How to set up simple quick DHCP & DNS on W2k3 Server without AD?

Posted on 2006-04-14
Last Modified: 2012-06-21
I run a small office with 10 terminals and have no IT person. I was running ok on w2k3 using a router for dhcp and apparently the dns service was provided by my isp.  Now i have installed a watchguard soho6 firewall and removed the router (they connet to a switch) and my terminals keep losing ability to connect to internet.  I have to keep rebooting the firewall to get them to connect.  I know I need dhcp and dns from some source, and know i can set up w2k3 server to provide both, and I am afraid (as I don't understand) of AD, so I don't want that.  Can someone tell me the absolute simplest way to set this system up for internet access and trusted network access.  I use a dell4400 server (actually have two of them) with dual nics (i am not using one, since i dont know what to do with a dual nic setup).  I know how to set up tcpip addresses, and type in the dns server addresses, but don't know what numbers to put in.  My firewall will provide dhcp if i set it up that way, and its address is  I have all the terminals and network printers working ok, just don't know how to get out on the net.  And, should I be afraid of AD? I am using a workgroup.  Would I benefit from a domain?
Question by:195ecentralave
    LVL 12

    Accepted Solution

    What exactly are the terminals? Is that a true thin client (i.e. WinCE or XP Embedded) or are they Windows XP workstations?

    You'll only benefit from a domain setup with XP Pro clients. Thin clients and XP Home can't use a domain. Benefits of a domain are, amongst others:
    - Centralized user management and access control (no need to create user accounts and passwords everywhere)
    - Logon scripts (mapping network drives so everybody's using the same letters, easier to exchange data that way)
    - Customize and centralize client management with group policies

    This requires some work though and I don't suggest installing a domain when not sure what you're doing.

    You don't need a domain for DHCP and DNS. You can install the DHCP server and DNS server from the Software control panel. The management consoles are then added to the Administrative Tools. See here:;en-us;323416 for instructions on how to install the DHCP server.
    If you're going to use DHCP, make a note of all IP addresses that are in use on the internal network, and make sure that the DHCP server doesn't hand out IP addresses that are already in use by the firewall, servers, printers or workstations with a static IP address.

    You're not required to use DHCP, static addressing works as well. A typical configuration for your network probably looks like this:
    IP address: (the last digit must be different for all hosts)
    Subnet mask: (this is the same for all hosts)
    Gateway: (the firewall)
    DNS Server: (also firewall)

    This assumes that the firewall can handle DNS forwarding. If it doesn't, then you should install the Windows 2003 DNS server and point the workstations to the W2003 server hosting DNS. You don't necessarily need to set up DNS forwarders; Windows 2003 DNS will find DNS servers by itself.

    I suggest configuring one host, and see if that works reliably. Go from there.
    LVL 40

    Assisted Solution

    That pretty much explains it, but perhaps I can add a little to your knowledge of IP Addressing, without complicating it.  (like with a discussion of variable length subnet masks)....

    Think of an IP Address as a physical address for receiving mail..  When you send a letter (remember snail mail?), the post office needs to know where the destination is..  the same goes for computers, and data packets.

    Within the actual IPAddress, you have your 'house' number, and the 'street' name..  To determine which is which, you use a subnet mask.  The subnet mask identifies the 'boundary bit', which divides the 'street' from the 'house number'.

    So...  If you use a Classful Class C subnet (denoted by a /24 called CIDR, or, the boundary bit is located between the 3rd and 4th Octet.  (Octet is for the binary representation, as 255 = 11111111 in binary).  This means that the first 3 octets tell you the Network Address (or in our discussion the Street Name), and the 4th octet identifies the actual computer.  Every computer on the network WITHIN the same subnet must have the same first 3 octets, and the 4th octet is unique to the computer.

    Now, you should be able to do your computer addressing on your LAN!

    Just hope this helps!

    LVL 12

    Assisted Solution

    The fact that you have to restart the firewall all the time, could be caused by an IP address conflict with the firewall, i.e. that another computer or printer is configured with the same IP address as the firewall. This will give very strange results (hence your problems).

    Look for a computer that is configured with the same address as the Watchguard.
    LVL 12

    Expert Comment

    Thanks for the points. Did we help?
    LVL 40

    Expert Comment

    Yes, thanks, and best of luck with getting this working...


    Author Comment

    I got a good education on dhcp and dns settings on this one, but still am having problems with some of my xp pro sytems, cant access the internet.  all will if i reboot the soho6.  but not for long.  i setup the dns on my server, no help, so i uninstalled it.  since i never had it set up to begin with i assume the dns came from my isp, since all my xp pro computers on the network had obtain dns automatically set in the tcpip page in the connection settings.  I have posted a question for the soho6 setup on the firewall section of the security forum to see if perhaps there is something i  am not doing right there.
    but your answers helped me rule out other problems and i now know more about how my system works. thanks,
    LVL 12

    Expert Comment

    You should also link to this question so the experts can see what was going on here.

    You can't configure a Windows client to obtain DNS automatically, if it doesn't also obtain it's IP automatically.

    So, what solution did you choose? Is the firewall or the W2003 server a DNS? All static IP addressing (in which case you must also enter a DNS manually)?

    You can't have 2 DHCP servers on the same network handing out duplicate IP-addresses (overlapping range); won't work.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now