Windows NT was designed from the ground up to be a network operating system (NOS) such as UNIX and VMS, not a desktop operating system such as MS-DOS and Microsoft Windows. Thus, networking and networking terminology are a given in any discussion about Windows NT and, now, it's successor, Windows 2000.
Windows NT has also been used as the basis of client-server systems, a networking model where clients (Windows NT Workstation, typically, along with other Windows products) request services from servers running Windows NT Server. This two-tier model, as it's sometimes called, made sense in the early 1990s, but today's Windows 2000 networks aren't usually that simple. With Windows 2000, it's easier and more logical to create distributed networks with different machines offering different types of services, while other machines are simply available for fail-over purposes. Regardless of how the networking model has changed over the years, most basic networking principles have remained the same.
This chapter takes a look at some of these networking principles and those features that are common across the different networking protocols and services that are typically used today.
Introduction to Windows 2000 networking
While there are many ways to connect one or more computers together, the most common and efficient ways involve networking hardware such as Ethernet cards, cabling, hubs, routers, and the like, and software that makes it all come together. In Windows 2000, this software is provided by the operating system, which was designed from the get-go to handle networking. Unlike Windows 95 and Windows 98, most Windows 2000 systems are part of a network of some type, giving users the ability to share files, folders, printers, and other network resources.
In Windows 2000, there are two general networking schemes that were basically carried over from Windows NT 4.0. In the simplest scheme, called peer-to-peer networking, each computer in the network is an equal. In the more complicated client-server, or domain-based, network, one or more powerful computers, called servers, provide services for user machines, called clients. Let's take a quick look at each of these models.
A peer-to-peer network, which is called a workgroup by Microsoft, is generally used when only a small number of network resources are present at the same physical location. In a workgroup, no central server is used to provide services to clients; instead, each computer exists as an administrative island, providing shares, printers and other capabilities on a machine-to-machine basis.
While a peer-to-peer network is easier to setup than a domain, it also presents some administrative challenges. To provide resource sharing, each system will need to be setup with any identical set of user names and their corresponding passwords. If a user named jeffhg logons on to a system and wants to access a share on another system named KERRIE, then that machine must have been configured with an account named jeffhg as well. It?s not hard to see where user management in a ten-system network can quickly become tedious.
But peer-to-peer networks provide some advantages for small networks: Virtually any protocol can be used for file sharing and there is no server administration overhead.
For a larger network, the client-server networking scheme is the way to go. In this scheme, one or more servers are configured to provide services to the workstations, desktops, and mobile computers that connect to the network. These servers are configured to provide networking services, such as user management, printer management, and the like.
In a client-server network, a user named jeffhg can logon to any system on the network, because his logon information is stored on a central server. And Windows 2000's advanced networking features ensure that this user will see his customized desktop, user environment, and documents, regardless of where he physically logs into the network.
In Microsoft networking, the standard unit of administration in the client-server networking model is the domain. This type of networking relies on a network protocol called TCP/IP. Within a given domain, there will be one or more servers, called domain controllers, that contain user, printer, and other resource management information.
Setting up and administering a domain network requires a lot more skill and expertise than a peer-to-peer network. But the overhead is certainly worth it, especially since domains are scalable and can cross physical boundaries that are impossible with workgroups.
Logging on and off of a network
When Windows 2000 Server is installed, a user account named Administrator is created and given those privileges that are specified by the Administrators user group. This group is given full access to all of the capabilities on the computer and the domain to which it belongs. Since most people that login to the system, including many system administrators, don't need to have this wide type of access, most user accounts are given a subset of the capabilities used by the Administrator account.
You're going to have to login and logout every time you access a system. And this process is the same regardless of your privileges as a user. When you login to a system, you provide your user name and password. This identifies you to the system and assigns the associated privileges to your user session. If IntelliMirror remote user profiles are enabled, you will be able to login to any system on the domain, including remote dial-up systems, and be provided with all of your user settings and documents.
You login to a system from the Welcome to Windows dialog that appears when you first turn on a Windows 2000 system (Figure). This dialog also appears when a user logs off of a system so that another user session can begin. To login to a Windows 2000 Server machine, you must first type CTRL+ALT+DEL, a key sequence that transcends time and legend, it seems, and owes its existence to the beginning days of Windows. The so-called three-fingered salute was designed as a way to initiate an action that shouldn't occur by mistake; thus, a three-key, rather than a two-key action such as CTRL+S, was invented (Figure). In any event, the CTRL+ALT+DEL keystroke causes the Log on to Windows dialog to appear (Figure). This dialog prompts the user for a user name and password. Windows passwords are case sensitive (secret and Secret are not the same) and can consist of one to fourteen characters.
Once you've provided this information to the system, Windows checks your user name and password against its domain database, begins a user session with the appropriate privileges, and connects the system to the network (Figure). The user desktop and other settings are configured and control is turned over to the user.
When you're using Windows 2000, there are two basic possibilities for leaving the system unattended but secure: You can lock the computer or logout.
Locking the computer leaves the current user logged in but secured against use by unauthorized users. When you lock the computer, only you or a domain administrator will be able to unlock it. To lock the computer, press CTRL+ALT+DEL in Windows at any time and choose Lock Computer. The screen will blank and the Unlock computer dialog will appear.
Logging off of a system, also known as logging out, occurs when you wish to end a user session so that another user can use the computer. The easiest way to logout is to access the Shut Down option from the Start menu and then choose Shut Down in the Shut Down Windows dialog. You can also logoff Windows by pressing CTRL+ALT+DEL anytime in Windows and choosing the Log Off option.
Unlike locking the system, however, you should generally shutdown any running applications before logging out. Otherwise, Windows will attempt to shutdown any running applications before logging out but this process is often unsuccessful or, at the least, time-consuming. Once the system is logged out, any user--including the user that just logged out--can login and use it as if the system just booted up.
Sharing drives and folders
One of the most obvious uses for a network is to share resources such as drives and folders. Windows 2000, like Windows NT 4.0 before it, is a network operating system that handles tasks such as this with elan.
To enable drive and folder sharing, the File and Printer Sharing for Microsoft Networks component needs to be installed. And in Windows 2000, unlike Windows 98, this service is installed on each network connection by default.
Configuring drive and folder sharing
On Windows 2000 Server, you can configure the File and Printer Sharing for Microsoft Networks component by accessing the properties of a network connection, right-clicking File and Printer Sharing for Microsoft Networks and choosing Properties. This allows you to optimize the connection for various conditions, such as a small number of network clients, maximized file sharing throughput, and maximized network application throughput.
In a heterogeneous network, you can also configure this service to make legacy LAN Manager network broadcasts so that machines running older versions of Windows can more easily discover and connect to resources on the network.
These capabilities are not available in Windows 2000 Professional.
Sharing files and folders
If at least one network connection on the local machine has the File and Printer Sharing for Microsoft Networks service installed, you can share files and folders for use by other users with the appropriate permissions. This assumes that you have the correct permissions as well, of course: Only someone whose user account is a member of the Administrators, Server Operators, or Power Users group can share resources.
To share a folder (or drive), simply navigate with My Computer to the location of the resource, right-click it, and choose Sharing (Figure). This will display the Sharing tab of the folder's property sheet, which allows you to make a new share, configure an existing share, or delete an existing share (Figure). To enable sharing, choose Share this folder; this choice will also make a host of other options available. By default, the share name, or the name that users will see when they are navigating your computer from the network, is set to the name of the folder, but you can rename this if desired. An optional comment field allows you to enter text that will be displayed if the user is navigating in Details mode.
You can optionally limit the number of concurrent connections to the share or accept the default, which is unlimited. The most important option, however, is Permissions, which allows you to determine which users have the rights to access this resource. Pressing the Permissions button displays the Permissions dialog for the folder, allowing you to add and remove users and groups from the list (Figure). The default for any share is Everyone with full access (full control, change, and read permissions are all allowed). However, if you choose to manually add users or groups, the default for each addition is read only, so you will need to modify the permissions for each addition if they have more elaborate needs.
A final sharing option, caching, can also be set for users that may be accessing shares offline. You can allow or disallow caching of the share, and optionally determine how the share will cache documents and programs contained in the share if desired.
Once you've shared a folder (or a drive, which is shared in the same fashion), a small hand overlay appears below the icon of the resource as a visual cue that it is shared (Figure).
In addition to folders and drives, you can share other network resources such as printers. This allows any machine on a network to send print jobs to any printer on the network regardless of whether it is physically connected to another computer or is directly connected to the network. A computer that is physically connected to a printer is often referred to as a print server, and Windows 2000 includes several new features that make it uniquely qualified for this task.
When a printer is connected to a network or machine on a network, it is shared by default so that users logged onto any machines on the network can discover the printer easily and configure it as a target for print jobs. A printer receives permissions like any other share, however, and you can configure these permissions in a manner that is similar to the way you configure file and drive shares. By default, all users have the right to print documents on a shared printer, but you can also configure printers for document and printer management, where only certain users and user groups are granted these permissions. These other settings are a bit more complex, but the owner of any document generally has the ability to manage that document, while administrators have the right to manage the printer.
Printing with a print server
When a printer is physically connected to a machine, that machine is said to be the print server. The print server manages the printer settings, its drivers, the print queue used by the printer, and other configuration options. Even high volume print servers are capable of performing other tasks, so it's generally acceptable to configure a system to perform print server duties while providing other services.
With a print server, there is a single print queue, so users can see where their pending document falls within the list of documents to be printed. When there is an error, a message is sent to each user with a pending print job. And some of the processing overhead (however slight) is passed from the client to the server, leaving the client more responsive for other foreground tasks.
Printing without a print server
Some newer printers, however, can attach directly to a network using an internal Ethernet card, bypassing the need for a dedicated print server. But there are several trade-offs to this approach: each client will have its own print queue, so that users will be unaware of other print jobs, giving them an imprecise idea of where their document falls within the list of pending print jobs. If an error message is generated because of a paper jam or other hardware issue, only the client responsible for the current print job will receive an error message. If that user is away from their computer, the other users will not know why their print jobs are not being completed, nor will they be able to respond to the error message accordingly. And because there is no dedicated print server, all of the processing for the print job will be done on the client's system, potentially robbing that user of some CPU cycles.
For these and other reasons, it's generally advisable to connect networked printers to a Windows 2000 server rather than directly to the network. As an added bonus, Windows 2000 also includes other unique features that make printers more easily usable.
New printing features in Windows 2000
Windows 2000 adds numerous new features that make administering and using network printers simpler and more accessible. Printers can be fully administered from any workstation, limiting the need for administrators to physically access a printer server to perform routine administration. A new Internet printing feature allows users to connect to a printer over the Internet using a standard browser URL. This feature requires that the print server be running Internet Information Services (IIS) 5.0, though that's a small price to pay for the functionality. For example, you could access a printer using its machine name and share name using a URL such as http://nts/LaserJet5M. Externally, you might access such a printer from http://home.thurrott.com/LaserJet5M or similar (that's a fake address, by the way).
Mapping network drives
If you're constantly accessing the same network resource, you may want to map it as a network drive, which will make the resource available permanently as a drive letter in My Computer or Explorer. This has several advantages, foremost among them convenience, since a drive letter can be found in the first level of the shell namespace, while a network place shortcut is typically found at least one level below that. Some application programs, such as Visual Studio, require a local path and will not work with network paths. If your documents are stored on a network resource, you can map a drive letter to that location to enable these unsavvy applications to work correctly.
You can map drive letters to folders or computers located on the network. To do so, open My Computer and choose Map Network Drive from the Tools menu (Figure). This launches the Map Network Drive utility (Figure), which allows you to specify the network resource you'd like to map, as well as the drive letter you'd like to assign to the resource. If you choose to make the mapping permanent using the reconnect at logon option, Windows 2000 will attempt to connect to the resource every time you boot the computer.
You can unmap a network drive by choosing Disconnect Network Drive from the Tools menu of My Computer as well. This will prompt you to choose the resource you'd like to disconnect from, assuming that there are any drive letters mapped.
Adding drive mapping icons to the My Computer toolbar
Windows NT 4.0 had icons in the My Computer and Explorer toolbars that allowed you to easily map and disconnect from network resources using a simple mouse click. These icons were removed from the default My Computer/Explorer toolbars in Windows 2000, but you can return them if you so desire. To do so, right-click the My Computer toolbar and choose Customize. The Customize dialog contains a list of available toolbar icons as well as a facing list of current toolbar icons. To add the Map Drive and Disconnect icons to the toolbar, simply double click them in the left pane of the Customize Toolbar dialog.
Alternatively, you can remove these icons in a similar fashion by choosing them in the right pane after they've been installed and double clicking to remove them.
Working with mapped network drives
Once you've mapped a network drive, you can access it like any other drive in My Computer or Explorer. Mapped drives have a different icon to represent their purpose, but they function in the same manner as local drives (Figure).
By default, the name of a mapped drive indicates the path to the folder you are sharing. For example, if you mapped a drive letter to NTS\C\Inetpub\wwwroot, this resource would be given a name of wwwroot on NTS\C\Inetpub. You can rename this to something more friendly--such as NTS Web site or whatever--without affecting the underlying resource. In this instance, the mapped drive acts like a normal Explorer shortcut.
Mapped network drives can be opened, explored, made available for offline use, renamed and searched. But there are many properties you'd normally associate with local drives that are not possible with mapped drives. You cannot share, defragment, backup or check a mapped drive for errors, for example. You also cannot enable quota management on a mapped drive: This must be performed on the system that contains the resource.
Using Offline Files
Microsoft introduced a little-used and misunderstood program in Windows 95 called Briefcase, which allowed users to take documents away from their main computer using removable storage or a portable computer, work with them offsite, and then return them to the main system, with the correct synchronization. If files in the Briefcase were newer than the files on the main computer, those files replaced the files on the main computer, and vice versa. In the case where the same document had been modified in both the Briefcase and the main computer, a dialog would warn you of the situation and give you various options.
While Briefcase still exists in Windows 2000, it does so simply for backward compatibility. Microsoft has created a powerful alternative to Briefcase in Windows 2000 called Offline Files that makes this capability an integral part of the shell while offering some exciting new features.
Offline Files allows you to work with files and folders on network shares when you are disconnected from the network. This is particularly important for mobile users, but it can also come in handy if the physical network goes down for some reason. Best of all, the Offline Files feature includes automatic synchronization features that work behind the scenes to ensure that files and folders are synchronized properly. You can add a folder to a network share when you are disconnected to the network, for example, and populate it with documents. The next time your machine is connected to the network, the Offline Files Synchronization Manager will automatically create those folders and files on the network share for you. And like the Briefcase, when a document is changed on the network share while you are away, and you changed that same document, Offline Folders will prompt you to save your version, keep the version on the network, or save both with slightly different file names.
The Synchronization Manager can be setup to run automatically as described above or it can be initialized manually from the Tools menu of any My Computer window. If you choose to automatically synchronize files and folders, the Synchronization Manager can schedule this activity every time you logon and out of your computer. You can also schedule synchronization at idle times or, alternatively, on a very specific schedule that you set up with the Scheduled Synchronization Wizard.
To make a file or folder available for offline use, navigate to that resource using My Network Places, right-click, and choose Make Available Offline (Figure). If you have selected a folder, a dialog will appear asking you whether you'd like to make the entire contents of the folder available. In general, this is the most efficient way to work offline, rather than choosing individual files. Once you've made a file or folder available for offline use, a small blue and white overlay will appear in the corner of the resource's icon (Figure).
Once as you've made at least one file available for offline use, your system will change somewhat when you are offline. First, you will see a small computer icon in the tray area indicating that you are working offline. Typically, an undocked portable computer will not have any network resources available to it, but your system will now be able to navigate the folder structure in the namespace leading to the network resources you marked as available for offline use. For example, if you marked the Inetpub folder on the C: drive of a system named NTS// as available for offline use, the network place NTS will show up when you browse the network offline, though other systems will not. And as you drill down into the share, any shares and folders leading up to the offline folder will show up as well, C and Inetpub in this case.
NOTE: By default, Offline Files is not enabled on the Server editions of Windows 2000. To enable Offline Files, select Folder Options from the Tools menu in any Explorer window and navigate to the Offline Files tab. Then, select the Enable Offline Files choice.