Windows

10 things you should know about connecting Macintosh OS X systems to Windows networks

Thanks to improvements within Apple's OS X operating system, admins face fewer headaches when they need to connect Macs to Windows networks. But there are still some issues to deal with, like enabling File Sharing and creating Windows user accounts on the Macs, configuring printer sharing, and working with File Services For Macintosh.

This article is also available as a PDF download.

Macintosh systems are again appearing on business networks. Unlike older Macintosh operating systems, when complex AppleTalk configuration and additional Windows network services may have had to be installed, adding Apple Macintosh OS X systems to Windows networks is fairly straightforward.

Still, a few catches remain, and configuring Windows domain or even workgroup membership often requires some fundamental tweaks. Here are 10 key aspects of connecting Macintosh OS X systems to Windows networks.

#1: Windows Sharing must be enabled on the Mac

When adding Macintosh OS X systems to Windows networks, Windows Sharing must be enabled on the Macintosh PCs. Otherwise, Windows systems will be unable to access resources hosted on the Macintosh systems.

To enable Windows Sharing on a Macintosh, open System Preferences and select Sharing from within the Internet & Network section. Then, select the Windows Sharing check box, as shown in Figure A.

Figure A

When you enable Windows Sharing on the Macintosh, OS X reveals that Windows users can access the Mac at the IP address listed.

#2: The Mac's default workgroup name may require changing

If you're connecting Macintosh OS X computers to a Windows workgroup, there's a chance the two won't play well together. The reason is that Windows systems sometimes feature different workgroup names. For example, many Windows systems default to using the MSHome or Workgroup workgroup name. Often, the default workgroups are changed by administrators, too, thus requiring changes to Apple's default workgroup name.

To configure a Macintosh OS X system's workgroup name to match Windows', navigate to the Applications folder within the Mac's Finder, open the Utilities folder, and double-click Directory Access. Click the lock and supply the Mac's Administrator password to enable changes. Select the SMB/CIFS entry (Figure B) and click the Configure button. In the resulting Directory Access window, supply the workgroup name you want the Macintosh system to use and click OK.

Figure B

The SMB/CIFS entry is used to configure workgroup names on Mac OS X systems.

#3: Windows user accounts must be created on the Mac

Before users can get to the resources on the Macintosh, you need to create local accounts for them on the system possessing those resources. To create accounts for Windows users on the Macintosh, open System Preferences on the Apple system and click Accounts from within the System section.

Again, you'll need to click on the lock and provide an Administrator name and password to enable changes. Once you've supplied the appropriate credentials, click the plus sign to create new user accounts. Windows users will need to enter these usernames and corresponding passwords (as described in the next item) to access resources on the Macintosh PC.

#4: Mac resources can be accessed using multiple methods

Once a Macintosh system is configured to share resources and the appropriate user accounts have been created, Windows users can access the Mac's resources. Several methods are available.

Windows users can try using the Add A Network Place Wizard (reached by clicking Add A Network Place from the Network Tasks pane within My Network Places). Often, a better method that works with great consistency is to open My Network Places, Windows Explorer, or Internet Explorer and type the Apple's IP address followed by a valid user account.

Use the following format to connect to an Apple system possessing an IP address of 10.0.0.2 using the Administrator user account:

\\10.0.0.2\Administrator

The Mac will prompt the Windows user for a valid account username and password. Once supplied, the Macintosh's shared resources will appear within the Windows window.

#5: The Mac's Print & Fax applet enables printing to Windows-hosted printers

Use the Apple's Print & Fax console (Figure C) to configure Macintosh systems to share their printers with Windows PCs. The Print & Fax menu is housed within the Mac's System Preferences (beneath Hardware) application.

Figure C

Sharing Mac printers is relatively straightforward; just select the check boxes for the printers you wish to share.

To enable Windows users to print to a printer installed on the Macintosh system, simply click the Sharing button and select the check boxes for the printers you want to share. You can also enable Windows users to send faxes through the Macintosh by clicking the Let Others Send Faxes Through This Computer check box.

Although you'll usually still need to load the respective print drivers on the Windows systems, triggering these shares opens the communications pathways to enable printing between the two operating systems.

#6: File Services For Macintosh must be installed on SBS servers when OS 9 is present

When moving to Windows Small Business Server-powered domain environments, administration becomes a little more complicated. Configuration is especially complicated when pre-OS X operating systems are still in use.

If Apple's OS 9 systems must be supported, File Services For Macintosh should be enabled on the Small Business Server. Open Add/Remove Windows Components within Control Panel and enable File Services For Macintosh from within Other Network File And Print Services (by clicking the Details button).

#7: File Services For Macintosh requires the Microsoft UAM

To connect using File Services For Macintosh, Microsoft's User Authentication Module, known as the UAM, must be installed on each Apple system. Administrators of both OS 9 and OS X systems can obtain the UAM by downloading it from Microsoft's Web site.

OS X administrators can install the UAM using the accompanying .pkg installer. OS 9 administrators, meanwhile, must copy the MS UAM 5.0 file from the subsequent (upon download) MSUAM_for_Classic folder to the AppleShare folder within the Mac's System Folder.

#8: File Services For Macintosh requires re-creating Windows shares

Enabling File Services For Macintosh requires that existing Windows shares be re-created. Windows administrators can use the Windows Manage application to access Shared Folders and re-create the shares. Existing folders or data need not be re-created.

When re-creating the shares for use by Macintosh clients, use the Share A Folder Wizard, which is triggered by right-clicking Shares (within the Shared Folders console) and clicking New Share. Be sure to select the Apple Macintosh Users check box on the Name, Description, and Settings screen (Figure D) for each share you re-create. Then, finish the Share A Folder Wizard by assigning appropriate permissions to the share.

Figure D

When recreating shares, select the Apple Macintosh Users check box and enter a name for the new share.

#9: OS X 10.3 and later can join SBS networks using Samba

An alternative, and simplified, connection method is available if only Macintosh OS X 10.3 and newer systems are joining the Windows server domain. In such cases, you can leverage native Windows SMB connection methods to access Windows resources using Apple PCs.

However, before you can use Samba--which typically provides faster network performance than File Services For Macintosh--to connect Macs to a Windows SBS 2003 box, you must change the server's Default Domain Policy. Specifically, you'll need to adjust SMB signing policies.

The requirement can be met by creating a new GPO (as opposed to editing the Default Domain Policy). The new GPO must disable the Microsoft Network Server: Digitally Sign Communications (Always) setting. Once you've created the new GPO disabling SMB signing, don't forget to apply it by opening a command window and entering gpupdate /force.

#10: SBS .local domains may require DNS updates on the Mac

Because older (OS X 10.3 and earlier) Apple OS X operating systems encounter DNS issues when deployed on SBS domains possessing a .local internal domain name, systems using OS X 10.3 and earlier must make extensive DNS changes to leverage Samba. Older Mac operating systems use Apple's Rendezvous, which makes use of multicast DNS services within its own .local internal domain. Hence the conflict.

Instead of configuring new DNS settings on each of the Macintosh systems and enabling separate unicast resolution for each, the most expedient solution is probably to upgrade to OS 10.4 (if only a few Macs are in use) or drop back to using File Services For Macintosh (if numerous Macs are in use and no network latency issues result).

18 comments
sactokings03
sactokings03

has anyone here tried to configure Mac Mail to Exchange 2003?

audrieau
audrieau

I want to connect my Mac in to ghet the Internet network from my router which s connected to one of my PCs. I have entered all the proper protocol data and it is just not connecting. Any help?

meulixo
meulixo

I followed all the steps, but my PC still cannot find my Mac! Any help on this matter would be very much appreciated.

scrapmepls
scrapmepls

how do u remove the workgroup created... if u mistakenly enter the password of the mac in the pc, u can view all the mac data! how do u undo this

webmaster
webmaster

I have a problem. My macs on a PC network has an XServe that they are able to store files on. Whenever a user places a file or creates a folder that file/folder is owned by them and no other user has read/write, only write only. How can I change it so we don't have to change permissions for every file/folder placed on the xServe?

mlambert
mlambert

At work our OSX machines are networked to a windows server and we use a lot of images(newspaper), when viewing a folder on the server it takes ages for OSX to create the previews and slows down our workflow. Any fix for this? OSX 10.4

JodyGilbert
JodyGilbert

Have you been successful at connecting Mac OS X systems to a Windows network? What obstacles have you encountered in the process?

ttf3289
ttf3289

When linked to my work VPN (Windows) using the OS VPN and MS RDC for OS X, lof on completes successfully and desktop connection is successful .. for an indeterminate period of time. Sometimes a couple of minutes, sometimes a couple of hours, and anything in between. The result is that I am unable to use my MAC to work from home which is a large bummer. Anybody?

chrisb
chrisb

I highly suggest anyone having to integrate Macs into a Windows domain pickup: Apple Training Series: Mac OS X System Administration Reference, Volume 1, available on amazon. It covers directory services, including integration with Open Directory (apple) LDAPv3 (standard *nix) and Active Directory. Also, the work around for macs on a network that uses .local domains from the windows side (and as a side note, Apple followed the spec for ZeroConf which uses .local for multicast DNS, MS acknowledges this when you setup your AD system stating you will have problems with .local and macs). The trick is to enter in a .local search domain in each of your macs network preferences, as this will have Lookupd check with DNS first before checking MDNS.

blue-knight
blue-knight

Mac can not support reasonable windows workgroup names. Thre have been some issues such as can not handle a space in a name. For example "Public Affairs" can not be entered into a mac as a workgroup name.

hschoenman
hschoenman

I've had no problem sharing hard drive or printer resources in both directions from/to an iMac with OS 10.3 and a Windows XP PC over a peer network (workgroup). One area where I have a problem is sharing Mac peripherals other than the primary hard drive or printers, specifically the Mac DVD drive with the PC. I could not get it to work.

p.j.hutchison
p.j.hutchison

At work we have Macs connected to our Windows domain. although you need high speed links to DCs to ensure they stay connected. Our biggest problem is our SAN. We do not use individual shares for people's home folders, we use a general share and then a folder underneath. Also, it would be nice to find a way to automatically create a virtual drive or shortcut to the home folder without having to map via the menus. Any ideas?

joris.debeer
joris.debeer

If you put a symbolic link to the /Volumes folder in your / Users/YOURNAME/Public folder than peripherals such as CD- ROMs and Firewire drives will be available as shares. See this hint on MacOSXHints.com: http://www.macosxhints.com/article.php? story=20060420105632844

rolo007
rolo007

We have about 7 or 8 Macs on our network as well, and out of all the products that we tested we found that http://www.thursby.com/products/admitmac-eval.html to be the best solution for our needs. It allows you to join Macs to AD and somewhat resemble behavior that of a pc on the Macs, it even allows for some scripting for logon mounts, printers, etc. Windows share (cifs/smb) permissions are respected for the most part unless you have funky settings traversing different directories, but I would do some testing before implementing, since SANs tend to behave different. Let me know if you want me to send you more info on how we do things here. Have fun, Rolo Clavero

damien_girard
damien_girard

Thanks for the suggestion - but yes, my external hd is much larger than the space I have left on my internal hd. However, I did find a shareware program called 'sharepoints' that helped with the issue, but now I have a bunch of other issues regarding security & passwords : (

hschoenman
hschoenman

You would think an external hard drive would work but I don't think the Max, i.e. OS X, shares anything but the primary HD and printers. What I wound up doing was copying the contents of the DVD to the Mac's HD and then I was able to see it and assign a drive letter to it. If your external HD has more on it than the free space on the Mac HD, then I'm at a loss as to what you could do.

damien_girard
damien_girard

I need to do something similar as the DVD issue here; I need to access an external firewire drive that is connected to my Mac, from a PC. I get to the Mac home folder, and all the Mac printers from the PC, but I can not see the external drive. I checked out the MACOSXHINTS page that was linked, but it wasn't clear.

Editor's Picks