Like adding screens to your home's windows can keep out more than flies, so also enhancing security on your network can keep out more than hackers. Woe to the hapless user who can't remember passwords or who wants to download a file but finds he can't (and he won't know that it's because you blocked port number 20 - FTP. You'll have to know that). In some ways, this is very much like normal troubleshooting, in that you determine the symptoms and how much of your network is affected. This time, though, you know what has changed because you've added a security feature. In short, you did it to yourself. This objective expects you to know the effects of what you do, in advance, and how to figure a way around your own safeguards.
The first consideration here is the size of the network, and how you connect to the Internet (or Intranet, or at all). For peer-to-peer workgroups and small domains, DHCP may not be necessary at all, nor WINS (use LMHOSTS files)—and DNS may be handled by your ISP exclusively. Excessive services on a network that doesn't need them will be unnecessary overhead.
Other factors include whether the network is a mixed-server OS environment (IPX/SPX for older Netware, TCP/IP for UNIX/Linux), and how different clients relate to the network model (NT-based or W9x handle domain issues differently).