If you’re an administrator of a network running Active Directory, then you probably spend a great deal of your time working within the Active Directory Users and Computers MMC. While there’s no question that this and other management tools can be extended in cool ways to perform additional tasks (similar to what Alan outlined in […]

Administering multiple Windows 2000 Servers in a multi-site environment can sometimes become a tedious task to say the least. Picture this scenario: your company has four offices, two within a kilometer of each other, another approximately 100 km away, and the fourth resides in a totally different country. You are responsible for all the Win2K […]

One topic that seems to cause users a great deal of anguish is the configuration of Network Address Translation (NAT) for the purpose of providing shared Internet access on private network. This guide is meant as a quick reference for those who need to implement NAT on networks, especially small networks that include Active Directory.
For […]

Setting up Active Directory is far from difficult. However, many people experience problems with their installation shortly after completing it because they neglect to properly plan their implementation of DNS. I receive emails on almost a weekly basis from users who have gone ahead and run dcpromo, and then wonder why client systems can’t properly […]

In a Windows NT 4.0 domain environment, assigning scripts to users was more of less restricted to simple logon scripts. Not particularly flexible, but generally enough to get the basic jobs done - mapping directories, printers, environment variables, and so forth. For all intents and purposes, however, you were still in a simple batch file […]

Although the idea behind the Encrypting File System (EFS) in Windows 2000 seems pretty straightforward, there is a great deal more to it than first meets the eye. The purpose of this article is to explain how EFS actually works, and to provide practical configuration advice for system admins.
Why use EFS? The simple answer is […]

Installing Certificate Services on Windows 2000 is quite simple, though the choices available to you will again depend on your environment. For the purpose of this illustration I will walk through the process of creating a Standalone Root CA – mainly because my computer is not configured as a domain member at the moment. Since […]

Before covering the installation of Certificate Services in Windows 2000, it is important to understand the different types of Certificate Authorities that can be installed. A root CA is the top link in a chain of CAs, while a subordinate CA is a downlevel server that has one or more CAs above it (and eventually […]

Of all the many services that Windows 2000 offers, one of the least understood is probably Certificate Services. While it may seem that anything that has to do with cryptography is unnecessarily complex, understanding the main elements is certainly not difficult. Certificate Services exist for one primary purpose – to help in the creation of […]

IPSec is a security protocol included in the Windows 2000 TCP/IP stack. Its function is simple – to secure TCP/IP communications within or between networks according to the parameters and rules that you lay out. While the concept itself is simple enough, the actual implementation of policies that will do what you want actually requires […]