Windows includes a number of technologies that make it easy to connect and share resources on the network. In this video, you’ll learn about workgroups, domains, remote desktop, proxies, and network shares.
<< Previous Video: Windows HomegroupNext: Establishing Windows Network Connections >>
In Microsoft Windows you can organize groups of computers in a couple of different ways. The easiest way is with something built into Windows called Workgroups. This is designed for small departments in small organizations that don’t require any type of centralized management. You might have a Workgroup for the accounting department. You might have another Workgroup for shipping and receiving.
The challenge is that this is a completely non-centralized method of organizing people’s user access to resources, their usernames and passwords. Every single computer has its own separate list of users, and its own separate list of passwords for those users. Nothing is centralized. If you wanted to remove someone’s access from all of these resources, you would have to go to everybody’s computer where those resources happen to reside.
So because of that, we don’t tend to see Workgroups in smaller to large types of environments. This is really for something that is a single group of people in a very, very small workplace. When you hit that point where it becomes difficult to manage all of these resources on all of these different computers, then you may want to centralize all of that management into something called a Windows Domain.
This requires that you have a specialized server called an Active Directory server on your network, and that Active Directory server is where everything is going to be centralize– your user authentication, your resource allocation. You can even control what different computers are able to do on the network all from this central place. You don’t have to visit everybody’s individual computer to be able to control those. So it’s perfect for those larger environments, especially, where you have one IT person who needs to manage everybody’s computer all from one place.
If you’d like to see how your device is configured, you can go to your control panel. If you look in the System area, you will see the computer Name Domain and Workgroup settings for your computer. And then you can decide if you like to move to a different Workgroup, or if you would like to join or remove yourself from a Windows Domain.
Windows Vista and Windows 7 introduced the concept of network locations. This is a way for Windows to automatically determine where you might be connected, and it reconfigures its security settings to allow or disallow access to your computer depending on where you happen to be.
For instance, if you’re at home, you might want to provide open access to your computer. You might have many devices at home you may want to share movies, you may want to share pictures, and you don’t want to restrict anybody’s access to your computer. So you would tell Windows that you were on the Home Network.
There’s another built-in network location called the Work Network where you can see all of the other devices on your network, and they can see you. But you can’t decide to join a Workgroup, which would open up a lot of resources available on your computer. So it’s a little more restricted from a sharing of information that requires that you perform some extra steps, but it still allows people access to the resources on your computer.
The third type of network location is called the Pubic Network. If you grab your laptop and you go to a hotel, or an airport, or a coffee shop, then you will be on the Public Network. When Windows determines that you are on a Public Network, or you’ve configured the link that you’re on to be a Public Network, then you become invisible from anybody else on the network. They can’t access your computer. They can’t log on and use resources on your computer.
So it sets those security requirements a little bit tighter, depending on where you happen to be. And once you set that this network is where you are, when you move back and forth from your Public Network, you come back into work and you plug-in, Windows automatically recognizes this. And it configures all of your security settings, so that you don’t have to remember when you leave, or when you return, to reconfigure all of those network settings. That way you can pick up your machine, move to the coffee shop, and not even have to worry about any security issues on your system.
If you’re a network administrator, you’ve probably used remote desktop quite a bit. Remote desktop is a great utility that allows you to take control and see the screen of a computer that’s located somewhere else in the world. Obviously, this can be really useful. You don’t have to get up from your desk, go to another part of your building, or even worse, go to another location or fly somewhere, just to manage those devices. This device just needs to be on the network.
It could be in another city, another state, another country. It doesn’t matter. So there’s some great advantages here from an administration perspective. If you’re the one who’s going to be providing these remote desktop services, you have to make sure that the firewall on your computer, and the firewall that’s in front of your internet connection will allow that inbound connection, so that somebody can connect to your machine and manage those resources.
Obviously, this is a huge time saver. So if you’re someone who needs to manage a lot of different computers, you might want to be sure that you’re able to access those through remote desktop. In many large environments, you don’t have direct access to the internet. Instead, there is a proxy that sits between you and the internet connections. When you want to communicate with Google, you actually communicate to a proxy, the proxy then communicates to Google. It receives the answer, and then it provides the answer back to you.
This type of go between, obviously, adds some security advantages. So it makes a lot of sense for some organizations to make sure that your machine access is the proxy instead of accessing those websites directly. If you look in your control panel, you’ll find Internet Properties. And in the Internet Properties is a Connections tab that will provide you with a list of the local area network settings. And you can see inside of there is a setting for Proxy server.
This can be automatically configured through the DHCP process at your environment, or you may have to manually configure this information, and that’s where you would add that. You would add an address to the proxy server. The port number that you would be communicating that on, and from that point forward, your browser would use that setting to talk to the internet.
So even though you’re typing in google.com, this configuration understands there’s a proxy, I’m going to talk to that device instead. And so that’s all done automatically behind the scenes. Proxies are a useful security tool, but they don’t work for every application you happen to be using. In fact, if you’re talking to devices inside of your network, you may not want to talk to a proxy. That’s an extra step in between, and you, generally, might trust all of the computers that are inside of your network.
So you do have an option within these proxy settings to set up exceptions. You can build out for instance a bypass of the proxy server if you’re communicating to devices that are on your local network. That way you can access those servers and not worry that the applications or resources you’re using have to hop through yet another server just to gain access to those.
One of the advantages of being on a network is allowing people to have access to the resources that might be on your computer. You might have particular files that you would like to share, or you might have printers that are plugged into your computer, and you’d like anybody on the network to be able to print to your printer.
We provide this sharing capability through a Windows technology called in-network share. We simply define a resource on our computer to be shared, and Windows makes sure that other people are able to access it. You would, generally, map a drive letter to this network share in your Windows Explorer if you need to access a folder or files that might be on another computer.
So you can define drive O, drive S, drive R to this particular resource, and simply access it through that drive letter, ignoring that in the middle there’s a big network between you and that resource. That makes it a lot easier to access that piece. If you ever look at the shares available on your computer– if you go to your Computer Management, there’s a Shared Folders option that shows you all the shares, you’ll notice there’s a number of default shares that are already configured.
For instance, there’s an admin dollar sign that is sharing the Windows folder. Because that ends in a dollar sign, it is hidden by anybody else on the network. This is not a security feature. It’s really to prevent a lot of these administrative shares from cluttering up the screen when you start browsing around the people’s computer.
You still need the proper username and password to be able to access those shares, whether they are visible, or whether you’ve hidden them with that dollar sign. To get more information about shares on your computer, you can go to the Control Panel under Administrative Tools, pull up this Computer Management screen.
There’s a whole section for shared folders that will show you the shares, any sessions that may be open to those shares, and you can see files that may be in use at this time. That way, if you need to power down your computer or change your network connection, you can check to see if you might be interrupting somebody who might be accessing a file or a resource that’s on your computer.