Networking with Windows 2000

While on the road, you and a co-worker often need to exchange files. You typically send them as e-mail attachments, but surely there's a better way?

E-mail is about the worst possible way to exchange files. For starters, the size of the data that you're sending via e-mail is always larger than the original size of the file. You're wasting storage space and bandwidth on your network.

If you're both running Windows 2000 on recent-vintage notebooks, you have an incredibly easy file transfer mechanism right under your nose: infrared. As long as both computers have infrared ports and infrared support is enabled on both machines (the default setting), all you have to do is aim your computer's infrared port directly at its mate on the other notebook and begin the transfer. It's quick and painless: You can send a 1MB file in about 90 seconds. If the infrared connection doesn't appear automatically, open the Control Panel and double-click the Wireless Link icon.

Or try a Web-based storage site. We recommend Xdrive, which includes a Windows-based applet that integrates directly into Windows Explorer. You upload the file to the server, give your coworker permission to access that location, and send an e-mail with the URL pointing to that file.

Connecting to the Internet

You have a working Windows-based network, but employees still access the Internet via dial-up networking. What's the safest and most affordable way to connect your network to the Internet?

Windows 2000 and Windows 98 Second Edition contain everything you need to connect your network to the Internet. The trick is to designate one computer as the single point of Internet access for the entire network. To successfully maintain two connections, one to the Internet and the other to your local area network, that computer needs to contain two network adapters (or, if you're sharing a dial-up connection, one network adapter and a modem).

In a small peer-to-peer setup, where the network doesn't have a dedicated server, you can pick any computer to be the Internet gateway. Windows 2000 Professional, Windows 98 Second Edition, and Windows Millennium Edition all support Internet Connection Sharing (ICS). From Windows 2000 Professional, open the Control Panel's Network and Dial-up Connections folder, right-click the icon for the Internet connection, click Properties, and then click the Sharing tab. In Windows 98 or Windows Millennium Edition, run the Home Networking Wizard (Programs > Accessories > Communications).

ICS has some noteworthy limitations: It doesn't run on a Windows 2000 server, and you can't change its settings. More importantly, ICS provides no security whatsoever; when you share an Internet connection, you expose your entire network to hackers and vandals. In general, you should only think about ICS for a network consisting of six or fewer workstations.

If your network includes a Windows 2000 server, you can hook your network up to the Internet by combining a pair of technologies: Routing and Remote Access Service (RRAS), and Network Address Translator (NAT). This combo basically turns your server into an Internet router. After setting up the server with two network cards—one connected to the local area network, and the other to the Internet—in the Configure Your Server wizard, you'll find Routing and Remote Access under Networking. The wizard walks you through the process with ease.

Whether you use ICS or RRAS/NAT, you should consider adding one more component to enforce security. A proxy server lets you control which protocols get in and out of your network and can dramatically improve performance by caching frequently used content. Microsoft Internet Security and Acceleration Server 2000 integrates perfectly with Windows 2000. WinProxy 3.0, which can be downloaded for free from ZDNet, is a much more affordable option.

Every time you think about IP addresses, you get a splitting headache. How do you set these up in a Windows network?

We can help you make sense of how Windows manages IP addresses, which are the numeric tags that identify each computer on a TCP/IP network. Essentially, you have four options when filling in this information:

Static IP Address. If you're running a Web server or a virtual private network that will be accessible over the Internet, you need a static IP address. Additionally, you will almost certainly want to register the server's name (like ZDNet Smart Business) with a DNS (domain name system) server so that other networks can match up the name with the correct address. Your Internet service provider can assist you in acquiring either a single address or a block of addresses, and registering them with a DNS server.

DHCP. This stands for Dynamic Host Configuration Protocol. A server with a block of IP addresses parcels them out, one at a time, to machines on the network. If you have a Windows 2000 server on your network, use its built-in DHCP server to dramatically reduce administrative headaches. In this configuration, each Windows workstation (regardless of Windows version) should be set to obtain an IP address automatically.

AutoConfiguration. This confusing option is intended for networks running Windows 98 and Windows 2000 (in any combination), without a server or a direct Internet connection. If Windows does not detect a DHCP server, and the TCP/IP settings specify that you want to obtain an IP address automatically, each Windows workstation will configure itself with an address in the range 169.254.x.y, and all machines will be able to communicate with one another. Knowledge Base article Q220874 explains this process more fully.

Private IP Addresses. The standards-setting group that manages Internet numbers has set aside several blocks of addresses specifically intended for use on private networks that are not connected to the Internet at large. The Internet Connection Sharing feature in Windows 98 Second Edition and Windows 2000 uses private IP addresses in the 192.168.0.x range. Knowledge Base article Q142863 describes these addresses and how to use them.

You prefer Netscape Navigator to Microsoft Internet Explorer, but Windows and Office 2000 require Internet Explorer in order to work properly. What options do you have?

Windows 98 and Windows 2000 come with Internet Explorer pre-installed; you can't get rid of it. And if you install Office 2000 on Windows 95 or Windows NT machines, the setup program installs Internet Explorer on those platforms, too. The reason for this requirement is threefold: Windows Installer requires Internet Explorer's desktop update in order to support so-called self-healing applications; Outlook 2000 requires Outlook Express for newsgroup access; and PowerPoint's presentation broadcasting requires NetMeeting.

Although you can never get rid of Internet Explorer altogether, you can hide it from users. You can remove the Internet Explorer icon from the desktop, for instance, and prevent users from changing the default browser. How? Ironically, all you need to get rid of this Microsoft software is . . . more Microsoft software—specifically, a Windows NT or 2000 server at the heart of the network. Use System policies (Windows NT servers) or Group policies (Windows 2000 servers) to do the cleanup. An administrator defines a policy, which is stored on the server. Then, when a user logs onto the network, Windows downloads that policy and applies it to the user. The trick here is to know which policies you can use to hide Internet Explorer from the user.

If your office uses Netscape Navigator, start with a minimal installation of Internet Explorer. That means you'll install the browser, Windows Desktop Update, NetMeeting, and Outlook Express. Office 2000 requires these components. Then, on your server, set the following policies to hide Internet Explorer.

1. Disable the Changing Default Browser check. This option prevents Internet Explorer from prompting users to change the default browser to Internet Explorer.

2. Hide the Internet Explorer icon on the desktop. Internet Explorer's desktop icon is the primary way that most users launch the browser when Navigator is set as the default browser. Removing the icon will keep all but the hardiest hackers out of Internet Explorer.

3. Disable Active Desktop. The Active Desktop feature is notoriously crash-prone. Turn it off by setting up this policy.

4. Enable Classic Shell. This policy restores the desktop and Windows Explorer to its original user interface. Web View is gone. Active Desktop is gone. The single-click user interface is gone. The desktop looks like it did in Windows NT.

5. Remove the Favorites menu from the Start menu. The Favorites menu can be confusing for Netscape Navigator users. Get rid of it with this policy.

6. Disable and remove links to Windows Update. This doesn't have as much to do with Internet Explorer as it does with preventing users from updating their computers on their own. Choosing this option prevents users from installing updated components and device drivers from Microsoft's Windows Update Web site.

Setting these policies is a good step towards hiding Internet Explorer from users, but there are many more policies you can use to lock it down even more. By methodically going through categories in the Group Policy Editor (gpedit.msc), you can customize a policy that addresses your needs precisely. As a final step, consider removing the last bastions of access to Microsoft's browser on each computer—the Internet Explorer icons on the Start menu and Quick Launch toolbar.