February 2007


Hello,

No surprise here, Norton Personal Firewall blocks NetBIOS. The assumption by Norton Personal Firewall is that it is the only line of protection for your computer and the only you do not have a windows network. However, in an office environment any personal firewall can create a problem if the network is not planned properly and rollout policies noted. Often it is not enough to simple install a piece of software these days, especially a firewall. Once in stalled the default configure should be checked to verify compatibility with the installed environment.

For example, a client contacted me about having a new laptop added to the office network. They need drives mapped and the computer should be added to the domain. Their network is a domain controller with Active Directory. I was thinking it should take no more than an hour or so to get these tasks completed. It turned out to be more of a learning experience. To add, this was my first exposure to Windows Vista. It took me some time hunting around to find the tools I needed to get my work done. Once I found them, I ran into a road block. I could not get the laptop to join the domain. I threw a few darts left and right. They missed. I see that it is a NetBIOS issue. I could not reach the server by typing ‘\\server’. I could reach it by ‘\\192.168.0.10’. However NetBIOS is required for the domain controller to be found via it’s name space. I first thought a Firewall must be blocking NetBIOS but the Windows Firewall was off and I did not notice that this laptop had Norton Personal Firewall installed on it as well. It was a pre-installed 30-day trial. When I finally discovered Norton Personal Firewall was on, it all came together. Only when I turned off the Norton Personal Firewall was I able to use NetBIOS names and join the domain. This was not the fix but a confirmation that Norton Personal Firewall was blocking NetBIOS.

The 2 challenges that I was faced with was pre-installed trial software and a new operating system. I should have taking a few minutes to review what the laptop had installed on it from the manufacturer before starting my work.

My Personal opinion:
You can take a few routes. If the network is a new network and does not have a domain controller running on it, use all IP based URI’s (Universal Resource Identifier). This way you will not have to deal with NetBIOS issues, ever.

If you have an existing network and it does not have a domain controller running on it, update all your existing URI’s to IP based URI’s. It may take some time but this will set you up for the next item.

By running a personal firewall on all your workstations, even if your shared internet connection is protected via a router/ Firewall, will prevent worms and viruses from running rampant on your local network. This will add another level of protect for your workstations from those worms and viruses that are brought into the network on portable media like flash drives, CD-ROMs and good old fashion floppies disks. You may even go as far as blocking SMTP port 25 and configuring your email server to operate on an alternate port of 26 for outgoing mail. This will prevent viruses from emailing themselves from your network.

If you are in a network environment that makes use of NetBIOS names in URI’s extensively or has a Domain Controller running on the network, either unblock NetBIOS from your personal firewall or turn it off. Turning it off should only be done as a last resort since you will be more vulnerable without the firewall operating. Unblocking these port is less risky: 137-UDP-NetBIOS Name Service; 138-UDP-NetBIOS Datagram Service; 139-TCP-NetBIOS Session Service.

According to the Norton user guide, you need to organize your local computers, printer servers and servers into network zones. Place the local computers, printer servers and servers into your Norton Trusted zone. Do not place computers that connect over the internet in your trusted zone unless they are also running properly installed firewall software and can be trusted, really trusted. If a trusted computer is compromised your computer can be at risk.

Microsoft Personal Firewall also blocks NetBIOS. Here is a link to Microsoft Personal Firewall. It has more detailed information on how to unblock these ports.

This is not a definitive explanation of firewall rules or usage. You must consider your own risk comfort level before performing any of these tasks. Use at your own risk.

Sincerely,
Mike

Hello,

I have two computers in my life a Mac Mini and a Windows XP Pro computer. I do about 99% of my work on my mac. However there is the occasion when I need to use a windows only program like Web Position. I also use my windows computer to review web sites that I have created. I check them with windows browsers like Internet Explorer or Fire Fox to make make sure things render correctly. For many years I had a monitor, keyboard and mouse for each computer. It took up a lot of desk top space. Then Windows XP Pro came along.

Windows XP Pro has a built-in technology called Remote Desktop Protocol, RDP. If anyone remembers a product called Timbuktu, It is very similar to that. It allows you to access your Windows XP Pro computer remotely over a low bandwidth connection like dial up or any network connection for that matter. With the RDP client you can work on your computer as if you were sitting in front of it with the actual monitor, keyboard and mouse.

When I realized that I can do this over my home network, I was able to remove the Window’s XP Pro monitor, keyboard and mouse, freeing up a huge amount of desk space. What was even more shocking is that Microsoft has a RDP client for Mac. So all of you Mac users can make use of Windows computer as needed.

Here is what I did:

NOTE: These instructions worked for me. There may security considerations or other issues that I have not addressed here. Use these instructions at your own risk.

Preparing My Mac:

  1. To prepare my Mac I went to Microsoft’s Mac Downloads and downloaded ‘Remote Desktop Connection Client 1.0.3 for Mac OS X‘. I then installed it on my Mac.You can also download an alternate client that works with the remote desktop protocol called CORD for Mac thanks to a post from Nick telling me about. I have not used this client as of yet.
  2. I upgraded my mouse to a 2 button wheel mouse. Windows uses RIGHT-CLICK for context menus.

To prepare my PC it was a little more work but worth it.

  1. First set a password for any account that will be allowed remote access to your computer. To do this go the Start menu -> Control Panel and click. If you see the words ‘Pick a Category’ in the control panel, look in the left column for a link named ‘switch to classic view’. Once clicked you will see a bunch of icons. Double click the ‘user accounts’ icon. From there follow the prompts to add a password to any account that will be allowed remote access. Close the account window when done.
  2. Next confirm that your Windows computer is actual XP Pro. XP Home does not support this feature. If your control panel window is not open, go the Start menu -> Control Panel. If you see the words ‘Pick a Category’, look in the left column for a link named ‘switch to classic view’. Once clicked you will see a bunch of icons. Double click the ‘system’ icon. The window that pops up should read ‘Microsoft Windows XP Professional’. Keep this window open.
  3. Turn on the ‘Remote Desk Top’ Protocol. To do this look at the tabs in the ‘system’ window. Click the ‘Remote tab. The second item down is ‘Remote Desk Top’. Put a check next to the text that reads ‘Allow users to connect remotely to this computer.’
  4. Select user to be allowed remote access. Click the button to ‘select remote users’. The ‘Administrator’ should be allowed by default. To select more users click ‘Add’ -> then ‘Advanced’ -> then ‘Find Now’. You will see a list of all of the users on your computer. You can make multiple selections using the ‘Shift’ or ‘Control’ keys. Click ‘okay’ -> then ‘Okay’ -> then ‘Okay’ -> then ‘Okay’ a fourth time. Your Windows computer is now set to accept RDP connections and allow the selected users access the computer remotely.
  5. Now we need to know the IP address of your windows computer. Go the control panel window. It should still be in ‘classic view’. Double click the icon named ‘network connections’. Double click the ‘local area connection’. Then click the tab named ‘support’. The second item should read ‘IP Address’. Write down this IP Address. It should look something like 192.168.0.100 or 10.10.10.50.
  6. Now armed with the IP Address return to your Mac. Launch the RDP client you previously installed. Enter the IP Address you wrote down from your windows computer in the computer field. Then click Connect. You should get a black window with a floating login prompt. If you use the number pad remember to click your ‘num lock’ key or the number pad will not work. Otherwise use the horizontal number across the top of the keyboard. Enter a user and Password. Then click ‘okay’. If the user is allowed remote connections and your typed your password correctly you should be logged in.

Now some of you may have noticed the word ‘Options’ below ‘computer’ in the Mac RDP client. Click on Options’ to set pre-login options. I’ll leave these to another day. Also if it is not obvious, your Mac and Windows computer need to be networked in someway. It could be wired Ethernet or wireless, but they do need to be networked. They can even be in different time zones. They may be connected via the internet. For this to work you might employ a VPN (virtual private network) or at the very least open the proper ports on your router and firewall to allow the connect to pass through. The default RDP port is 3389.

Now lets shut down your windows computer via your Mac so you can remove the monitor, keyboard and mouse. Right-click on the men bar. Select ‘task manager. look at the pull down menu options. Click Shutdown options -> Shutdown. During the shut down process your Mac will be disconnect. Once off, remove the extra hardware from your Windows computer. Store it. Do not get rid of it. Boot you Windows computer and test one more time. I changed the function of my power button on my windows computer so it goes to sleep instead of turning off. Happy Computing.

The chart below is a list of free, open source and proprietary remote control clients with the operating systems they run on. This chart is provided courtesy RemoteDesktopMac.com.

remote desktop software

Sincerely,
Mike