Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
The networking capabilities of Windows XP Professional include refinements of features introduced in Windows 2000. These refinements allow you to maintain a scalable networking presence in a variety of environments.
The networking innovations, first appearing in Windows 2000 Professional and further refined in Windows XP Professional can be categorized into three areas: directory services, account authentication, and policy handling.
Windows XP Professional, Windows 2000, and Windows Server 2003 use the Active Directory directory service as its domain-based directory service. A directory service provides information about objects in a network environment, including user and computer accounts, and shared resources such as printers and other directories. It provides a consistent way to name, describe, locate, access, manage, and secure information about each of these resources. Active Directory, the directory service used in Windows 2000 and Windows Server 2003 domains, organizes information in a hierarchical, object-based fashion.
In Windows 2000 and Windows Server 2003 domains, Account Authentication is performed using a protocol called Negotiate. Negotiate, in turn, uses the Kerberos V5 authentication protocol to authenticate any Windows XP based computers, Windows 2000 based computers, and Windows Server 2003 based computers. The Kerberos V5 authentication protocol, as defined in RFC 1510, is an industry-supported distributed security protocol based on Internet standard security.
Negotiate uses the NTLM protocol where local authentication is needed and to authenticate any computer based on versions of Windows prior to Windows 2000. NTLM is also used as the account authentication method in Microsoft Windows NT domains and for authentication to Microsoft Windows NT version 4.0 based domain controllers.
For more information about the Kerberos V5 protocol and Windows XP Professional, see Account Authentication later in this chapter.
Windows XP Professional supports the use of both System Policy and Group Policy to specify user and computer configurations. System Policy, introduced in Windows NT 4.0, is more limited than Group Policy, introduced in Windows 2000. In a Windows NT domain, domain administrators use System Policy to manage the user s work environment and to enforce system configuration settings. In a Windows 2000 or Windows Server 2003 domain, Group Policy settings are your primary method for enabling centralized change and configuration management. A domain administrator can create Group Policy settings at a Windows 2000 based or Windows Server 2003 based domain controller to create a specific system configuration for a particular group of users, computers, or both. You can use Group Policy to do the following:
Automatically install applications assigned to users or computers or both and provide location independence for roaming users.
Permit desktop customization and lockdown.
Configure security policies.
For more information about Group Policy, see Group Policy and System Policy Settings later in this chapter.
To allow your Windows XP Professional based computer to take its place in a Microsoft network, you must first perform these fundamental tasks: assess the current network environment, install and configure your transport protocol, connect your computer to the appropriate network environment, verify that that you are logged on, and then troubleshoot any problem that might have occurred in the process.
Before adding a Windows XP Professional based computer to a network, you must determine whether you want to add the computer to a Windows 2000 or Windows Server 2003 domain, a Windows NT domain, to a workgroup of computers running Microsoft Windows 95 and Microsoft Windows 98 or to a non-Windows based environment such as Netware. Typically, the network environment determines the authentication method you choose to access the network, the means you choose to enforce desktop and security rules (Group Policy or System Policy), and the method you use to handle logon scripts.
Before you can add a Windows XP Professional based computer to an existing network, you must establish client connectivity with the network. Transmission Control Protocol/Internet Protocol (TCP/IP) has become the universal network protocol suite due to its scalability and its role as an Internet standard.
For all recommended tasks, it is assumed that the Windows XP Professional based computer on the Microsoft network runs IP protocol as the default network protocol. Windows XP Professional supports NetBIOS over TCP/IP (NetBT), Windows Sockets (WinSock), and the Internetwork Packet Exchange/Sequenced Packet Exchange protocol (IPX/SPX). NetBT and WinSock are installed by default. IPX/SPX can be added if needed for connectivity to legacy Novell networks.
For more information about the Windows XP Professional implementation of TCP/IP and IP configuration, see Configuring TCP/IP in this book.
For more information about network protocol installation and configuration, see TCP/IP and Other Network Protocols later in this chapter.
A user who has appropriate permissions can do the following:
Join a domain or workgroup. No rights are required for joining a workgroup.
Create the computer account in a domain during Windows XP Professional installation. For workgroups, no permissions are required
Use the Network Identification wizard to make the Windows XP Professional based computer a member of a specified domain or workgroup.
Manually add a computer to a network by specifying the appropriate domain or workgroup on the Computer Name tab of the System Properties dialog box.
For more information about joining a domain or workgroup, see Microsoft Network Environments later in this chapter.
To verify that a Windows XP Professional based client is added to the network, attempt to log on to the domain where you added the computer; or if you added the computer to a workgroup, log on locally. If you are in a domain environment, make sure that logon scripts function as expected and that no conflicts occur between the following:
Local Group Policy and Windows NT System Policy
or
Local Group Policy and Windows 2000 or Windows Server 2003 domain Group Policy settings
| Note | Domain Group Policy always overrides Local Group Policy. |
For more information about confirming a Windows XP Professional based computer s membership in a workgroup or domain, see Confirming Domain and Workgroup Membership later in this chapter.
If a user cannot log on to a workgroup by using a local account or to a domain by using an account on a domain controller, troubleshoot the logon failure to determine its cause and solution.
For examples of logon-related problems and how to solve them, see Troubleshooting Logon Problems later in this chapter.