Editor’s Note: This story is excerpted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center.
One of the major selling points for Macs and Mac OS X Leopard these days is their ability to work well in a largely Windows world. Apple offers two ways to accomplish this task: Leopard’s ability to share files and printers with Windows machines, and the ability of Intel-based Macs to run Windows using either Boot Camp (which is included free as part of Leopard) or third-party virtualization tools.
Read Macworld’s Best of Both Worlds: OS X and Windows feature article
Although Leopard and Windows typically play well together, understanding some of the nuances for getting a new Mac to talk with your existing PCs—or getting the best experience running Windows on that new Mac—can sometimes be a little challenging. In this article, we’ll look at some of the details you should understand to get the best of both worlds.
When Leopard and Windows need to talk on a network
Our first set of tips relates to those situations where you have one or more Macs running Leopard that need to share files or other resources with Windows machines over a network connection. For the most part, these tips apply to home or small office environments.
Configuring network settings
On a Windows network, NetBIOS names, workgroups and Windows Internet Name Service (WINS) settings play a key role in communication among computers. As advanced Windows users know, the NetBIOS name for a computer establishes its identity on a network.
A workgroup identifies a group of computers that can communicate using SMB (short for Server Message Block), the native file and printer sharing protocol for Windows. In the My Network Places window, individual computers are displayed within the context of their workgroups.
This is possible because SMB supports the discovery of devices on a local network using broadcasts to determine which devices are available. Normally, one PC in a workgroup, typically the first one powered on, assumes the role of the master browser on a local network and maintains a list of available devices.
Workgroups are commonly used in home and small business environments, since they provide some organizational capabilities but don’t require a centralized server to manage them. A related feature in some larger environments is WINS, which provides a mechanism for enabling device self-discovery in environments where there are large numbers of PCs and other SMB devices, or where there are multiple network segments connected via a router.
For a Mac to participate in a Windows network, it must also have a unique NetBIOS name and be assigned to the same workgroup as the PCs with which it will interact. If a WINS server is used on a network, a Mac (like a PC) will need to know the address of that server.
In Windows, most of this information can be adjusted by choosing Control Panel —> System (or by right-clicking on My Computer in Windows XP or Computer in Vista and selecting Properties) to display the System Properties. The Computer Name tab (or section in Vista) allows you to view a PC’s current NetBIOS name and workgroup. You can change the name and workgroup using the Change button (or the Change Settings link in Vista).
If a WINS server is used in a larger environment, the settings are generally configured by a network administrator and automatically provided to PCs or else manually designated in the Properties dialog on individual PCs by the IT staff.
In Leopard, all these options are located together and can be accessed via the Network pane in System Preferences. You set these options by selecting an active network interface (such as Ethernet or AirPort) in the list of available interfaces and clicking the Advanced button.
In the Advanced Network Options dialog, select the WINS tab and enter the appropriate information. You should observe the same naming conventions used by Windows PCs. As with many versions of Windows, Leopard will default to the name Workgroup for its workgroup if no other name has been specified.
Configuring these options appropriately on all your connected machines should help ensure that your Mac(s) and Windows PC(s) can communicate properly over the network.
Mac OS X Leopard supports a number of different protocols for accessing shared files. The primary or native protocol for Mac file sharing is Apple Filing Protocol (AFP). This protocol has been developed and refined by Apple over many years.
Like SMB, HTTP and other common protocols, it is built on the same TCP/IP protocol suite that powers the Internet. Although some third-party software allows Windows computers to communicate using AFP, it is generally considered a Mac-specific protocol.
In addition to AFP, Macs come with the ability to access shared files on Windows PCs and servers using SMB (as described above), thanks to Apple’s implementation of Samba, an open-source version of SMB for Unix and Linux operating systems.
With the exceptions noted above in terms of specifying a NetBIOS name and workgroup, there is nothing special that needs to be done to enable Macs to access files and folders being shared by Windows. In fact, Macs will typically be able to see Windows PCs and servers out of the box.
If you want to share files on your Mac with Windows computers via SMB, however, there are a few extra steps to take. First, you will need to enable file sharing using the Sharing pane in System Preferences (as simple as checking the File Sharing checkbox in the list of sharing options).
Then you will need to explicitly choose to share those files using SMB by clicking the Options button. You can choose to share files using AFP, FTP (File Transfer Protocol) and SMB.
If you choose SMB, you must also specify which users will be allowed to connect to the Mac remotely. This is because AFP and SMB differ in the encryption technologies used to store and transmit user password information over a network.
SMB supports a range of encryption mechanisms, some of which are specific to earlier versions of Windows and are less secure than the mechanisms used with AFP or with Windows XP and Vista. Thus, you must choose to allow each user’s password to be stored in the appropriate formats when you enable SMB support.
Note: Leopard also supports sharing files using FTP, a platform-agnostic protocol that can be accessed using any computing platform and an FTP client. However, FTP does not encrypt user password data or files as they are transferred.
In addition to sharing folders and files with Windows computers, Leopard can provide shared access to printers. The process of enabling printer sharing for Mac users is fairly simple.
Enable printer sharing as a whole by selecting the Printer Sharing checkbox in the Sharing pane of System Preferences. Then open the Print & Fax pane in System Preferences, select the printer that you want to share in the Printers list and select the “Share this printer” checkbox.
The only other thing you need to do to share a printer with Windows computers is to be sure that SMB file sharing is enabled (as outlined above), and the printer will be shared using SMB.
When Leopard and Windows coexist on a single Mac
There are now a range of options for running Windows and Windows applications on a Mac. The primary choices are Apple’s dual-boot option Boot Camp, which comes free with Leopard and works with any Intel Mac, and the virtualization tools Parallels Desktop for Mac ($79.99) and VMware Fusion ($79.99).
Sun’s open-source VirtualBox is a free virtualization option that is beginning to gain popularity despite entering the game well behind the commercial options and offering more limited and less polished features — for instance, VirtualBox lacks DirectX support for Windows.
See Macworld’s video tour of VirtualBox
While the following tips aren’t full-scale guides to any of these products, they do address some common pitfalls.
Ensuring access to Mac and Windows data
Whether you’re using Boot Camp or a virtualization product, you’ll want to make sure that you have easy access to all your files and folders in both Windows and Mac OS X. But because Mac OS X and Windows rely on different types of formatting for hard drives, that’s not always as simple as it sounds.
If you’re using Boot Camp, your hard drive will be partitioned, and one partition will be formatted for access by Windows. You’ll be offered two formatting options for the Windows partition: FAT32 and NTFS. Mac OS X can read and write to drives formatted using FAT32, so if you use FAT32, you’ll be able to access any files and folders on your Windows partition when your computer is booted into Leopard.
However, Mac OS X does not include full support for NTFS. As a result, if you opt for NTFS, you’ll have read-only access to your files on your Windows partition when you boot into Leopard, which can be problematic if you need to make changes to a document or want to add, move or delete files.
The simplest solution is to format your Windows partition as FAT32. But it’s an older format that does not offer support for file and folder permissions or encryption, which means you have fewer options for securing your data. And with FAT32, you are more likely to encounter problems such as hard drive fragmentation, which can impact overall performance.
Finally, NTFS is a journaled file system, which provides greater error-checking options for the hard drive and reduces the risk of data loss if the computer is unexpectedly restarted.
If you want the advantages of NTFS and full access to your Windows files from within Leopard, you can install an NTFS driver for Mac OS X. There are two main options: MacFuse (a free port of the open-source Fuse tool that allows Linux systems to access NTFS drives) and Paragon NTFS for Mac OS X ($39.95). Both are generally reliable solutions, though Paragon is more user-friendly, particularly for new or nontechnical Mac users.
The issues of accessing your Mac OS X partition from Windows are very similar. Windows does not have any built-in capabilities for reading the most commonly used Mac hard drive format types, which are variations on Apple’s HFS+ format (also called Mac OS Extended).
In much the same way that MacFuse and Paragon NTFS allow full access to NTFS-formatted Windows partitions, Mediafour’s MacDrive ($49.95) allows Windows to access Mac-formatted drives and partitions, including the partition containing Leopard.
When using virtualization
What if you’re using a virtualization tool instead of Boot Camp? Unlike Boot Camp’s dual-boot approach, which requires restarting your computer to switch between operating system partitions, virtualization tools run Windows alongside Leopard on a single drive. Even so, accessing files and folders created in the other operating system can be tricky.
The primary reason is that by default, virtualization tools rely on a hard drive image to contain your Windows installation and files. The image appears to Windows like a normal hard drive, but on your Mac it appears as a single image file. This can make it difficult to directly access those files from Leopard.
Fortunately, the virtualization tools let you configure shared folders so that a folder on your Mac’s hard drive is seen as a mapped drive in Windows. This isn’t always the most convenient solution, but it is effective, particularly if you enable your entire Mac OS X home directory (or any commonly used folder) as a shared folder.
Note, however, that sharing your entire home directory with Windows has security implications, as detailed on the next page.
Both Parallels Desktop and VMware Fusion also let you drag and drop files to copy them between the Windows hard drive image and locations on the Mac’s hard drive.
The most recent versions of Parallels Desktop and VMware Fusion include a couple of helpful features beyond shared folders. Both tools offer the ability to use a Boot Camp partition instead of a hard drive image file, which can then be accessed as described above. This means you can easily make use of virtualization with an existing Windows installation that was made using Boot Camp.
In the latest version of Parallels, you can launch a file browser from Leopard that lets you navigate and manage the contents of a virtual machine’s hard drive image even if the virtual machine is shut down.
Finally, both tools support a windowless mode (known as Coherence in Parallels and Unity in VMware) in which Windows applications are displayed in the Dock alongside Mac applications. This mode also allows access to files from Mac or Windows applications regardless of whether those files reside within the virtual machine’s disk image file or within the Mac’s file system.
Cloning an existing PC
If you’re moving from a PC to a Mac and planning to use either virtualization or Boot Camp to run Windows, you can skip most of the Windows setup process by cloning your PC’s existing files and configuration.
Both Parallels Desktop and VMware Fusion include tools for migrating or cloning an existing PC to an image. If you’re opting for Boot Camp, check out Laplink’s PCMover utility, which allows very granular choices about how the file system and individual files and applications are migrated.
Keeping things secure in a dual-platform world
A Mac that runs Windows is as susceptible to viruses, Trojans and spyware as any Windows PC. And it’s not just Windows and files created using Windows that are in danger; malware can affect any files and folders that are accessible to Windows and its applications. That means that if you use MacDrive or shared folders with a virtualization tool, your Mac files may by vulnerable too.
There are a couple of ways to help secure files on a Mac’s hard drive against damage. The first and most obvious choice is to ensure that you are running solid and up-to-date antivirus and antispyware tools for Windows. Also, you should ensure that the built-in firewalls included in both Windows and Mac OS X are properly configured to secure access to your machine.
You should also consider antivirus and anti-malware tools for Mac OS X. Commercial offerings are available from Symantec, Sophos, Intego and McAfee. At the very least, you should consider the open-source ClamXav. These programs can provide protection against Windows viruses propagating into files on your Mac partition or hard drive, as well as against potential Mac virus threats.
You can also limit the access that Windows has to your Mac’s hard drive. Virtualization tools let you designate shared folders as read-only from Windows, thus preventing viruses from being able to alter or contaminate them.
Another approach is to create just one shared folder that contains only files that you need to transfer between operating systems, rather than allowing full-scale access to the hard drive or your home directory. While this will enhance security, the flip side is that it will also limit usability.
Once your Mac is set up and secured for optimal use with Windows, you can enjoy the best of both worlds.
[ Ryan Faas is a frequent Computerworld contributor specializing in Mac and multiplatform network issues.]