Plea: Win2K Server Perplexity

Here's the current situation:

We've got a workgroup configuration (not a true domain) with 10 workstations. The T1 comes off a Vina box via the typical ethernet connector. The Vina does not do any routing or DHCP. The Vina is hooked into a patch bay, which feeds to a Linksys Etherfast II switch. Indeed, all our machines are wired to the network this way, including our current file server. Each machine has a manually set IP number on the LAN. Network performance is poor. TCP networking doesn't function. This seems to be an overhead problem, as we need to run Netbeui and/or IPX for all the machines to see each other. Each machine runs its own software firewall and virus protection. The connection to the internet works fine, despite the LAN's problems with TCP, although it's perhaps a tad slow.


What I want to do:

I want to set us up as a True Domain TCP network.

I want the Vina box to go to the 100 NIC of a Dual NIC Server. I want the Server's other NIC (Gigabit) to go the patch bay, where it is passed to the Etherfast II switch. (We'd like to upgrade our entire LAN to Gigabit eventually. I understand that it will run at 100 in the present configuration).

I want the Server to serve IP by DHCP. I want to administer a firewall and anti-virus from the server.

I think like to employ Active Directory in the Server OS. I think this will improve overhead and allow for the Network to function based solely on TCP protocol.


Things that I think I need to know:

What are the key elements in setting this up? Is the proposed configuration whacked? HOw do I configure the Win2K Server OS to accomplish the things outlined above.

How do I assign each NIC to its respective tasks?

Is there a good software firewall that will run on Win2K server? Or do I need a hardware FW, like a Sonicwall between the Server and the Vina box?

What about anti-virus administration? Can downloads and e-mail attachments be monitored at the server? Is this a performance drain?

I know how to set-up the workstations for DHCP in a workgroup environment. Is it different in a Domain?

Do I need a hub between the Vina box and the Server? Some books I've looked at show a hub between the Server and the T1 feed (the Vina in our case)?

Do we need the patch bay? Why isn't everything hooked into the switch directly?

OK. That should do it for now. I look forward to being enlightened...

1. The computers could not see each other _before_ the firewalls were installed. Remember I am talking only about their ability to see each other with only TCP protocol running. Every computer can see every one else with Netbeui and IPX enabled -- it's just slow. Furthermore, the firewall is set up to allow communication with every computer in our IP range. Shutting off the firewalls makes no difference in performance.

2. A "Network Pro" came in to diagnose and troubleshoot our network. He suggested that our network configuration and the fact that we are not using AD created a situation where packet "broadcasting" was creating a high incidence of collisions, with this situation exacerbated by the need to run three protocols. He referred to this as an overhead problem. He suggested that employing AD to direct packets could correct this situation.

3. I am trying to learn so that I am not at the mercy of IT rip-off artists. I learn by asking questions. If I am wading in too deep, I would like to know where the rip tides are so I can learn about them and prepare myself. I doubt that there is an indelible genetic basis to the difference in our level of understanding.