12 Chapter 1 • Why Not Active Directory?
environment, but without having to also take on Active Directory.All too often,
standard Windows 2000 literature discusses new features only in the context of
Active Directory so that you may not be aware of what features and services you
can use (and how) independently from Active Directory.Therefore, you’re being
asked to learn Active Directory, the new features, and the new interface all at
once—which usually relegates it to a testing environment or your home study
network.This book aims to provide the information you need to start using
Windows 2000 productively in your current working environment.
Armed with this information and a clear view of what is possible with
Windows 2000 when running it outside an Active Directory domain (and what
isn’t possible without Active Directory) you will then be better equipped to dive
into the standard Microsoft documentation and build on this knowledge.This
then may or may not include Active Directory features—but the choice will then
be yours, rather than having it decided for you.
By knowing what is possible without Active Directory and how to imple-
ment it, you should gain a level of knowledge and a perspective that is difficult to
obtain from the standard Microsoft documentation.Throughout the book we will
have special information sidebars for IT implementers where the topic identifies
a relevant Configuring & Implementing consideration to help provide addi-
tional technical information.
Microsoft Certified Professionals and System Engineers
Although not specifically aimed at MCPs and MCSEs, this book may also be of
benefit to MCP/MCSE candidates looking to supplement their Windows 2000
exam knowledge and extend it into the realities of the workplace.
It may also help NT professionals transition their skills to Windows 2000
because new features can be learned within the context of a Windows NT 4.0
domain, instead of trying to take these on board at the same time as learning
Active Directory.There’s nothing so reassuring as starting from familiar ground
rather than feeling as if you’re starting everything from scratch again. Interestingly,
Microsoft’s fairly recent addition of exam 70-244,“Supporting and Maintaining a

but they might not realize how to make the most of the new features it offers. In
fact, I’ve often seen people treat Windows 2000 as if it were Windows NT 4.0
with the interface annoyingly changed, totally unaware of the new features and
benefits “under the hood,” just there for the taking! The new interface isn’t to
everybody’s liking, but it is highly configurable—if you know where to look.
Windows 2000 is often chosen for stability and reliability reasons, and it has
certainly earned its reputation for better stability and reliability than previous
operating systems. Are you aware, though, of how that is accomplished and how
you can configure and fine-tune this? For example,Windows File Protection
helps to address the “DLL hell” we got used to seeing with incompatible versions
of files, but it comes at the cost of disk space. Knowing how this works and how
you can configure it gives the choice back to you, rather than relying on the
operating system to make choices for you.When disk space on the operating
system partition is tight (often an issue if upgrading), knowing how to configure
the DLL cache can make the difference between being able to upgrade to
Windows 2000 without repartitioning your disk and not being able to install it.
www.syngress.com
147_noAD_01 8/10/01 12:26 PM Page 13
14 Chapter 1 • Why Not Active Directory?
Active Directory Group Policies have had a lot of coverage as being one of
the biggest reasons to migrate to Active Directory so that you can centrally con-
trol and secure users’ and computers’ environments.They offer far more extensive
configuration options than System Policies ever did—and they do so without
tattooing the registry. But did you realize that you can use them outside Active
Directory, even within a Windows NT 4.0 domain? Local Group Policies are
one of Windows 2000 best-kept secrets! Using them together with security tem-
plates, you can centrally configure and deploy your security and administrative
templates on Windows 2000 computers—for example, you can lockdown desk-
tops for users and enforce tight security configurations.
Chapter 3: Laptops

files and content across the network, and disk quotas to help you control and
plan disk storage and capacity.
Disk management has become easier with the new dynamic disk storage pro-
viding on-the-fly changes without rebooting. Remote disk management is now
possible, and the Remote Storage service can provide instant increased disk
storage by dynamically migrating less often used data to tape.The built-in backup
utility has an improved interface with an inbuilt graphical scheduler, and you can
now leave Performance Monitor running as a service to help keep an eye on the
general health of your servers (for example, emailing the administrator when crit-
ical factors such as low disk space and memory are identified).
There’s plenty of printing improvements too, including support for the new
Internet Printing Protocol (IPP), which allows intranet and Internet users to
install and manage their printers through a browser.
Chapter 5:Terminal Services
I think Windows 2000 Terminal Services earns its spot as my favorite feature in
the Windows 2000 feature set. Now part of the base operating system rather than
a separate product,Terminal Services is installed as a service just like any other
operating system service. Best of all, it comes in two flavors: Administrator Mode
and Application Mode.
Administrator Mode requires no additional licensing considerations with the
only drawback being the maximum simultaneous connections being restricted to
two. It allows administrators to remotely log onto a Windows 2000 server (run-
ning this service) and remotely administer it as if they were sitting in front of it.
It’s ideal for low-bandwidth connections because all the programming execution
stays on the server—only screen and mouse/keyboard data is transmitted. And it’s
secure because you can use 128-bit encryption, and it’s firewall friendly in that it
doesn’t use remote procedural calls (RPC) that most firewalls block. It’s difficult
to see why you wouldn’t install this on all Windows 2000 servers.
Application Mode is how most people currently think of a terminal server—
servicing applications to users in a true multiuser environment. It’s an easier envi-

Chapter 6: Networking Services—
DNS, DHCP,WINS, and NLB
At the heart of any network lie the networking services that make it possible for
computers to communicate with each other.With the acceptance that not all
networks have high bandwidths and must often integrate with other networks
(including the Internet) and non-Windows computers,Windows 2000 net-
working services such as DNS, DHCP, and WINS have had a vital overhaul.
Microsoft has had to do this because Active Directory has been its focus of
Windows 2000, and Active Directory relies on a reliable networking infrastruc-
ture. Quite simply, if there are TCP/IP problems there will be Active Directory
www.syngress.com
147_noAD_01 8/10/01 12:26 PM Page 16