. Office supply and hardware stores sell special cable covers that you can use if you need to run a cable where it’s exposed to foot traffic (where it would be a tripping hazard) or to protect it from a pet that likes to chew on things. These covers are also good for wires that need to run up walls or over doorways.

You can do a web search for the phrase “Cable Management” to get some ideas of what kinds of products are available.

If the cables need to run through walls or stretch long distances, you should consider having them installed inside the walls with plug-in jacks, just like your telephone wiring. We discuss this topic later in this section.

Keep in mind the following points:

We refer to CAT-5 here, but if you’re using 1000Mbps Ethernet, you must use CAT-5E, CAT-6, or CAT-6a cable and connectors.

Existing household telephone wire probably won’t work. If the wires inside the cable jacket are red, green, black, and yellow: no way. The jacket must have CAT-5 (or higher) printed on it. It must have color-matched twisted pairs of wires; usually, each pair has one wire in a solid color and the other white with colored stripes. The colors are usually green, orange, blue, and brown.

You must use at least CAT-5-quality wiring and components throughout, and not just the cables. Any jacks, plugs, connectors, terminal blocks, patch cables, and so on also must be at least CAT-5 certified.

If you’re installing in-wall wiring, follow professional CAT-5 wiring practices throughout. Be sure not to untwist more than half an inch of any pair of wires when attaching cables to connectors. Don’t solder or splice the wires.

When you’re installing cables, be gentle. Don’t pull, kink, or stretch them. Don’t bend them sharply around corners; you should allow at least a 1-inch radius for bends. To attach cables to a wall or baseboard, use only special cable staples or rigid cable clips that don’t squeeze the cable, as shown in Figure 18.4. Your local electronics store or hardware store can sell you the right kind of clips.

Keep network cables away from AC power wiring and away from electrically noisy devices such as fluorescent lights, arc welders, diathermy machines, and the like. (I’ve never actually seen a diathermy machine, but I hear they’re trouble.)

If you have the desire and patience, you can build custom-length cables from crimp-on connectors and bulk cable stock. Making your own cables requires about $75 worth of tools, though, and more detailed instructions than we can give here. Making just a few cables probably doesn’t make buying the tools worthwhile. Factory-assembled cables are also more reliable than homemade ones because the connectors are attached by machine. They’re worth the extra few dollars.

For the ambitious or parsimonious reader, Figure 18.5 shows the correct way to order the wires in the connector.

In-wall wiring is brought out to network-style modular jacks mounted to the baseboard of your wall. These RJ-45 jacks look similar to telephone modular jacks but are wider. You need patch cables to connect the jacks to your computers and switch, as shown in Figure 18.6.

If you are connecting two computers, simply run a special cable called an Ethernet crossover cable from one computer’s network adapter to the other, and you’re finished. This special type of cable reverses the send and receive signals between the two ends and eliminates the need for a switch. You can purchase an Ethernet crossover cable from a computer store or network supply shop, or you can make one, as shown in Figure 18.7.

If you need to add a computer to your LAN and your switch has no unused connectors, you don’t need to replace the switch; you can just add a switch. To add a computer to a fully loaded switch, unplug one cable from the original switch to free up a port. Connect this cable and your new computer to the new switch. Finally, connect the new switch’s cascade port to the now-free port on the original switch, as shown in Figure 18.9.

You really do have to worry about wireless network security. In my home, I can pick up signals from four separate wireless networks: mine, the house next door’s, and two others, (I can’t tell whose they are.) It’s not uncommon to find that you can receive signals from several neighbors. And people do actually drive around with laptops in their car, looking for free Internet access or looking to break in to your computers. To protect against both freeloaders and hackers, you can use one or two protection techniques: encryption, which scrambles data, and authentication, which certifies that a given computer should be allowed to connect to the network. You can use either encryption alone or both encryption and authentication.

An SSID (Service Set Identifier)—A short name that you give your network, up to 32 characters in length. This could be your last name, your company name, your pet’s name, or whatever makes sense to you. If you are setting up an open wireless network (with no password) and want to ensure that your network can never be shared with others via Microsoft’s Wi-Fi Sense feature, put the phrase _optout somewhere in the network name. For example, you might name the network lucynet_optout.

A security type—The authentication method that your network uses to determine whether a given computer should be allowed to connect, and for ensuring that you really are connecting to the router or access point you intend to use, rather than a malicious device impersonating it. For home and small office use, the choices are as follows, starting with the most secure:

WPA2-Personal—An improved version of WPA-Personal. This is the best choice for home and small office networks.

WPA-Personal—A method that uses a passphrase to validate each computer’s membership in the network. The passphrase also serves as an encryption key. It has been found to be insecure—a determined hacker can bypass it. Don’t use it unless your wireless router can’t use WPA2 and its software can’t be upgraded.

No Authentication (open)—No authentication is performed; any computer can connect to the network.

On corporate networks, other security types are sometimes used: 802.1X, WPA-Enterprise, and WPA2-Enterprise. These systems use a network server, smart card, or software certificate to validate network membership.

An encryption type—The encryption method used to secure network data against eavesdropping. The options available depend on the security (authentication) type selected. The choices, starting with the most secure, are as follows:

AES—An improved encryption method that can be used with any of the WPA security types. AES is more secure and may offer faster network transmission. This is the best choice for home and small office networks.

TKIP—An encryption method that can be used with any of the WPA security types. It, too, can be broken by hackers. A better choice is AES.

WEP—Data is encrypted using the WEP protocol using a 40-, 128-, or 256-bit key. WEP encryption can very easily be broken by a hacker using easily available software. Don’t use it unless you have no choice (for example, if your network must support an old TiVo unit that can’t use a better security option).

None—No data encryption is performed. This option is available only when the security type is set to No Authentication.

Your router might offer an AEK/TKIP option; that is, it can let newer equipment use AEK while older equipment uses TKIP. Don’t select this option unless you really do have old equipment that can’t use AES. Making TKIP available under any circumstance opens the security hole. Choose just AES.

An encryption key—The key used to encrypt and decrypt data sent over the network. The different encryption methods use keys of different lengths. Longer (more bits) is better.

For WPA or WPA2 encryption, enter a passphrase: a word or phrase using any eight or more letters or characters—the more the better, up to 63. The passphrase is case sensitive and can contain spaces but must not begin or end with a space. You might use two random words separated by punctuation symbols (for example, something like topiary#clownlike).

For WEP encryption, Windows 10 supports 40-bit and 128-bit security. A 128-bit WEP key must be exactly 26 hexadecimal digits—that is, the numerals 0 through 9 and the letters A through F. It could look something like this: 5e534e503d4e214d7b6758284c. You can Google “Random WEP Key Generator” if you want help coming up with one.

A 40-bit key consists of exactly 10 hexadecimal digits. Windows 10 will let you join an existing 40-bit WEP network but not create a new one.

Some routers and some earlier versions of Windows let you enter a WEP key as a text phrase, but the text method was not standardized and was pretty much guaranteed not to work across brands of wireless routers and access points, so it has been abandoned.

The encryption key should be kept secret because, with it, someone can connect to your network and from there get to your data and your shared files.

Whatever method you use, you might want to write down the passphrase or key on a sticky note and put it on the underside of your wireless router.

A channel number—The channel number selects the frequency used to transmit your network’s data. The channels used in North America are usually 1, 6, and 11. The other channels overlap these and can interfere with each other. For double-bandwidth Wireless-N, the choices are 3 and 11. The preferred channel numbers are different in other countries.

Some wireless routers select a channel automatically. If you must choose one, see the tips under “Getting Maximum Wireless Speed,” later in this chapter.

Why are there so many different security methods? Because thieves, like rust, never sleep, and it seems that as soon as a new, safer method is standardized, someone figures out a way to break it. WEP stands for Wired-Equivalent Privacy, but that turned out to be overly optimistic: A determined person can break WEP security in as little as a minute. WPA (which stands for Wi-Fi Protected Access) uses an improved encrypting scheme and can deter most attacks, but it, too, turns out to be crackable. WPA2 is a further improvement upon that, and it’s the best option we have at present. If you use a complex password, it should deter all but the most determined hackers (and I don’t think it wouldn’t keep the National Security Agency scratching its collective head for too long, if you know what I mean).

Which encryption method should you use to set up your network? On a home or small office network, you’re limited by the least capable of the devices on your network—your weakest link. So, use the strongest encryption method and the longest key that is supported by all the devices and computers on your network. This means that if you have even one computer that doesn’t support WPA2, you must use WPA or WEP, and if you have even one computer that doesn’t support 256-bit keys, you must use a 128-bit key. If you have a router, access point, or network adapter that doesn’t support WPA, it’s worth checking to see whether you can update its internal software (firmware) or drivers to support this stronger encryption method.

You can use a setup program provided by the router’s manufacturer on a CD or DVD. This is usually the quickest and easiest method because the setup program knows exactly how to configure your router. Using high-speed Internet service, the setup program also might be able to set up the router to connect to your Internet service at the same time. (The next two options don’t do that.)

If your router supports Wi-Fi Protected Setup (WPS), you can use the Set Up a Network Wizard provided with Windows 10. If your router has an eight-digit numeric PIN code printed on the bottom, or if it has a pushbutton labeled WPS, you can use this wizard.

You can set it up manually by connecting to the router using a web browser.

We give general instructions for these three setup methods in the following sections. The manufacturer’s instructions will be more detailed.

Whichever method you use, as mentioned in the previous section, you need to select up to five things to set up a wireless network: an SSID (name), security type, encryption type, encryption key, and possibly a channel number. A setup program or the Set Up a Network Wizard in Windows might help you make these selections automatically.

The setup program will typically prompt you for the settings required by the Internet access part of the router, which it uses to connect to your Internet service provider. It will also suggest default settings for the Wi-Fi side of the router, which you may change. As mentioned previously, select WPA2/AES security unless your router or one or more of your computers doesn’t support it.

You should write down the final settings, especially the security key. The setup program will then install the settings in the router. When your computers detect the new wireless network, you can connect to it and type in the security key.

To use the Set Up a Network Wizard, follow these steps:

1. Connect your computer to one of the LAN ports on your wireless router using an Ethernet cable, and then power up the router. Wait 60 seconds or so before proceeding. If Windows asks, “Do you want to allow your PC to be discoverable by PCs and other devices on this network?” select Yes. This tells Windows that you are on a trusted, private network.

2. Click or touch and hold the Network icon in the taskbar, and then select Network & Internet Settings, Status.

Notice that a network name is listed at the top of the window, as shown in Figure 18.10. (In the figure, the name is Ethernet, although if you have previously attached to the same router using a Wi-Fi connection, Windows might display the Wi-Fi network’s name.) If under that it says “Private Network,” proceed to step 3. If it says “Public Network,” click Change Connection Properties and select Private. Then click the window’s back arrow (found in the upper-left corner) twice to get back to the Network & Internet Settings Status page.

3. Scroll down and select Network and Sharing Center. Under Change Your Networking Settings, select Set Up a New Connection or Network. Highlight Set Up a New Network and click Next.

4. Wait for your wireless router to appear in the dialog box. When it does, select it and click Next.

If it doesn’t appear within 90 seconds, it might not be WPS capable, or it might already have been configured. If so, skip ahead to the next section, “Configuring Manually.”

5. Enter the PIN code printed on your router and click Next. If the PIN is not printed, see whether you can get it out of the router. Follow steps 2 through 5 in the section titled “Configuring Manually” to get into the router. See whether any of its setup screens display the WPS PIN. (On one router I tested, I found this under Wireless, Wi-Fi Protected Setup.)

6. Click the arrow next to Change Passphrase, Security Level and Encryption Type. Adjust the network name if you like, as shown in Figure 18.11. You may also change the passphrase if you want.

If not all of your computers support WPA2 security, you can downgrade the security level to WPA or WEP, but we strongly recommend against this. (See the discussion earlier in this chapter under “Wireless Network Setup Choices.”)

When the settings are made, click Next.

7. The wizard will configure the router and eventually display the security key. Write this down and keep a copy of it in a safe place. (If your location is secure, you can write it on a sticky note and attach it to the router itself, being sure not to block any ventilation holes.)

We suggest that you also click Print These Network Settings. If you don’t have a printer set up, select Print as a PDF and save the resulting file in your Documents library.

After you’ve followed these steps, all your computers can attach to the wireless network using the network key that you or the wizard selected.

1. Connect your computer to one of the LAN ports on your wireless router using an Ethernet cable, and then power up the router. Wait 60 seconds or so before proceeding. If you are prompted to turn sharing on or off, turn on sharing.

2. Press Windows Logo+X and select Command Prompt or Windows PowerShell from the pop-up menu, whichever appears. Type the command ipconfig and press Enter.

3. Look for the heading that reads something like “Ethernet Adapter Ethernet,” and under that, look for the Default Gateway setting. It will look like 192.168.0.1 or 192.168.1.1, or something similar.

4. Open a web browser (Edge or Internet Explorer will do), and in the Address bar, type http:// followed by the default gateway numbers (for example, http://192.168.0.1) and press Enter.

5. Log on to the router using its administrative username and password. You’ll have to read the instruction manual or search the Web to find the default password for your router. Often, username admin and password admin or password will work.

You should change the default password as your first step. If you do change it, be sure to write down the new password and store it in a secure place.

6. Use the router’s web page menus to locate the Wireless Configuration page. Enter a network name (SSID), select a security type, and enter a key.

7. Use the appropriate “save settings” button or menu choice, wait 30 seconds, and try to have one of your other computers connect to the router using a wireless adapter, following the instructions under “Joining a Wireless Network” on p. 824.

When other computers can connect successfully, if the computer you used for setup has a wireless adapter, you can disconnect the Ethernet cable. Ethernet connections are faster and more reliable than wireless, though, so use wired connections whenever it’s convenient to do so.

When your computer can connect to the wireless router, you can have the router establish an Internet connection for you.

If you used the manufacturer’s setup program to configure your router, it might have set this up for you already. If you have to set up the Internet side of your router manually, try to follow the manufacturer’s instructions. We can give you only general instructions here.

Routers are usually factory-set to use automatic address assignment (this is called DHCP configuration), so in many cases you can simply plug in the router’s WAN port to your cable or DSL modem, and it will immediately work. It depends on your Internet service, though, and in many instances you must do some setup.

To set up shared Internet service, go to the router’s setup web pages by following steps 2 through 5 in the preceding section, “Configuring Manually.” Locate the router’s wide area network (WAN) or Internet setup web pages. Many routers have a menu option you can select to run an Internet setup wizard; otherwise, you’ll have to set up the connection manually.

In general terms, there are three ways to connect:

If your wireless router’s WAN (Internet) port is connected to a network that already has a full-time Internet connection, choose the router’s “direct connection” option.

If you use cable Internet service, most likely you’ll select the DHCP option. You might have to enter a specific hostname supplied by your cable company. Other cable ISPs key off your network adapter’s MAC address, so you might have to call your ISP to inform it of the router’s MAC address. This is usually printed on the bottom of the router.

If you use DSL service, most likely you’ll select the PPPoE option. You’ll have to enter a username and password.

Your ISP should help you get the Internet connection working, or at least it should provide you with the information you need to get the connection working.

See Chapter 19 for more detailed instructions on connecting your LAN to the Internet.

Microsoft learns about free, unsecured hotspots by monitoring the use of networks to which you and other Windows users successfully connect (which is creepy, but also helpful). When Microsoft sees that several users have made successful high-speed connections to a given network, it disseminates information about that network to other Windows users. If you set up an unsecured Wi-Fi network, Wi-Fi Sense might well assist the general public in using it. (This is, of course, what you’re inviting by setting up an unsecured network.)

The original release of Windows 10 included a way to let your friends use your secured (password-protected) Wi-Fi network, without having to provide them with the password. However, this aspect of the Wi-Fi Sense feature was removed from Windows 10 as of the Anniversary Update released in August 2016. Your Wi-Fi password can no longer be automatically shared with others.

There are other nearby networks using radio channels that overlap your network.

You have older Wireless-G or -B equipment on the same network as -N (perhaps an old laptop or TiVo). Wi-Fi equipment can’t run at full speed when it is also communicating with equipment running older Wi-Fi protocols.

You are using the insecure WEP or WPA security protocol (perhaps because you have older equipment that doesn’t support WPA2) or are using TKIP encryption. The 802.11n specification sets a maximum speed of 54Mbps if WEP, WPA, or TKIP are in use. Higher speeds are permitted by the specification only with WPA2/AES.

Your router is not using the legal maximum transmitting power.

The following sections tell you how to fix these conditions.

To avoid this situation, press Windows Logo+X and select Command Prompt or Windows PowerShell from the pop-up menu, whichever appears. Type netsh wlan show networks mode=bssid and press Enter. This lists each neighboring network, its signal strength (as a percentage of something—what, I don’t know), and its channel. Examine the list, ignoring your own network. Select a channel for your network that doesn’t conflict with at least the strongest of your neighbors’ networks.

In the United States, Canada, and Mexico, if you are using Wireless-G, or a standard 20MHz bandwidth Wireless-N router, try to select from channels 1, 6, and 11 only. Try to pick a channel that’s five channels away from any strong neighboring signals. Also, some cordless phones use the same 2.4GHz radio band as Wi-Fi. You can help prevent this interference by using 900MHz cordless phones.

If you are using a double-rate 40MHz bandwidth 2.4GHz Wireless-N router, use either channel 3 or channel 11. In Europe and elsewhere, find out what channels are recommended in your region.

Set your router to use this channel. Your other wireless devices will automatically catch on within minutes.

You could also repeat this exercise in the 5GHz band if your router supports it. Many more channels are available, there’s much less overlap between them, and not many cordless phones use the 5GHz band. Use a channel several numbers away from any neighboring 5GHz networks.

If you have some equipment that doesn’t support WPA2, you’ll get maximum performance if you set up to use a separate, lower-speed network, as described in the next section.

Use a two-radio (simultaneous dual-band) router. Set up different network names (SSIDs) for the two frequency bands. Set any Wireless-N equipment to use the 5GHz network and all of your -B and -G equipment to use the 2.4GHz network. This requires a two-radio router, however, and 5GHz signals don’t have the same reach as 2.4GHz. (Wireless-AC always uses 5GHz.)

Alternatively, use two routers: one for your high-speed devices and an inexpensive second one for your older gear.

To set up two routers, configure the first Wireless-AC or -N router as your primary wireless network. Choose a clear channel, as described previously, and give it a network name (SSID) like “MyWirelessN.” Set it up with WPA2/AES security.

Configure the other router as an access point. This turns off its routing features and turns it into a simple “repeater” so that devices on the separate wireless networks can communicate directly. (This way you can use Windows file and printer sharing between computers on the different networks.) Most routers can be set up this way; check the instructions. Select a channel that doesn’t conflict with your other router. (For example, in the United States, if your main router is set for channel 1, set this one to channel 6 or 13.) Give it a distinct SSID name, like “MyWirelessG.” Set up WPA2/AES security if the router and your -G and -B devices support it. Position it at least 6 feet away from the other router. Now, just plug in this device’s WAN port to one of your first router’s LAN ports. Have your slower devices connect to this alternative network name. You won’t be able to share files or printers between the two networks.

The rules for the maximum-allowed power are esoteric, and the allowed wattage depends on the frequency band and the efficiency (gain) of the antenna used. For most antennas, in North America the maximum 2.4GHz power is 100mW. If your router came configured with a power setting lower than 60mW, you might bump up the power to 60mW to see if this improves your data speed. It might not. (And for many routers, much more than 60mW could shorten the life of the router and actually degrade the signal.) If increasing the power doesn’t improve your data speed, put it back to the original setting.

Also, while it might seem counterintuitive, in areas where there are a lot of wireless networks, increasing power can actually reduce performance because it makes networks overlap and interfere with each other, and it lets you wander farther from your own base station to areas where you’ll pick up more interference. In an urban or congested area, it can be better to use a few more wireless access points with less power than to try to extend one to a larger area.

If your computer is part of a Windows Server domain network, which is often the case in a corporate setting, skip ahead to “Joining a Windows Domain Network.”

If you have a router, or if one of your computers shares its Internet connection using Windows Internet Connection Sharing, or if you are on a corporate LAN running Windows Server, each computer will be assigned an IP address automatically. They’re doled out by the Dynamic Host Configuration Protocol (DHCP) service that runs on the router or in the sharing computer. This is why we recommend using a router even if you aren’t setting up a shared Internet connection.

By default, Windows sets up new network adapters to receive an address this way. If your network fits into this category, you don’t have to change any settings, and you can just skip ahead to the section “If You Have a Shared Internet Connection.”

Each computer can be given an address manually, which is called a static address as opposed to a dynamic (automatic) one. If you are not going to use a router or a shared Internet connection, you should set up static addressing. We tell you how shortly.

If no static settings are made but no DHCP server exists on the network, Windows will automatically assign IP addresses anyway. Although the network will work, this is not an ideal situation and can slow down Windows. The setup steps shown in the following two sections let you avoid having IP addresses be assigned this way.

If you’re setting up a new computer on an existing network, use whatever scheme the existing computers use; check their settings and follow suit with your new one. Otherwise, use either of the schemes described in the following two sections.

For most home and small office networks, the following static address scheme should work fine:

IP Address—192.168.1.11 for your first computer, 192.168.1.12 for your second computer, 192.168.1.13 for your third, and so on.

We strongly suggest that you keep a list of your computers and the addresses you assign to them.

Subnet Mask—255.255.255.0

Default Gateway—Leave blank

Preferred DNS Server—Leave blank

Alternate DNS Server—Leave blank

Follow these steps on each computer to ensure that the network is set up correctly:

1. Click the Network icon that appears at the right end of the taskbar and select Network & Internet Settings, Status, Change Adapter Options. Right-click the Ethernet or Wireless Connection icon that corresponds to your LAN connection and select Properties.

2. In the Networking tab, scroll to the bottom of the list box and select Internet Protocol Version 4 (TCP/IPv4). Click Properties.

3. In the General tab, change the settings. Figure 18.12 shows an example, but you must use the address values appropriate for your computer and your network. Click OK.

If you will use Windows Internet Connection Sharing, first set up the one computer that will be sharing its connection, as described in Chapter 19, and then set up networking in your other computers.

All the computers, including the one sharing its Internet connection, should have their Ethernet connections set to Obtain an IP Address Automatically and Obtain DNS Server Address Automatically (refer to Figure 18.12).

If you will be using a router, configure the router first, following the manufacturer’s instructions. Enable its DHCP feature. If you can, set the starting DHCP IP address to 100 so that numbers from 2 to 99 can be used for computers with static settings. Also, if your ISP has provided you with a static IP address for your router, be sure to enter your ISP’s DNS server addresses in the router’s setup screens so it can pass them to your computers.

Now that your new network connection is set up, be sure to set the correct file sharing option, as described in the next section. This is a critical part of Windows networking security.

If you have connected to a private network, where you trust all the people using other devices and computers on this network, select Yes. File and printer sharing is enabled, as is Network Discovery, which makes your computer visible to other users and makes their computers visible to you. It’s also possible to join a homegroup, which we discuss shortly.

If you have connected to a public network, say, at an airport, hotel, coffee shop, or someone else’s home or business, or if you have made a direct Ethernet connection to a cable or DSL modem that does not have a router, select No. You don’t want other random computers on the Internet poking into your computer. File and printer sharing and Network Discovery are disabled on this network connection.

If you need to, you can later change this setting manually.

Here’s a good rule of thumb: If you don’t need to use file sharing and printer sharing in a given location, consider the network a public network, and select No. You can always change it later.

To change the sharing (Network Location) setting manually, follow these steps:

1. Touch or click the network icon on the taskbar.

2. Touch or click Properties under the icon labeled with the name of your network connection.

3. Select Public or Private.

To control the file sharing and device discovery functions separately, click the network icon on the taskbar and select Open Network & Internet Settings, Status. Scroll down, and then select Network and Sharing Center, Change Advanced Sharing Settings. Expand the desired profile section (usually Private). You will see individual controls for file and printer sharing and for network discovery there.

If you are part of a Windows domain-type network, your system administrator will give you the information you need to set your computer identification.

If you are setting up your own network without Windows Server, on each of your Windows 10 devices and computers, right-click the Start button or press Windows Logo+X, and then select System. Under Device Specifications, look at the Device Name entry. On previous versions of Windows, press Windows Logo+R, type sysdm.cpl, press Enter, and check the Full Computer Name entry. Does each device have a different name? If so, you’re all set.

If two devices have the same name, you must pick one to change. To rename a Windows 10 PC, click Rename This PC. Enter a new name, click Next, and then click Restart Now and let the computer restart. For earlier versions of Windows, click the Change button. You are asked to select the option that best describes your computer:

This Computer Is Part of a Business Network; I Use It to Connect to Other Computers at Work.

This Is a Home Computer; It’s Not Part of a Business Network.

Which one you choose makes a significant difference. If you choose the “Home Computer” option, click Next, then Finish, as directed. The wizard sets up your computer for peer-to-peer networking with the workgroup name WORKGROUP and then finishes.

If you are on a business network with Windows Server, the rest of the procedure is described under “Joining a Windows Domain Network” later in this chapter.

If your Windows 10 computer is connected to a domain network, your network manager will set up a firewall “profile” that controls security when you are connected to the corporate network. You shouldn’t be able to change these settings. Your network manager will also probably configure another “default” profile to protect you when you are disconnected from the corporate network, such as when you are traveling or using your computer at home.

In this section, we assume that you are managing your own computer and that your network is not protected by a professionally installed firewall, nor have you installed third-party firewall software. As a home or small office user, go through this quick checklist of steps to confirm that your network will function safely:

1. Click the taskbar’s Network icon, and select Network & Internet Settings, Status. Then scroll down and select Windows Firewall.

2. Click the Private Network or Public Network headings, and it should say Firewall is On. If the entry says Off, click the blue word Network and set the Windows Defender Firewall switch to On. Then click the back arrow in the upper-left corner and confirm that the firewall is on for both Private and Public networks.

3. The Private Network profile should be labeled “active” if your network was set up as a private network, as discussed earlier in the chapter.

These are the default settings, but it’s best to check them to be sure.

You can solve this problem in either of two ways:

Use an inexpensive DSL/modem connection-sharing router instead of a switch, and just don’t connect its WAN port to a DSL or cable modem. You can get these used on eBay or Craigslist for just a few dollars.

Assign IP addresses to each of your computers manually, using addresses like 192.168.0.2, 192.168.0.3, and upward. (Skip 192.168.0.1 in case you eventually do add a router.) In each computer, when you assign an IP address using the dialog box shown in Figure 18.12, enter as the gateway address the IP address of one of the other computers on your network. This workaround is clunky, but it works. The other computer must be turned on for your computer to be able to identify the network and enable sharing. When you save the address settings, Windows will ask you whether you want your computer to be discoverable by PCs and other devices on your network. To enable sharing, select Yes.

Setting Up a Homegroup

Windows versions 7 and later include a networking feature called HomeGroup that can make sharing files, folders, printers, and music/video media very easy. A homegroup lets each user decide whether to share specific categories of documents, music, video, printers, and so on, or even specific folders and files. Every user on every computer in the homegroup can see the items, once shared, without worrying about passwords or usernames. It’s all just there, organized, and easy to get to.

HomeGroup networking works by setting up one password that is used to join each computer to the group. Any user on any of the member computers can see any of the group’s shared folders and printers.

Is a homegroup right for you? Consider these points to decide whether to use this feature:

The HomeGroup feature works only with Windows 7 and later. (However, computers running Windows Vista, XP, Mac OS, Linux, and so on can still share with a homegroup and use folders and printers shared by a homegroup, if you take the additional steps discussed under “Using Windows Vista and XP with a Homegroup,” in Chapter 20.)

Within a homegroup, you can’t decide individually which other users can see your shared stuff and which users can’t. Anybody who can use a computer that’s a member of the homegroup can use the content that you decide to share.

What you can control is whether to share your stuff and whether the other users can just view and use your stuff or modify, delete, and add to it.

If you don’t need to control access on a person-by-person basis, a homegroup is definitely a convenient thing to set up. If a homegroup isn’t right for you, skip ahead to the next section, “Alternatives to Using a Homegroup.” Changing your mind later on is easy, so don’t worry too much about this issue.

To set up a new homegroup, log on to one of your Windows 10 computers and perform the following steps:

1. Click the network icon in the taskbar and select Network & Internet Settings, Status. Then scroll down and click HomeGroup.

2. Click Create a Homegroup, and then click Next.

3. Select which types of your content you want to share with everyone else in the homegroup, as shown in Figure 18.13. For each category (Pictures, Documents, Music, and/or Videos, documents), select Shared to let other users see your files. For Printers and Devices, select Shared so that other users can use your computer’s printer. (You can easily change these selections later, as discussed in Chapter 21, “Using a Windows Network.”)

You can select Not Shared for any category of your files that you don’t want other users to see. When you’re satisfied, click Next.

4. Windows will display the HomeGroup password. Jot this down. You’ll need it to join your other Windows 7, 8, 8.1, and 10 computers to the homegroup. Upper- and lowercase matter, by the way. Then click Finish. This will bring you back to the Network & Internet Status page.

If you want to use a different HomeGroup password than the one Windows chose, you can, and now is the time to change it. Click HomeGroup again, and then click Change the Password. Follow the prompts to choose a new password.

5. You or another computer owner can now go to another Windows 10, 8.1, or 8 computer on your network, log on, and repeat this process. This time, instead of Create a Homegroup, you’ll be able to click Join Now to join the existing homegroup.

On a Windows 7 computer, go to the Control Panel. Select Homegroup and Sharing Options and then Join Now.

If you have just created a new homegroup or joined a computer to an existing homegroup, wait a few minutes before shutting down the computer so that Windows can set up sharing on the computer’s folders.

Repeat step 5 with any other Windows 7 through 10 computers that you want to join to the homegroup.

Users on each computer will have to log on and decide which of their materials they want to share with the homegroup. Until they do, their names won’t appear in the HomeGroup listing in File Explorer. We talk about this in the section “Sharing with a Homegroup” in Chapter 21.

If you have OSs other than Windows 7 and later on your network and you don’t need per-user security, you can turn off Password Protected Sharing. To do this, click the network icon at the right end of the taskbar and select Network & Internet Settings, Status, Sharing Options. Scroll down to All Networks and click the down arrow to open the list. Scroll down more and select Turn Off Password Protected Sharing.

This makes any shared folder or printer available to anybody who can connect to your network, with no passwords required at all, so be careful what you share and who you let use your network.

If you have computers running Windows XP, Vista, Mac OS, Linux, or other OSs, read Chapter 20 for more information on sharing with these OSs.

If you need to control in detail which users can use which shared files and folders, leave Password Protected Sharing turned on (which is the same as disabling Simple File Sharing on Windows XP). You will have to set up the same user accounts with the same passwords on each of your computers so that people can access shared folders and printers.

Remember that the ribbon’s tools are activated when you select items in the right-hand pane, not the left. This can be confusing at times.

If your network is up and running and sharing and discovery are enabled, you should see one icon for every computer you’ve connected. Double-click any icon to see what that computer is sharing with the network.

If you set up a homegroup, the Homegroup list will have an entry for each user who has elected to share files. There might be entries for the other users on your own computer, as well as users on other computers. Shared printers should already be listed automatically in your Devices and Printers Control Panel applet, although if you have one or more printers that are not connected via USB cables, you might have to take additional steps to share them.

You’re almost finished. You have just a little more reading to do:

You’ll certainly be connecting to the Internet, and when you do, you risk exposing your network to the entire world. Refer to Chapter 33 to find out what risks you’ll be exposed to and what you can do to protect your LAN. If you use Internet Connection Sharing or a connection-sharing router, you’re in pretty good shape. But in any case, going through Chapter 33 carefully is very important.

Read Chapter 21 to learn how to get the most out of your Windows network.

See Chapter 37 for instructions on enabling remote access to your computer and network.

See Chapter 20 for information about networking with Macs, Unix, Linux, and older versions of Windows, as well as installing advanced networking services.

The name to be given to your computer.

The domain name for your network.

Your domain logon name and password.

Any specific configuration information for the Internet Protocol (TCP/IP). In most cases, it is not necessary to make any changes in the default settings.

The location of the Join Domain button was changed in the Fall 2017 Creator’s Update. Use the following procedure to make your computer a member of your network domain, while connected to the domain’s network:

1. Sign in to Windows with a Computer Administrator account.

2. Click Start, Settings (gear icon), Accounts, Access Work or School, Connect, Join This Device to a Local Active Directory Domain.

3. Enter the Active Directory domain name provided by your administrator (for example, bigcorp.local), and click Next.

4. Enter the network login name and password supplied by your network administrator. Then click Next.

5. The next prompt offers to add an account to the PC. You have two choices:

If you want your domain account to be able to manage hardware, software, and files on your own computer, enter your user account name and set the Account Type to Administrator. Then click Next.

If you want to manage your computer using the original “local” account that you set up when you started using the computer, click Skip.

6. If the network administrator has not yet prepared the domain to accept your computer, you will be prompted for the credentials for an account that has domain administrator privileges. An administrator might have to assist you here.

7. Click Restart Now.

(Alternatively, if you prefer to use the domain join method from previous versions of Windows, press Windows Logo+R, type sysdm.cpl and Enter, and then use the Network ID or Change buttons.)

When your computer has been joined to the domain and restarted, the login process might be slightly changed. If the Welcome screen says, “Press Ctrl+Alt+Del to sign in,” type this key combination. (Hold down the Ctrl and Alt keys, press the Del key, and then release all the keys.)

The first time you sign in, the icon for your original nondomain (“local”) account might still appear. If an icon for your domain account does not appear, select Other User. Then enter the username and password for your domain account. If the correct domain name doesn’t appear, enter your account name in the format domainnameusername.

To sign in using a local account, select Other Account. Under Sign In Options, select the “key” icon, and then select How Do I Sign On to Another Domain? Enter your local account name in the format computernameusername, as shown on the screen.

To sign in using a Microsoft account, select the “box-and-cursor” icon and enter your online account name and password.

If you want to remove the computer’s domain membership entirely and just use the device for personal use, follow these steps to disconnect the device from the domain:

1. Be sure that you know the login name and password of a nondomain Administrator account so that you can manage the computer after it’s been disconnected. If you need to create a new Administrator account, click Start, Settings (gear icon), Accounts, Settings, Accounts, Family & Other People, Add Someone Else to This PC.

If your network administrator has prevented you from adding local accounts, you will need to get her to help do this before you proceed.

2. Click Start, Settings (gear icon), Accounts, Access Work or School.

3. Click the icon labeled Connected To (your domain) AD Domain, and then click Disconnect, Yes.

4. Enter the username and password of the Administrator account that you will use to manage the computer after you disconnect, and then click OK, Restart Now.

After your computer restarts, you can log in using a Microsoft or local account. Documents and other content saved by domain users who had previously logged in will be available to any Administrator user who delves into the folders under C:users using Windows Explorer, so you might want to delete any sensitive information they contain.

Also, if your computer uses BitLocker to encrypt the contents of its disk or flash storage, you should make a copy of your drives’ BitLocker recovery keys on removable media, because now that you are disconnected from the domain, the domain administrator will not be able to reset the BitLocker password for you if you forget it. To back up the recovery key, type the word bitlocker into the taskbar’s search box, and then select Manage BitLocker from the search results. Next to each drive that is listed as having BitLocker turned on, select Back Up Your Recovery Key. (You might need to select the down arrow to the right of the drive name to see this option.) You can save the key to your Microsoft (online) account or to removable media, or you can print it. Alternatively, you can just select Turn BitLocker Off to unencrypt your drive(s).

Bridging is similar to routing, but it’s more appropriate for small LANs because it’s easier to configure and doesn’t require different sets of IP addresses on each network segment. Technically, bridging occurs at the physical level of the network protocol stack. Windows forwards network traffic, including broadcasts and packets of all protocol types received on either adapter, to the other. In effect, it creates one larger network.

To enable bridging in your Windows 10 computer, install and configure two or more network adapters, as described under “Installing Multiple Network Adapters,” earlier in this chapter. However, don’t worry about setting up the Internet Protocol (TCP/IP) parameters for either of the adapters yet. Then do the following:

1. At the right end of the taskbar, click the network icon and select Network & Internet Settings, Status. Then scroll down and select Change Adapter Settings.

2. Select the icons for the network adapters you want to bridge by clicking the first, holding down the Ctrl key, and clicking the second.

3. Right-click one of the now-highlighted icons and select Bridge Connections.

4. A new icon named Network Bridge appears. Select this new icon and, if you want, rename it appropriately—for example, “Ethernet to Powerline Bridge.”

5. Double-click the new Network Bridge icon. Select Internet Protocol (TCP/IP) and configure your computer’s TCP/IP settings. You must do this last because any TCP/IP settings for the original two adapters are lost.

After you’ve created a bridge, your two network adapters function as one and share one IP address, so Microsoft disables the “network properties” of the individual network adapters. You must configure your computer’s network properties with the Network Bridge icon.

Remember that the connection between the two networks depends on the computer with the bridge being powered on.

You can remove the bridge later by right-clicking the Network Bridge icon and clicking Delete.