[ Go to August 1997 Table of Contents ]|
Have you ever slapped yourself mentally halfway into your morning commute because you forgot a crucial file or program on your home PC?
I have, and I live 50 miles from my office. With a little help from the local ISP and a charitable internetworking service, this situation doesn't have to happen again. If you make a few modifications to your Windows NT Remote Access Service (RAS) setup, you can actually use the Internet to share files and even printers. This way, you can retrieve those files from home after you get to the office.
If you use Windows NT on a LAN, you probably know about sharing files and printers, and browsing network resources using the Explorer shell. All network objects on your LAN have a unique name in Network Neighborhood, used for providing easy references to network resources. On the Internet, resources are given (sometimes) easily remembered URLs. But these two naming systems are based on different networking components.
You can use WINS (Windows Internet Naming Service) to map a Windows networking computer and share names to a TCP/IP-bound network connection. A WINS server converts numeric IP addresses to standard Windows names for use within the Windows networking interface. If your network has a WINS server, you're in great shape to begin remotely sharing resources through the Internet. But what about those of us not so fortunately equipped? Thanks to a good network neighbor, Tim Hall of Winserve, there is a public-access WINS server available for general use at http://www.winserve.com.
For the purposes of this column, I'll assume you already have RAS installed and configured, and that you have a functional connection to your ISP. If you're new to Windows NT and have only used version 4.0, you may not know that RAS is used to manage dial-up network connections. In Windows NT 4.0, Microsoft followed the Windows 95 convention of referring to the dial-up subsystem as Dial-Up Networking (DUN). Grizzled NT veterans still (and may forever) refer to this system by the older designation-RAS. Even Microsoft didn't put forth a complete effort with respect to the name change; most internal references have retained their RAS identifiers.
You should know that modifications made to a RAS connection configuration have absolutely no effect on any parameters applied to an installed network interface card (NIC). RAS manages all aspects of the connection individually. For this reason, no changes you make to your network protocols can interfere with your network card or LAN access.
I'll show you how to set up your desktop NT Workstation to share files using Windows networking over the Internet through a public access WINS server. Winserve maintains this server on a nonguaranteed 24-hour basis. If your organization has its own WINS server, see your network administrator before proceeding with any network modifications.
First, open the My Computer folder and click on Dial-Up Networking. Select More, then "Edit entry and modem properties." Click on the Server tab. Be sure to select only the TCP/IP check box (don't enable NetBEUI or IPX/SPX). Select both Enable Software Compression and Enable PPP LCP Extensions. Click on the TCP/IP Settings button and select "Server assigned IP address." Select "Specify name server address" and enter the addresses for the Winserve public WINS server as follows:
Primary DNS: (This IP address is provided by your service provider.)
Secondary DNS: (This IP address is provided by your service provider.)
All machines that will be sharing files or printers must use the same WINS server. Otherwise, you have to add an entry for the remote share in the local LMHOSTS file.
After entering the correct DNS and WINS addresses, select "Use IP header compression" and enable "Use default gateway on remote network." Click on OK to exit the Dial-Up Networking configuration and save the modifications.
Finally, open the Control Panel/Network object and verify that the Computer Browser and NetBIOS Interface services have been installed. If one or both are missing, choose Add and install the necessary component. You'll need your Windows NT Workstation CD to add either of these components.
If you participate in a Windows NT domain, you're now ready to set up file and printer shares. If you're not already part of an NT domain, you need to configure your machine to participate in Winserve's public domain.
From Control Panel, double-click on Network, select the Identification tab and make sure your computer name is unique. Remember, hundreds (if not thousands) of other Internet computers will be using the public WINS server for Windows Name resolution. Choosing a popular name will likely result in a name conflict that will prevent WINS from registering your computer and its shares. Next, enter WORKGROUP in the Workgroup field. This is the name of the Winserve public domain.
Click on the Services tab and make sure the Computer Browser and NetBIOS Interface services are installed as described above. Finally, select the Protocols tab and choose Properties. With the TCP/IP configuration tool, enter the following parameters:
IP Address: (Obtain an IP address from a DHCP server.)
DNS: None (These are set within the DNS properties of RAS.)
WINS Address: None (These are set within the WINS properties of RAS.)
Click on OK and save all network parameter changes. At this point Windows NT will tell you that you need to restart your system to invoke all the TCP/IP modifications. Choose Yes, then shut down and reboot.
When returned to the log-on prompt, enter your user name and password as you normally would. Connect to your ISP through the RAS connection, now modified to use WINS. Open the Network Neighborhood folder, and, after allowing time for the master browser to update your folder list (as long as 15 minutes), you will see a list of computers that have made shares available for general access.
Setting up shares for remote access
To access a resource via WINS, you must create a share. These shares may consist of a folder, a drive or a printer. To create a share, select the desired object and right-click to bring up the Sharing menu. Next select Shared As and enter an appropriate share name. You may add a comment that will appear in the Browse list whenever you select the Details option. Then click on the Permissions button and bring up the "Access through share permissions" dialog. Set the appropriate user access.
Once you've configured your other PC to use WINS, you can access its remote shares from anywhere. Simply choose Start/Run and enter the machine name of the remote PC, and you'll be presented with a list of all shared folders and printers on that computer. You can use these objects just as if they were on your LAN. Of course, the response time you get over a 28.8Kb-per-second modem connection will be slower than what you're used to over the LAN. Still, WINS via RAS is worlds better than turning your car around on your morning commute.
Check your security blanket
You should take steps to ensure that your shares remain inaccessible to unauthorized users. Windows networking will hide any share name in the Browse list that ends with a dollar sign ($). Any share you create while using the public WINS server should implement this feature. Even if you haven't joined the Winserve public domain, anyone else on the same server can simply type your computer name on the Start/Run line and receive a list of any nonhidden shares on your system.
You can also hide your machine from users browsing in your domain by making the following Registry entry. Start REGEDT32.EXE and find the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\
You can implement most of the procedures described here on either Windows 95 or Windows NT systems. While Windows 95 computers offer share-level security via a password control, properly configured Windows NT machines offer much better access-control security. For even stronger security measures, drives formatted using NTFS are the best choice for sharing over the Internet. Since Windows NT Workstation offers user-level security on NTFS formatted drives, I recommend sharing only these drives over the public WINS server. That way, only properly validated users can access any of your shared data.
Rick Furnival is an engineer and network administrator with Sullivan, Donahoe & Ingalls of Fredericksburg, Va. Contact Rick care of the editor at the e-mail addresses here.