Windows 2000 is a versatile networking platform; Windows 2000 Professional is intended primarily as a network client. The following sections examine the key networking protocols and services included with Windows 2000 Professional, beginning with the complex and versatile TCP/IP protocol suite.
TCP/IP (Transport Control Protocol/Internet Protocol) is a suite of protocols in widespread use on the Internet. These are also the protocols used with Unix systems. Windows 2000 installs TCP/IP support by default. This section describes TCP/IP and how to use Windows 2000 Professional as a TCP/IP client.
TCP/IP uses a system of IP addresses to distinguish between clients on the network. Each node has its own unique IP address. The IP address is a 32-bit number, expressed in dotted decimal format, such as 209.68.11.152. The four divisions of the IP address are referred to as octets .
A portion of the address is a network address, and a portion is a host address. The division between these components depends on the address class. In Class A addresses, the first octet is the network address and the remainder is the host. Class B networks use the first two octets as the network address, and Class C networks use the first three. Each class is also identified by a unique range for the first octet. Table 3-4 summarizes the IP address classes.
Table 3-4. IP Address Classes
Class |
First Byte Range |
Network /Host Octets |
Number of Networks |
Hosts per Network |
---|---|---|---|---|
A |
1-126 |
1/3 |
126 |
16,777,214 |
B |
128-191 |
2/2 |
16,382 |
65,534 |
C |
192-223 |
3/1 |
2,097,150 |
254 |
Because most modern applications require a more versatile division, a technique called subnet masking is used to further subdivide the network and host addresses. A subnet mask is a 32-bit binary number with digits set to 1 representing the network address and digits set to representing the host address. This allows a greater variety of possible numbers of hosts and networks.
Hosts on an IP network also have alphanumeric names corresponding to their IP addresses. These can be local names, such as server, or fully qualified names, such as server1.company.com. DNS (Domain Name Service) is used to translate between hostnames and addresses.
The TCP/IP suite includes a great many protocols and services. The following are some of the higher-level protocols and services typically used with Windows 2000 Professional:
Protocal that allows clients to be dynamically issued IP addresses from a pool of available addresses. Windows 2000 Professional can act as a DHCP client; Windows 2000 Server can act as a DHCP server. DHCP can also dynamically assign DNS and WINS server addresses and default gateway information.
An Internet standard protocol that translates hostnames into their corresponding IP addresses. This process is called name resolution . DNS can also translate IP addresses to hostnames (known as Reverse DNS.) Windows NT Workstation can act as a DNS client; Windows 2000 Server includes a DNS server implementation.
Microsoft’s alternative protocol for hostname resolution. WINS translates between IP addresses and NetBIOS names, described in Part II. NetBIOS names can be resolved without a WINS server through the use of broadcasts or a local LMHOSTS file.
A protocol used for dial-up connections to servers. This is typically used by Internet service providers, but can also be used to dial in to Windows NT computers.
An alternative protocol for dial-up connections. PPP is newer and includes more sophisticated configuration and security features. In addition, although SLIP supports TCP/IP connections only, PPP can support NetBEUI or IPX/SPX protocols.
The protocol used for WWW (World Wide Web) servers. Windows NT Workstation includes Peer Web Services, a server for HTTP, FTP, and Gopher.
A protocol that allows for file transfers between computers and is commonly used on the Internet as well as on local TCP/IP networks.
You probably installed TCP/IP as part of the Windows 2000 Professional installation. If not, you can add it by using the Install button in the Local Area Connection Properties dialog. After TCP/IP is installed, highlight its entry and select Properties to display the following TCP/IP options:
This is the only page displayed by default. It includes options for the IP address, which can be automatically or manually assigned, and for preferred and alternate DNS server addresses.
This and the following pages of options are displayed by clicking the Advanced button from the General page. This page allows you to define multiple IP addresses and default gateway (router) addresses.
This page allows you to specify multiple DNS server addresses. You can also specify default suffixes to be used for DNS.
WINS is a service similar to DNS, but for NetBIOS computer names. This page includes options for the WINS client.
Displays a list of optional settings that can be configured with separate dialogs. These include IP security and TCP/IP filtering.
Along with TCP/IP, Windows 2000 Professional supports a number of other network protocols. These include the following:
IPX (Internetwork Packet Exchange) and SPX (Sequenced Packet Exchange) are routable protocols developed by Novell and are the default protocols for NetWare 4.11 and earlier networks, although NetWare does support other protocols. NWLink is Microsoft’s implementation of the IPX/SPX protocols and is included with Windows 2000.
Microsoft’s protocol built to support NetBIOS (described below) over networks. NetBEUI has a low overhead compared with other protocols and is easy to configure, but is not routable. NetBEUI was installed by default with Windows NT 3.5 and earlier; Windows 2000 uses TCP/IP by default instead.
DLC (Data Link Control) is a non-routable protocol used for communication with IBM mainframes using the SNA architecture. It is also supported by some printers with network interfaces, such as Hewlett Packard’s JetDirect interface. Unlike the other protocols listed here, DLC cannot be used to support file sharing between computers or other generic communication between hosts.
A protocol developed by Apple and built into the Macintosh operating system. The AppleTalk protocol can be installed under Windows 2000 to allow connectivity with Macintosh networks.
One of the key new features of Windows 2000 is the Active Directory. This is a directory service that manages a database of users, groups, computers, and other network resources on the network in a single hierarchical Directory. Windows 2000 Professional acts as an Active Directory client.
Windows NT 4.0 and earlier used a system of trusts for communication between domains. Although Windows 2000 still supports domains, they are all organized as part of a unified Directory.
Active Directory supports the LDAP (lightweight directory access protocol) 1.2 and 1.3 standards. This allows a Windows 2000 network to share directory information with other services, such as Internet directories and networks using Novell’s NDS.
Active Directory uses a hierarchical (tree) structure to organize network resources. At the lowest level, objects represent individual resources. These are organized into domains , which are in turn organized into trees . All of the domains within a tree share the same namespace (the standards for computer and other resource naming and the logical boundary within which a resource name must be unique) and a common schema (a definition of available object types and properties).
A Windows 2000 directory tree can be combined with other trees (with incompatible namespaces or schema) to form a forest .
Windows NT 4.0 and earlier use primary domain controllers (PDCs) and backup domain controllers (BDCs) to store information for a domain. The PDC is the primary source of information and security, and the BDCs maintain a copy of the database from the PDC.
In Windows 2000, there is only one type of domain controller. Domain controllers automatically replicate the user database for the domain, and they are interchangeable. Active Directory automatically organizes domain controllers into a logical ring, and data is replicated both ways around the ring.
Windows 2000 supports remote access, which allows users to connect to a Windows 2000 Professional or Server computer by modem or through another connection and act as network clients. The following sections describe Windows 2000’s remote access features.
Windows 2000 includes support for the following basic security options, which are also supported by Windows NT 4.0:
An Internet standard for basic authentication. Passwords are sent as clear text, so this is not a secure protocol.
Shiva’s improved version of PAP. Passwords are transmitted in encrypted form.
A two-way protocol that sends encrypted tokens rather than passwords.
Microsoft’s proprietary version of CHAP, supported only by Windows operating systems.
A protocol used for VPNs (virtual private networks). Data is encrypted and encapsulated in packets, allowing the Internet or another public network to act as a transport for private networks.
In addition to these, Windows 2000 supports EAP (Extensible Authentication Protocol). EAP allows the use of additional security types, including smart cards, MD5 encryption, and digital certificates. Windows 2000 also supports RADIUS (Remote Access Dial-In User Service), a system for authentication and accounting of remote access.
To configure dial-out access to the Internet or a remote access server, select Settings → Network and Dial-up Connections from the Start menu. Select the Make New Connection option to display the Network Connection Wizard. Select one of these two options:
You are then prompted for specific information, such as phone numbers and the security settings explained earlier in this section.
Windows 2000 also supports dial-in remote access. To enable this feature, select Settings → Network and Dial-up Connections from the Start menu. Select the Make New Connection option and then choose the Accept incoming connections option from the Network Connection Wizard dialog. You can then specify a list of users who are allowed to remotely access the computer.
3.12.136.186