Dial-Up Networking

Windows XP can connect to a remote Windows network via modem. All file sharing, printing, and directory services are available just as if you were directly connected, including any Novell, OS/2, and UNIX file and print services provided on the network. Just dial up, open shared folders, transfer files, and email as if you were there, and disconnect when you're finished.

The receiving end of Dial-Up Networking can be handled by the Remote Access Services (RAS) in Windows 200x/NT4 Server or by third-party remote connection hardware devices manufactured by networking companies such as Cisco and Lucent.

Windows XP Professional and Home Edition come with a stripped-down version of RAS, so you can also set up your own Windows XP computer to receive a single incoming modem connection. You can do so, for example, to get access to your office computer and LAN from home, provided your company permits this access.

I'll discuss incoming calls later in the chapter. First, though, let me tell you how to connect to a remote Windows network.

Setting Up Dial-Up Networking

To create a dial-up connection to a remote network or computer, you need an installed modem. You learned how to install modems in Chapter 8, "Internet and TCP/IP Connection Options," so start there to install and configure your modem.

You also must get or confirm the information shown in Table 18.1 with the remote network's or computer's manager.

Table 18.1. Information Needed for a RAS Connection
Information	Reason
Telephone number	You must know the receiving modem's telephone number, including area code.
Modem compatibility	You must confirm that your modem is compatible with the modems used by the remote network; check which modem protocols are supported (V.90, V.32, and so on).
Protocols in use	The remote network should use TCP/IP and/or IPX/SPX. Windows XP can currently be made to use the NetBEUI protocol, but it's not guaranteed to work in the future.
TCP/IP configuration	You should confirm that the Remote Access Server assigns TCP/IP information automatically (dynamically) via DHCP. Usually, the answer is yes.
Mail servers	You might need to obtain the IP addresses or names of SMTP, POP, Exchange, Lotus Notes, or Microsoft Mail servers if you want to use these applications while connected to the remote network.
User ID and password	You must be ready to supply a username and password to the remote dial-up server. If you're calling into Windows XP, 200x, or NT RAS server, then use the same Windows username and password you use on that remote network.

Armed with this information, you're ready to create a dial-up connection to the remote network. To do so, just follow these steps:

1.	Choose Start, My Computer, My Network Places and select View Network Connections. (Note: You might need to close the left Folders pane to see the Task list.)
2.	Select Create a New Connection, and click Next.
3.	Select Connect to the Network at My Workplace (see Figure 18.1), and then click Next. Choose Dial-Up Connection, and then click Next. Figure 18.1. Choose Connect to the Network at My Workplace from the New Connection Type selections.
4.	Enter a name for the connection, for example, Office LAN, and click Next.
5.	On the Phone Number to Dial dialog box, enter the telephone number of the remote dial-in server. You can enter the number directly, including any necessary prefixes or area codes. Select Next. The final page asks if you want Windows to put a shortcut to this connection on your desktop. Check this if you wish, and select Finish. NOTE You can delete a connection shortcut later if you don't want it and can drag the connection icon from Network Connections to your desktop later if you do.
6.	After you've clicked Finish, Windows immediately wants to open the connection. Before using it you should first review the connection's properties, so click the Properties button.

When the properties dialog appears, review it to be sure that all settings are correct. The next section discusses the most important connection properties.

Setting a Dial-Up Connection's Properties

There are two ways you can edit the properties for a dial-up connection from the Network Connections window: You can open the connection icon and click the Properties button, or you can right-click the icon and select Properties.

The Dial-Up Connection's properties page has five tabs and a heap o' parameters. Most of the time, the default settings will work correctly, but you might need to change some of them. I'll walk you through the most important parameters.

For detailed instructions on establishing locations and dialing rules, p. 927.

General

On the General tab of the Properties dialog (see Figure 18.2), you can set your choice of modems if you have more than one installed. You also can set telephone numbers and dialing rules.

Figure 18.2. General Properties include dialing and modem settings.

The following are the significant parameters:

Connect Using If you have more than one modem installed, choose which modem to use for this connection. The Configure button lets you set the maximum speed (data rate) to use between the computer and the modem, and other modem properties.
Area Code, Phone Number, and Country/Region code If the remote server has more than one phone number (or more than one hunt group), you can click Alternate to specify alternate telephone numbers. It's a neat feature if your company has several access points or provides emergency-use-only toll-free numbers.
Use Dialing Rules Check to have Windows determine when to send prefixes and area codes. If you want to use this, enter the area code and phone number in their separate fields. This feature is useful if you will be calling the same number from several locations with different dialing properties.
Show Icon in Notification Area This option lets you keep a small connection monitor icon in your task tray when you're connected to the remote network. Opening it lets you quickly disconnect the remote connection, so it's best to leave Show Icon checked.

Options

The Options tab of the Properties dialog (see Figure 18.3) includes dialing options, choices for being prompted for phone number and passwords, and redialing settings.

Figure 18.3. The Options tab includes dialing and prompting options.

The important options are as follows:

Prompt for Name and Password If this box is checked, Windows always prompts for your remote connection user ID and password. If it is unchecked, after the first successful connection, Windows stores your password and uses it automatically later on. If you are worried that someone might dial the connection by gaining unauthorized access to your computer, leave this box checked; otherwise, you can uncheck it to skip the password step when connecting.
Include Windows Logon Domain Be sure to check this box if you are calling a Windows 200x/NT4 domain-type network but your computer is not set up as a member of the same domain. When this box is checked, the dialing dialog box provides a space for you to enter the remote domain's name.
Prompt for Phone Number If this box is checked, Windows display the phone number it wants to dial. Leave it checked if you don't trust Windows to use the correct area code, prefixes, and so on. It's best to leave it checked until you're convinced.
Redialing Options If the remote server frequently gives you a busy signal, increase the number of attempts from 3 to, say, 20, and lower the delay from 1 minute to 15 seconds to get quicker redialing action.
Idle Time Before Hanging Up If you tend to wander off for hours with your modem still online, you can set this option to a reasonable time, and Windows will automatically disconnect you if no network traffic occurs for the specified time.
Redial If Line Is Dropped This option makes Windows redial immediately if your modem connection fails. It's good if you have lousy phone connections but bad if the remote computer disconnects you because its "idle time" runs out before yours does.

Security

On the Security tab, you can select which encryption methods are required or permitted when you're logging on to the remote connection server.

Security Options If you are connecting to a Windows 200x, or NT Remote Access Server, select Typical and set Validate My Identity to Require Secured Password. If the Windows domain name, username, and password you'll use for the remote network are the same as those you use to sign in to your own computer, check Automatically Use My Windows Logon.
Advanced (Custom Settings) Select Advanced if you are calling a Shiva Remote Access Server. Click the Settings button, and then select Shiva Password Authentication Protocol (SPAP).

NOTE

Shiva is shorthand for a user account/password verification system manufactured by Shiva Corporation (now owned by Intel). The Shiva system only validates a caller's right to connect to the modem; it doesn't grant rights to resources (like file servers) on the network.

Networking

The Networking tab of the Properties dialog (see Figure 18.4) defines which network protocols and network services are connected through the dial-up connection.

Figure 18.4. On the Networking tab, you can choose which network protocols and services are enabled for the dial-up connection. Check everything, and set the TCP/IP protocol's properties if necessary.

Usually, all protocols and services should be checked except File and Printer Sharing. This option should be disabled so remote network users cannot use your computer's shared folders and printers. If you really do want to let the remote network's users see them, check File and Printer Sharing.

Normally, a Remote Access Server automatically assigns your connection the proper IP address, DNS addresses, and other TCP/IP settings through DHCP, so you don't need to alter the Internet Protocol properties. In the very unlikely event that the network administrator tells you that you must set TCP/IP parameters yourself, select Internet Protocol from the Components list, and click Properties. Enter the supplied IP address and DNS addresses there.

Advanced

The Advanced tab configures Internet Connection Sharing and the Windows Firewall. These utilities may not be needed when you're connecting to a remote network.

If the network to which you're connecting is a safe, protected corporate network with its own firewall, you will probably want to disable Windows Firewall just for this particular dial-up connection. To do this, view the Advanced tab, click the Settings button, view the Windows Firewall's Advanced tab, and uncheck the dial-up connection that corresponds to your corporate network, as shown in Figure 18.5.

Figure 18.5. If you are connecting to a secure corporate network, you can disable Windows Firewall for just this connection.

Finally, after you've finished making any changes to the connection's options, select OK. The connection icon is then installed in Network Connections for use anytime.

Managing Dial-Up Connections from Multiple Locations

As you've seen already, Windows lets you enter your current telephone area code and dialing prefix requirements so that it can make modem calls using the customs appropriate for your local phone system. This capability is great if you use a portable computer. For example, at home, you might be in area code 415. At the office, you might be in area code 707 and have to dial 9 to get an outside telephone line. When you're visiting Indianapolis, you're in area code 317 and might need to use a telephone company calling card when making long-distance calls.

Windows offers great support for these variations by letting you define "locations," each with a separate local area code and dialing rules. When you use one of your Network Connections icons, as long as you've told Windows your current location, it can automatically apply the correct set of rules when making a dial-up connection.

For detailed instructions on establishing locations and dialing rules, p. 927.

However, if you use an ISP with access points in various cities, or your company has different access numbers in various regions, you'll find that this Locations system does not let you associate a different dial-up number with each location. It would be great if it did, but no such luck.

If you want to use different "local" dial-up numbers for the various locations you visit with your computer, you must set up a separate Network Connections icon for each access number and use the appropriate icon when making a connection at each location.

TIP

Set up and test the first access number you need. Then, when you need to add a new access number, right-click the first one, select Create Copy, rename it, and change its telephone number. I name my icons based on the location of the local number: Office-Berkeley, Office-Seattle, and so on.

When you travel and want to make a dial-up connection, select the appropriate dial-up icon, and set your location before you click Dial.

TIP

If you travel, you'll find that having your Internet Options set to dial a particular connection automatically is not a great idea. It would dial the chosen connection no matter where you were (and remember, if there's a 50-50 chance of things going wrong, 9 times out of 10 they will). So, if you travel with your computer, you might want to open Internet Explorer and click Tools, Internet Options. Select the Connections tab, and choose Never Dial a Connection. This way, you won't be blind-sided by an inadvertent call to Indiana while you're in India.

Making a Dial-Up Connection

Making a remote network dial-up connection is no more difficult than connecting to the Internet. If you're a mobile user who moves between area codes, check your current location first, and then dial.

Check Your Current Location

If you've changed area codes or phone systems since the last time you made a modem connection, check your location setting by following these steps before dialing into the network:

1.	Open the Control Panel, and select Printers and Other Hardware, then Phone and Modem Options.
2.	Check your current location in the list of configured dialing locations using the Dialing Rules tab.
3.	Click OK to close the dialog.

Windows should now use the correct area code and dialing prefixes.

Choose a Profile Option

If your computer is a member of a Windows domain network that offers roaming user profiles, you can decide whether to connect using your current local profile or use your remote "roaming" profile. Your network manager will tell you if the network provides roaming profiles. You have two options for making the connection:

If you connect while you're already logged on to your computer, you'll have access to the files, printers, and all other network resources on the remote network, but the My Documents folder and desktop will remain as they were before you made the connection. You'll be "here."
If you log off from Windows and then log on again using the Log On Using Dial-Up Connection option, you'll be connected with your user profile on the remote network. Your My Documents folder, home directory, desktop layout, and other preferences will be copied from the server to your mobile computer, and you'll be "there."

If you're not connecting to a Windows domain-type network, if you don't have a roaming profile, or if you don't need to use it, use the steps under "Connect to a Remote Network Without a Roaming Profile."

If you have an account with a roaming profile on the remote network, and you want to have access to the My Documents folder and settings you use on that network, follow the steps under "Connect to a Remote Network with a Roaming Profile."

Connect to a Remote Network Without a Roaming Profile

To connect to a remote network using the profile you're already using in your own computer, make the connection directly, without logging out. Just follow these steps:

1.	Open the connection from the Start Menu "Connect To" list, from Network Connections, or from a shortcut to the connection. TIP Windows puts a "Connect to" menu on the Start menu when you've defined a dial-up connection. You can select a connection to dial, or right-click it to edit its properties. This is a real timesaver.
2.	Windows will open the connection dialog, as shown in Figure 18.6. Enter your login name, password, and domain (if any). You can also select Properties to adjust the connection's telephone number or dialing properties. (The Dialing From choice appears only if you checked Use Dialing Rules and have defined more than one dialing location.) Figure 18.6. In the Connect dialog box, you can enter your username and password for the remote network. If you're logged in, you can also tell Windows to remember your password and change the dialing properties. TIP If you're connecting to a remote Windows 200x domain, you can enter DOMAIN\username or username@domain in the User Name field.
3.	You can choose to let Windows remember your password, if you're not worried that other people might use your computer to gain inappropriate access to the remote network. (Giving access to "anyone who uses this computer" is usually used only for a shared ISP connection, not remote networks.)
4.	Select Dial. Windows shows you the progress of your connection as it dials, verifies your username and password, and registers your computer on the remote network. If the connection fails, unless you dialed the wrong number, you'll most likely get a reasonable explanation: The password or account name was invalid, the remote system is not accepting calls, and so on. If you entered an incorrect username or password, you are usually given two more chances to re-enter the information before the other end hangs up on you. If the connection completes successfully, a new connection icon appears in your taskbar, indicating the established connection speed, as in Figure 18.7. Figure 18.7.

You can now use the remote network's resources, as discussed next.

Connect to a Remote Network with a Roaming Profile

To use the remote network under your user profile on that network, your computer must have been configured as a Domain member, as described in Chapter 16 under "Joining a Windows Domain Network". Then, you must log in using the remote connection, using these steps:

Log off Windows if you are currently logged on. Choose Start and select Log Off.

Press Ctrl+Alt+Del to display the logon dialog. Enter your network username, password, and domain. If Log On Using Dial-Up Connection isn't displayed, click the Options button. Check Log On Using Dial-Up Connection, and select OK.

Choose a network connection by selecting the name of the remote connection from the drop-down list, and select Dial. You can select VPN or modem dial-up connections.

If the connection you need to use isn't shown in the list of connection choices, see "Can't Choose Dial-Up Connection at Login" in the "Troubleshooting" section at the end of this chapter.

When the Connect dialog appears, enter your remote access username and password and logon domain, as previously shown in Figure 18.6. This usually is the same as your network logon information. (You won't have the option to save your password or change the connection properties here, because you're not yet logged in.) Select Dial.

Windows then dials the remote network connection and logs in. After your profile settings have been copied, you're online and ready to use the network.

NOTE

If the connection fails because the telephone number was wrong, you may need to log on locally to change the number in the connections' properties dialog.

Callbacks

For security purposes, some networks don't permit you to just call in; they want to call you, so you not only need the right login name and password, but you also must be at the right location to gain access to the network. This type of access also generates an audit trail through phone company records.

When this type of security is in force, your network manager will contact you to arrange the predetermined telephone number to use to call you. You cannot access the network from any other location unless you arrange for call forwarding from the original number.

Callbacks can also be used to make the remote host pay for a long phone call. Some businesses use callbacks so that employees can dial in from the field at the company's expense.

When callbacks are in effect, you'll dial up the remote network as I described earlier, but as soon as the network accepts your password it will hang up. Within 30 seconds it will call back, and your modem will pick up the line and establish a connection.

If your network manager says that callbacks are optional, you can tell Windows how you want to exercise the option. In Network Connections, select the Advanced menu, choose Dial-Up Preferences, and select the Callback tab. You can indicate that you want callbacks on or off, or that you want to be asked each time you make a connection.

Using Remote Network Resources

When you're connected, you can use network resources exactly as if you were on the network. My Network Places, shared folders, and network printers all function as if you were directly connected.

The following are some tips for effective remote networking by modem:

Don't try to run application software that is installed on the remote network itself. Starting it could take hours!
If you get disconnected while using a remote network, it's a bummer to have to stop what you're doing and reconnect. You can tell Windows to automatically redial if you're disconnected while you're working. In Network Connections, from the Advanced menu, choose Dial-up Preferences, and select the Autodial tab. Check any locations you work from where you would like Windows to automatically reconnect you.
TIP

If you get disconnected while you are editing a document that was originally stored on the remote network, I suggest that you save it on your local hard disk the moment you notice that the connection has been disrupted. Then, when the connection is reestablished, save it back its original location. This will help you avoid losing your work.
You can use My Network Places to record frequently visited remote network folders. You can also place shortcuts to network folders on your desktop or in other folders.
If the remote LAN has Internet access, you can browse the Internet while you're connected to the LAN. You don't need to disconnect and switch to your ISP. You might need to make a change in your personal email program, though, as I'll note later under "Email and Network Connections."
If you use several different remote networks, you can create a folder for each. In them, put shortcuts to the appropriate connection and to frequently used folders on those networks. Put all these folders in a folder named, for example, Remote Networks on your desktop. This way you can open one folder and be working within seconds.

Email and Network Connections

If you use your computer with remote LANs as well as an ISP, you might need to be careful with the email programs you use. Most email programs don't make it easy for you to associate different mail servers with different connections.

Although most email servers allow you to retrieve your mail from anywhere on the Internet, most are very picky about whom they let send email. Generally, to use an SMTP server to send mail out, you must be using a computer whose IP address is known by the server as belonging to its network. You can usually only send mail out through the server that serves your current connection.

See if your favorite email program can configure separate "identities", each with associated incoming and outgoing servers. If you send mail, be sure you're using the identity that's set up to use the outgoing (SMTP) server that belongs to your current dial-up connection.

For some tips on sending mail through different ISPs, p. 388.

Monitoring and Ending a Dial-Up Connection

While you're connected, note that the System Tray connection icon flashes to indicate incoming and outgoing data activity. It's a true Windows tool, which means you can have it do pretty much the same thing in about five different ways.

NOTE

If the connection icon is missing, open Network Connections. Right-click the connection you're using, select Properties, and check Show Icon in Notification Area When Connected.

If you hover your mouse cursor over the connection icon, a box appears, listing the connection name, speed, and number of bytes sent and received.
If you double-click it, the connection status dialog box appears, as shown in Figure 18.8. From the status dialog, you can get to the connection properties or disconnect.
Figure 18.8. The connection status dialog box displays current connection statistics and lets you disconnect or change connection properties. Right-clicking the connection icon in the taskbar is a quicker way to disconnect.
If you right-click it, you can select Disconnect, Status, or Open Network Connections. This is the way to go.

Actually, all I ever do with the taskbar icon is make sure it blinks while I'm working, and right-click Disconnect when I'm finished.

When you disconnect a remote network connection, the taskbar icon disappears. If you logged in using a remote network profile, you remain logged in using the local copy of this profile until you log out.

Enabling Dial-In and VPN Access to Your Computer

Windows XP Professional has a stripped-down Remote Access Server (RAS) built in, and you can take advantage of it to get access to your work computer from home or from the field, or vice versa. You can also enable remote access temporarily so that a system administrator can maintain your computer.

CAUTION

RAS is not too difficult to set up, but beware: Permitting remote access opens up security risks. Before you enable dial-in access on a computer at work, be sure that your company permits it. In some companies, you could be fired for violating the security policies.

To enable dial-in access, you must be logged on as a computer administrator. Then follow these steps:

1.	In Network Connections, select the Create a New Connection Task in the New Connection Wizard. Click Next.
2.	Choose Set Up An Advanced Connection, and click Next. Choose Accept Incoming Connections, and click Next.
3.	Check the modem to be used for incoming connections. TIP Despite what the wizard dialog box seems to say, you can choose at most one modem. You can choose one of each different type of connection: modem and direct parallel port.
4.	If you want to disconnect incoming connections that sit idle (unused) for too long, click the Properties button and check Disconnect a Call If Idle More Than XXX Minutes, and then click OK.
5.	You then are asked whether you want to additionally permit Virtual Private Network connections to your computer. I'll discuss Virtual Private Networking later in this chapter. You can read ahead to decide whether you want it or check Do Not Allow Virtual Private Connections now. You can always repeat this process to enable it later. It's best to not allow virtual private connections now if you're not sure.
6.	Windows then displays a list of your computer's or domain's users. Select the ones who will be permitted to access your computer remotely, as shown in Figure 18.9. This step is very important: Check only the names of those users whom you really want and need to give access. The fewer accounts you enable, the less likely that someone might accidentally break into your computer. Figure 18.9. Here, you can choose users who will be granted the right to remote access of your computer. Check only the names of those users really needing access, and don't check Guest. CAUTION Under no circumstances should you enable Guest, IUSR_xxx, or IWAM_xxx (where xxx is the name of your computerfor example, IUSR_AMBON) for remote access. The IUSR and IWAM accounts are used exclusively by Internet Information Server for access by Web site visitors, and Guest is used for general network access. There's no way you would ever want to give unprotected access to your network via modem or VPN! Check only the names of users who need access and who have good (long, complex) passwords.
7.	You can enable or enforce callbacks for individual users if you like. Select the username, click Properties, and then select the Callback tab. If you do enable callbacks, you must enter any required dialing prefixes and area codes. Windows doesn't use dialing rules when making callbacks.
8.	Windows displays a list of network protocols and services that will be made available to the dial-up connection. Generally, you can leave all protocols and services checked. View the properties page for each checked protocol to specify whether callers have access only to your computer or have access to the LAN via your computer. Unless you have a reason to ban a remote caller (usually you) from reaching the rest of your LAN, you have no reason to disable these services.

NOTE

If you want to use incoming VPN connections and you use Internet Connection Sharing or a connection sharing router between the Internet and your computer, you'll have to forward incoming VPN connections to your computer. For details, see "Making Services Available" in Chapter 19.

Access to Windows and NetWare servers through the IPX/SPX protocol is handled without difficulty.

However, the TCP/IP protocol presents a significant problem. Incoming callers must be assigned IP addresses that are valid on your LAN if they are to be able to communicate with computers other than your own.

If your network has a DHCP server, or if you are using Internet connection sharing or a gateway device, then a caller will automatically receive a valid IP address. You don't have to worry about setting the TCP/IP address.

If your network does not have a true DHCP server on the network, you must manually assign a valid subnet of at least four IP addresses taken from the IP address range of your network. If you don't, incoming callers can access only your computer. (And if that's sufficient, you don't need to worry about this.)

NOTE

You must provide a subnet with one IP address for the RAS server component on your computer and one for each incoming connection. Subnets have an overhead of two addresses, so the minimum subnet size is four addresses (two overhead, one for the server on your computer, and one for a caller). With an eight-address subnet, you could have five incoming connections (two overhead, one for the server, five for callers), although XP limits you to two or three incoming connections total.

Unfortunately, the process of assigning subnet addresses is more complex than I can go into here in any detail, and the articles on this topic in Windows XP's online help are worse than useless. You'll have to get a network manager to assign the subnet for you.

NOTE

You also can read more about TCP/IP networking in Upgrading and Repairing Networks, 4th Edition, published by Que.

TIP

Look up your LAN adapter's IP address. If it starts with 192.168, you might try this trick for assigning IP addresses for incoming connections. For the starting and ending addresses, use the first three numbers of your IP address followed by 220 and 223, respectively. For example, my IP address is 192.168.0.34. I'd enter 192.168.0.220 and 192.168.0.223 as the From and To addresses.

When the incoming connection information has been entered, a new icon appears in your Network Connections window. You can edit its properties later or delete it to cancel incoming access. When someone connects to your computer, yet another icon appears in Network Connections showing their username. If necessary you can right-click this to disconnect them.

Setting Up Dial-Up Networking

Table 18.1. Information Needed for a RAS Connection

Figure 18.1. Choose Connect to the Network at My Workplace from the New Connection Type selections.

Setting a Dial-Up Connection's Properties

General

Figure 18.2. General Properties include dialing and modem settings.

Options

Figure 18.3. The Options tab includes dialing and prompting options.

Security

Networking

Figure 18.4. On the Networking tab, you can choose which network protocols and services are enabled for the dial-up connection. Check everything, and set the TCP/IP protocol's properties if necessary.

Advanced

Figure 18.5. If you are connecting to a secure corporate network, you can disable Windows Firewall for just this connection.

Managing Dial-Up Connections from Multiple Locations

Making a Dial-Up Connection

Check Your Current Location

Choose a Profile Option

Connect to a Remote Network Without a Roaming Profile

Figure 18.6. In the Connect dialog box, you can enter your username and password for the remote network. If you're logged in, you can also tell Windows to remember your password and change the dialing properties.

Figure 18.7.

Connect to a Remote Network with a Roaming Profile

Callbacks

Using Remote Network Resources

Email and Network Connections

Monitoring and Ending a Dial-Up Connection

Figure 18.8. The connection status dialog box displays current connection statistics and lets you disconnect or change connection properties. Right-clicking the connection icon in the taskbar is a quicker way to disconnect.

Enabling Dial-In and VPN Access to Your Computer

Figure 18.9. Here, you can choose users who will be granted the right to remote access of your computer. Check only the names of those users really needing access, and don't check Guest.