Category Archives: Windows Vista

Home / Operating Systems / Windows Vista
5 Posts

A common question of a lot of Windows users is how they can access the shares on their DiskStation without entering a username and a password (aka: Pass through authentication). It’s tempting to use accounts without a password, but please DO USE PASSWORDS on your accounts. Preferably a strong password. Passwords aren’t there to nag you, but to protect your precious data. Use passwords on your desktop computer and use passwords on your DiskStation. Read more about securing your data here. You’ll also learn why you should not use administrative accounts for regular daily use.

Now that has been told, we’ll now look into how to create some convenience in the use of passwords. You weren’t reading this post if you are not looking for a solution to deal with the credentials request when you want to access a share on your DiskStation. It’s assumed you have the Windows file service and the User home service are enabled on your DiskStation.

WinSyno01

Basically this is because your DiskStation has not found the credentials of the currently logged on user of the desktop computer. Either the username isn’t found or the password is incorrect. The first time Windows tries to access a share on your DiskStation, it automatically presents the credentials of the current user. When these credentials are rejected by your DiskStation, Windows will ask for credentials to try again.

The solution for this is simple when you want to use the same username on your desktop computer as on your DiskStation: make sure the username and password for each user you want to grand access to your DiskStation are the same. (The username is not case sensitive.) If you use the same username on your DiskStation and your desktop computer, make sure the password on the DiskStation and your desktop computer are the same.

If, for any reason, your username and/or password of your DiskStation and desktop computer do not match to each other, you can use a different approach. This is where the Credential Manager of Windows helps out.

WinSyno05

Start the Credential Manager.

WinSyno06

Select the Windows Credentials and click Add a Windows credentials.

WinSyno07

Enter in the address field \\{hostname} where {hostname} represents the host name of your DiskStation. In this example the host name is VIRTUALDSM51. The fields User name and Password are populated with the values of the account you’d like to use from your DiskStation. (In this example the account administrator is being used. Remember what is said about using administrative accounts earlier.) Click the OK button to store the credential in the Credential Manager. You can close the Credential Manager now.

If you choose the approach of using the same account on your desktop computer and your DiskStation or you choose to use the approach of using the Credential Manager, in either cases the result of browsing to the DiskStation in the Windows Explorer to \\{hostname} will result in showing the visible shares of your DiskStation without asking for credentials. (Depending on the credentials of your DiskStation being used.)

WinSyno04

I recently updated the software of my Synology NAS to DSM 4.3. This update gave me the ability to use an extra flavor of VPN: L2TP. This is a more secure type that is natively being supported by almost any operating system. Before that the only option I could use was PPTP. (OpenVPN requires the installation of a client on the devices Í want to use the VPN on.)

To make all this working, I enabled the L2TP flavor on the VPN server. The only configuration I did on this was to define a preshared key. How to setup and configure a VPN server on a Synology is perfectly described in a Synology tutorial: How to set up the Synology NAS as the VPN Server

The second hurdle to take is passing the L2TP trafic through to the VPN server. Every router has it’s own specific interface where this can be set. Please check the manual of your router how to do this. The ports that has to be passed through are UDP port 1701, 500, and 4500. If you have done that, your L2TP VPN is ready for use.

The next thing to do is connecting with devices to your newly created VPN server. I used an iPhone and an Android phone. Creating a connection on those two devices was straight forward. They both connected well without doing more than just configure the VPN connection on the device. The next thing to do is connecting my laptop with Windows. That was a real pain. It was not so straight forward as it should be.

As long as your VPN server is not directly connected with the internet, your VPN traffic has to be routed through your router. Espessialy L2TP with IPSec on a Windows machine doesn’t like this. It’s IPSec that is nagging. To make this working on your Windows you have to add a registry value. To do so you have to follow the next steps:

  1. Start RegEdit with administrator privileges.
  2. Browse to the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  3. Create a DWORD (32 bits)  value with the name: AssumeUDPEncapsulationContextOnSendRule
  4. Give this value of 2.
    This key can contain the following values:
    0 – A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
    1 – A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
    2 – A value of 2 configures Windows so that it can establish security associations when both the server and the Windows based VPN client computer are behind NAT devices.
  5. Close all applications and reboot the machine.

After the reboot you can connect to the L2TP VPN server for outside your network. I also experienced that it is a good idea to  configure your L2TP client on your Windows machine a little more explicit. You can let Windows probe what protocol your VPN uses before it connects. You can bypass this by defining in the security tab that it is a Layer 2 Tunneling Protocol with IPSec explicitly. Also make sure the IPsec Policy Agent and IKE and AuthIP IPsec Keying Modules services are running.

Unfortunately this is not that easy to setup as the PPTP type. Therefore it is a more secure type of VPN. Let’s hope that Microsoft will configuring the onboard VPN client for L2TP as easy as it is on an Android device or an iPhone.

Split Tunnel

When you are connected to the VPN all traffic will be redirected to the VPN tunnel. Also the traffic that has another destination than the local network you would like to connect with. There is a setting in Windows that makes that only the traffic for the local network will be send to the VPN tunnel gateway. All other traffic will be send to the default gateway. This is called Split tunneling.

To enable split tunneling you need to open the properties of your VPN connection. Select the Internet Protocol Version 4 (TCP/IPv4) properties. Then click the Advanced.. button. In the IP Settings tab you have to uncheck the Use default gateway on remote network checkbox. Then Click Ok to confirm, click Ok againto close the Internet Protocol Version 4 (TCP/IPv4) properties and click Ok again to close the properties of the VPN connection.

Sometimes an application adds a local account that is also shown in the Windows welcome screen or suddenly makes windows asking you to select an account by presenting you the welcome screen you haven’t had before. To restore the auto logon feature, you can read a previous post here. It is however possible to suppress an account appearing on the welcome screen.

  1. Start the Registry Editor
  2. Go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
  3. Right-click an empty space in the right pane and select New –> DWORD Value
  4. Name the new value exactly as the Username
  5. Leave the Value data as 0
  6. Close the registry editorIf you want to enable this user again on the Welcome Screen, either double-click the Username value, and change the Value data to 1, or delete the Username

The reason your computer is asking for a password is not to annoy you, but to secure your computer and your data. So using a blank password is a very BAD practice to login to your computer. If you are the only user of your computer and don’t want to enter your password every time you booting up your PC, you can consider to make your computer automatically logging in. Your resources are still protected with a password, but you don’t have to enter it. Be aware that everybody who has physically access to the computer, can access your resources with your account.

  1. If you use Windows 7 or 8, start netplwiz. All other Windows versions start control userpasswords2.
  2. The following Window pops up:

    Uncheck the option ‘Users must enter a username and password to use this computer’ and press the OK-button.
  3. A second windows pops over the first one:

    Enter an existing local user account name and accompanying password and confirm that password in the last field. Press the OK-button to persist the changes. Both poped up windows will be closed.
  4. The next time you boot your computer it will logon for you without entering your password.

There is a very annoying problem when you install VMware (or VirtualBox) on Vista (and Windows Server 2008 and above). When you install VMware it adds a few virtual network adapters. For various reasons, these adapters are listed in the Network Sharing Center as being on an “Unidentified network (Public network)” and all of the features under Sharing and Discovery are turned off .

Here is the best fix I’ve found in the VMware forum:

  1. Run regedit
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
  3. Underneath you should see several keys labeled 0000, 0001, 0002 etc… Look through these and find the VMware adapters. They will probably be near the end of the list if you just installed VMware.
  4. For each of the VWware adapters, add a new DWORD value named “*NdisDeviceType” and set it to 1 (make sure you get the * at the beginning of the name, I missed that the first time).
  5. Disable and Enable each of the network adapters.

That should take care of the problem. Setting *NdisDeviceType to 1 causes Windows to ignore the device when it does network identification.

It turns out that the same issue occurs when using other hypervisors (i.e. VirtualBox). The strategy is the same. Find the adapters created by the used hypervisor in the registry key mentioned above and add the *NdisDeviceType DWORD with a value of 1.

Source: Rob Boek