Bringing Macs in from the cold
These days, it seems that there's no such thing as a small network. And it's not uncommon to have an almost infinite variety of clients on a single network. So chances are good that sometime during your professional career, someone will ask you to connect a Macintosh to a traditional Windows NT network. Fortunately, doing so isn't particularly difficult, as long as you understand the limitations you're working under. In this article, we'll discuss some of the issues you'll face when trying to connect a Macintosh to a Windows network.
Many more limitations are involved in connecting a Macintosh computer to a Windows network than in connecting a Windows-based computer, because the Macintosh machine wasn't designed to natively interface with Windows NT. However, Windows NT offers a Service for Macintosh mechanism that will allow a Mac that's running its native operating system to connect.
Unfortunately, a Macintosh client can't access an entire Windows NT Server. Instead, the Windows NT Services for Macintosh make only certain shares Macintosh accessible. Therefore, any data that must be shared between Windows and Macintosh clients must be placed in a Macintosh-enabled share.
Before you can connect a Macintosh client, it must meet certain minimum requirements. As you're well aware, any network requires the clients and the server to share at least one protocol. When you install Services for Macintosh, Windows NT will also install the AppleTalk protocol. Therefore, if your Macintosh machines are configured to use AppleShare networking, they can probably connect to the Windows NT Server. The main exceptions to this are the Macintosh XL and Macintosh 128K models, which aren't compatible.
Each Macintosh client must also be running a compatible operating system. Windows NT Services for Macintosh supports versions 6.0.7 and later of the Macintosh OS. In addition to running an acceptable protocol and OS, all Macintoshes require a Windows NT client license to be connected legally.
|"Managing security for a Macintosh connection is a little different than managing a Windows-based connection. "|
Installing Services for Macintosh is easy. To do so, open the Network applet in Control Panel and select the Services tab. Next, click Add and select Services For Macintosh from the Network Services window in the resulting dialog box. Click OK to begin the installation process.
When the basic file copy process completes, you'll see a dialog box that asks for some information about how Services for Macintosh should be configured. In this dialog box, you must select the network adapter that you plan to use with Services for Macintosh. You must also select the default AppleTalk zone. By default, only Macintosh computers running in the default AppleTalk zone will be able to access the Windows NT Server, unless you have an AppleTalk router that sends information between the various AppleTalk zones on your network. If you don't have such a router, but you need this capability, select the Routing tab and select the Enable Routing check box. By doing so, you can make Windows NT route packets between multiple AppleTalk zones.
Configuring a Macintosh shareManaging security for a Macintosh connection is a little different than managing a Windows-based connection. As I mentioned, Macintosh clients are only able to access special Macintosh-enabled shares. When you install Services for Macintosh, Windows NT automatically creates a folder called Microsoft UAM Volume on your first NTFS partition. This folder is now the only Macintosh-accessible volume on the system. Of course, you can also make this folder Windows accessible.
By default, the Microsoft UAM volume is flagged as being read-only to Macintosh clients. The method for enabling full read/write access is a little different than you may be used to. Open Server Manager, and you'll notice that a MacFile menu has been added. Select the server that contains the Services for Macintosh, and then select MacFile|Volumes. When you do, you'll see a dialog box that displays all Macintosh-accessible volumes on the system. Currently, the Microsoft UAM volume should be the only Macintosh-accessible volume in existence. You can use the buttons in this dialog box to create new volumes on any NTFS partition or to remove existing Macintosh accessible volumes. To change the permissions on the Microsoft UAM volume, select it and click Properties. When you do, a dialog box will open in which you can password-protect the volume or limit the number of Macintosh clients that can access it. You can control the volume's security via the This Volume Is Read Only and Guest Can Use This Volume check boxes.
If you're looking for slightly more advanced security, go back to the main Server Manager screen and select the server containing the Services for Macintosh. Now, select MacFile|Properties. A MacFile Properties dialog box will open, which resembles a miniature version of Server Manager. At a glance, this dialog box displays the number of active AppleTalk sessions, the number of open file forks, and the number of file locks. It also has some other buttons, such as Users, Volumes, Files, and Attributes:
- If you click Users, you'll see a screen showing all currently connected users and which volumes and files they are accessing. You can use the various options in this dialog box to disconnect users or send messages to them.
- The Volumes button displays the connected users and the number of files opened by volume. Like the Users screen, you can use the Volumes screen to disconnect users.
- Clicking Files displays all opened file forks and file locks. You can use this screen to close any desired file forks.
- The Attributes button displays a screen that allows you some control over the server's Services for Macintosh. For example, you can create a message that will be displayed each time a Macintosh client logs in. You can also control the number of allowed Macintosh sessions for the server as a whole, and whether to permit Guest access. Finally, you can prevent clients from being able to save passwords and you can require Microsoft authentication.
Of course, all the options I've discussed so far apply only to Macintosh clients--Windows clients are managed independently. If you find yourself getting lost in Server Manager, all the options found under Server Manager are also found through the Control Panel's MacFile icon. //
Brien M. Posey is an MCSE who works as a freelance writer and as the Director of Information Systems for a national chain of health care facilities. His past experience includes working as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.