1 YEAR UPGRADE BUYER PROTECTION PLAN WITHOUT Active Directory Configuring Windows 2000 Carol Bailey Tom Shinder Technical Editor Make the Most of Windows 2000 WITHOUT Active Directory • Step-by-Step Instructions for Configuring Local Group Policy, Remote Access Policies, Primary and Secondary DNS Zones, and more! • Complete Coverage of the Pros and Cons of an Active Directory Migration • Master Windows 2000 Networking Service Improvements Without Running Active Directory 147_noAD_FC 9/19/01 10:35 AM Page 1 solutions@syngress.com With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening. Readers like yourself have been telling us they want an Internet-based ser- vice that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations. Solutions@syngress.com is an interactive treasure trove of useful infor- mation focusing on our book topics and related technologies. The site offers the following features: ■ One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters. ■ “Ask the Author”™ customer query forms that enable you to post questions to our authors and editors. ■ Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material. ■ Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics. Best of all, the book you’re now holding is your key to this amazing site. Just go to www.syngress.com/solutions, and keep this book handy when you register to verify your purchase. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there’s anything else we can do to help you get the maximum value from your investment. We’re listening. www.syngress.com/solutions 147_noAD_FM 8/10/01 3:13 PM Page i 147_noAD_FM 8/10/01 3:13 PM Page ii 1 YEAR UPGRADE BUYER PROTECTION PLAN WITHOUT Active Directory Configuring Windows 2000 Carol Bailey Dr. Thomas W. Shinder Technical Editor 147_noAD_FM 8/10/01 3:13 PM Page iii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci- dental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable case, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®, and “Career Advancement Through Skill Enhancement®,”are registered trademarks of Syngress Media, Inc. “Ask the Author™,”“Ask the Author UPDATE™,”“Mission Critical™,”“Hack Proofing™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 MKE783FV2P 002 BH8UZ237VB 003 DNVN5T5QL9 004 JDKJR4PP9D 005 ZLA99G2FLW 006 234UFVKLMA 007 94JGV3MDK2 008 FKA3234KP3 009 J3AWV4MLSD 010 NK3VL8SE4N PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Configuring Windows 2000 Without Active Directory Copyright © 2001 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-54-7 Technical Editor: Dr.Thomas W. Shinder Cover Designer: Michael Kavish Co-Publisher: Richard Kristof Page Layout and Art by: Shannon Tozier Acquisitions Editor: Catherine B. Nolan Copyedit by Syngress Editorial Team Developmental Editor: Jonathan Babcock Indexer: Julie Kawabata Freelance Editorial Manager: Maribeth Corona-Evans Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada. 147_noAD_FM 8/10/01 3:13 PM Page iv v Acknowledgments v We would like to acknowledge the following people for their kindness and support in making this book possible. Richard Kristof and Duncan Anderson of Global Knowledge, for their generous access to the IT industry’s best courses, instructors, and training facilities. Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight into the challenges of designing, deploying and supporting world-class enterprise networks. Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, and Frida Yara of Publishers Group West for sharing their incredible marketing experience and expertise. Mary Ging, Caroline Hird, Simon Beale, Caroline Wheeler,Victoria Fuller, Jonathan Bunkell, and Klaus Beran of Harcourt International for making certain that our vision remains worldwide in scope. Anneke Baeten and Annabel Dent of Harcourt Australia for all their help. David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Ethan Atkin at Cranbury International for his help in expanding the Syngress program. 147_noAD_FM 8/10/01 3:13 PM Page v 147_noAD_FM 8/10/01 3:13 PM Page vi vii Author Carol Bailey (MCSE+Internet) is a Senior Technical Consultant working for Metascybe Systems Ltd in London. Metascybe is a Microsoft Certified Partner that develops its own PC communications software as well as offers project work and consultancy. In addition to supporting these products and services for an internationally diverse customer base, Carol co-administers the company’s in-house IT resources. With over 10 years in the industry, Carol has accumulated a wealth of knowledge and experience with Microsoft operating systems. She first qualified as an MCP with NT3.51 in 1995 and will remain qualified as MCSE as a result of passing the Windows 2000 exams last year. Her other qualifications include a BA (Hons) in English and an MSc in Information Systems. Well known for her Windows 2000 expertise, Carol has a number of publications on this subject, which include co-authoring the following books in the best-selling certification series from Syngress\Osborne McGraw-Hill: MCSE Windows 2000 Network Administration Study Guide (Exam 70-216). ISBN: 0-07-212383-4; MCSE Designing a Windows 2000 Network Infrastructure Study Guide (Exam 70-221). ISBN: 0-07-212494-6; and MCSE Windows 2000 Accelerated Boxed Set (Exam 70-240). ISBN: 0-07-212383-4. 147_noAD_FM 8/10/01 3:13 PM Page vii viii Technical Editor Thomas Shinder, M.D. (MCSE, MCP+I, MCT) is a technology trainer and consultant in the Dallas-Ft.Worth metroplex. He has con- sulted with major firms, including Xerox, Lucent Technologies, and FINA Oil, assisting in the development and implementation of IP-based com- munications strategies.Tom is a Windows 2000 editor for Brainbuzz.com and a Windows 2000 columnist for Swynk.com. Tom attended medical school at the University of Illinois in Chicago and trained in neurology at the Oregon Health Sciences Center in Portland, Oregon. His fascination with interneuronal communication ulti- mately melded with his interest in internetworking and led him to focus on systems engineering.Tom and his wife, Debra Littlejohn Shinder, design elegant and cost-efficient solutions for small- and medium-sized businesses based on Windows NT/2000 platforms.Tom has authored several Syngress books, including Configuring ISA Server 2000: Building Firewalls for Windows 2000 (ISBN: 1-928994-29-6), Configuring Windows 2000 Server Security (ISBN: 1-928994-02-4), Managing Windows 2000 Network Services (ISBN: 1-928994-06-7), and Troubleshooting Windows 2000 TCP/IP (ISBN: 1-928994-11-3). 147_noAD_FM 8/10/01 3:13 PM Page viii Contents ix Foreword xxv Chapter 1 Why Not Active Directory? 1 Introduction 2 Why Use Windows 2000 without Active Directory? 2 Why Use Windows 2000? 2 The Acceptance of Windows into the Corporate Workplace 3 The Acceptance of Microsoft in the Corporate Workplace 3 The Emergence of Windows 2000 4 Windows 2000 Track Record 5 Windows 2000 Today 5 Why Not Use Active Directory? 6 Designing and Deploying Active Directory: More Than a Technical Challenge 7 The Purpose of This Book 9 Who Should Read This Book 11 IT Managers 11 IT Implementers 11 What This Book Will Cover 13 Chapter 2:Workstations 13 Chapter 3: Laptops 14 Chapter 4: File and Print Services 15 Chapter 5:Terminal Services 15 Why Use Windows 2000 without Active Directory? There is more to Windows 2000 than just Active Directory features—as this book shows. But there’s no doubt that Windows 2000 was written with Active Directory in mind, which is reflected in the standard documentation that accompanies the software. Chapter 1 will begin to answer these questions. 147_noAD_TOC 8/10/01 12:24 PM Page ix [...]... Why Use Windows 2000 without Active Directory? s The Purpose of This Book s Active Directory Integration Walkthrough: Managing User Accounts and Securing the Local Windows 2000 Administrator Account Summary Solutions Fast Track Frequently Asked Questions 1 147_noAD_01 2 8/10/01 12:26 PM Page 2 Chapter 1 • Why Not Active Directory? Introduction Welcome to Configuring Windows 2000 WITHOUT Active Directory, ... Windows 2000 at all, and why use Windows 2000 without Active Directory? There is more to Windows 2000 than just Active Directory features—as this book shows But there’s no doubt that Windows 2000 was written with Active Directory in mind, which is reflected in the standard documentation that accompanies the software Both questions deserve a separate look Why Use Windows 2000? Before we begin answering this... make the most of Windows 2000 outside an Active Directory environment Microsoft spent considerable time and money, and bet its future business, to update its already successful platforms of Windows NT 4.0 and Windows 98 to be today’s version of Windows 2000 Although it’s true that Windows 2000 was written around and for Active Directory (Microsoft’s first offering of an enterprise directory service),... know about the features and services you can implement outside Active Directory, you should also be aware of which features and services cannot work without Active Directory. Too often Windows 2000 literature concentrates on the benefits of Active Directory, but without clearly identifying which of those benefits are dependent upon an Active Directory environment.The first chapter includes a section on these... from Active Directory or because you do not know how to configure and use them in your own network environment.This book is for you—to show you what features can be used outside Active Directory and how to get the best out of them in a production environment today Why Use Windows 2000 without Active Directory? We’re actually asking two different questions here:Why use Windows 2000 at all, and why use Windows. .. IPSec and the PPTP (Windows 2000 default) Configuring Windows 2000 Routing and Remote Access Configuring General Server Properties Configuring Security Server Properties Configuring IP Server Properties Automatic Private IP Address DHCP Address Allocation TCP/IP Configuration Options Configuring IPX Server Properties Configuring NetBEUI Server Properties Configuring PPP Server Properties Configuring Event... books on Windows 2000 invariably explain the new features only in the context of Active Directory, with the result that many people just do not realize what is possible without Active Directory This approach ignores the reality that many companies don’t want or need the services Active Directory offers and would prefer to keep their legacy services intact Of course it’s easy enough to get a Windows 2000. .. of literature available these days on how to install and configure Windows 2000, so you may ask “How is this book different?” As the title indicates, this book concentrates on configuring Windows 2000 Without Active Directory It’s about making the most of those Windows 2000 features and services that can be used independently of Active Directory whether that’s in an existing NT4 domain environment, Novell’s... reliability www.syngress.com 147_noAD_01 8/10/01 12:26 PM Page 5 Why Not Active Directory? • Chapter 1 Windows 2000 Track Record Over a year from its release and two service packs later ,Windows 2000 is no longer bleeding-edge technology Many companies have been successfully running Windows 2000 in various guises (with and without Active Directory) for some time with proven successful results It’s steadily... rather than purely technical choice The Emergence of Windows 2000 Microsoft spent more than three years on improving Windows NT 4.0 and Windows 9x before finally releasing its next version, which it decided to call Windows 2000 And for all the current marketing about Windows XP, and Windows. NET, these too will be built on today’s standard Windows 2000 technologies As somebody who is involved with both . PROTECTION PLAN WITHOUT Active Directory Configuring Windows 2000 Carol Bailey Tom Shinder Technical Editor Make the Most of Windows 2000 WITHOUT Active Directory. Chapter 1 Why Not Active Directory? 1 Introduction 2 Why Use Windows 2000 without Active Directory? 2 Why Use Windows 2000? 2 The Acceptance of Windows into