The Windows 2000 Professional Setup program automatically creates a typical network configuration (called a connection) for each network adapter, which users are free to customize. Each connection includes Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and the Transmission Control Protocol/Internet Protocol (TCP/IP) with Dynamic Host Configuration Protocol (DHCP) enabled.
Users can modify the default network connection to suit their needs by using Network and Dial-up Connections in Control Panel.
Local and Remote Network Connections
In Windows 2000 Professional, connectivity to the Internet as well as to local and remote networks is configured with the Microsoft® Windows® 2000 Professional Network and Dial-up Connections.
Network and Dial-up Connections improves upon the dial-up networking functionality in Microsoft® Windows® 98 and Microsoft® Windows NT® version 4.0 by providing improved autoconfiguration of networking components and devices, and a single folder in which to configure all networking options. Network and Dial-up Connections combines functionality found in Windows 98 and Windows NT 4.0 Dial-up Networking, with features that were formerly configured in the Network Control Panel, such as network protocol and service configuration.
Table 1.1 demonstrates how networking support in Windows 2000 Professional has improved upon Windows NT 4.0 and Windows 98.
Table 1.1 Comparing Networking Support
| Windows 2000 Professional | Windows NT 4.0 | Windows 98 |
|---|---|---|
| Network and Dial-up Connections installed by default | Must install Remote Access Service (RAS). | Dial-up Networking installed by default, but must install Dial-up Server to create incoming connectivity. |
| Modem detected and configured by Plug and Play. | Must install modem in Modems in Control Panel. | Modem detected and configured by Plug and Play. |
| COM port detected and enumerated by Plug and Play. | Must configure COM port. | COM port detected and enumerated by Plug and Play. |
| Protocol change does not require restart. | Restart when RAS is installed or protocol changes. | Protocol change requires restart. |
| Virtual private network (VPN) connections can be configured to automatically dial a connection to the Internet service provider (ISP) before establishing the VPN connection. | VPN connections require activating two connections. | VPN connections require activating two connections. |
You can also use other tools, such as local Group Policy and Connection Manager, to manage networking connections in your organization.
For more information about the Network and Dial-up Connections feature, which includes a remote networking scenario, see "Local and Remote Network Connections" in this book.
TCP/IP in Windows 2000 Professional builds upon the networking strengths found in Windows NT Workstation 4.0 and Microsoft® Windows® 98. These improvements result in a scalable networking platform that can be implemented in a variety of environments, from a branch office configuration, to a powerful workstation within a multidomain enterprise. The improvements made in Windows 2000 Professional can be categorized into five areas:
Address Assignment and IP Packet Handling. Windows 2000 Professional makes setting up branch office configurations easier because of two new features: Automatic Private IP Addressing and Internet Connection Sharing.
Automatic Private IP Addressing (APIPA) assigns an IP address and subnet mask to a Windows 2000 Professional–based computer if a DHCP server is not available. You can connect to other networks through Internet Connection Sharing (ICS), which translates private IP addresses to a single public IP address, which can access other intranets or the Internet.
Name Resolution. Windows 2000 Professional includes several modifications to its IP address/name resolution process to make it an Internet-ready client. DNS is the default name resolution method for the Windows 2000 Production environment, replacing NetBIOS as the default name management method for Windows-based domains. A number of additional improvements have been made in DNS, including support for an extended character set (RFC 2181), client-side caching, connection-specific domain names, and improved performance through subnet prioritization.
IP Security. Windows 2000 Professional provides network security through the implementation of IP security (IPSec). IPSec is a set of rules and protocols defined by the Internet Engineering Task Force (IETF) that provide encryption, data authentication, and data integrity at the packet level. Local and domain-based IPSec policies can be created to implement IP security.
Quality of Service. As multimedia-rich applications such as video conferencing and video-on-demand become more pervasive within a network, the issues of network bandwidth and the quality of data transmission become more critical. Windows 2000 Professional addresses this through its implementation of Quality of Service (QoS), a set of specifications that determine a multimedia or qualitative application's network requirements. Windows 2000 Professional also implements the Resource Reservation Protocol (RSVP), which allows an application or service to reserve a specific amount of bandwidth needed for data transmission.
TCP Performance. Windows 2000 Professional includes enhancements to TCP that improve the performance of TCP/IP-based networks. Larger default TCP receive window size increases performance on high-speed networks. Window scaling, as documented in RFC 1323, allows the use of a very large TCP receive window in high-bandwidth, high-delay environments. To improve performance in high-loss environments such as the Internet, selective acknowledgments (SACKs) enables a receiving host to selectively acknowledge only the data it has received.
For more information about configuring TCP/IP in Windows 2000 Professional, see "TCP/IP in Windows 2000 Professional" in this book.
Windows 2000 Professional on Microsoft Networks
The improvements made in Windows 2000 Professional can be categorized into three areas:
Directory Services. A directory service provides information about objects in a network environment, including user and computer accounts and shared resources such as printers and directories. Active Directory™ is the directory service that is included with Windows 2000; it offers an extensible, scalable directory service with hierarchical views and distributed security. Active Directory stores information such as user names, passwords, and phone numbers in a structured database called a data store which is represented by objects with attributes or properties. For example, a user account is an object in the directory and the user's name, password, and phone number are attributes of that user.
Active Directory is available only on Windows 2000 Server domain controllers, although an Active Directory domain can span multiple servers and support heterogeneous clients, including Windows NT version 4.0, Windows 95 and Windows 98, and UNIX–based workstations.
Account Authentication. Windows 2000 uses Kerberos security as the default authentication method for domain and local access. The Kerberos v5 authentication protocol is an industry-supported distributed security protocol based on Internet standard security.
Windows 2000 also supports NTLM security as a method for account authentication. NTLM is used as the account authentication method in Windows NT domains.
Policy Handling. In a Windows NT domain, administrators use system policy to control the user work environment and to enforce system configuration settings. In a Windows 2000 Server domain, Group Policy settings are the administrator's primary method for enabling centralized change and configuration management. A domain administrator can create Group Policy settings at a Windows 2000–based domain controller to create a specific system configuration for a particular group of users and computers. Group policy can be used to:
Enable IntelliMirror™ management technologies to automatically install assigned applications and provide location independence for roaming users.
Permit desktop customization and lockdown.
Configure security policies.
Group Policy settings can also be created locally for individual workstations, and for customized environments that differ from the domain's.