Re: XP AND 2000

Glad to help! --- Steve

"jeffuk123" <jeffuk123@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C645D289-284C-44B0-8454-ACFE184BFCA5@xxxxxxxxxxxxxxxx
Thanks Steve,

Superbly and clearly explained, many thanks.

"Steven L Umbach" wrote:

Reply inline.

"jeffuk123" <jeffuk123@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:591E035E-469E-4EEB-8ED7-1FB2E1507940@xxxxxxxxxxxxxxxx
Hello to everyone,

This is just a general question really.

I came across a network setup with the following:-

. NT4 Server
. Windows XP machines
. Windows 2000 PC
. Windows 98 Machines

Basically, all PCs except the Windows 2000 machine are on the domain.
The
Windows 2000 PC is on a workgroup, the same name as the domain.

Lets assume, the following:-

. Windows XP machine = XP-A (domain)
. Windows XP machine =XP-B (domain)
. Windows 2000 = 2000-C (workgroup)

My questions really are:-

1. The Windows 2000 PC can see some of the other PCs in 'my network
places'
but not all of them. All other PCs are on a domain. Is this because
some
of
the other PCs are turned off or can this still happen?

Well yes if a computer is turned off it will eventually disappear from
the
browse list. The whole browse list thing is kind of flaky and there
could be other reasons. Use ping and computer IP to establish
connectivity
between computers assumimg a firewall, tcp/ip filtering or ipsec policy
is
not blocking access.


2. Also, all PCs from the XP machines can be seen in 'my network
places'
but
none of them can be pinged!!!

It sounds like the XP Firewalls are enabled, a third pary
firewall/protection application, or an ipsec policy. Using the support
tool
netdiag will show advanced networking configuration including if an
ipsec
policy is enabled. You can use the command netsh firewall show state on
an
XP computer to see firewall status.


3. When XP-A tries to access resources on XP-B in 'my network places'
all
is
fine. When XP-B tries to access resources on XP-A in 'my network
places'
it
throws up a a username and password box. The username is greyed out
with a
guest account.

It sounds like simple file sharing is enabled on XP-A. You can use
Windows
Explorer and look in tools/folder options/view for the last option "use
simple file sharing" to see if it is enabled or not. That would be
unusual
on a domain computer because simple file sharing is disabled when an
XP Pro computer is joined to the domain.


4. Finally, why is it that even when a PC is not on a domain i.e. on a
workgroup, it can still view resources on the domain. I thought the
whole
point of a domain was security etc and authentication. This confuses
me.

"Viewing" in My Network Places is a function of the browse list and used
netbios over tcp/ip and broadcasts. If the computers are on the same
network
then
it is very possible that they all will show up. However seeing does not
necessarily mean access. If users in the workgroup can access shares and
the
files in them
for domain computers then either those workgroup users have a user
account
in the domain, know logon/password of a domain account, or there is very
poor security on the domain computers such as simple file sharing being
used
or the guest account enabled and everyone permissions are granted to
shares
and the folders in the shares. Using an Active Directory domain can
simplify
management of users/groups, security policies, Group Policies, etc but
does
not
guarantee good security. However with some planning it is failry easy to
secure resources in a domain. --- Steve


Many thanks to all who take their time to answer and view my questions,
Jeff







.

Quantcast