Added by Mahmoud Al-Qudsi, last edited by Mahmoud Al-Qudsi on Mar 19, 2008

Labels

 
(None)

Windows 7 "HomeGroup"

A "Castle" by any other name...

Windows 7 has a new feature known as "HomeGroups," which first made its appearance in the Longhorn documentation as Windows "Castles." However, subsequent to the Longhorn reboot/restart, Castles (along with a number of other features-to-be like WinFS) were dropped from Windows Vista. It seems that Microsoft is now reviving the idea, this time under a new name: "Windows HomeGroups."

About Winodws 7 HomeGroup

In the original Longhorn implementation, Castles were intended to be a more-simplified, wizard-driven implementation of the age-old TCP/IP "workgroups" feature. HomeGroups' purpose is to make it easy for users to create secure networks groups for sharing media, files, and settings across multiple computers in a LAN.

Windows HomeGroup is officially described in this Microsoft document pertaining to the Codename Longhorn PDC implementation of "Castles:"

Castle

What This Feature Does:
The "castle" feature allows users to have the networking functionality of the domain, including roaming the user's profile, machine trust and having a consistent user identity throughout the network. The main difference with Castle is that users do not have to setup a dedicated machine, such as a domain controller, to maintain the trust and identity relationship. It also makes it easy to share and access files on those computers. Each computer on the same subnet can discover and join an existing castle. Or, the user can create a Castle. To join an existing castle, you must know the login credentials of an administrator account already part of the castle. Only non-blank passwords can grant access. This helps ensure only authorized computers join the castle (use of strong passwords for administrator accounts is highly recommended). When a computer joins a castle, the accounts on that computer will be added to the list of accounts accessible from any computer in the castle. User specific data (e.g. their password, access rights, and preferences) will be replicated on each computer in the castle and kept in sync. In addition, the newly joined computer will inherit and respect all policies from the Castle.

Information Collected, Processed, or Transmitted:
To help standalone computers find the available castles on the subnet, the machines in the Castle send a broadcast a beacon containing the Castle's name. Be aware that if you share a subnet with other people (e.g. your neighbor when using a cable modem without a hardware router/firewall) they may be able to see the name of your castles. In this case only choose castle names you are comfortable sharing with others. When joining a castle, the credentials you enter will be sent using security technology (NTLM) to other computers in the castle.

Use of the Information:
Broadcasting the name of each castle makes it easy to discover what castles are available on the subnet. When joining a castle, the credentials help ensure only authorized computers join the castle.

Choice/Control:
The user must initiate joining a castle using the user interface provided. Whether the user's computer is able to join a castle depends on whether an administrator of a computer already part of the castle has provided the user with the appropriate credentials. When a castle is formed, a beacon containing the castle name will be broadcast. In this release there is no easy way to disable the beacon. A mechanism to disable the beacon will be added in a future release.

Important Information:
The Internet Connection Firewall (ICF) is enabled by default in this software. Therefore, if you create a Castle, it will send out the beacon, but because ICF is enabled, other computers running this software that have the firewall enabled won't see the beacon.