Networking / Beginners

---

Network

Networking with Windows 2000 has changed significantly from Windows NT. In addition to the standard Windows port (135, 137, and 139), Windows 2000 adds Port 88 for Kerberos, Port 445 for SMBover IP, Port 464 for Kerberos kpasswd, and Port 500 (UDP only) for Internet Key Exchange (IKE). What this means is that if you want to remove NetBIOS from a Windows 2000 system, you actually have to disable File and Print Sharing for Microsoft Networks on the specific interface. You can do this from the Network and Dial-up Connections window. Select the Advanced menu and then select Advanced Settings to see the Adapters and Bindings tab.

The network continues to be a key part of Windows 2000. Windows 2000 domains remove the concept of PDCs and BDCs. There are now only domain controllers (DCs). Windows 2000 domains still maintain the centralized control of the user database. However, the active directory structure now allows for a hierarchical concept. This means that groups can be created above or below other groups and the domain can be separated into organization units with local control.

NOTE: Before Windows 2000 is deployed within your organization, the domain structure should be properly planned. Just moving an existing domain structure from Windows NT to Windows 2000 is not appropriate and can cause future problems.

It should also be noted that Windows 2000 does make a change in the way trust relationships work within a domain and between domains. In Windows NT, it had to be explicitly established for each direction. In a Windows 2000 system, trust relationship is bi-directional by default. Trust in Windows 2000 is also transitive. This means that if Domain A has a trust relationship with Domain Band Domain Bhas a trust relationship with Domain C, then Domain A also has a trust relationship with Domain C and vice versa.