How many times have you been at the office and wished that you could get a file from your home PC? Unfortunately, driving home usually isn’t an option for network administrators. Unless you live only a few minutes from the office, the commute time just cuts too deeply into your hectic workday. Fortunately, there’s a solution. In this article, I’ll show you some techniques that you can use to remotely access your home PC from the office.
In the past, setting up remote access to a home PC has been too expensive for most administrators. After all, the primary remote access method that most administrators have been trained for involves using a Windows NT Server running the Remote Access Service. A copy of Windows NT Server can be on the pricey side. Fortunately, there are alternatives.
One alternative is to set up a copy of a remote access software package, such as Symantec’s pcAnywhere, at home so that you can dial in to your PC and control it from the office. Doing so may be the easiest method of remote access, but simply running pcAnywhere has its downside. First, you have to buy a copy of pcAnywhere, which can still be a bit pricey, although not nearly as expensive as a copy of Windows NT Server. But the biggest negative in using pcAnywhere for remote access is the performance issue—pcAnywhere is true remote access software. This means that from your terminal at the office, you’ll actually see the screen of your computer at home. In addition to downloading files, you can actually run programs on your home PC. Unfortunately, such power comes at a price. Because you’re seeing the actual screen image from your home PC, all of the information about what’s on the screen has to be transmitted over the modem. Even with a 56-Kbps modem, this results in a very slow computing experience. What makes it worse is that the higher the screen resolution you’re using on your home PC, the more pixel information must be transmitted across the modem. In essence, the higher the screen resolution at home, the worse the remote access performance will be.
There is a happy medium, though. A little-known component in Windows 98 lets you set up a Windows 98 machine as a remote access server. This arrangement works very similarly to the Remote Access Service that comes with Windows NT Server. What makes this service so nice is that although you can’t use it to control your home PC remotely, you can treat your home PC as if it were a network server. For example, you can do things like map network drives and upload and download files. The other nice thing about using this service is that it’s included with Windows 98, so there’s no extra software to buy. All you need is a computer with a modem and a dedicated phone line.
The skinny on Windows 98 as a dial-up server
Although Windows 98 running as a dial-up server functions similarly to a Windows NT Server running Remote Access Service, there are some important differences. After all, Windows NT Server was designed to support entire businesses, while Windows 98 was designed for basic home use. As you can imagine, Windows 98 has much less power than Windows NT Server. Likewise, Microsoft would lose a lot of money if you could do the exact same thing with Windows 98 that you could do with Windows NT Server.
Perhaps the biggest difference between the two is that the Windows NT Server Remote Access Service can be used as a gateway to the underlying network. For example, users can dial in to the remote access server and use the connection as a gateway from which to connect to any other server on the network. Windows 98 offers this capability, but with significant restrictions. Unlike Windows NT, the Windows 98 dial-up services can be used as a gateway only to networks running NetBEUI or IPX/SPX. Because TCP/IP isn’t supported as a gateway protocol, don’t plan on being able to connect to the Internet by dialing into your home PC. You can connect to other PCs on a home network as long as the PC at your office, the dial-up server at home, and the other PCs on the home network that you want to access are all running the same protocol. The protocol in use must be either NetBEUI or IPX/SPX.
In addition to the fact that you can’t use Windows 98 as an IP router, you also can’t use it as a virtual private network (VPN) router. Another important difference is the number of allowed connections. The Windows NT Remote Access Service allows up to 256 remote dial-in connections, while Windows 98 has been limited to a single remote access connection.
Installing a Windows 98 dial-up server
To set up your Windows 98 workstation as a dial-up server, open Control Panel and double-click the Add/Remove Programs icon. When you see the Add/Remove Programs Properties sheet, select the Windows Setup tab. The Windows Setup tab contains a list of available Windows 98 components. Select the Communications option from the list and click the Details button. In the resulting dialog box, select the Dial Up Server check box and click OK twice. Windows 98 will now copy the necessary files from your Windows 98 CD.
Dial-up server security
As you can see, there’s nothing to installing the dial-up server module. But, as you can imagine, after you’ve installed the dial-up server, security becomes a concern. After all, without some security in place, any idiot who owns a computer and who knows your phone number could have unlimited access to your home computer or to your home network.
There are two basic types of security under Windows 98: user-level security and share-level security. Of these two types, user-level security is much more secure. Unfortunately, the reason that it is more secure is that it borrows some of its security infrastructure from a Windows NT Server. Therefore, unless you happen to have a Windows NT Server in your basement, user-level security really isn’t an option.
Share-level security allows you to specify general, rather than user-specific, access to each share point on the machine, such as a folder and its subfolders. Most home computer environments are better suited to using share-level security. When you dial in to your server, Windows 98 prompts you for a password. After you enter the password, you’re connected to the dial-up server. From there, you can use Windows Explorer or My Computer to explore the allowed shares on the remote server.
Setting up share-level security
To set the remote access password, make sure that File And Print Sharing is installed in Control Panel’s Network section. Once you’ve installed File And Print Sharing, go to the Dial-Up Networking folder and select the Dial-Up Server command from the Connections menu. When you see the Dial-Up Server dialog box, select Allow Caller Access and then use the Change Password option to set the password that the remote access server requires the client to enter upon the initial connection. If you want to require the password to be encrypted, click the Server Type button. The Server Type dialog box contains a check box that you can use to make the dial-up server require an encrypted password from the client.
As you browse the remote computer, the directory structure will display only shared directories and the subdirectories beneath them. For example, if you shared the Windows directory, a user with the appropriate access could remotely access all the files in the Windows directory and all the subdirectories beneath it, such as the System directory or the Fonts directory. About a year ago, I had to temporarily set up a dial-up server. During this time, I simply shared the root directory on each drive. This allowed me to have unlimited access to every file on the system by going into a share associated with the root directory of the hard disk that contained the files that I needed to access.
The biggest thing that you need to remember about share-level security is that as you create each share, by default, the share is Read-Only. You can change the share to allow Full access by checking the appropriate radio button, as shown in Figure A.
|Use the Sharing dialog box to set up Read-Only access, Full access, or either, depending on the password.|
As you can see in the figure, you can also set a password to the share point. By doing so, any time dial-up clients try to access the share point, they will be prompted for a password. You can even set one password for Read-Only access and another password for Full control. The level of access that a remote user gets will depend on the password entered.
Watch for overlapping security
When you create share points, you must also remember that the security that you apply is specific to each one. Each share point functions as a separate entity. For example, if you set the Windows directory to allow Full control and the \Windows\System directory to allow Read-Only access, when you browse the remote system, you’d see both share points. If you attempted to directly access the share associated with \Windows\System, you’d only have Read-Only access, as you’d expect. If on the other hand, you went into the share associated with the Windows directory, you’d be able to navigate to the \Windows\System directory and gain Full access to that directory. Therefore, you must be very careful not to overlap shares if you’re trying to restrict a remote user to Read-Only access.
When you need to access a file on your home PC during the course of the workday, having a remote access link can save a lot of time and trouble. In this Daily Drill Down, I’ve discussed two ways to establish remote access for the home PC running Windows 98.
Brien M. Posey is an MCSE who works as a freelance technical writer and as a network engineer for the Department of Defense. If you’d like to contact Brien, send him an e-mail. (Because of the large volume of e-mail he receives, it's impossible for him to respond to every message. However, he does read them all.)The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.