In Microsoft Windows 2000 Professional, networking is simplicity itself. Gone are the days of complicated network configurations and strange kluges to make the computer work on networks. Most users, those who use a typical Microsoft network configuration, don't have to change their configurations at all. A typical Microsoft network configuration includes the client for Microsoft networks, TCP/IP, and file and printer sharing. And when users have to change their network configuration, they have one central place to go in order to make them all.
This is all well and good, but what about users who are trying to create a peer-to-peer network at home? Windows 2000 Professional makes this process easy, too, because the operating system automatically handles IP allocation and name resolution. Users aren't stuck using antiquated protocols such as NetBEUI and don't have to set up a server to gain the benefits of networking at home. Because this is the topic that most readers care about most, this chapter has an obvious slant toward that topic. For more information about networking in business environments using Microsoft Windows 2000 Server, see Inside Windows 2000 Server (New Riders, 1999).
Windows 2000 Professional's Setup program automatically recognizes and configures most network adapters it finds when you install the operating system. In fact, the Setup program offers no mechanism for changing the network adapter's configuration during the setup process. Using Device Manager or the Add/Remove Hardware Wizard, you can change the device driver, however. Alternatively, use an unattended answer file to specify the network adapter you want to install.
When you install a new network adapter, Windows 2000 Professional will most likely recognize and configure it. If the operating system can't find a device driver for it, use Device Manager to install its device driver, which presumably came on a disk with the network adapter, or you must get it from the network adapter's vendor. In Device Manager, double-click the network adapter and then click Update Driver on the Driver tab. You can also use the Add/Remove Hardware Wizard to troubleshoot the network adapter: In Control Panel, double-click the Add/Remove Hardware icon, click Next, click Add/Troubleshoot a device, and then follow the instructions you see onscreen. This gives you the opportunity to enable the network adapter by starting the Updated Device Driver Wizard.
If Windows 2000 Professional does not automatically detect and configure a network adapter, and it's not already listed in Device Manager, it's probably a legacy network adapter (there are plenty of those hanging around most boneyards). You must manually install these adapters using the Add/Remove Hardware Wizard. In Control Panel, double-click the Add/Remove Hardware icon and follow the instructions you see onscreen. The wizard displays a list of devices that are installed. Because a legacy network adapter isn't likely to be in this list, however, you want to add a new device and you want to select the network adapter from a list or provide third-party device drivers you have on a disk. The operating system does provide drivers for many legacy adapters and it just might be your only source for them.
Installing a new network adapter or reconfiguring an existing adapter requires that you log on to the computer as an Administrator.
See Also
Chapter 1, "Installing Windows," for more information about installing network adapters using unattended answer files.
Chapter 3, "Configuring Hardware," to learn more about installing devices such as network adapters.
In the Network and Dial-up Connections folder is an icon for each network adapter installed in the computer. If the computer contains a single network adapter, you see an icon called Local Area Connection. You might also see icons for additional network adapters or for additional dial-up connections. Of course, the first icon in this folder you see is the Make New Connection icon, which you use to create new dial-up connections. To open this folder, double-click the Network and Dial-up Connections icon in Control Panel.Each local area network icon can have different states:
Enabled . The icon is enabled, indicating that the connection is working. If you configured the connection to display its status in the taskbar, you see two computer screens flashing.
Disabled . The icon is disabled, or dimmed. This indicates that you disabled the connection, so you don't see an icon in the taskbar.
Disconnected cable . The icon is dimmed and you see a red X on it. This indicates that the cable or connection is broken. The icon you see in the taskbar has a red X on it.
In any state, you configure a local area network connection by clicking Properties on its icon. This displays the Local Area Connection Properties dialog box shown in Figure 12.1. For example, if you want to see the connection's status in the taskbar, select the Show icon in taskbar when connected check box on its Local Area Connection Properties dialog box.
Figure 12.1. Windows 2000 Professional gives you a single centralized location for configuring all network connections.
Installing, removing, and configuring network components works similarly to Microsoft Windows 98. On the Local Area Connection Properties dialog box, do one of the following:
To install a new client, service, or protocol, click Install.
To remove a client, service, or protocol, click it in the Components checked are used by this connection list and then click Uninstall.
To configure a client, service, or protocol, click it in the Components checked are used by this connection list and then click Properties.
To disable a client, service, or protocol for this connection only, making it available for other connections, clear the check box next to it.
Computer names deserve a special mention because plenty of users still use a mix of Windows 2000 Professional and earlier versions of Windows. Windows 2000 Professional supports DNS names, which look like typical Internet names: jerry.honeycutt.com. Windows 2000 Professional also creates NETBIOS names, which are the old-style names that you used with earlier versions of Microsoft networking. jerry.honeycutt.com and scratch.honeycutt.com have JERRY and SCRATCH NETBIOS names, and these are the names that you use to reference the computers from earlier versions of Windows—not their DNS names.
One last note. You should limit computer names to 15 characters or fewer, even though you can potentially create longer names. This ensures that other computers can see your computer on the network.
As with earlier versions of Windows NT, you can join a computer to a domain or join it to a workgroup. Here are the fundamental differences between the two:
Domain . When you join a computer to a domain, the computer has an account on that domain, and the domain controller authenticates your credentials and authorizes access to network resources. The name of the computer's account and the name of the computer must be the same. Adding a computer to a domain creates a trust relationship with the domain, which means that the computer trusts the domain to authenticate users.
Workgroup . When you join a computer to a workgroup, the local computer is responsible for all of its own security, as opposed to a domain in which the domain takes responsibility for network security. Other computers who happen to be members of the same workgroup can see each other in the workgroup's icon in the My Network Places folder. Just remember that a workgroup is really nothing more than a way to categorize computers.
Unlike Microsoft Windows NT Workstation 4.0, Windows 2000 Professional makes changing computers' identification and domain membership easy. It even provides a wizard for that purpose, which most users really don't need to use:
In the Network and Dial-up Connections folder, click Network Identification on the Advanced menu and then click the Network Identification tab.
Click Properties, type a name for the computer in Computer name, as shown in Figure 12.2, and then do one of the following:
Click Domain and then type the name of the domain to which you want to join the computer. You must have the appropriate credentials on the domain to join a computer to it. Either you must have a domain administrator's name and password or the name and password of a special user account that the administrator set up for this purpose. Many administrators create an account called Installer that has enough permission to join computers to a domain, and that's about all. This is often the most appropriate choice when connecting your computer to a business network.
Click Workgroup and type the name of the workgroup you want to join. If the workgroup doesn't already exist, Windows 2000 Professional will create it. Otherwise, the operating system will add your computer's name to the list with other members. This is often the most appropriate option if your computer isn't on a business network. For example, most peer-to-peer and home networks are actually just workgroup networks.
How you log on to the computer depends on how you connected it to the network and what you want to do. If you joined the computer to a domain, you have two choices. You can log on to the domain or log on to the local computer. In the first case, the domain authenticates your credentials. In the second case, the local computer validates your credentials. If you configured the computer to connect to a workgroup, you must log on to the local computer because no domain is available to authenticate your credentials. The differences are subtle:
If you log on to a domain, you have access to any network resources to which you have permission. You don't have to have an account on the local computer, but you must have an account on the domain.
If you log on to the computer locally, you have access to the local computer's resources, but not necessarily the network's resources. You must have an account on the local computer to log on to it, which is not the same as adding your domain account to a local group.
With that out of the way, you log on to Windows 2000 Professional by providing your credentials and then choosing what you want to validate them. When you see the Welcome to Windows dialog box, press Ctrl+Alt+Delete. By forcing users to give the three-finger salute, Windows 2000 Professional prevents Trojan horses from gathering credentials by simulating the logon screen. In User name, type the name of your account and type your password in Password. To choose what you want to log on to, click Options and click the name of the domain or computer you want to log on to in the Log on to list. To log on to the local computer, click the computer's name. In general, if you joined the computer to a domain, you want to log on to the domain. Otherwise, the only choice is logging on to the local computer.
Note
If you used the Network Identification Wizard to configure the computer for home use, you probably configured Windows 2000 Professional to log you on automatically. You won't see the Welcome to Windows dialog box in this case, and it will automatically log you back on again when you log off the operating system. You can cause the operating system to once again prompt for your name and password by running the Network Identification Wizard and clicking Users must enter a user name and password.
See Also
Chapter 8, "Managing the Computer," to learn how logging on to different domains affects local user profiles in Documents and Settings.
Here's how to share a folder on the network:
On the folder or printer's shortcut menu, click Sharing.
On the Sharing tab, click Share this folder and then type a name for the share in Share name.
The share name doesn't have to be the same as the folder name. Network users never see the actual folder name on the network—all they see is the name of the share.
Click Permissions and specify which users you want to have access to the shared files.
By default, the Everyone group has access to the share. This is perfectly acceptable if you have limited access to the share's contents using NTFS file permissions. Otherwise, you should set the share's permissions to limit access to it.
Click Caching and then do one of the following in the Setting list:
To automatically make the share's documents available offline for all network users when they use documents in the share, click Automatic Caching for Documents.
To automatically make the share's program files available offline for all network users who use them, click Automatic Caching for Programs.
To allow network users to individually determine which files they want to use offline, click Manual Caching for Documents.
Windows 2000 Professional does not allow you to rename shares. The only way to change a share's name is to actually remove and re-create it.
Caution
Many users, particularly home users, make sharing entire drives a habit. For example, they share all of drive C or all of drive D for convenience. I don't recommend that you do this, however, because it paves the way for human error and virus-propagation by exposing the entire drive on the network. Share specific folders to avoid this problem. Not only does it protect important files, it helps you organize all of your data on the network because each individual share shows up as a separate folder in My Network Places.
You create dial-up connections in the Network and Dial-up Connections folder. Although the user interface is slightly different, the information it collects is similar to other versions of Windows:
In Control Panel, double-click the Network and Dial-up Connections icon and then double-click the Make New Connection icon.
Click Next and then do one of the following:
To create a connection to a private network, such as a home or business, click Dial-up to private network.
To create a connection to the Internet service provider, click Dial-up to the Internet.
To create a virtual private network connection, click Connect to a private network through the Internet.
To configure your computer to accept incoming connections (the other computer would create a connection to a private network), click Accept incoming connections.
To connect your computer to another computer using a serial, parallel, or infrared port, click Connect directly to another computer. This type of connection is handy and often overlooked when you don't have networking equipment available.
See the sections that follow to learn more about each type of connection.
A private network connection connects your computer to a business network or even to your Internet service provider (ISP). The host to which you're connecting must use the same protocol, which is usually TCP/IP, and must support one of the connection protocols available in Windows 2000 Professional, which is usually Point-to-Point Protocol (PPP).
The Network Connection Wizard prompts you the phone number. There are two ways you can provide your phone number. You can clear the Use dialing rules check box and type the full phone number in Phone number. Alternatively, you can select the Use dialing rules check box and type the area code in Area code and the remaining digits in Phone number. You'll want to use dialing rules if you live in an area in which you must use 10-digit dialing, or you must use a credit or calling card. For more information about dialing rules, see Chapter 13, "Using Mobile Computers."
The wizard also asks you whether you want to make the connection available to other users with whom you share the computer or to make the connection available only to yourself. If this is a connection that you don't want other users to see, make sure you keep it to yourself.
You can further refine the connection by clicking Properties on its icon in the Network and Dial-up Connections folder. Figure 12.3 shows the name Properties dialog box, and the following list describes the options available on each tab:
General . Choose the modem you want to use and specify the phone number to dial. If you want to see the connection's status in the taskbar, select the Show icon in taskbar when connected check box.
Options . Specify dialing options, such as whether the connection prompts for your name and password each time, how many times it tries to redial, and the amount of time to wait between redial attempts. A useful option that is off by default is the Redial if line is dropped check box, which causes the connection to automatically redial the phone number when you're disconnected.
Security . Specify which authentication protocol you want to use and whether you want to use a logon script or interactive logon. The default authentication is unsecured, so if the host you're calling supports more secure authentication protocols, such as the ones in "Securing Connections," I recommend that you use them.
Networking . Choose the connection protocol you want to use (PPP in most cases, but the default is SLIP for some reason) and which components you want to enable for the connection. For Internet connections, you need to enable only TCP/IP. For connections to business networks, enable the client for Microsoft networks, too.
Sharing . Enable sharing of this connection. If you want other computers on the network to be able to access the Internet through this dial-up connection, select the Enable Internet Connection Sharing for this connection check box. This option enables Internet Connection Sharing and is different from sharing a connection with other users who share the computer.
If you click Dial-up to the Internet in the Network Connection Wizard, the wizard automatically starts the Internet Connection Wizard. You learn about this wizard in Chapter 14, "Connecting to the Internet." It gives you the option of signing up for a new Internet account, specifying information about an existing account or configuring your Internet connection manually. After you configure the Internet connection, it is exactly the same as any other private network connection, which you learned about in the previous section.
A virtual private network (VPN) is a connection to a private network that you make through the Internet. VPNs are really not as complex as people think. You connect to the Internet using your normal Internet service provider. Then, a tunneling protocol communicates with your private network over the Internet connection, using a secure channel that no one else on the Internet can understand. It's a secure way to communicate with a private network over the Internet, in other words. Here's how to create a VPN:
If you want to automatically connect to the Internet when you try opening the VPN, click Automatically dial this initial connection and then click the name of the connection in the list.
In Host name or IP address, type the name of the remote computer or its IP address.
The remote computer must be configured to accept VPN connections and must be using one of the tunneling protocols that Windows 2000 Professional supports. This usually requires some cooperation between you and the remote computer's administrator.
Do one of the following:
Type a name for the connection.
By default, the connection negotiates the appropriate tunneling protocol with the remote host (most users should leave it this way). You can choose a particular tunneling protocol, however. On the connection's shortcut menu, click Properties. On the Networking tab, in the Type of VPN server I am calling list, click the type of tunneling protocol you want to use, which can be one of the following:
Layer 2 Tunneling Protocol (L2TP) . L2TP is supported by Windows 2000 only for client-to-server and server-to-server tunneling. It's more secure than PPTP, but not in common use yet.
Point-To-Point Tunneling Protocol (PPTP) . This is the most mature tunneling protocol available today and is used by most versions of Windows. If in doubt, select this protocol.
By creating an incoming connection, you allow other computers to connect to your computer using a modem. Creating an incoming connection is easy:
Select the check boxes next to the modems you want to accept incoming connections, and click Next.
Do one of the following and then click Next:
To accept virtual private connections, click Allow virtual private connections.
Otherwise, click Do not allow virtual private connections.
Select the users you want to allow access to this connection. By default, the wizard adds all local users to this list (you can't add domain users), but you can add additional users by clicking Add. Click Next.
Select the check box next to each networking component you want to use for the connection. You can optionally install additional components or configure each component for this connection without affecting other network connections.
Direct connections are underutilized. They allow you to connect two computers using ports that most computers already have without requiring you to install networking components that might not be available. For example, if you need a quick way to transfer files from one computer to another, connect the computers by using a serial cable and then use a direct connection. You must configure one of the computers as a host and the other computer as a guest. Here's how:
Do one of the following and then click Next:
To set up the computer as a host, click Host.
To set up the computer as a guest, click Guest.
In the Device for this connection list, click the port you want to use for the connection. You can choose any available serial, parallel, or infrared port. Click Next.
Do one of the following:
Type a name for the connection.
After you create the connection icons, connect the computers by using the appropriate cable for the port you selected. Of course, you must configure each connection to use the same type of port, but they don't have to be the exact same port. Open the connection on the host first and then the guest. Note that some ports might require a special cable. For example, connecting two computers via their parallel ports usually requires that you use an appropriate bi-directional parallel cable.
To change the authentication protocol that a dial-up connection uses, click the Security tab on its name Properties dialog box, click Advanced, and then click Settings. Windows 2000 Professional supports numerous authentication protocols that the operating system uses to exchange your credentials with a remote computer when you're connecting via a dial-up connection. They include the following:
Password Authentication Protocol (PAP) . Uses clear-text passwords. It's the simplest authentication protocol. Use this protocol only when the remote connection doesn't support more advanced protocols, which is usually the case when connecting to an Internet server provider.
Challenge Handshake Authentication Protocol (CHAP) . Negotiates secure authentication. This proves to the remote computer that you know your password without actually sending the password across the connection. It uses the Message Digest 5 (MD5) hashing scheme. Most Point-to-Point Protocol (PPP) servers support CHAP and MD5.
Microsoft CHAP (MSCHAP) . Similar to CHAP, but for Microsoft products, MSCHAP version 2 is the latest version.
Extensible Authentication Protocol (EAP) . An extension of the Point-to-Point Protocol (PPP), it provides remote authentication using third-party security devices such as Smart Cards, retina scan, voiceprint, and others.
Home networking is all the rage these days. Microsoft announced its new initiative, called Universal Plug and Play. The goal of Universal Plug and Play is to enable users to build home networks for communication, entertainment, home automation, and so on. It will support intelligent appliances and allow you to connect all of the computers in the household and share resources. In fact, with a home network, all of your computers can share a single Internet connection. For more information, see http://www.microsoft.com/homenet.
With regard to Windows 2000 Professional, home networking is nothing more than a plain old workgroup or peer-to-peer network. What makes Windows 2000 Professional suited for this purpose is a new feature that prevents you from having to configure complicated DHCP and WINS servers while you still have all the advantages of TCP/IP. Microsoft Automatic Private IP Addressing (APIPA) makes creating workgroup networks easy. It automatically assigns unique IP addresses to network- connected computers. Because it assigns IP addresses without any work on your part, it eliminates the need for you to assign static IP addresses or manage IP addresses using the Dynamic Host Configuration Protocol (DHCP) or a Domain Name System (DNS) server. APIPA does for workgroup networking what Plug and Play did for device management. Globally unique IP addresses aren't required on private networks. As a result, APIPA uses IP addresses that the Internet reserves for private networks (169.254.0.0 through 169.254.255.254 with the subnet mask 255.255.0.0). APIPA automatically assigns these reserved IP addresses to computers on private networks. It also prevents hosts from having duplicate IP addresses.
Note
The IP addresses that APIPA assigns aren't globally unique beyond the workgroup network, so computers on the Internet can't connect them. Still, with Internet Connection Sharing or a proxy server, you can share a single Internet connection with all the computers on the workgroup network.
Windows 2000 Professional also handles name resolution automatically. Combine APIPA and automatic name resolution, and you'll find that building a home network is no harder than installing network adapters in each computer and connecting each computer to a hub. The default network configuration works in almost every case.