While this guide is written with Windows 2000/XP/2003 Professional and Servers in mind, much of the information is also applicable for Windows 9x/ME/NT systems as well, with only minor changes… in fact, specific details would remain much the same, only the configurations steps would change slightly. That is, where the settings are found in other versions of Windows are different. Basic idea though is that once you get to Network Control Panel, you can pretty much click around and see where things go.

This guide assumes we are working with NIC (Network Interface Card) configurations for a LAN or Broadband Internet, and not Dial-up settings, although I will try to include those settings as best possible.

Although there are many ways to setup a network in which you can share an Internet connection, I am going to limit this guide to two methods… Single-Homed (Using a Router) and Multi-Homed (Using Windows ICS (Internet Connection Sharing)). The difference being the requirement of an extra NIC card in one system for Multi-homed, versus the one-time expense of a Router in a single-homed configuration.

For my home network, I chose a single-homed routed method, because I am able to offer the most secure setup to network while maintaining flexibility. This option gives you the network setup shown in this diagram.

A Multi-homed network is where you have a second NIC for one “server” system and a small hub/switch that will run ICS instead of paying extra for a router as shown in this diagram. This option while cheaper than the routed solution, does not offer redundancy when the server is down, does not offer built-in security (you MUST run a firewall!), and is more difficult to configure.

OK, enough explanation, let’s get started… Choose a Network Scenario: Single-Homed/Router Multi-Homed/ICS

Single-homed Network Configuration

As stated in the beginning, this assumes that you have one NIC for each machine, they are all connected to a router/switch, and that you have a DSL or Cable-modem connected to that hub or switch as well.

1. I will assume that you have already installed the NIC and installed the necessary software and drivers, and that the NIC is functioning properly. If not, please consult the NIC’s documentation and do that now.

2. I will also assume that you have already connected all the wiring necessary… Cat5 or Cat5e cable running from each NIC to your router/switch, and a Cat5 or Cat5e Crossover cable connecting your DSL or Cable modem to your router/switch.

3. First, it’s time to configure your NIC settings for optimal performance… a slow LAN is a dead LAN as I always say. Open Control Panel, and go to Network Connections. Then open the properties for the NIC by right-clicking on Local Area Network and choosing Properties. You will see a window similar to this one. On this window, click Configure. Then on the NIC’s Advanced tab, set the Media Type and Duplex Speed settings (as available to) to be as high as possible. Usually, I generally encourage “Auto-Select” for the Media Type and Full Duplex (input and output simultaneously). Depending on the options available for your NIC, simply choose Auto-Select. The important thing here is that the NIC should *not* remain on Hardware Default.

4. Now let’s configure the services… on a typical LAN, you should only see Client for Microsoft Networks, File and Printer Sharing, Network Monitor Driver (Optional), and the Internet Protocol (TCP/IP). There is nothing to configure for the first three items, but we need to configure TCP/IP, so click once on TCP/IP, and choose Properties. You will see this window.

5. On your TCP/IP settings, the IP, Subnet Mask, and Gateway are generally assigned automatically by the router using DHCP for client PC’s. The exception, if any, should be your primary server if you run one. In that situation, configure your settings as shown in this diagram.

6. The rest of the TCP/IP Properties Dialog is going to depend on your setup. Click the Advanced button, and then select the DNS tab. In most cases, both Primary and Secondary DNS are specified by your ISP automatically, and so nothing needs to be changed. However, if you run a local server, you should specify that server as Primary as shown in this diagram.

7. Select the WINS tab, and Disable the option for Import LMHosts Lookup. There is a use for them on LARGE networks with multiple domains, however, for the sake of simplicity, let’s ignore that situation. Also on the WINS tab, there is an option for NetBIOS over TCP/IP as shown in this diagram. Enabling this option leaves a VERY large hole in your computer’s security by opening Ports 135-139. These ports are used as a first-line hacking attempt. Therefore, it is best if you Disable NetBIOS over TCP/IP. However… if this system is going to run IIS or Exchange, it is REQUIRED that the service be Enabled. Therefore, if you are running IIS, Exchange or SQL on your system, leave the setting Enabled, and be absolutely certain that your firewall is configured to block the 5 ports I mentioned — 135-139.

8. When all is said and done, click OK, until you are back at Control Panel. If it prompts for a reboot, select “No” for the time being… although in most cases it probably won’t ask on 2000/XP systems.

9. Open the System Control Panel, and choose the Network Identification tab. Click Change, and be sure to specify the Computer name, DNS Suffix (the domain for your ISP, such as msn.com or isp.net), and the Workgroup name. On a Server environment, be sure to add it as a Domain Member.

10. When finished, reboot the system. “Rinse and Repeat” this process on your other systems, and you are all set with a fully functional LAN system, that is capable of surfing the web. Although not required on this configuration, I still recommend that you install and configure a firewall on each system.

Multi-homed Network Configuration

In a multi-homed environment, your computers each have a NIC that connects via Cat5 or Cat5e to the hub/switch. One machine that will act as a server for ICS will have a second NIC, and then your DSL or Cable modem connects to that second NIC via Cat5 or Cat5e Crossover. It’s important to do things one step at a time and not get in a hurry too. Don’t enable ICS until the very last step. Note: ICS requires Windows 98SE, ME, 2000, or XP to work and is NOT available on Windows 98 (Original Release) or NT. If you require an alternative option, I recommend Sygate or WinProxy.

1. I will assume that you have already installed the NIC and installed the necessary software and drivers, and that the NIC is functioning properly. If not, please consult the NIC’s documentation and do that now.

2. I will also assume that you have already connected all the wiring necessary… Cat5 or Cat5e cable running from each NIC to your router/switch, and a Cat5 or Cat5e Crossover cable connecting your DSL or Cable modem to your router/switch.

3. First, it’s time to configure your NIC settings for optimal performance… a slow LAN is a dead LAN as I always say. Open Control Panel, and go to Network Connections. Then open the properties for the NIC by right-clicking on Local Area Network and choosing Properties. You will see a window similar to this one. On this window, click Configure. Then on the NIC’s Advanced tab, set the Media Type and Duplex Speed settings (as available to) to be as high as possible. Usually, I generally encourage “Auto-Select” for the Media Type and Full Duplex (input and output simultaneously). Depending on the options available for your NIC, simply choose Auto-Select. The important thing here is that the NIC should *not* remain on Hardware Default.

4. Now let’s configure the services… on a typical LAN, you should only see Client for Microsoft Networks, File and Printer Sharing, Network Monitor Driver (Optional), and the Internet Protocol (TCP/IP). There is nothing to configure for the first three items, but we need to configure TCP/IP, so click once on TCP/IP, and choose Properties. You will see this window.

5. On your TCP/IP settings, the IP, Subnet Mask, and Gateway are generally assigned automatically by the router using DHCP for client PC’s. The exception, if any, should be your primary server if you run one. In that situation, configure your settings as shown in this diagram.

6. The rest of the TCP/IP Properties Dialog is going to depend on your setup. Click the Advanced button, and then select the DNS tab. In most cases, both Primary and Secondary DNS are specified by your ISP automatically, and so nothing needs to be changed. However, if you run a local server, you should specify that server as Primary as shown in this diagram.

7. Select the WINS tab, and Disable the option for Import LMHosts Lookup. There is a use for them on LARGE networks with multiple domains, however, for the sake of simplicity, let’s ignore that situation. Also on the WINS tab, there is an option for NetBIOS over TCP/IP as shown in this diagram. Enabling this option leaves a VERY large hole in your computer’s security by opening Ports 135-139. These ports are used as a first-line hacking attempt. Therefore, it is best if you Disable NetBIOS over TCP/IP. However… if this system is going to run IIS or Exchange, it is REQUIRED that the service be Enabled. Therefore, if you are running IIS, Exchange or SQL on your system, leave the setting Enabled, and be absolutely certain that your firewall is configured to block the 5 ports I mentioned — 135-139.

8. When all is said and done, click OK, until you are back at Control Panel. If it prompts for a reboot, select “No” for the time being… although in most cases it probably won’t ask on 2000/XP systems.

9. Open the System Control Panel, and choose the Network Identification tab. Click Change, and be sure to specify the Computer name, DNS Suffix (the domain for your ISP, such as msn.com or isp.net), and the Workgroup name. On a Server environment, be sure to add it as a Domain Member.

10. When finished, reboot the system. “Rinse and Repeat” this process on your other systems, and you are all set with a fully functional LAN system, that is capable of surfing the web. Although not required on this configuration, I still recommend that you install and configure a firewall on each system.

11. Return to Network Control Panel… and configure your second NIC on the server as required by your ISP. Usually, it means All “Auto-Config” settings, with the noted settings for DNS and WINS. Note: You can *always* Disable NetBIOS over TCP/IP on this adapter.

12. Click the Sharing tab, and Enable ICS. Do not change the other properties, unless you are certain you need to. This will give a warning that it is changing some network settings to match, but since we already changed them ourselves, it will leave them alone.

13. When finished, reboot the system. When the ICS server has rebooted, reboot your other systems, and you are all set with a fully functional LAN system, that is capable of surfing the web. I recommend that you install and configure a firewall on each system. But… make sure that your NIC card is NOT configured as a “LAN Device”… manually specify the IP address for your other systems as LAN Devices.