10 things you should know about connecting Macintosh OS X systems to Windows networks

Thanks to improvements within Apple's OS X operating system, admins face fewer headaches when they need to connect Macs to Windows networks. But there are still some issues to deal with, like enabling File Sharing and creating Windows user accounts on the Macs, configuring printer sharing, and working with File Services For Macintosh.

This article is also available as a PDF download.

Macintosh systems are again appearing on business networks. Unlike older Macintosh operating systems, when complex AppleTalk configuration and additional Windows network services may have had to be installed, adding Apple Macintosh OS X systems to Windows networks is fairly straightforward.

Still, a few catches remain, and configuring Windows domain or even workgroup membership often requires some fundamental tweaks. Here are 10 key aspects of connecting Macintosh OS X systems to Windows networks.

#1: Windows Sharing must be enabled on the Mac

When adding Macintosh OS X systems to Windows networks, Windows Sharing must be enabled on the Macintosh PCs. Otherwise, Windows systems will be unable to access resources hosted on the Macintosh systems.

To enable Windows Sharing on a Macintosh, open System Preferences and select Sharing from within the Internet & Network section. Then, select the Windows Sharing check box, as shown in Figure A.

Figure A

When you enable Windows Sharing on the Macintosh, OS X reveals that Windows users can access the Mac at the IP address listed.

#2: The Mac's default workgroup name may require changing

If you're connecting Macintosh OS X computers to a Windows workgroup, there's a chance the two won't play well together. The reason is that Windows systems sometimes feature different workgroup names. For example, many Windows systems default to using the MSHome or Workgroup workgroup name. Often, the default workgroups are changed by administrators, too, thus requiring changes to Apple's default workgroup name.

To configure a Macintosh OS X system's workgroup name to match Windows', navigate to the Applications folder within the Mac's Finder, open the Utilities folder, and double-click Directory Access. Click the lock and supply the Mac's Administrator password to enable changes. Select the SMB/CIFS entry (Figure B) and click the Configure button. In the resulting Directory Access window, supply the workgroup name you want the Macintosh system to use and click OK.

Figure B

The SMB/CIFS entry is used to configure workgroup names on Mac OS X systems.

#3: Windows user accounts must be created on the Mac

Before users can get to the resources on the Macintosh, you need to create local accounts for them on the system possessing those resources. To create accounts for Windows users on the Macintosh, open System Preferences on the Apple system and click Accounts from within the System section.

Again, you'll need to click on the lock and provide an Administrator name and password to enable changes. Once you've supplied the appropriate credentials, click the plus sign to create new user accounts. Windows users will need to enter these usernames and corresponding passwords (as described in the next item) to access resources on the Macintosh PC.

#4: Mac resources can be accessed using multiple methods

Once a Macintosh system is configured to share resources and the appropriate user accounts have been created, Windows users can access the Mac's resources. Several methods are available.

Windows users can try using the Add A Network Place Wizard (reached by clicking

Add A Network Place
from the Network Tasks pane within My Network Places). Often, a better method that works with great consistency is to open My Network Places, Windows Explorer, or Internet Explorer and type the Apple's IP address followed by a valid user account.

Use the following format to connect to an Apple system possessing an IP address of using the Administrator user account:


The Mac will prompt the Windows user for a valid account username and password. Once supplied, the Macintosh's shared resources will appear within the Windows window.

#5: The Mac's Print & Fax applet enables printing to Windows-hosted printers

Use the Apple's Print & Fax console (Figure C) to configure Macintosh systems to share their printers with Windows PCs. The Print & Fax menu is housed within the Mac's System Preferences (beneath Hardware) application.

Figure C

Sharing Mac printers is relatively straightforward; just select the check boxes for the printers you wish to share.

To enable Windows users to print to a printer installed on the Macintosh system, simply click the Sharing button and select the check boxes for the printers you want to share. You can also enable Windows users to send faxes through the Macintosh by clicking the Let Others Send Faxes Through This Computer check box.

Although you'll usually still need to load the respective print drivers on the Windows systems, triggering these shares opens the communications pathways to enable printing between the two operating systems.

#6: File Services For Macintosh must be installed on SBS servers when OS 9 is present

When moving to Windows Small Business Server-powered domain environments, administration becomes a little more complicated. Configuration is especially complicated when pre-OS X operating systems are still in use.

If Apple's OS 9 systems must be supported, File Services For Macintosh should be enabled on the Small Business Server. Open Add/Remove Windows Components within Control Panel and enable File Services For Macintosh from within Other Network File And Print Services (by clicking the Details button).

#7: File Services For Macintosh requires the Microsoft UAM

To connect using File Services For Macintosh, Microsoft's User Authentication Module, known as the UAM, must be installed on each Apple system. Administrators of both OS 9 and OS X systems can obtain the UAM by downloading it from Microsoft's Web site.

OS X administrators can install the UAM using the accompanying .pkg installer. OS 9 administrators, meanwhile, must copy the MS UAM 5.0 file from the subsequent (upon download) MSUAM_for_Classic folder to the AppleShare folder within the Mac's System Folder.

#8: File Services For Macintosh requires re-creating Windows shares

Enabling File Services For Macintosh requires that existing Windows shares be re-created. Windows administrators can use the Windows Manage application to access Shared Folders and re-create the shares. Existing folders or data need not be re-created.

When re-creating the shares for use by Macintosh clients, use the Share A Folder Wizard, which is triggered by right-clicking Shares (within the Shared Folders console) and clicking New Share. Be sure to select the Apple Macintosh Users check box on the Name, Description, and Settings screen (Figure D) for each share you re-create. Then, finish the Share A Folder Wizard by assigning appropriate permissions to the share.

Figure D

When recreating shares, select the Apple Macintosh Users check box and enter a name for the new share.

#9: OS X 10.3 and later can join SBS networks using Samba

An alternative, and simplified, connection method is available if only Macintosh OS X 10.3 and newer systems are joining the Windows server domain. In such cases, you can leverage native Windows SMB connection methods to access Windows resources using Apple PCs.

However, before you can use Samba--which typically provides faster network performance than File Services For Macintosh--to connect Macs to a Windows SBS 2003 box, you must change the server's Default Domain Policy. Specifically, you'll need to adjust SMB signing policies.

The requirement can be met by creating a new GPO (as opposed to editing the Default Domain Policy). The new GPO must disable the Microsoft Network Server: Digitally Sign Communications (Always) setting. Once you've created the new GPO disabling SMB signing, don't forget to apply it by opening a command window and entering gpupdate /force.

#10: SBS .local domains may require DNS updates on the Mac

Because older (OS X 10.3 and earlier) Apple OS X operating systems encounter DNS issues when deployed on SBS domains possessing a .local internal domain name, systems using OS X 10.3 and earlier must make extensive DNS changes to leverage Samba. Older Mac operating systems use Apple's Rendezvous, which makes use of multicast DNS services within its own .local internal domain. Hence the conflict.

Instead of configuring new DNS settings on each of the Macintosh systems and enabling separate unicast resolution for each, the most expedient solution is probably to upgrade to OS 10.4 (if only a few Macs are in use) or drop back to using File Services For Macintosh (if numerous Macs are in use and no network latency issues result).