Join to a Workgroup in Windows 2000 Server

Difference between configuring a Domain and Workgroup

It is important to understand the difference between a domain and a workgroup environment. The main difference been a domain and a workgroup is that workgroup environments use decentralized administration. This means that every computer must be administrated independently of the others. Domains use centralized administration, in which administrators can create one domain account and assign permissions to all resources within the domain to that one central user or group of users. Centralized administration requires less administration time and provides a more secure environment. In general, workgroup configurations are used in very small environments which do not have security concerns. Larger environments and environments that must have tight security on data should use a domain configuration.

Configure Network Protocol on a Windows 2000 Server

It is recommended that you use either of the following two network protocols to connect your workgroup: TCP/IP or NetBEUI. The main difference between these two protocols is that TCP/IP is routable and NetBEUI is not. In addition, TCP/IP is also the Internet standard protocol. However, NetBEUI is a fast and efficient protocol and you can use it in situations in which routing and direct Internet connectivity are not required. The following steps describe how to install both protocols.

Configuring TCP/IP
1. Right-click the My Network Places icon, and then click Properties to open the Network and Dial-up Connections window.
2. Right-click the Local Area Connection icon, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. On the General tab, configure the TCP/IP address and subnet mask. If you have a routable environment, you can configure the default gateway. Make sure that all computers within the same subnet have the same subnet mask and network portion of the IP address. Also, make sure that if you are connecting directly to the Internet you are using an IP address that were registered with Internet.
If the workgroup environment is a larger network environment, you may want to user DHCP to configure all of your IP addresses automatically. Also, if your environment is separated into multiple network segments so that routing is required, you need to look into DNS and/or WINS to resolve names.

Configuring the NetBEUI Protocol
1. Right-click the My Network Places icon, and then click Properties to open the Network and Dial-up Connections window.
2. Right-click the Local Area Connection icon, and then click Properties.
3. Click the Install button.
4. Click Protocols, and then click Add.
5. Click NetBEUI Protocol, and then click OK.

Configure Windows 2000 Server to Join a Workgroup

1. Right-click the My Computer icon on your desktop, and then click Properties.
2. On the Network Identification tab, click Properties.
3. Under Members, click the Workgroup option, and then type the name of the workgroup.
4. Click OK.
5. Click OK again.
6. Restart your computer when you are prompted to do so.

Creating Accounts on Windows 2000 Server

Because of the decentralized security of a workgroup environment, you need to create an account for every user on the network and keep the passwords synchronized:
1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
2. Under System Tools, click Local Users and Groups.
3. Right-click the Users Folder, and then click New User.
4. In the User Name box, type in the user ID that the user will be using for the logon process. If you are working with multiple workgroup computers, this name must match exactly.
5. Type the required information in the Full Name and Description boxes.
6. Type the password for the user. Again, this must be the same on all servers or workstations that want to share data.
7. Click to clear the User must change password on next logon check box.

Sharing Data with Workgroup Users

1. Double-click the My Computer icon.
2. Navigate to the desired location of the folder that you would like to share, right-click this folder, and then click Sharing.
3. Click the Share this Folder option.
4. The Share name box will be populated with the folder name. If you would like to change this name, type the new share name in the box.
5. By default, the connections limit is set to the maximum allowed; however, you can set an allowed user limit.
6. If you click the Permissions button, you can set a share-level permission on the share. The default permissions will be set so that the Everyone group has full control. Share permissions are separate but equal to NTFS permissions. In other words, by setting the share permissions, you are able to add additional permissions when users are connecting to this folder across the network.
7. Click OK to close the Properties window.
8. After the folder is shared, you see a hand icon under the folder.

Configuring Windows 2000 as a Web Server

Installing Internet Information Services

Microsoft Internet Information Services (IIS) is the Web service that is integrated with Windows 2000. To install IIS:
1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add/Remove Programs.
3. Click Add/Remove Windows Components.
4. In the Windows Components Wizard, select the Internet Information Services (IIS) check box, and then click Details.
5. Clear all the check boxes, and then select the following check boxes:
Common Files
Documentation
FrontPage 2000 Server Extensions
Internet Information Services Snap-In
Internet Services Manager
World Wide Web Server
6. Click OK, and then on the Windows Components page, click Next. If you are prompted to do so, insert the Windows 2000 CD-ROM, and then click OK.
7. On the "Completing the Windows Components Wizard" page, click Finish.
8. In the Add/Remove Programs dialog box, click Close.

Configuring Anonymous Authentication

1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. (In Windows 2000 Professional, you can start Administrative Tools from Control Panel.)
2. Right-click * server name (where server name is the name of the server), and then click Properties.
3. In the Master Properties box, click WWW Service (if it is not already selected), and then click the Edit button that is next to the Master Properties box.
4. Click the Directory Security tab.
5. Under Anonymous access and authentication control, click Edit.
6. Under Authenticated access, select the Integrated Windows authentication check box.
7. Select the Anonymous access check box, and then click Edit. Note the user account in the Username box. This account is used by Windows to authenticate anonymous users when they browse the Web site.
8. Click OK, click OK, click OK, and then click OK.

Basic Web Site Configuration

1. Start Internet Services Manager.
2. In the Tree list, expand * server name (where server name is the name of the server).
3. Right-click Default Web Site, and then click Properties.
4. If you have multiple IP addresses assigned to your computer, click the IP address that you want to assign to this Web site in the IP Address box.
5. If you do not want unlimited connections to the Web site, click Limited To, and then type the number of concurrent connections that you want.

NOTE: Windows 2000 Professional is limited to 10 concurrent connections.

Each client that browses the Web site generally uses about 3 connections.
6. Click the Performance tab.
7. Move the Performance tuning slider to the position that you want.
8. If you want to limit the amount of network bandwidth that is available for connections to this Web site, select the Enable bandwidth throttling check box, and then type the amount that you want in the Maximum network use box.
9. If you want to limit the amount of computer processing time spent servicing requests for content on this Web site, select the Enable process throttling check box, and then type the amount that you want in the Maximum CPU use box.

This prevents the Web site from consuming too much processor time to the detriment of other computer processes.
10. Click the Home Directory tab.
•If you want to use Web content that is stored on the local computer, click A directory located on this computer, and then type the path that you want in the Local Path box. For example, the default path is C:\Inetpub\wwwroot.

NOTE: For added security, do not create Web content folders in the root folder.
•If you want to use Web content that is stored on a different computer, click A share located on another computer, and then type the location that you want in the Network Directory box that appears.
•If you want to use Web content that is stored on another Web address, click A redirection to a URL, and then type the location that you want in the Redirect to box. Under The client will be sent to, select the appropriate check box.
11. Click the Documents tab. Note the list of documents that IIS can use as the default start documents. If you want to use Index.html as your start document, you must add it. To do this:
a. Click Add.
b. In the Add Default Document dialog box, type Index.html, and then click OK.
c. Click the up-arrow button until Index.html is displayed at the top of the list.
12. Click the Operators tab. Note the user accounts that have operator privileges on this Web site. Click Add to add additional user accounts to operate this Web site.

13. Click OK to return to the Internet Information Services window.
14. Right-click Default Web Site, and then click Stop.
15. Right-click Default Web Site, and then click Start.
The server is now configured to accept incoming Web requests to the default Web site. You can replace the content of the default Web wite with the Web content that you want, or you can create a new Web site.

Installing and configuring a DHCP server in an Active Directory domain in Windows 2000

Installing the DHCP Service

You can install DHCP either during or after the initial installation of Windows 2000 Server or Advanced Server, although there must be a working DNS in the environment. To validate your DNS server, click Start, click Run, type cmd, press ENTER, type ping friendly name of an existing DNS server in your environment, and then press ENTER. An unsuccessful reply generates an "Unknown Host My DNS server name" message.

To install the DHCP Service on an existing Windows 2000 Server:
1. Click Start, click Settings, and then click Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. In the Windows Component Wizard, click Networking Services in the Components box, and then click Details.
4. Click to select the Dynamic Host Configuration Protocol (DHCP) check box if it is not already selected, and then click OK.
5. In the Windows Components Wizard, click Next to start Windows 2000 Setup. Insert the Windows 2000 Advanced Server CD-ROM into the CD-ROM drive if you are prompted to do so. Setup copies the DHCP server and tool files to your computer.
6. When Setup is complete, click Finish.

Configuring the DHCP Service

After you install and start the DHCP service, you must create a scope (a range of valid IP addresses that are available for lease to the DHCP clients). Each DHCP server in your environment should have at least one scope that does not overlap with any other DHCP server scope in your environment. In Windows 2000, DHCP servers within an Active Directory domain environment must be authorized to prevent rogue DHCP servers from coming online and authorizing a DHCP Server.

When you install and configure the DHCP service on a domain controller, the server is typically authorized the first time that you add the server to the DHCP console. However, when you install and configure the DHCP service on a member server, you need to authorize the DHCP server.

Note A stand-alone DHCP server cannot be authorized against an existing Windows Active Directory.

To authorize a DHCP server:

1. Click Start, click Programs, click Administrative Tools, and then click DHCP.
Note You must be logged on to the server with an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, select the new DHCP server. If there is a red arrow in the bottom-right corner of the server object, the server has not yet been authorized.
3. Right-click the server, and then click Authorize.
4. After a few moments, right-click the server again and then click Refresh. The server should display a green arrow in the bottom-right corner to indicate that the server has been authorized.
To create a new scope:
1. Click Start, click Programs, point to Administrative Tools, and then click DHCP.

Note In the console tree, select the DHCP server on which you want to create the new DHCP scope.
2. Right-click the server, and then click New Scope. In the New Scope Wizard, click Next, and then type a name and description for the scope. This can be any name that you choose, but it should be descriptive enough to identify the purpose of the scope on your network. For example, you might use Administration Building Client Addresses.
3. Type the range of addresses that can be leased as part of this scope, for example, a starting IP address of 192.168.100.1 to an ending address of 192.168.100.100. Because these addresses are given to clients, they should all be valid addresses for your network and not currently in use. If you want to use a different subnet mask, type the new subnet mask. Click Next.
4. Type any IP addresses that you want to exclude from the range you entered. This includes any addresses that may have already been statically assigned to various computers in your organization. Click Next.
5. Type the number of days, hours, and minutes before an IP address lease from this scope expires. This determines the length of time that a client can hold a leased address without renewing it. Click Next to select Yes, I want to configure these options now, and then extend the wizard to include settings for the most common DHCP options. Click Next.
6. Type the IP address for the default gateway that should be used by clients that obtain an IP address from this scope. Click Add to place the default gateway address into the list, and then click Next.

Note When DNS servers already exist on your network, type your organization's domain name in Parent domain. Type the name of your DNS server, and then click Resolve to ensure that your DHCP server can contact the DNS server and determine its address. Then click Add to include that server in the list of DNS servers that are assigned to the DHCP clients. Click Next.
7. Click Yes, I want to activate this scope now, to activate the scope and allow clients to obtain leases from it, and then click Next. Click Finish.

Configuring Routing and Remote Access Service in Windows 2000

Enabling Windows 2000 Routing and Remote Access Service to Allow Dial-up Connections or VPN Connections

1. Click Start, click Programs, click Administrative Tools, and then click Routing and Remote Access.
2. From the Routing and Remote Access Service Administrator program, click the server name, click the Action menu, and then click Configure and Enable Routing and Remote Access.
3. In the Routing and Remote Access Server Setup Wizard, click Next.
4. Click Remote access server, and then click Next.
5. On the Remote Clients Protocols page, make sure that the protocols that the remote clients use to connect to the server are listed in the Protocols box, and then click Next.

NOTE: The default setting is TCP/IP with the Yes, all of the required protocols are on this list option selected.
6. On the Network Selection page, click the network adapter that corresponds with your local area network (LAN), and then click Next.

NOTE: If your server has two network adapters (one for the LAN and the other for a direct Internet connection), make sure that you click the network card for your LAN.
7. On the IP Address Assignment page, click Automatically if your network has a DHCP server available. If not, click From a specified range of addresses, configure a range of available Internet protocol (IP) addresses for clients, and then click Next.
8. On the Managing Multiple Remote Access Servers page, click No, I don't want to setup this server to use RADIUS now, and then click Next.
9. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.

Allowing Access and Policies

To allow users to connect, you must give them the permissions to do so. After you enable the Routing and Remote Access Service, you must allow users to connect. To allow the server to accept remote access clients:
1. Click Start, click Programs, click Administrative Tools, and then click Routing and Remote Access.
2. Click Remote Access Policies. If you do not see this listing, click on the plus sign (+) next to the server icon to expand the sub tree for your server.
3. In the right pane, right-click Allow access if dial-in permission enabled, and then click Properties.
4. Click Grant remote access permission, and then click OK.
5. Close Routing and Remote Access.
In addition to this procedure, you must give the user account permission for dial-up access in the user account properties.

Troubleshooting

Number of Connections
The number of dial-up modem connections is dependent on the number of modems that are installed on the server. If you have only one modem installed on the server, you can only have one modem connection at a time.

The number of dial-up VPN connections is dependent on the number of simultaneous users that you want to allow. By default, when you run the procedure described in this article, you allow five connections. To allow more connections:
1. Click Start, click Programs, click Administrative Tools, and then click Routing and Remote Access.
2. Right-click Ports, and then click Properties. If you do not see this listing, click on the plus sign (+) next to the server icon to expand the sub tree for your server.
3. In the Ports properties, click WAN Miniport (PPTP), and then click Configure.
4. In the Maximum ports box, type the number of VPN connections that you want to allow.
5. Click OK, click OK, and then close Routing and Remote Access.