by December 11, 2001 0 comments

Windows networking follows two models, called work-groups and domains. The
workgroup model is meant for a small network consisting of a few desktop
computers that want to share resources with each other. The domain model is for
a larger network with one or more servers to which all other desktop computers
called clients login.

The concept of workgroups has been around for a long time. It’s an
efficient way to divide your network and make it more manageable. It involves
breaking up your network, whether it’s small consisting of a handful of
computers or a large one containing hundreds, into smaller, easily manageable
groups. We’ll see how you can do this using Windows 2000 Professional.

Preparing for workgroups

The first thing you need is the network hardware–network cards, cables, and
hubs (or switches)–to be in place. Place the network cards inside your
machines, lay out the cables the way you want, and connect them through a hub or
switch. When you install Windows 2000 Professional, it will automatically
recognize your network card and set it up. During the installation you can make
your computer part of a workgroup or domain. (You can do it afterwards as well,
which is explained later.) By default, Windows 2000 will install three
components–the Microsoft client, File and Print sharing, and TCP/IP protocol–for
networking. This is all you need to get your workgroup going.

Configuring workgroups

It’s quite easy to change the domain or workgroup for Windows 2000
Professional after the installation. For this, follow these simple steps:

  1. Right click on the My Computer icon on your desktop and select properties.
    This will take you to your system properties.

  2. You’ll see several tabs here. Choose the Network
    Identification tab. There are two buttons here called Network ID and Properties.
    The first one is the network identification wizard that will help you configure
    the computer to be a part of a workgroup or a domain. We chose the Properties

  3. Click on Properties, the second button, and a window called
    Identification Changes pops up. Here you can choose between joining a domain or
    a workgroup. You can join a domain if you have a Windows NT or 2000 server
    already running. For this, enter your domain name. You’ll then be prompted to
    enter a username and password that already exists on the particular domain. If
    it’s able to authenticate, you’ll see a welcome to the domain screen.

  4. Interestingly, we also noticed that sometimes you may not be
    able to join a Win NT domain if you just have the TCP/IP protocol installed. We
    faced this problem with one of our systems that was initially made to be part of
    a domain without any problem. We moved it out of the domain and put it in a
    workgroup. After this, when we tried to rejoin this system to the domain, it
    wasn’t able to find the domain controller, meaning the NT server. Only after
    installing the NetBEUI protocol was it able to rejoin the domain. So if you have
    trouble finding computers over the network, you may need to install this old

  5. If there’s no domain on your network, then you can enter
    the name of a workgroup to join. If there’s no workgroup, you can start a new
    one by entering its name. You’ll have to restart the computer for these
    changes to take effect.

  6. Similarly, go to the other computers and make them members of
    a workgroup or domain. You’ll need to have at least two computers in a
    workgroup for it to be effective. A single computer in a workgroup will not be
    visible on the network.

Accessing workgroups

Once you’ve made the computers on your network members of
different workgroups, it’s time to use them. Open My Network Places, and you’ll
see two options. The first is to view the entire network, while the other is to
view computers near your computer. If you just want to see the computers that
are part of your own workgroup, choose the Computers Near Me option. If you want
to access a computer that’s part of another workgroup, open up the entire
network option, find the particular workgroup, and you’ll see the machine you
want access to. When you access a computer in a different workgroup or domain,
its shortcut gets established automatically. So the next time you want to access
this particular resource, you don’t have to hunt around for it on your

Initially, after establishing a workgroup, when you view the
entire network, you’ll find only your own workgroup in it. If there are other
workgroups on your network that are not showing up, don’t panic. Your machine
will constantly hunt for other computers on the network and place them in your
network neighborhood when it finds them.

Securing network access

Once you’ve made yourself part of a workgroup, you’ll need to share the
directories you need. This is similar to sharing directories in Windows 9x,
where you right click on a particular folder and choose sharing. Once you’ve
defined a share, you can define permissions for users. You can also define
whether you want to give full control, allow a user to make changes, or just
read a particular directory. This way, different users in the workgroup will
have different types of access to your computer.

Speaking of users, there’s a default set of users and groups in Windows
2000 Professional. You can access them by running the Users and passwords applet
from the Control Panel. From here, you can change the passwords of existing
users or add new users. An advanced tab on the same window lets you define
additional properties for each user. These include things like user profiles and
password settings.

You can select from a range of security features in Windows 2000
Professional. Go to the Control Panel, choose Administrative Tools, and you’ll
find the Local Security Policy applet. Run it and you’ll be able to assign
various security settings to users and groups on your computer. These include
everything from password complexity to allowing or denying access to specific
computers in your workgroup.

Finally, you can disable access to all your shared drives, yet access other
computers on your network at the same time. For this, you have to disable the
server service running on your machine. Yes, even the desktop version of Windows
2000 Professional has a service by the name of Server. You can access this by
going to the Control Panel, choosing the Administrative Tools applet, and
running the Services applet from there.

Thus, with the proper settings, you can have a secure workgroup running under
Windows 2000 Professional.

Anil Chopra and Sanjay Majumder

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.