Vista on the Network

Vista under the Hood

Security Systems in Vista

Enterprise Deployment Features

Norton Personal Firewall 2006

Windows Vista is supposed to have included a number of new networking features designed to make it faster, more robust, easier to manage and safer. Now, how many of these functions and features would you encounter readily and how do they affect the productivity of your users? In this article, we'll look at these aspects with focus on both wired and wireless worlds. We are looking at how Vista behaves on the network as well as how it presents the network and its resources to you as a user or administrator.

Direct Hit!
Applies to: System/network administrators
USP: Learn about Vista's abilities to connect to both wired and wireless networks 
Links: network/evaluate/new_network.mspx 
Google keywords: vista networking

Network profiles
One of the first things you'd notice when you fire up the network center (or the network list applet) is that there seem to be more than one configured network on your system, even if you have just one Ethernet adapter. Before we go ahead to see what these are, let's get a couple of concepts cleared. In Win XP, after you've browsed to a couple of file shares, you'll notice shortcuts to them appear in your 'My Network Places' folder. Now, that happens with Vista too.

In addition to this, Vista saves connection/route information too to that resource. This is based on a combination of your network adapter (may be wired or wireless) MAC address and your gateway. The connection shortcuts (Win XP) you are currently familiar with, help navigate quickly to that resource. But these new ones let you manage your route to that resource. If you are not somehow satisfied with the performance of the connection, you could simply move it selectively to another connection or gateway. This way, you can utilize your network connections more effectively.

While it is easy to connect to WLANs, it does not let you connect simultaneously to more than one WLAN 

Some of these profiles are classified under the managed or unmanaged categories, although as the system administrator, you can manage all of them. When you use the Properties dialog from the context menu for a connection, you get the option to manage the sessions on that network profile. These sessions can be wired, wireless or a mix of both. Using the 'Move To' option on the Manage dialog, you can assign a connection to another network profile. Here, connections are listed by their NetBIOS or DNS name, the MAC address of its gateway and the status of that connection. If a profile does not have any active connections, its boxes would be blank and show 'Not connected' against them.

This happens because of Vista 's ability to isolate the routing tables on a per-session basis. This isolation can also take care of keeping separate the routing tables for the Intranet and WAN links from those meant for the Internet, thereby increasing security.

The Win XP's ability to create and use multiple wireless profiles remains in Vista too; but with a difference in the how and where it is. For instance, to get there, you need to go again to the Network Center and use the 'Manage wireless networks' option there. Initially of course, the screen you get would have no networks listed, because you haven't added any to your wireless profiles configuration. To configure them, use the wizard that opens with the 'Add' button on the toolbar above. The wizard is fairly simple and straightforward for a Windows user. The exciting thing about this wizard is the ability to create a temporary connection to a network if you want to quickly give someone a file (as when your visiting speakers are copying over their presentations or demos to your file server)-for this you would use the 'Create ad hoc network' option from the wizard's first screen.  In either case, you need to have the SSID and network security key handy. You can right-click on a connection after you've created it and select 'Move up' or 'Move down' to change its priority when more than one of them is available. Connecting to or disconnecting from them later is a matter of right-clicking on the connection and selecting the appropriate option.

There is already a download available for Win XP called 'VirtualWiFi' ( that lets users of Win XP connect simultaneously to several wireless networks. We expected a similar functionality in Vista , but it does not exist (yet).

A small issue we noticed with our wireless connections especially is its penchant frequently disconnecting from even strong networks. We presume that this happens because of the traffic it generates due to active polling for 'Internet connectivity detection' on the wireless channel or because this is still a beta. Because of this, when you open some networking related virtual folders where wireless is a part, the system will hang frequently while connections are broken and re-established. Several times to finish configuration actions, we had to disable the wireless adapter, make the changes and re-enable to get to the end.

Use the network profiles feature to segregate your connections and keep the traffic between them different for better security

Network maps
Vista includes a new control panel item called 'Network Map'. In order for this to work, you need to have the 'Link-Layer Topology Discovery Mapper I/O Driver' installed and enabled (done by default) on atleast one network adapter on the Vista system.  It takes a while to draw the map, but when it eventually finishes, you will see a graphical view of how the particular system is connected on the network and in particular, how it reaches the Internet. It will show devices it could not determine the role of (like a new router or gateway that's been added somewhere without a particular role to play) as items it could not classify, at the bottom of the window. Items it could not decipher to be systems, switches/routers or gateway devices are shown as 'unknown'. You can right-click on your system and on the Internet icon to perform actions (like manage your PC or fire up IE to browse the Internet). You also get an 'Open' option for devices in the list below the map-which has items that Vista could not determine the location of in the map. Selecting this (Open) allows you to browse that device if possible.

Invisible improvements
As per what's documented on the Microsoft TechNet website, improvements have been made to the way TCP/IP works. The stack has been rewritten for better performance in high-latency and high-loss environments. It has the ability to recognize spurious and duplicate packets and acknowledge them selectively, thereby saving on bandwidth as well as decreasing required response times to legitimate packets. Better detection of network errors, time outs and the ability to check if a designated gateway is up or down (using ARP messages) is also part of the new protocol package. We will carry an update later on how well this works in a typical deployment scenario.

Vista lets you create new VPN connections easily. But you can't locate the created connection later to connect to this resource

What's new in IPv6
As with improvements in the IPv4 layer, the IPv6 stack has also been rewritten. Now, IPv6 is everywhere in Windows, and all the interfaces that let you manage aspects of the network-where you could traditionally only manage IPv4 information-you can now manage IPv6 information as well. The protocol is also installed and enabled by default on the system, and setup to receive automatic IP address allocation. 

Teredo, the technology that enables IPv6 communications over IPv4 and NAT'ed connections is another component that's installed and enabled by default in Vista . Up to now, IPv6 could only be configured using the NETSH CUI. With Vista , administrators get the ability to configure the protocol using GUI from the same connection properties dialog box. IPv6 supports IPsec with full IKE and AES encryption and IPv6 over PPP connections.  Also, the DHCP client in Vista supports IPv6 to acquire IPv6 addresses from a DHCP server.

The Windows Firewall that's a part of Vista includes support to filter IPv6 traffic as well.IPv6 interface IDs if assigned in sequence can open up a potential gateway for attack once one or two IPv6 enabled systems on your network have been compromised, since the attacker may be able to guess other interface IDs on your network and compromise those systems as well. The way out is to have non-sequential interface IDs across the LAN. This is achieved by Vista , which will automatically generate a random ID when it is acquiring the address from a DHCPv6 server, for the local IPv6 interfaces.

Better diagnostics
The current version of the 'Repair' option previously available on network connection items comes labeled 'Diagnose'. Selecting this invokes a diagnostic (at present users have no way of knowing what it is checking from the displayed UI) that scans for what problems there might be. Conditions checked include: IP address, gateway status, incorrect DNS settings, what required ports are in use, status of media (Ethernet cables, etc) connections and if  sufficient memory is available.

Once the problem has been detected, Vista repairs what can be fixed. If it cannot find anything to fix (perhaps the condition is beyond its abilities to correct), it throws up options to the user. Sometimes, what is displayed can be buggy and confusingfor instance, two identical options on the same dialog-this mostly happens in situations like you have network access but Vista cannot determine why your Internet functionality is down.

Vista can map how your system is connected to the LAN and the Internet. Multiple routes out to the networks are also shown

Creating a VPN connection seems pretty straight forward. All you need to do is open the Network Center and click on the Create New link on the left and follow the steps after selecting 'Create a VPN Connection' from the first screen. But, after that there seems to be no way at the present time to find this connection you created and actually connect to it. In Win XP, one would find the connection easily under the Network Connections folder. In Vista , this screen seems to list only LAN and WLAN connections. Therefore again, we're forced to wait for an update to Vista to tell you more about Vista 's usability with VPN connections.

Remote desktop
There are a few new features in Vista 's Remote Desktop connectivity. These are all useful for the enterprise user. First up, you cannot save your connection credentials in the RDP session file. Therefore, no one who got accidental access to an open unattended system can fire up a remote desktop session and use remote resources.

Local devices such as disk drives, printers and serial ports were already usable; Vista adds clipboard and smart cards. If you're using USB devices, those can be selected and shared too.  One problem is you cannot logon to a system that does not require authentication, since the program will keep prompting you for credentials.

Now, even though you can share your clipboard with the remote system, you will find that a number of times, you cannot copy or paste files between the two systems. To resolve this, you need to also share the local drive (with the remote system) that contains your temporary folder. This folder is defined in the TEMP, TMP or USERPROFILE environment variables or is taken to be %SYSTEMROOT%\\Temp.

Now, you may not want to share out a sensitive drive, so it is advisable to locate your temporary folder on a separate partition and share that out instead. With all these levels of control, we missed the ability that would let you share out only particular drives or folders with the remote system, instead of the whole drive as happens.

Next time, we shall examine the ways in which Vista will let you manage applications and software and their updates on the system.

Sujay V Sarma

  • Follow PCQuest on
  • become a fan on
  • Stay updated via
  • RSS


Notify me of follow-up comments via e-mail address

Post Comment


Survey Box

Now that Microsoft has finally discontinued support for Windows XP, which OS are you likely to upgrade to?

Send this article by email