Working with workgroups

- Sharing folders within a work group can be a bit interesting, simply because we're still living in a legacy of a 30 plus year old network function, used to be called Microsoft LAN Manager, and today it goes through a number of different names. So there's a lot of terms on the A+. Let's cover these real quick. Number one, the original methodology by which Microsoft shared stuff was called NetBIOS/NetBEUI. Just like TCP/IP, it was NetBIOS/NetBEUI. NetBIOS was the naming system, and it would reduce you to only like 15 characters. And then NetBEUI was actually what did the communication and created the connections between the systems. Now this didn't use TCP/IP. In fact, it lived exclusively on Mac addresses. It was completely useless for anything but small local area networks. So as TCP/IP became more common, Microsoft recognized that they had to be up with the times and they came up with what was called NetBT. NetBT simply means NetBIOS over TCP/IP. NetBT got rid of all this ancient NetBEUI stuff, counted on IP addresses, but still did the same naming convention. Now we really get into trouble, because Microsoft over the years realized that their sharing system kind of worked over TCP/IP with this NetBT, but they wanted the rest of the internet to kind of fall in line with it. They wanted you to be able to share a folder across the internet just like you were sharing a folder across the office. So there were a number of names. For example, one was called CIFS, common internet file system. And now, we use the term server message block or SMBs. Got to be careful with symmetric message blocks. There's other terms. You'll see server message blocks, things like that. Who cares? It's still SMBs. So today we use the concept called SMBs to actually make these shares. In fact, SMBs are so common today that even other operating systems use it and give it names like Samba and things like that. So anyway, what I want to do in this episode is talk about some of the pitfalls that we have with sharing. So let's go ahead and take a look at what I have set up here. What you're looking at are two computers. There are only two computers on this local area network. There's no more. One is a Windows 7 system and the other is Windows 10. So let's take a good close look right here, and you're going to see that this computer's name is called MikesWin7, and it's a member of WORKGROUP. Now over here, this one's called MikeWin10PC, and is also a member of the work group. If I've got this set up properly, and I do, I can now go into my network and actually see the other computers. In a Windows network, all you got to do is get everybody onto the same local area network and give them the same work group name, and they'll start seeing each other automatically. Sometimes this can take a while, so be patient, but all the computers will eventually populate into your network folder on your file explorer. Okay, so now what I want to do is start sharing some stuff. But before we do that, let's make sure we know who's who in the zoo right now. Over here on the Windows 7 system, I'm going to type, whoami. This is a wonderful thing. You can type in and go, who am I logged in as right now? So I'm logged in as Mike. Over here on the Windows 10, we'll do the same thing. And right now I'm logged in as Fred. So what I want to do is pick something to share. So I'm going to come over to my computer, and I've got a folder here called Fred. Now watch this. Now be really careful. Remember over here, I'm logged in as Mike. Watch what happens. I don't have permission into that one. I'm not logged in as Fred. I'm logged in as Mike. So I don't have any control there. However, here's a folder I did make called Mike, and I'm going to click on share with. We ignore the home group stuff. We're just going to click on specific people. And what I'm going to do is I'm going to share it with everyone. I'm going to add this, and right now everyone has read access. By default, I always give read write. The administrator wants to make sure I can do that. Now look very, very closely. You'll see that I have a UNC here. Now this computer is sharing \\MIKESWIN7\Mike. Whenever you're sharing in a work group, the best practices say give everybody read write access, and instead use your NTFS permissions to make restrictions. So for right now, anybody can get to this on the local area network, and they should be able to see what's in there, which I think right now is it's empty. But let's make sure it works. So I'm going to go over to MikesWin7, and I'm going to double click on this and it's asking me for credentials. I thought I was sharing it with everyone. I am sharing it with everyone over on the Windows 7 system. And here's where people get in trouble. It's very important to remember that each individual system has its own accounts. Let me show you. Here's my Windows 7 system over here, and it has an account on it called Mike, and will even say it has an account on here called Fred. Here's my Windows 10 system. That'll have a Mike and a Fred account. The most important thing is that these are not the same account. They're completely separate. So when I shared over here with everyone, that means everyone on this account can get to it. That doesn't mean everybody on the other side of the network can get to it. Sure, to you and me, these look like the same account name, right? But we probably use different passwords or something else, and as a result, you're not going to be able to get to it. So in order for us to get to something that's shared with everyone, we're going to have to use a login on that system. Luckily, I know how to log in to the Windows 7 system from the Windows 10. Ta-da, and now we're into the system. So what you're stumbling into is the real single weakness of work groups. In order to share things easily, people tend to do very, very unsecure things. Like for example, we will put the exact same Mike account with the same password on every single system. That way, whenever I start clicking around in my network, I won't see that pop up for username and password, because everybody has that Mike with the password total or whatever it is, and it works. Now, that's fine for your house if you just want to share some movies or share a Word document. But in an enterprise environment, work group security really becomes weak, and that really becomes a motivator for active directory domain logins.