The Windows 2000 Report Card: what is it, why do I care, and what will it do for – or to – me? Presented by Mark Minasi teacher, speaker, author, alpha.

The Windows 2000 Report Card: what is it, why do I care, and what will it do for – or to – me?

Presented by Mark Minasi

teacher, speaker, author, alpha geek, columnist

[email protected]

free newsletter at www.minasi.comContents copyright 2000 Mark Minasi

Overviewwhat’s in this talk for me, fat man?

In just one and a quarter hour, friends – that’s right, just 75 short minutes – you too will be able to hold your own in a discussion on Windows 2000

You will be the envy of your friends as you effortlessly explain Active Directory, Change and Configuration Management, and Offline Files … before the geeks understand it!

But wait, there’s more…

OverviewWindows 2000 Server goals

Make NT an “enterprise” OS Make NT more reliable Make support people’s lives easier Let us administer our servers from far away Stop using server names like \\myserver

(NetBIOS) and instead use names like myserver.acme.com (DNS)

OverviewWindows 2000 Professional Goals

Eliminate most of the reasons to use Wintendo rather than NT on the desktop

Make Win2K laptop-friendly Add Plug and Play and good hardware

support World Domination

OverviewWindows 2000 Definitions & Flavors

Windows 2000 NT 5.0 It is not Windows, it’s NT Windows 2000 Professional: desktop OS,

what we used to call “NT Workstation” W2K Server: like NT Server W2K Advanced Server: Like NT Server

Enterprise Edition, clustering etc W2k Data Center: for the big jobs

OverviewWindows 2000’s dirty little secret

W2K is a cool product and can solve many of your existing network problems…

So long as you don’t mind replacing most of your hardware and software

Windows 2000: Enterprise Issues

Riddle: “What would you call something that replaced SAM?”

Enterprise IssuesEnterprises are big: problems & solutions

W2K domains can contain tens of millions Single domains can now easily span large

geographical areas, as Windows 2000 domains understand WANs and compress data 10:1 before transmitting

NT 4 names were limited; Windows 2000 uses DNS names

Enterprise Issuesenterprises are big: problems

Really need native mode to do the cool stuff (all NT 4 DCs must be dead)

Groups can only handle 5000 members Fax, but no fax server Multimaster replication still needs some work

– Two admins can both modify a group membership and one admin’s work will be lost

– There are still single-point-of-failure servers, in particular the “PDC FSMO”

Enterprise IssuesEnterprises need more types of admins

NT only supported two kinds of people:– Users– Gods (oops, I mean administrators)

But some jobs need a “sub”-admin OUs and delegation give us that

Enterprise Issuesenterprise issues: problems

Things AD Won’t Let You Do:– Rename a domain– Move an OU from one domain to another– Move a domain from place in the forest to

another– Merge two existing domains, trees or forests– Rename a domain controller

But that’s okay; enterprises don’t do that

Enterprise IssuesEnterprises need scalability

Network Load Balancing Module, clusters in Advanced Server and Datacenter help scale

Kerberos logon and the Global Catalog speed logons and let domains grow

Again, DNS naming allows more growth Bad news: powerful chips like Alpha helped

networks grow; no Alpha support in W2K

Windows 2000:Reliability

Reliabilitythe good news

Clusters help both scaling and reliability Recovery Console lets you boot to a DOS-like

prompt with lots o’tools (works on NTFS too) Driver verifier is amazing Fault Tolerant Distributed File System very nice

and easy to set up Windows File Protection protects System32 files

and requires an undocumented value (ffffff9d) to disable

Reliabilitythe bad news

Windows 2000 (Pro in particular) seems prone to unexplained slowdowns and an inability to shut down sometimes

DirectX games seem more able to crash W2K than they could NT 4.0

Adding reliability to DHCP requires a clu$ter Looks like four-node clusters are out

Windows 2000:Solving Support Problems

Support Headachesproblems we want to stop worrying about

Rolling out new machines quickly System lockdown control without having to

travel to desktops Deploying applications from a central

location Convincing users to keep data on a central

server rather than on their local PCs Controlling user server disk usage

Rolling Out New MachinesRIS, scripts, SysPrep and more

Remote Install Services– Ghost-like tool stores images on server and allows

simple one-floppy pull-down– But only stores W2K images and needs PCI NICs

(laptops need not apply)– Some fantastic undocumented stuff lets you do Server

rollouts, $OEM$ features, and customize setup screens– If done right, RIS is a wonderfully flexible tool

Scripted installs for W2K Pro are far easier Sysprep 1.1 lets you create generic images, burn

on CDs and roll them to any hardware

System Lockdownnetwork admins need to control user desktops

Solution: Group Policies Benefits:

– Far more comprehensive than system policies– Can control what apps run on a machine, what

users can modify, lots of other stuff– Can be assigned to groups of users, groups of

machines, sites, organizational units, domains– Much harder to circumvent

System Lockdown“curses, those users have foiled me again!”

Problems:– Only works on W2K workstations– Requires quite some planning, or it can

significantly slow down logons– Complexity leads to a need for a modeling tool to

compute the “Resultant Set of Policies” (RSOP)– Head of RDP program called policies “the most

complex W2K issue -- tougher than AD”

Central Application Deployment“where did I put that CD, anyway?”

Solution: packages deployed to the Windows Installer Service via group policies

Benefits:– Apps save files in My Documents after “spouse

mode” install– Apps self-heal– No need to give Admin accounts to users

Central Application Deployment“don’t tell me -- I need W2K desktops, right?”

Problems:– Only works on W2K workstations– Installer-ready apps are rare so far– Admin packaging tools haven’t been as useful as

promised– Many benefits aren’t required, just suggested for

the Logo program; here’s a case where MS should be pushing a bit harder

Fostering Central Data Storageimagine if Briefcase worked...

Solution: Offline Files (but W2K PCs only) Benefits:

– Caches oft-used network files locally– Apparently speeds network response time– Works when the net is down– Allows traveling users to bring a part of the net

with them– Synchronizes cache/network versions– My Documents an obvious candidate

Controlling Server Space Usagedisk quotas come to W2K

Problem: limited server disk space Solution: disk space quotas come to W2K Benefits: very, ummm, simple to work with Problems:

– Very lame– Cannot apply quotas using groups, or to groups– Must apply amounts user-by-user

Remote Control and Admin

Remote Controlwhat’s new

Terminal server built into every Server Telnet server built into every 2000 Scripting can offer low-bandwidth remote

control tools W2K is markedly more scriptable -- can now

do admin scripting with VBScript, Javascript, Perl, WMI, Windows Scripting Host

Even W2K Pro: Manage Computer, NM 3.0

Remote Controlwhat’s missing

Very little, actually! The worst of it is that the network admin

types will probably have to learn scripting skills!

It’d be nice if Terminal Services worked better on low-speed links without Citrix

Bottom line: START TO LEARN SCRIPTING, NOW

Last question about Server before moving to Professional:

Will Server succeed in the market?

Well, possibly yes...

Beating Windows (and NT 4) On The Desktop

In Case You’re Not Confused Yet

Windows 95 = DOS plus some 16 bit and some 32 bit application platform

Win NT 4.0 = completely different OS with a similar-looking user interface

Win 98 = Win 95 version 1.1, more DOS-plus Windows 2000 = NT 4.0 with plug and play, Active

Directory, CCM So what to call the NEXT DOS-plus type Windows? My guess: 2001 = really Windows, 2002 = NT, etc.

What W2K Has That W98 Doesn’t Offline files Rollout and deployment tools (RIS, Group Policies,

Microsoft Installer) Remote “Manage Computer” interface Home directories work finally Enforced driver signatures Encrypting FS Has always had NTFS, Task Manager, more solid

What W2K has that NT 4 didn’t

Plug and Play Encrypting File System Offline Folders Deployment tools APM support and ACPI support Home directories Great accessibility tools “Folder settings” seems to remember now Remote “Manage Computer”

What W2K Has That You’ll Hate

Windows 2000 Professional is pretty resource-heavy– 96-128 MB RAM minimum– Expensive ($319, $219 W9x upgrade, $149 NT

upgrade)– Uses almost 500 MB of disk space

As always, not 100 percent legacy app compatible – Wintendo may win here

Laptop Friendliness

Laptop Friendliness

NT 4 lacked power management, hot plug and play, plug and play, USB, suspend/hibernate, encryption

W2K gets all of those things Problem: as it’s a bit heavy, may not be

appropriate for many laptops Problem: doesn’t always detect changes in

networking after suspend/hibernate

Plug and Play, Hardware Support, USB

Plug and Play

Benefits:– All rewritten, not the Windows 9x code– Seems to run fairly solidly

Problems:– Despite misleading claims, W2K drivers are not

Windows 98 drivers, so drivers are scarce

Plug and PlayOddities and problems

Stuff that seems not to work usually:– IEEE 1394 boards– Most hardware MPEG decoders– Most USB modems– As always, check the HCL and don’t assume that

things will work, unfortunately Support does exist for a surprising array of

old stuff -- CD burners, TV tuner boards

Summary Advice

Hey, Minasi, how about the short version?

Before implementing, ask: will it pay off?

0

0.5

1

1.5

2

2.5

3

3.5

4

1965 1970 1975 1980 1985 1990 1995 1998

Final Grades:

Enterprise: B- Reliability: B- Support tools:B+ Remotability: A Kill NetBIOS: I Beat Wintendo: A- Laptop friendly: A- Plug and Play:B

What do I DO????the problems

There’s no smooth path between an NT 4 domain and a W2K domain

Many of W2K’s benefits simply don’t work until you’ve migrated to Active Directory (“watch that first step, it’s a lulu…”)

But some benefits will work fine without AD, and there’s a learning curve to working with a W2K desktop, whether server or pro

One ApproachNot Microsoft’s but a bit more gradual

Move your workstations to Professional– Learn the UI changes, get a feel for the level of

driver support you’ll find overall, check apps Then move the member servers to W2K

– IIS 5, web folders, offline files, better WINS Then migrate some DCs to AD

– But first sync and shut down an NT 4 BDC– When you trust it, start using the AD features

“Do AD later? Isn’t 2000 Without AD A Dumb Idea?” DNS, WINS, DHCP is improved Routing: Internet Connection Sharing, NAT IIS: 2x faster, better restarts, multiple sites are easier,

has ASP 3.0 Plug and Play, power management Telnet, scripting, Terminal Services Some Dfs Encrypting file system, other NTFS 5.0 features Nope, it’s not a dumb idea at all; in fact, I strongly

recommend that you get DNS nailed before starting your AD implementation

One Final Thought…

1998 1999

NT Server Market Share 38% , #1 38%, #1

Linux Market Share (Server market)

12%, #4 25%, #2

What will we be talking about here next year?

Thank You!

I hope this was useful, thanks for joining me Email:[email protected] I invite you to sign up for my free newsletter

at www.minasi.com

Don’t miss the reception (free eats!) in the Vendor Hall downstairs -- it’s right now!

And I’m doing a book signing in the Vendor Hall at 5:50 PM -- make your book a collector’s item (yeah, right)