j.,
Thanks for you very kind reply. Ouch! yes I know RTFM.....
more inline below......
At 01:49 12/17/2007 -0800, you wrote:
snip
I am always finding something I did not know, it's a ongoing learning process.
Yes, but at my age the learning gets more difficult and painful as fast as
this stuff changes. Do understand though.
What you need are good books that discuss these topics in context of 2k,
XP, an how XP/2k interact & differ. All of the MS MCSE training books for
each operating system and networking/TCPIP are a good start, so are many
of the XP & 2K administration books by authors like Mark Minasi.
Yes, am waiting for my closet librarian to find/snag the last Minasi book
on w2k. It suddenly got real expensive....or out of print..... :)
snip
No they don't, you have simply lucked out by having created same
username/passowrd on all systems in the past. All "workgroup" machines
maintain their own username/passwords no mater if 2k or XP.
Ah! OK, so all my machines act as independent environments, even though
"they seem" to be part of my LAN. Most strange, still. I've used this
uname/pw method for the last 8 years. OK, never mind. XP is just tighter
in security on a machine-to-machine basis........correct.......?
There is no "workgroup" common user database, they're all stand-alone
systems using the workgroup name to associate with (see) each other but
nothing more.
Got it. DING! And all this time I thought using the default "workgroup" for
w2k or "MSHome" for XP had some big mana for networking. Hmm. OK, I am a fool.
Main difference vs. 2K is that XP comes with Simple File Sharing "feature"
which forces all access to shares on a machine through the machine's
"guest" account, enabled by default. Once SFS is disabled you can access
"machine\share" with any user account from "machine" with rights mapped to
"share" same as 2K.
Yes, I have run into XP's SFS. Had to disable it to get the ESET nod32 sw
to properly update. It seems that nod32 and XP's SFS do not play nice.
Even so, with SFS and the XP firewall disabled, XP is just a pill on my
LAN. Know it is me, and I will fix it.
Just because you have user "bob" on "machine1" and a same name user/pw on
"machine2", both machines in same workgroup, does not mean the user is
literally the same user. If you rename or delete "bob on either system,
then access to that system by "bob" user will fail because he no
longer exists. There is no "workgroup\username" method of security.
OK, I get this, but this does not appear to be an issue. I only have two
users, me and the default administrator (login/pw) account. And all
machines use the same 'credentials', well except for there obvious
different machine names, MAC addys, IPs, etc. I park that stuff in the
TCP/IP realm.
Now in a domain a centralized database of users is created and, rights
permitting, have access to any machine in the domain. So share
"machine1\share" would have "domain\bob" listed for access instead of
"machine1\bob", etc... Rename "bob" to "jim" on the domain controller and
the shares would automatically understand that bob is jim and that any new
user named bob is not the old bob, etc...
Yes, this I get. And, I am starting to see the simple efficiency of this.
snip
No, the workgroup is not a security entity, there is no "workgroup\username"
account.
Got it now. This is where my blind spot is/was. I assumed that all machines
should be in either 'workgroup' or 'mshome' to play nice. My bad. And, more
book time................. :(
Everyone on a standalone machine means all users from that machine's user
database which is not shared with workgroup member machines.
This is the key! Now I do see what my LAN's trouble with XP is. Now I will
hit the books again.
In a domain Everyone CAN mean all domain users or it could mean all users
of a member
machine depending on how it's declared (i.e. domain\everyone vs
machine1\everyone).
Yes, I see this now. Could it really be more complicated? LOL!!!!
snip
Access Control Lists, the list of who & what they can do to a resource. XP
is similar to 2K but if SFS is enabled and/or the xp machine's firewall is
setup to block File & Print Sharing.
Well, ATM, the XP machine's firewall is disabled and SFS in disabled also
(not for this but for other reasons-nod32). OK, Access Control List-ACL.
Got it.
snip
If you create the same name user on all computers with same password, then
all should be well.
I though so too. That is why I did just this, but XP seems to be really
bitchy about it. And, why I started this thread. You have given me a peek
at some of the internal stuff I never though of. Mostly, because I did not
think it was as complicated as it seems to be. OK, I am still somewhat
confused, but I will continue to 'work' with XP on my LAN!
Just like if you used the same username/pw combo to access a bunch of
websites. BUT change the username and/or password one any machine you
would run into problems coming to\from that machine since either username
or password would not match what other machines expect to
hear or to say.
This is why despite all the talk before about not needing domain
controllers, don't do a domain without 2 controllers, etc... I still
recommend a domain over a workgroup, even if it only has one DC, because
of the centralized user database.
Yes, I am now convinced. I do know of that a major local LAN update will
take place. No longer an IF, it is now scribed as 'when.' L8R, gator!
Whew, ok enough of this for now! ;)
I really do appreciate your patience. I see trees and miss the forest way
too often.
Best,
Duncan
