wobbley1

Start with your network design. You need to look at a separate subnet for your DMZ segregated from everything else by a firewall. Ideally all servers in here will be members of workgroups and not members of your domain to reduce the amount of ports you need to open on the firewall as each one you do reduces the security the DMZ is designed to give you. Installing windows - standard install really but look to set all unnecessary services to disabled to reduce the attack surface of the operating system. For everything else have a search around the web for info. www.phoneboy.com used to be a good source of information of securing the o/s but i have not looked at it in a while. hth and good luck,

Simple thing, turn zone alarm off and then try to log off and see if a profile is set up. Also check your user settings to ensure that the path your profiles are going to is correct and that the users have the rights to write to that location. Is the machine that works the win2k one or is it one of the winxp machines? If the profile is set up correctly you should be receiving logon errors stating that the profile can not be found and that a temp or locally cached profile is being used.