Transcript The Windows 2000 Report Card: what is it, why do I care

The Windows 2000 Report Card:
what is it, why do I care, and
what will it do for – or to – me?
Presented by Mark Minasi
teacher, speaker, author, alpha geek, columnist
[email protected]
free newsletter at www.minasi.com
Contents copyright 2000 Mark Minasi
Overview
what’s in this talk for me, fat man?
just one and a quarter hour, friends –
that’s right, just 75 short minutes – you too
will be able to hold your own in a discussion
on Windows 2000
 You will be the envy of your friends as you
effortlessly explain Active Directory, Change
and Configuration Management, and Offline
Files … before the geeks understand it!
 But wait, there’s more…
 In
Overview
Windows 2000 Server goals
 Make
NT an “enterprise” OS
 Make NT more reliable
 Make support people’s lives easier
 Let us administer our servers from far away
 Stop using server names like \\myserver
(NetBIOS) and instead use names like
myserver.acme.com (DNS)
Overview
Windows 2000 Professional Goals
 Eliminate
most of the reasons to use
Wintendo rather than NT on the desktop
 Make Win2K laptop-friendly
 Add Plug and Play and good hardware
support
 World Domination
Overview
Windows 2000 Definitions & Flavors
2000  NT 5.0
 It is not Windows, it’s NT
 Windows 2000 Professional: desktop OS,
what we used to call “NT Workstation”
 W2K Server: like NT Server
 W2K Advanced Server: Like NT Server
Enterprise Edition, clustering etc
 W2k Data Center: for the big jobs
 Windows
Overview
Windows 2000’s dirty little secret
W2K is a cool product and can solve many of
your existing network problems…
 So long as you don’t mind replacing most of
your hardware and software

Windows 2000:
Enterprise Issues
Riddle: “What would you call
something that replaced SAM?”
Enterprise Issues
Enterprises are big: problems & solutions
W2K domains can contain tens of millions
 Single domains can now easily span large
geographical areas, as Windows 2000
domains understand WANs and compress
data 10:1 before transmitting
 NT 4 names were limited; Windows 2000
uses DNS names

Enterprise Issues
enterprises are big: problems
Really need native mode to do the cool stuff
(all NT 4 DCs must be dead)
 Groups can only handle 5000 members
 Fax, but no fax server
 Multimaster replication still needs some work

–
–
Two admins can both modify a group
membership and one admin’s work will be lost
There are still single-point-of-failure servers, in
particular the “PDC FSMO”
Enterprise Issues
Enterprises need more types of admins

NT only supported two kinds of people:
–
–
Users
Gods (oops, I mean administrators)
But some jobs need a “sub”-admin
 OUs and delegation give us that

Enterprise Issues
enterprise issues: problems

Things AD Won’t Let You Do:
–
–
–
–
–

Rename a domain
Move an OU from one domain to another
Move a domain from place in the forest to
another
Merge two existing domains, trees or forests
Rename a domain controller
But that’s okay; enterprises don’t do that
Enterprise Issues
Enterprises need scalability
Network Load Balancing Module, clusters in
Advanced Server and Datacenter help scale
 Kerberos logon and the Global Catalog
speed logons and let domains grow
 Again, DNS naming allows more growth
 Bad news: powerful chips like Alpha helped
networks grow; no Alpha support in W2K

Windows 2000:
Reliability
Reliability
the good news





Clusters help both scaling and reliability
Recovery Console lets you boot to a DOS-like
prompt with lots o’tools (works on NTFS too)
Driver verifier is amazing
Fault Tolerant Distributed File System very nice and
easy to set up
Windows File Protection protects System32 files
and requires an undocumented value (ffffff9d) to
disable
Reliability
the bad news
Windows 2000 (Pro in particular) seems
prone to unexplained slowdowns and an
inability to shut down sometimes
 DirectX games seem more able to crash
W2K than they could NT 4.0
 Adding reliability to DHCP requires a clu$ter
 Looks like four-node clusters are out

Windows 2000:
Solving Support Problems
Support Headaches
problems we want to stop worrying about
Rolling out new machines quickly
 System lockdown control without having to
travel to desktops
 Deploying applications from a central
location
 Convincing users to keep data on a central
server rather than on their local PCs
 Controlling user server disk usage

Rolling Out New Machines
RIS, scripts, SysPrep and more

Remote Install Services
–
–
–
–


Ghost-like tool stores images on server and allows
simple one-floppy pull-down
But only stores W2K images and needs PCI NICs
(laptops need not apply)
Some fantastic undocumented stuff lets you do Server
rollouts, $OEM$ features, and customize setup screens
If done right, RIS is a wonderfully flexible tool
Scripted installs for W2K Pro are far easier
Sysprep 1.1 lets you create generic images, burn
on CDs and roll them to any hardware
System Lockdown
network admins need to control user desktops
Solution: Group Policies
 Benefits:

–
–
–
–
Far more comprehensive than system policies
Can control what apps run on a machine, what
users can modify, lots of other stuff
Can be assigned to groups of users, groups of
machines, sites, organizational units, domains
Much harder to circumvent
System Lockdown
“curses, those users have foiled me again!”

Problems:
–
–
–
–
Only works on W2K workstations
Requires quite some planning, or it can
significantly slow down logons
Complexity leads to a need for a modeling tool to
compute the “Resultant Set of Policies” (RSOP)
Head of RDP program called policies “the most
complex W2K issue -- tougher than AD”
Central Application Deployment
“where did I put that CD, anyway?”
Solution: packages deployed to the
Windows Installer Service via group policies
 Benefits:

–
–
–
Apps save files in My Documents after “spouse
mode” install
Apps self-heal
No need to give Admin accounts to users
Central Application Deployment
“don’t tell me -- I need W2K desktops, right?”

Problems:
–
–
–
–
Only works on W2K workstations
Installer-ready apps are rare so far
Admin packaging tools haven’t been as useful as
promised
Many benefits aren’t required, just suggested for
the Logo program; here’s a case where MS
should be pushing a bit harder
Fostering Central Data Storage
imagine if Briefcase worked...
Solution: Offline Files (but W2K PCs only)
 Benefits:

–
–
–
–
–
–
Caches oft-used network files locally
Apparently speeds network response time
Works when the net is down
Allows traveling users to bring a part of the net
with them
Synchronizes cache/network versions
My Documents an obvious candidate
Controlling Server Space Usage
disk quotas come to W2K
Problem: limited server disk space
 Solution: disk space quotas come to W2K
 Benefits: very, ummm, simple to work with
 Problems:

–
–
–
Very lame
Cannot apply quotas using groups, or to groups
Must apply amounts user-by-user
Remote Control and Admin
Remote Control
what’s new
Terminal server built into every Server
 Telnet server built into every 2000
 Scripting can offer low-bandwidth remote
control tools
 W2K is markedly more scriptable -- can now
do admin scripting with VBScript, Javascript,
Perl, WMI, Windows Scripting Host
 Even W2K Pro: Manage Computer, NM 3.0

Remote Control
what’s missing
Very little, actually!
 The worst of it is that the network admin
types will probably have to learn scripting
skills!
 It’d be nice if Terminal Services worked better
on low-speed links without Citrix
 Bottom line: START TO LEARN
SCRIPTING, NOW

Last question about Server
before moving to Professional:
Will Server succeed in the market?
Well, possibly yes...
Beating Windows (and NT 4)
On The Desktop
In Case You’re Not Confused Yet






Windows 95 = DOS plus some 16 bit and some 32
bit application platform
Win NT 4.0 = completely different OS with a similarlooking user interface
Win 98 = Win 95 version 1.1, more DOS-plus
Windows 2000 = NT 4.0 with plug and play, Active
Directory, CCM
So what to call the NEXT DOS-plus type Windows?
My guess: 2001 = really Windows, 2002 = NT, etc.
What W2K Has That W98
Doesn’t







Offline files
Rollout and deployment tools (RIS, Group Policies,
Microsoft Installer)
Remote “Manage Computer” interface
Home directories work finally
Enforced driver signatures
Encrypting FS
Has always had NTFS, Task Manager, more solid
What W2K has that NT 4 didn’t









Plug and Play
Encrypting File System
Offline Folders
Deployment tools
APM support and ACPI support
Home directories
Great accessibility tools
“Folder settings” seems to remember now
Remote “Manage Computer”
What W2K Has That You’ll Hate

Windows 2000 Professional is pretty
resource-heavy
–
–
–

96-128 MB RAM minimum
Expensive ($319, $219 W9x upgrade, $149 NT
upgrade)
Uses almost 500 MB of disk space
As always, not 100 percent legacy app
compatible – Wintendo may win here
Laptop Friendliness
Laptop Friendliness
NT 4 lacked power management, hot plug
and play, plug and play, USB,
suspend/hibernate, encryption
 W2K gets all of those things
 Problem: as it’s a bit heavy, may not be
appropriate for many laptops
 Problem: doesn’t always detect changes in
networking after suspend/hibernate

Plug and Play, Hardware
Support, USB
Plug and Play

Benefits:
–
–

All rewritten, not the Windows 9x code
Seems to run fairly solidly
Problems:
–
Despite misleading claims, W2K drivers are not
Windows 98 drivers, so drivers are scarce
Plug and Play
Oddities and problems

Stuff that seems not to work usually:
–
–
–
–

IEEE 1394 boards
Most hardware MPEG decoders
Most USB modems
As always, check the HCL and don’t assume that
things will work, unfortunately
Support does exist for a surprising array of
old stuff -- CD burners, TV tuner boards
Summary Advice
Hey, Minasi, how about the short
version?
Before implementing, ask: will it
pay off?
4
3.5
3
2.5
2
1.5
1
0.5
0
1965
1970
1975
1980
1985
1990
1995
1998
Final Grades:








Enterprise: BReliability: BSupport tools:B+
Remotability: A
Kill NetBIOS: I
Beat Wintendo: ALaptop friendly: APlug and Play:B
What do I DO????
the problems
There’s no smooth path between an NT 4
domain and a W2K domain
 Many of W2K’s benefits simply don’t work
until you’ve migrated to Active Directory
(“watch that first step, it’s a lulu…”)
 But some benefits will work fine without AD,
and there’s a learning curve to working with a
W2K desktop, whether server or pro

One Approach
Not Microsoft’s but a bit more gradual

Move your workstations to Professional
–

Then move the member servers to W2K
–

Learn the UI changes, get a feel for the level of
driver support you’ll find overall, check apps
IIS 5, web folders, offline files, better WINS
Then migrate some DCs to AD
–
–
But first sync and shut down an NT 4 BDC
When you trust it, start using the AD features
“Do AD later? Isn’t 2000 Without
AD A Dumb Idea?”








DNS, WINS, DHCP is improved
Routing: Internet Connection Sharing, NAT
IIS: 2x faster, better restarts, multiple sites are
easier, has ASP 3.0
Plug and Play, power management
Telnet, scripting, Terminal Services
Some Dfs
Encrypting file system, other NTFS 5.0 features
Nope, it’s not a dumb idea at all; in fact, I strongly
recommend that you get DNS nailed before starting
your AD implementation
One Final Thought…
1998
1999
NT Server Market Share
38% , #1
38%, #1
Linux Market Share
(Server market)
12%, #4
25%, #2
What will we be talking about here next year?
Thank You!
I hope this was useful, thanks for joining me
 Email:[email protected]
 I invite you to sign up for my free newsletter
at www.minasi.com

Don’t miss the reception (free eats!) in the Vendor Hall
downstairs -- it’s right now!
And I’m doing a book signing in the Vendor Hall at 5:50
PM -- make your book a collector’s item (yeah, right)