Whether you’re getting ready to roll out Windows XP for your users or you just want to get up to speed with it on your own computer, which Windows XP flavor is right for you in terms of networking features? Do you go with the vanilla Home Edition version or spring for the chocolate, nuts, and marshmallow chunks in Professional? The answer isn’t just about money, although with a $100 difference between the two, those extra munchies don’t come cheap. I’ll explain the main differences in networking features between the two versions of Microsoft’s newest operating system to help you decide which one fits your appetite.
No domains at Home
One of the biggest differences for networking features between Windows XP Professional and Windows XP Home Edition is the lack of domain membership support in Home Edition. A Windows XP Professional computer can join a domain and function as a domain member. Domain membership extends the benefits of distributed security to the Windows XP desktop, enabling users to easily access domain resources. It also lets the user share resources with other users and authenticate those users against the domain rather than require individual accounts on the local computer.
By contrast, computers running XP Home Edition cannot be domain members, although they can access resources on a domain member in the same way workgroup members running other Windows platforms can access domain resources. They can connect to and use network file and printer shares, provided they have a valid account in the domain.
One of the biggest drawbacks to the lack of domain support in Home Edition is the corresponding lack of support for group policies. You can configure local policies on a Home Edition computer, but the computer naturally can’t obtain group policies during domain logon because it can’t be a domain member. This means you can’t deploy the operating system with RIS, deploy applications with IntelliMirror, apply change control or restrictions, perform folder redirection, or accomplish any of the other feats of magic made possible by group policies.
Another advantage to using Windows XP Professional is that it defaults to using Kerberos for authentication. Kerberos offers the ability to reuse authentication credentials, providing single-sign-on capability. Although Home Edition provides password caching just like other Windows platforms (although it’s more secure), it doesn’t offer the same level of single-sign-on support provided by Windows XP Professional.
|This chart offers a comparison of Windows XP Pro and XP Home.|
With an increased emphasis on network security, many companies are looking for ways to secure network traffic across the LAN as well as across the WAN. IP Security, or IPSec, provides that means. IPSec lets Windows XP Professional authenticate and encrypt all IP traffic to and from the computer.
IPSec functions at the endpoints of the connection—only the two computers engaged in the secure connection need to support IPSec. Intermediary routers or computers that route the traffic need not support IPSec. For that reason, IPSec is easy to implement in a variety of scenarios, whether the computers are connected across a LAN, WAN, or remote access connection.
IPSec encrypts the IP traffic before it leaves the local computer, securely encapsulating the data to make it secure from sniffing or other compromise. The receiving computer decrypts the data. The result is a completely secure connection over the most public of networks, such as the Internet. Although IPSec might seem more suited to encrypting traffic between routers, it is also an important security mechanism to secure traffic between individual computers. If you need to provide secure connections between client systems or between client and server, and a router-to-router solution isn’t feasible, IPSec could be a major consideration for choosing Professional over Home Edition.
Those of us who have been in the IT community for very long are familiar with remote control applications like pcAnywhere and VNC. In fact, I use VNC and pcAnywhere on a daily basis for remote systems management. I also use them as an alternative to KVM switches for managing systems right in my own office. I like the response speed of pcAnywhere and the price of VNC (free) and its support for UNIX and Macintosh platforms.
Remote Desktop lets you connect to and use a remote computer running Windows XP Professional. Remote Desktop is a bit like a lightweight Terminal Services server, although as with most remote control applications, you can connect only one connection at a time to the remote computer. However, one connection to a client computer is generally all you really need. Remote Desktop works like other remote control applications: It’s similar to sitting in front of the computer, except the performance is slower. The actual speed depends on the available bandwidth between the client and server.
You can use almost any Windows platform as a client to connect to and use a remote Windows XP Professional computer. Windows XP Home Edition includes a Remote Desktop Connection client, but not the server component. In addition, the Windows XP Professional CD includes Remote Desktop client software you can use on any platform.
You might not always have access to a client computer with the Remote Desktop Connection client installed, but that isn’t a problem if you’ve planned ahead. The version of IIS included with Windows XP Professional includes a Remote Desktop Web Connection component—a combination of ActiveX controls and other components that lets remote users initiate a Remote Desktop connection to the computer from a Web browser. The session appears in the browser window rather than in a dedicated Remote Desktop Connection client window. The Remote Desktop Web Connection components don’t have to be installed on the computer to be remotely managed. Instead, you can install the components on a Web server on the same network as the computers to be managed and connect through that one Web server to each of the Windows XP Professional computers on the network that has Remote Desktop enabled. This is a great feature that lets users access their systems from public Internet nodes.
The Offline Files feature in Windows XP originated in Windows 2000 and is carried over to Professional, but not the Home Edition. Offline Files creates a local cache of shared network files and folders, enabling you to continue to work on them even when the shared resource is unavailable—such as when the server is down or the client computer is disconnected from the network.
Offline Files is an excellent way to provide consistent and seamless access to network resources. The feature is nearly transparent to the user, which should mean relatively few support calls. However, you should also implement the Encrypting File System (EFS) if you need to ensure the best possible security.
EFS provides on-the-fly encryption/decryption of NTFS volumes, folders, and files. EFS is included in Windows XP Professional, but not the Home Edition. Encryption is handled by a secondary file system driver and is completely transparent to the user, who doesn’t even need to know that a given folder on his or her computer is encrypted. The driver encrypts and decrypts the data on the fly, and encrypting a folder and its contents is as simple as setting a single attribute for the folder.
Simple File Sharing
Simple File Sharing (SFS) is one feature that confuses a lot of people who are new to Windows XP. SFS makes sharing pretty much a one-click operation and doesn’t require that the user know anything about permissions. However, SFS causes all remote access to the computer to be authenticated against the local Guest account. While this provides easy sharing for users, it also offers little in the way of granular control over access to resources. You can’t grant read-only access to one user or group and grant change permission to another because they are all authenticating against the same account. SFS is enabled by default for Windows XP Professional computers in a workgroup but is disabled for domain members.
With SFS enabled, the Security tab of a folder’s property sheet is hidden, making it rather difficult to set ACLs on the folder. You can turn off SFS on a Windows XP Professional computer to make the computer act just like Windows 2000 in terms of sharing. Windows XP then lets you configure ACLs on the folder and apply restrictions on a per-user or per-group basis. However, Home Edition doesn’t provide a way to turn off SFS. Instead, you have to boot the computer in Safe Mode to access a folder’s Security tab. While this gives advanced users a way to control sharing, it’s hardly a user-friendly approach to controlling file system access.
Windows XP Professional includes a stripped-down version of Internet Information Services (IIS), enabling a Windows XP Professional computer to host one Web and one FTP site on the computer. Home Edition doesn’t include IIS.
The management interface is the same for IIS as that on Windows 2000. Like IIS on Windows 2000 Professional, Windows XP Professional is limited to 10 concurrent connections. This makes IIS a good choice for sharing printers that make use of the Internet Printing Protocol (IPP) and provides resources to other computers on the LAN when the traditional resource-sharing methods aren’t ideal. It also lets users host and control their own personal Web sites. Plus, there is nothing to stop a Windows XP Professional computer from acting as a public Internet server in situations where the 10-connection limit isn’t a factor. For example, you might use Windows XP Professional as an inexpensive staging server to test Web sites prior to publishing to the final target server.
IIS also includes the SMTP service to allow the computer to act as an SMTP server. The SMTP service accepts incoming connections as well as outgoing connections, but it is intended more as an SMTP relay service than a full-blown e-mail server. The service doesn’t provide mailboxes but does support a drop folder for incoming messages not forwarded to another server. While you could write an application to pull messages from the drop folder, it isn’t worth the effort considering the minimal cost of the many third-party e-mail servers that run on Windows XP. So the SMTP service is useful mainly as an outgoing e-mail server for messages generated by forms or scripts on the local computer. It’s also useful for users who need to send outgoing messages for accounts hosted on remote servers that don’t allow mail relay from the user’s network.
What they have in common
Both Professional and Home Edition support some new features that simplify networking and add capabilities. For example, both let you bridge network interfaces, which can be handy in a home or small office network where you need to connect two disparate networks, such as a new wireless segment and an existing wired segment. Both also let you maintain an alternate TCP/IP configuration for a network interface. This is great for users who have one configuration for the notebook at the office and a different configuration for it at home.
New wireless technologies are supported by both versions for easy setup and configuration of wireless devices. Another commonality is the lack of NetBEUI. Although NetBEUI is included on the Windows XP CD, Setup no longer lists it as an available protocol. Instead, you have to click Have Disk and browse to the CD to install it.
So which one is right for my company?
What’s the bottom line? If you need domain membership and group policy, improved security through IPSec or EFS, or granular protection of shared folders, Windows XP Professional is the solution. If not, you can take advantage of the other new features and streamlined interface provided by Home Edition. At a difference of $100 a seat, you might save a bundle on your next deployment.
XP Home or XP Pro?
Which of these versions will you roll out? Did this article help you with your decision? Send us some mail or post a comment.