"Ensure the Computers are on the same Workgroup"

[alexK]

Networking / Connecting computers.

I keep on finding the same message on the Forums:
   "Ensure the Computers are on the same Workgroup".
This kind of confuses me.  I have 3 computers running each in their own Workgroup and have no problems.

My Network Setup is:

*One Router (drives 3 PCs, DHCP and not)

* Laptop XP, Wireless
Workgroup: Mshome
Various shared files

*Desktop1 XP, Hardwired
Workgroup: IbmGroup
Various shared files

*DeskTop2 W2K, Hardwired
Workgroup: WorkGroup
Various shared files

-Printer hardwired into DeskTop2 and shared.

From each PC,  all Shared Files on the other PCs are accessable.
Each PC has access to the Printer
No "Logon" to access the "Others" is required.
On the "Microsoft Windows Network" Panel are the 3 systems visible.
On the "My Network Places" Panel all the shared files are visible + the Router.

Even my daughter, when visiting and bringing her own Laptop (having a different WorkGroup) has no problem accessing the above 3 PCs , the files and the printer .

Any comment Please.

[viking]

NetBIOS. To properly answer your question I should speak about master browser and others, I should speak about broadcasting network names and network name requests. It takes a little while. Now, with windows XP and Vista I will have to dig a little to keep me up to date with the way the computers find other computers names in a local area network (windows name resolution). Windows 2000 and after use much more the DNS way of networking.

It is mentioned that message ("Ensure that computers are on the same workgroup") because more often than not, when the computers are not in the same workgroup it is pretty difficult to explain to a not computer aware person how to use the ip to connect to a computer they don't see in "My Network Places".


Later edit
***************************************************************
It seems that NetBIOS is the last involved in a name resolution query. See here:
http://support.microsoft.com/kb/172218
http://support.microsoft.com/kb/119493

I'm apologizing for my previous wrong answer (I am talking about the part before the "Later edit" section of my answer). I'm searching further for detailed informations regarding windows workgroups.

[viking]

I read a little more about Windows Workgroups. The workgroups are just a mean to simplify the view of a network. You are doing that by defining that the computer is member of an "association" (workgroup) named in a certain way.  In Windows 95 (for example) you could see in "Network neighborhood"  only computers in the same workgroup. It is possible to access another computer, from another workgroup, by using it's IP address (I don't recall exactly if it's NetBIOS name was helpful in such cases).

My previous post is full of nothing, it can be ignored and nobody will miss a thing.

alexK, thank you for the question (I never asked myself the reason of windows workgroups).

[alexK]

Viking, thank for your response.

The following may steer the Topic off subject.

Now in my days as programmer/analyst on the Main Frame I dealt with a facility called "RACF", quite unique!
You will now ask what this has to do with the PC platform.
But let me explain:
First: Your PIN was associated to A default Group, say "ABC".
If your PIN was NOT connected to a group "DEF" than you had no access to that Group.
Second: if your Group "ABC" had no access granted to other Groups "GHI" than there was no access.
Third: In each Group there were levels of PROD, TEST, DEVL. In this case a Development group could have READ ONLY access to say Structures in PROD, if granted.
Forth, in case of Emergency Maintenance, such as Operation Failure, or System Recovery than the person had to Sign-on in the "P" Group if the person was part of say "ABC -P".
A "RACF" report was produced to see who was snooping around, or was in groups where they did not belong.
Thus from the Main Frame view, it was quite secure.


On the PC platform, the above does not quite apply. I have not yet discovered in XP or W2K a method of "excluding" access to groups where they do not belong.
In my case where I have 3 distinct groups, I would grant access only to the ones I want. That way any un-authorized Group access via Wireless could (almost) not penetrate. Of course I could plug all the Ports I want, but that is too cumbersome. Using IP Addresses may only work if they are Static, not DHCP. On the Router Level I don't want to institute the WEP Key for certain reasons.

I would be wishful thinking if  someone would have a suggestion to "GroupAccessPC", thus in case of a neighbour or Drive-By could not access MyGroups, and  produce an "Un-Authorized Access Report".
My U.S. Robotics Router (USR8054) has a Log and that is good for 20 pages on the screen only. It can produce a E-mail upon detecting a MAC Address, but a Drive-By can have any MAC-Address.
For Access-Only within the LAN via MAC-Filtering I have not found yet.

Thank you for your attention.

[viking]

On a mainframe you have a Unix operating system (usually), but I think there are (were) other operating systems with multi-user support.

Windows XP is a workstation/home computer operating system. He has some pre-defined groups (Administrators, Power Users, Guest), you can't create other groups (as far as I know). Windows XP target is one computer and you set up security settings (rights to access resources) using mainly usernames and not groups. For each username you have some security settings. Of course, you may use the "predefined" user groups (but you want more, you want to "randomly" create user groups and to assign some security settings based on group membership).
In the Windows system operating world we are talking about groups (of users) in the way you are presenting the issue when we are opening the subject Windows Server (NT 4, 2000, 2003). There you can create groups, assign permissions to groups etc. On a "home computer" or "workstation" you have 1-2 users, permission to local resources is granted/denied to each user (usually). If the computer is member of a Windows domain (NT 4 domain, later Active Directory), then the security settings are applied to groups of users or users alone. You (member of Administrators group, or a user with rights to define groups) define the user groups on an active directory server or domain server, and you use the group name on any windows computer (server or workstation) part of that domain.

Windows XP and Vista come from a "single user" old idea. Now evolves to what Linux/Unix (multi-user operating systems) offer.

Windows workgroups are just a way to provide a simplified view of a network. They don't imply security settings.

Regarding your second issue (unauthorized access to resources), all you have to do is to deny any rights to user Guest (disable it, deny user Guest any rights on your computer - no network access, no log-on right). Nobody should be able to access your computer resources without a valid user account on your XP computer. Of course there are flaws, but with updates you shouldn't have access problems (ideally; practically windows has some flaws and some are not solved for long time).