SolutionBase: Understanding Windows XP Professional networking

Get up to speed on important network configuration differences between Windows 2000 and Windows XP.

I've had several friends tell me they're making the upgrade from Windows 2000 Professional (Win2K Pro) to Windows XP Professional (XP Pro). The first couple of times someone told me this, it seemed a little strange because XP has been out for a few years. If you stop and think about it, though, upgrading today makes sense. Win2K Pro is about five years old. XP, on the other hand, is practically a brand-new operating system because of the long-awaited Service Pack 2. Since so many people are now making the switch to XP, it's time to take a close look at how networking differs between the two venerable operating systems.

Subtle differences

There are subtle differences between the way you access the various networking components in XP and the way you access those same components in Win2K Pro. However, even with the subtle differences, if you're proficient in Win2K Pro networking, you should have no trouble finding your way around in XP. Therefore, rather than telling you all about which icons have moved or which options have been renamed, I'll focus on the new networking features that might not be completely familiar to you. In the sections below, I'll provide an overview of each new networking-related feature.

The Windows XP firewall

If you wanted a personal firewall in Win2K Pro, you had to rely on third-party software. XP, however, offers its own personal firewall—perhaps the most drastic change in the way networking is handled. Originally, it was up to the end user or the system administrator to enable the XP firewall. But in Windows XP Service Pack 2, the firewall is enabled by default. This means that if you have any applications that receive data through nonstandard TCP or UDP ports, those applications may not work correctly under XP SP2 until the necessary ports are opened in the firewall.

To manipulate the firewall settings in XP, right-click the My Network Places icon and select the Properties command from the resulting shortcut menu. In the Network Connections window, right-click the connection that will manage the firewall settings, and select the Properties command from the shortcut menu. You'll now see the connection’s properties sheet, as shown in Figure A. At this point, select the properties sheet’s Advanced tab and click the Settings button to reveal the Windows Firewall properties sheet.

Figure A


As Figure B shows, the properties sheet’s General tab allows you to enable or disable the firewall. The Exceptions tab, shown in Figure C, contains a list of ports that should be allowed to pass through the firewall. There are several Windows-related exceptions that are set up by default, but you can customize the list to fit your needs. There's also a check box on the General tab that you can use to prevent Windows from allowing any exceptions.

Figure B


Figure C


The Windows Firewall properties sheet also contains an Advanced tab, as shown in Figure D. You can use this tab to enable or disable the firewall for each network connection within your computer. You can also use this tab to specify a different set of ports that are allowed to pass through the firewall for each of your computer’s network connections. Additionally, the Advanced tab allows you to create a firewall log that can be used for forensic purposes should a security breach occur.

Figure D


Wireless networks

Another major networking change is in the way wireless networks are implemented. It's possible to establish a connection to a wireless network from a machine running Win2K Pro. Doing so is similar to connecting to any other type of network. You must configure your wireless NIC and then enter the necessary configuration information that will allow you to connect to the desired wireless network.

XP implements wireless networking differently. Win2K Pro was released roughly around the same time as Wi-Fi. Because Wi-Fi was such a new technology at the time, it was not in widespread use and Microsoft didn't have a clear picture of how Wi-Fi would eventually be used.

Today, however, Wi-Fi is everywhere. When Microsoft designed Windows XP, it acknowledged the fact that if you have a laptop and use it on the go, it's very unlikely that you'll remain connected to a single wireless network at all times. A single mobile user might connect to a dozen different wireless networks, if you count the networks at the corporate headquarters, satellite offices, and home. This doesn’t even take into account networks at airports or hotels.

With Win2K Pro, each time a user connected to a different wireless network, the user would have to reconfigure the wireless NIC. Typically, this meant entering a different SSID, a WEP encryption key, and possibly a different IP address. XP, however, allows you to have multiple wireless configurations. XP actively seeks out any nearby wireless networks and notifies you of their availability. Whenever possible, XP will automatically configure your wireless NIC’s settings to attach to whatever network you happen to be using at the moment.

Another nice thing about the way XP handles wireless networking is that you can set up a preferred network list. For example, suppose you have a wireless network, but so does your next door neighbor; you want to connect to your network and not his. Rather than having Windows lock onto whichever wireless network has the strongest signal at the moment, you can set up a preferred network list to tell Windows which network it should connect to.

Here's one more way that wireless networking has evolved: In Win2K Pro, if you wanted to use encryption over your wireless network, you were limited to whatever form of encryption the wireless NIC’s driver allowed. Although this limitation still applies to XP, the operating system itself is 802.1x-aware, which is the authentication technology designed to solve the security problems inherent in WEP encryption.

Remote assistance and remote desktop

Two additional new networking technologies are remote assistance and remote desktop. These features are both designed to allow a machine that’s running XP to be remotely controlled.

Remote desktop is based on the same technology as that used in the Terminal Services found in Win2K Server and Windows Server 2003. The remote desktop software allows an XP workstation to act as a remote access server / terminal server. Depending on how the machine is configured, users can connect to their workstation remotely by using either a dial-up or VPN connection. Users are then able to use a terminal service client to remotely control the machine in the same way they would if the machine were running a copy of PC Anywhere.

Remote desktop is primarily designed as a convenience feature that lets users access their PCs while away from the office. Remote assistance is a very similar feature, but it's designed to allow one user to assist another user who is having technical problems. For example, suppose a user was having trouble connecting to a particular network printer. Normally, the user would contact the help desk, which would either send someone over to solve the problem or try to talk the user through the operation over the phone. Both approaches are time-consuming. Fortunately, remote assistance allows the help desk staff to instantly help the user without actually having to travel to the user’s location.

Remote assistance doesn’t just allow the help desk staff to connect to someone’s PC on a whim. Users who are having trouble must actually invite the help desk staff to remotely control their machine. To do so, they would select the Help option from the Start menu, followed by the Remote Assistance option. They could then send the invitation via e-mail or instant message, or they could create an invitation file, put it on a disk, and give it to someone. The recipient would then open the invitation, which would connect the recipient to the person who needed assistance.

Remote assistance caveats

Remote assistance comes with a few conditions. For instance, both the person who requests help and the person who is providing the help must be running XP. Also, there is currently no way of controlling who is being asked for help via remote assistance. Users could ask the help desk for assistance, but they could just as easily ask a coworker or friend who doesn’t even work for the company. Furthermore, if a user asks for remote assistance, Windows will automatically open the necessary ports in the Windows Firewall. Fortunately, the corporate firewall will keep those outside the company from providing remote assistance to your users unless you specifically open the necessary ports.