size=1 Tahoma? font-family: bold; font-weight:> Windows2000 ve Extra Tip'ler --------------------- Windows2000 Install Rehberi Windows 2000 hakkında Active Directory Kurulum Rehberi Database Dizayn Tipleri Harddisk Arızaları Win98,Word,Excel Kısayolları AnaSayfa

Table of Contents

Executive abstract

You’ve heard that the next Windows NT generation software delivers increased reliability, availability, and scalability. You know it offers new and improved management features, including the much-heralded Active Directory, that reduce operating costs. You’ve heard, too, that Windows 2000 provides comprehensive Internet and applications support.

What you may not know is how it really works. What should you expect when you implement W2K within your enterprise-computing environment? What are the real-world hardware requirements for the new operating system? What changes will be required in your management, training, administration, and support operations? We at TechRepublic will try to answer such questions in this White Paper.

Our editors and contributors will also examine several other issues, including whether your organization needs to upgrade to or implement Windows 2000 and how the new OS affects trainers and administrators. If you haven’t had time to test the new OS in your corporate environment, we’ll give you a first-hand tour of the new features and tools Microsoft has added to its next network platform.

Worried about what’s going to happen to your Windows NT 4.0 systems? Never fear—we’ve taken that into consideration also.

One thing is certain: Windows 2000 is here. Microsoft released its next generation operating system on February 17, 2000. Administrators, support personnel, trainers, IT managers, consultants, and CIOs everywhere had better be prepared.

Rest assured that Windows 2000 will play a significant role in corporate computing. Microsoft’s push to ensure its new OS doesn’t falter is a sizable one by any measure. Regardless of what happens as a result of the antitrust verdict, W2K remains a natural upgrade for Microsoft shops. We hope you find that, as you evaluate the new operating system, this report sheds considerable light on the new platform’s features, enhancements, and capabilities.

Bob Artner

Vice President for Content Development

TechRepublic.com

When to move to Windows 2000

The introduction of Windows 2000 has significant repercussions for systems administrators, network professionals, and other IT employees worldwide. After all, Windows NT implementations outpace all other network installations, according to an International Data Corp. poll published in InfoWorld.

The poll revealed that 82 percent of IT professionals surveyed have Windows NT installed, for which W2K will be the next natural progression. However, 30 percent of those responding said they have no imminent plans to replace any of the operating systems in use.

So why was there such anticipation for Microsoft’s Windows NT 4.0 successor? Are the features and improvements in Windows 2000 so much better than those in Windows NT? Or does Windows NT 4.0 have such shortcomings that it needs to be upgraded quickly? In our opinion, the answers are yes and no, respectively.

According to Microsoft, Windows 2000 is designed to let organizations increase the value of existing investments while lowering overall computing costs. What does that mean for you, the network administrator? You will be able to do more with less, thanks to improvements in the OS.

For example, W2K simplifies administration and management, strengthens security, and extends interoperability. In fact, Active Directory provides a centralized method for managing users, groups, security services, and network resources. It also provides several standard interfaces, allowing interoperability with a variety of applications and services.

You’ll also find comprehensive file, print, and Web services; extended interoperability with other operating systems; improved storage management; and broader support for authoring tools. Internet Information Server has been boosted, too. IIS 5.0 boasts greater reliability, increased scalability, and improved support for multiple sites.

Before your enterprise decides on any major platform, you typically ask yourself:

• Would your organization benefit from simplifying administrative tasks?
• Would your organization benefit from the use of centralized directory services?
• Is security important to your company?
• Will your company be growing quickly and require scalability in its systems?
• Does your organization require improved file, print, and Web services?
• Would your company benefit from improved hardware support?

• Does your organization have legacy systems that must be integrated?
• Would your organization suffer if availability of its systems were to suffer?

While most administrators would answer yes to all these questions without a second thought, one more question needs to be examined:

• Is your company willing to expend the time and capital required to make the migration smoothly and with minimal interruption to users?

Herein lies the quandary. Few systems administrators would hesitate to make the upgrade if they could do so for free, of course. Every improvement almost always comes with a cost.

In the case of Windows 2000, the costs come in the form of several factors:

• Software and licenses
• Hardware
• Integration planning
• Implementation
• Maintenance

Another consideration is the fact that, if you’re installing a new network, it’s wise to install the most recent version of an OS. Doing so ensures you have access to the most recent security innovations, network applications, drivers, and improvements. And should a client or corporation need a new network deployed, Windows 2000 is what you’ll find on the store shelves.

• Investing more than $30 million for W2K application readiness.
• Establishing Windows 2000 porting labs at 15 sites.
• Seeding 500,000 customers and developers with Beta 3.
• Running 21,000 Microsoft employee systems on Windows 2000.
• Spending more than $40 million on Windows training for 150,000 IT and channel professionals.
• Sending SWAT teams to early adoption sites.

System administrators will find improved functionality with UNIX, Novell, and IBM hosts, as well as other operating platforms. In fact, Microsoft boasts that Windows 2000 Server works with existing platforms and technologies by providing a framework that covers network, data, applications, and management integration. The OS also provides support for key open standards.

Windows NT has coexisted with Novell NetWare, and other operating systems expect the same of Windows 2000. Many corporations probably will choose to eventually replace Windows NT 4.0 systems with Windows 2000 but leave their Novell, UNIX, and/or other systems untouched. Still more will probably add W2K machines to environments with NT 4.0 before upgrading the older NT installs.

If you’re using the latest protocols and drivers from different OS and hardware vendors, you’ll want to ensure your equipment and platforms interoperate with Windows 2000. Some firms found the latest implementations of Novell clients didn’t interoperate with Windows 2000 Beta 3, and hardware support, or the lack thereof, is among the main concerns raised by beta testers.

TechRepublic’s own tests revealed that a PC running Windows NT Server 4.0 could not run Windows 2000 without adding memory and updating the CD-ROM drive and the network interface card. So, beware of shortcomings regarding hardware support and be sure to check Microsoft’s Hardware Compatibility List (HCL) before beginning a deployment.

The ease with which a company migrates to Windows 2000 largely depends on its size. As an organization increases in scale, the complexity of its network and systems grows as well. In addition to having to support multiple sites, larger organizations support different operating environments and various legacy systems.

Existing Windows NT 4.0 systems sporting the latest service packs (Service Pack 6a is the most current iteration at the time of publication) should experience the least trouble upgrading to Windows 2000 Server. Likewise, clients running Windows NT 4.0 Workstation should experience the least difficulty when upgrading to Windows 2000 Professional.

• Registry database and structure
• File system and folder architecture
• Security architecture
• Operating system kernel architecture
• Device driver model

It should be noted, though, that Windows 2000 Professional and Windows 2000 Server both will probably require new drivers, and in some cases, new hardware.

Microsoft recommends deploying Windows NT Workstation as the best method for preparing for Windows 2000 Professional. Redmond’s promises of the benefits of moving to Windows NT Workstation include:

• Up to 35 percent total cost of ownership reduction.
• Up to 30 percent performance increase over Windows 95 and Windows 98.
• More than triple the reliability versus Windows 95 and Windows 98.
• Nearly 30 percent reduction in help desk calls.
• Protection against data theft, unauthorized access, and fraud.

In some cases, it will be best to delay or replace implementing certain systems. In many cases, legacy systems and hardware just won’t possess enough horsepower to run the new OS. Computerworld magazine advises against migrating the following Windows machines to Windows 2000:

• Client PCs more than two years old without extensive (including BIOS) upgrades
• Any Windows 95/98 machine that must run custom applications or those not listed on Microsoft’s Windows 2000 READY Application Catalog
• Machines running the earliest Windows versions
• Machines that must host devices not appearing on Microsoft’s HCL

Don’t expect to flip the switch quickly—Microsoft recommends making a slow, gradual move to W2K, starting with a move to Windows 2000 Professional on desktop clients. After all, the OS was in development for more than five years, so don’t expect to implement it system-wide in one week.

There are several reasons to expect that this will be the most complicated Microsoft deployment administrators have made to date:

• Administrators will need some time to become comfortable with the new Active Directory and tree structure.
• New load balancing and security features will take time to test and deploy.
• New drivers and, in some cases, new hardware will have to be installed.

Several features and applications have been moved around and now “live” within other applications. For example, don’t look for Disk Administrator under Start | Administrative Tools (Common)|Disk Administrator. It’s now an application housed under Computer Management (Local).

While administration and management functions might be eased almost immediately after deployment, don’t look for tangible returns quickly. Computerworld reported that large companies won’t enjoy key benefits for up to 18 months after deployment.

Computerworld quoted analysts as saying, “Major features in Windows 2000, such as Kerberos security and Active Directory, won't be available unless the new operating system is sitting squarely on every desktop and server. So users who take the slow road to W2K will face a long haul before the cost of software, new hardware, information technology training, and deployment are paid off in big benefits.”

Until all servers in an enterprise are upgraded and all W2K functions are powered up, benefits will be constrained. Karan Khanna, a Windows NT product manager for Microsoft, was quoted in Computerworld as saying, “The new directory and the new security can’t do their jobs unless they can reach out to every Windows-based server and desktop. Old versions simply won’t function with the new architecture.”

There’s no doubt most network administrators will find many reasons to upgrade or implement W2K in one of its forms. However, many will wait for the early adopters to implement the OS. Based on their experiences and trade publication and peer reports, and possibly the arrival of a service pack, IT professionals will gradually begin migrating their networks over to the new OS. However, don’t look for widespread implementation until well into 2000 or even 2001. Some companies will deploy W2K even later.

Meet the new and improved features

Windows 2000 is built on the rock-solid foundation of Windows NT. Features added to W2K promise to:

• Ease the pains of installation.
• Improve manageability of enterprise resources.
• Enhance system recoverability.
• Make going mobile easier with increased power management support.

Microsoft claims that the upgrade from Windows NT 4.0 to Windows 2000 is as easy as 1-2-3. While the installation of Windows 2000 is not quite as easy as counting to three, improvements in Plug and Play and the Installation Wizard have made installation much easier than previous versions of Windows NT.

Plug-and-play support finally has made it to a network server operating system. Installing a new peripheral with Windows NT was always difficult. Furthermore, installing Windows NT on an older system could turn into an all-day affair. Microsoft has improved the Windows 2000 setup by integrating the Windows 9x plug-and-play process into the Windows 2000 operating system. While hot-swapping PCI devices is not currently available, W2K plug-and-play support is still very good.

The Windows 2000 Configure Your Server Wizard is another welcome enhancement. This new wizard steps you through setting up such complex components as Active Directory and Domain Name Services. With the wizard, you don’t need to go to several different Control Panel applets to complete your installation.

Once you have your system installed, you can keep it up to date with the latest patches, fixes, and add-ons by adding a Windows Update icon to the Start menu. When you click on the icon, you are taken to Microsoft’s Web site, where you can download the latest updates.

Active Directory (AD) is probably the most important new feature of Windows 2000 Server. AD, the new directory service used to store information about network resources, catalogs network resources and can provide users with access to millions of objects. AD uses Dynamic Domain Name Services (DDNS) for its name system and can share information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or Hypertext Transfer Protocol (HTTP). (For more on Active Directory, see our section devoted to this new technology.)

Something all of you UNIX gurus will enjoy: Windows 2000 offers a command-line console. From the command line, you will now be able to perform any task that you would be able to access through a graphic user interface (GUI).

This new feature is especially handy if you are administering a server over a slow dial-up connection. It also is helpful for automating administrative tasks using Practical Extraction and Reporting Language (PERL) or batch files.

It is essential for system administrators to have the ability to control disk space. However, in Windows NT there was no built-in mechanism to limit the amount of network disk space available to users. You had to purchase third-party applications to fill this void. Windows 2000, using NTFS 5.0, includes disk quota software. Disk quotas can be assigned to users or groups, and warning levels can be assigned to alert administrators when disk space is getting low.

Another area where you had to turn to a third-party vendor was disk fragmentation. Windows 2000 now includes a built-in defrag utility. While this utility does not include all the whistles and bells available from some third-party vendors, it is still a good basic package.

IntelliMirror is Microsoft’s answer to total desktop management. IntelliMirror provides software installation, user document management, and user settings management. IntelliMirror will replace the functions of Roaming User Profiles, the My Briefcase application, and many of the functions performed by Microsoft’s System Management Server.

Windows NT has always had the ability to stop runaway applications from executing. However, when an application was stopped, only the single runaway process was killed, leaving other spawned processes still running in memory. To handle this problem, Microsoft has made improvements to the kill process in the Task Manager. Now when the kill process command is issued, the original process and all subroutines started by that process are terminated.

W2K offers protection of system files. When new applications are installed, many times system DLLs can be overwritten. With Windows 2000 system file protection, if a system file is overwritten, this feature copies the original system file back over the new file. On the downside, if your application requires that a system DLL be replaced in order for your application to run, it is up to Microsoft to distribute the new DLL.

Windows 2000 uses a new Installer Service that defines and enforces application setup, keeping track of shared software components and managing installs and uninstalls. This new service also keeps track of key components of an application and can reinstall missing or corrupted files. This introduces the idea of self-healing applications; however, the application must be designed to take advantage of this new feature.

Windows 2000 has made huge improvements over Windows NT in power management. Windows 2000 fully supports Advance Power Management (APM). W2K will allow you to customize your APM settings, such as when to turn off the monitor and hard disks. Also, Windows 2000 supports hibernation mode. This feature copies the entire contents of RAM to a file on the hard drive; you can then turn off the system. The next time the system is powered up, the system memory is loaded from the file on the hard drive and you can begin working exactly where you left off.

What happens to NT Server 4.0?

NT Server 4.0 has been around since 1996. Six service packs later, countless organizations around the world depend on it to run their line of business systems. Why? They have nailed down a system that is stable in their configuration, for their needs, in their environment, with their users. In all those organizations, the current NT 4.0 installation clearly has a lot of gravity.

NT 4.0’s installed base is too vast to be ignored. There are countless small businesses that have either just invested in NT 4.0 or Small Business Server and have perfectly adequate solutions for their requirements. Just as important, high-level Windows 2000 admin skills are just now coming online.

Those enterprises that do decide to start implementing Windows 2000 into their existing NT 4.0 domains must start with solid planning before any new software leaves the shrink-wrap. This planning for W2K is also likely to bring together different groups within IT departments in new ways.

• To plan the Active Directory namespace, DNS administrators should be consulted, which often means bringing in the UNIX people.
• To forecast network usage, the infrastructure group will be required, because site replication, application deployment services, terminal services, and name resolution are going to place different requirements on the network than NT 4.0 does.
• The desktop team will need to look at how policies and profiles are going to translate into Windows 2000 Professional desktops and how the application deployment and IntelliMirror services are to be used.
• The server team will want to have their hardware and server-end software completely tested and should make sure that availability can be guaranteed.
• IT management will need to consult business units to define sites and the directory tree—and all this time NT 4.0 will be plugging away, keeping the business running.

The foundation of the planning process will indeed revolve around the existing NT 4.0 installation. The move to Windows 2000 will not happen quickly. Many steps can be taken now, not least of which is to clean up the existing domain structure. Other steps are:

• Clean out duplicate accounts.
• Account for existing trusts and determine whether they are required and not superfluous.
• If Master domains and Resource domains exist, ensure that accounts and groups are in the correct domains.

If a sound domain structure can be ensured now, then a lot of pain will be saved later in the migration.

A large percentage of the enterprises that move to Windows 2000 are going to be migrating from NT 4.0. Valuable skills will be those concerned with such migrations and supporting the previous NT 4.0 infrastructure. The most valuable people will competently handle such work. There will also be those who stay primarily with NT 4.0, supporting the important work of keeping the business going while the migration takes place. The skills they learn in aiding the migration process while keeping the established network running smoothly will be portable from project to project, and therefore marketable.

The support desk, right from the first-line telephone operator to the third line, will also need to be brought into the project with training on the new OS. We imagine an essential tool will be a constantly updated, accurate, network map showing which parts of the network have been upgraded, the services available on those parts, and who is still using NT 4.0 on the desktop or at the server.

NT 4.0 has an important role in 2000 and beyond. It will not be abandoned quickly. However, to ease migrations and to maximize expertise, you should consolidate the NT systems and people in your organization.

Introducing Active Directory

The buzz surrounding Active Directory (AD) hails the directory service as the most important new feature of the Windows 2000 server. It has been touted as a complex, fast, reliable resource management system that—if properly configured and maintained—will provide the backbone for Windows 2000.

AD has been designed to centralize all of the user, group, application, printer, and computer information on your network in one central repository. Rather than having to administer many different domains and trust relationships between them, all network information can be placed in AD.

AD can maintain up to 10 million objects—network users, groups, and computers—in a single domain.

Having a single domain with 10 million AD objects makes for a very large database. Active Directory’s primary function is to provide fast, reliable access to this large database. AD is based on the X.500 architecture and uses the Extensible Storage Engine database format (ESE97), the same architecture introduced by Microsoft Exchange Server 5.5. This database is hierarchical, allowing it to grow larger while still allowing fast access.

The domain model for Windows 2000 has changed drastically from the model used for Windows NT 4.0. AD drops the concept of Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs) within domains. Instead, all domain controllers (DCs) act as peers with one another, allowing you to make changes to the database of any server in the tree. All changes are forwarded to all servers throughout the network in what Microsoft calls a multi-master replication. This can make for a lot of network traffic, and special consideration should be made for slow wide area network (WAN) links.

Not only do the controllers all work together, you can also now quickly reassign DCs to other domains in your Active Directory tree. You no longer have to completely reinstall the operating system to move DCs from one domain to another.

Even though Microsoft has built Active Directory from scratch, it did so using many Internet-based standards. Microsoft based AD authentication on the Kerberos and X.509 security models, increasing overall network security. Active Directory makes use of DNS to resolve network names and server locations. AD itself is based around and can use LDAP (Lightweight Directory Access Protocol) for the basis of its directory schema and access.

Domains in earlier versions of NT made up the entire manageable collection of users, printers, servers, and workstations on your network. In Windows 2000, domains are merely a subset of the larger tree. Each domain is a partition of the network's namespace. Items within the domain share a common
security policy.

Also new is the concept of forests and trees. AD trees consist of a group of domains that share the same schema and configuration. Domains in a directory tree all have a contiguous namespace.

In contrast, a forest contains one or more sets of trees that don't form a contiguous namespace. Different trees in a forest trust one another using transitive Kerberos trust relationships. Trees in a forest share a common schema, configuration, and global catalog.

Don't confuse trees, forests, or sites. Trees and forests are used to manage administration and security in an organization. Sites reflect geographical boundaries. You may choose to arrange a site’s trees and forests using a geographical or an organizational approach, but doing so doesn't affect the sites of the domains.

When designing the tree, Microsoft allows you break the tree down into sites. A site is a collection of workstations and servers along subnets with fast connections. Within a site, NT replicates information after a regularly defined time. Between sites, NT replicates data only at selected times or events to minimize WAN traffic.

To speed tree-wide searches, AD creates a separate index file called the global catalog. The global catalog contains a list of all the objects from all the domains in the entire AD tree. It also contains a few of the properties from each object. (An administrator can change the index criteria.) This global catalog is then distributed to all servers in the AD.

Microsoft uses the term namespace to refer to any collection of domains with a common DNS root name. Examples of items within the same namespace include support.microsoft.com, developer.microsoft.com, and marketing.microsoft.com.

Namespaces in an Active Directory tree can be contiguous or disjointed. In a contiguous namespace, domain names share the same root name. For example, marketing.ecg.com is contiguous with a namespace of ecg.com.

Disjointed namespaces contain domains that are interrelated but don't share common root names. For example, if you have related resources in ecg.com and ecg.net, the namespaces are considered disjointed.

Within a domain, you can create organizational units (OUs). OUs are containers that hold objects such as users, groups, and printers in the Active Directory. You can organize OUs into a logical structure that matches the way you work and organize your business. Additionally, you can delegate administration based on permissions assigned to the organizational unit. Therefore, it would be wise to use OUs to divide the domain into functional units such as Accounting, Human Resources, and Information Systems. Using organizational units reduces the number of domains needed to manage the tree.

To exchange all the data between servers, AD must know how to address the AD servers. Active Directory uses Domain Name Services (DNS) for this address resolution. DNS uses IP, and that means if you are not using TCP/IP on your network, you will not be able to use Active Directory.

Also, if you are currently using TCP/IP on your network and you are using Dynamic Host Configuration Protocol (DHCP), you will have to implement Dynamic DNS (DDNS). Unfortunately, DDNS is so new that you can’t use existing DNS server software, including the NT 4.0 DNS server, to support it.

At the time of this writing, DDNS had a few other problems. First, while DDNS can store the information about the location of the resource, it has no way of telling whether the resource is actually active. The DDNS server provides the name and location of the service to your client. The client then must check all the locations to make sure that the resources are available.

Active Directory cannot use Windows Internet Naming System (WINS) for address resolution. But AD can share information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or Hypertext Transfer Protocol (HTTP).

Active Directory represents network resources in the form of objects. Objects that can have rights to access other objects are called security principals. In AD, the only security principals you have are user or group objects.

To understand the effect of this, assume you wanted to allow all the people in your branch office to access a printer. In an Active Directory environment, you'd have to grant rights to each user or create a BranchOffice group and assign rights to the group

AD uses Access Control Lists (ACLs) to control the rights objects have. ACLs control who can do what with an object and what an object can do.

Active Directory uses static inheritance to allow rights to flow from one object to another. When you assign rights to higher container objects, the rights can flow down, but not without your help. You must go to the subordinate object and validate the rights granted to the superior object.

Active Directory's static inheritance may cause performance problems on your network. Because each object must update its ACL list to accept the rights you grant, more traffic flows over the network in a multi-server environment.

For example, if you make one update to an object controlling 100 objects in an AD environment, each object's ACL lists must update. These 100 object updates must then replicate to each server DC in the AD tree. If you have many servers, or have your tree divided across WAN links, this can take quite a lot of your network's bandwidth.

Active Directory limits the ability to grant rights to users beyond an administrative scope. Administrative scopes can only go down to the individual OU level. This means that you can only grant a user administrative rights over an organizational unit, not an individual object.

Unfortunately, in an Active Directory environment, administrative rights can't flow across domain boundaries using trust relationships. When you grant administrative rights at the top of the AD tree, the rights may not flow to the bottom of the tree if you have multiple domains in your tree. You must grant the administrative rights at each domain.

As you add more servers, your network directory becomes more complex and key to the smooth operation of your network. Fortunately, Active Directory allows you to break your directories down into manageable units called partitions. You can then spread the information in your directory trees among servers on your network by replicating the partitions.

AD doesn't use time stamps alone for detecting updates. Instead, it uses Update Sequence Numbers (USNs). Any time you make a change to an object, Active Directory gives it a USN.

The servers check each other on a regular basis and compare the USNs of their objects. If a server finds that a neighbor has a USN for an object higher than its own, it copies the change to its replica of the database and increments its USN to match.

AD makes partial use of time stamps for updates. If for some reason two servers have identical USN updates for the same object, AD then checks the time stamps of the update. After finding the USN with the latest time stamp, it makes the update.

AD only allows you to create replicas at the domain level. If you have servers spread across WAN links, you'll need to create domains at each site and trust relationships between them. If you don't, you may create a situation where replications take place over slow WAN links, saturating your WAN with needless traffic.

Currently Microsoft has no plans to support client operating systems for any platform other than Microsoft-based operating systems. Even in that universe, you're limited. Microsoft recommends that you upgrade Windows NT Workstation clients to Windows 2000 when it ships. Microsoft will ship software for Windows 9x clients to allow them to see Active Directory servers. If you're running other Microsoft operating systems, such as MS-DOS or Windows 3.x, you're out of luck. You're also out of luck if your clients run a non-Microsoft operating system such as the MacOS, Linux, or OS/2.

What you need in hardware

All the advancements, improved functionality, and new features in Windows 2000 also bring new hardware requirements. While many systems administrators will be able to run W2K on their existing servers and workstations, others will find they need to upgrade their hardware to run the OS.

W2K supports new hardware features, including plug-and-play BIOSes and expansion cards; support for USB, IEEE1394, and Fibre Channel; hierarchical storage management; I20 architecture; and Windows NT Server running on 64-bit platforms. All these features are hardware hungry, of course.

The minimum hardware requirements for Windows 2000 Server include a 133-MHz or better Pentium-compatible processor, 128 MB of RAM, and a 2-GB hard drive with 1 GB of free space. Windows 2000 Advanced Server demands the same hardware. Windows 2000 Server supports up to 4 GB of RAM and four CPUs. Windows 2000 Advanced Server supports up to 8 GB of RAM and eight CPUs. For better performance, you should consider:

• A 400-MHz or better processor
• 256 MB of RAM
• Support for Advanced Configuration and Power Interface Specification,
  Version 1.0
• Support for 32- and 64-bit buses and devices compliant with PCI 2.1
• No ISA expansion slots
• A Year-2000 BIOS

It’s recommended that, when installing Windows 2000 Server as an enterprise-class box, you use a 450-MHz or faster processor with at least 512 KB of L2 cache. If multiple processors are used, RAM should be bumped to a minimum of 256 MB.

For Windows 2000 Server, a minimum of 2 GB of free hard drive space is recommended. Add two more gigabytes if you’re installing Remote Installation Server.

Microsoft’s Windows 2000 Ready marketing program for computer manufacturers requires that desktop machines sport 64 MB of RAM and a 300-MHz processor. Laptops can get by with a 233-MHz processor.

Ron Kauffman, MCSE, an independent consultant and network engineer for a private college, found Windows 2000 Beta 3 was indeed power hungry. Following installation on a P200, 32-MB RAM box, he experienced several GPFs. Moving the OS to a P300 with 64 MB of RAM eliminated the problems he believed were due to the demand placed on system resources by Active Desktop.

Preparing support

Why is my title bar two colors?”

Millions of new questions will be popping up at support centers everywhere, marking the beginning of the new support issues for Windows 2000. The guys in Redmond have been quite busy; this will not be your father’s Windows 95. W2K is based on the NT kernel and has the same “features” as Windows NT 4 as well as the GUI, Plug and Play, and USB support of Windows 98.

The best place to start your attack is to figure out what OS you have now. This sounds simple. But does Bob in accounting still have IBM-DOS 3.3? If your current user base is using anything less than Windows 95, we feel your pain, but here’s the assumption we’ll operate under: All users are using Windows 95 or Windows NT 4.0.

Some of the common problems with the previous Windows products in the enterprise have been rectified in Windows 2000. A few of these problems are:

• Files became lost in the abyss of the network.

• You have trouble finding the right printer driver and connecting to the correct network printer.
• The system lock ups because people are using disk space carelessly.
• You deploy a system remotely, and then you aren’t able to administer it properly.

Let’s consider some of the following questions.

With Windows 2000, the new NTFS 5 implements a volume-wide indexed ID for each file. This allows the new Distributed Link Tracking feature to preserve shortcuts and OLE links to NTFS files that have undergone a name and/or path change, including a move to a different volume or computer. This lets users find their lost files that someone in the group moved to his or her local disk because the mouse pointer landed on Move instead of Copy.

How many times have you gone to the network printer only to find several pages of labels from some department you have never heard of printed on your letterhead? With the new Active Directory support, W2K virtually eliminates this problem. All shared printers in the domain are available in the directory, so you can organize printer connections by business purpose rather than by the server. Placing printers in Active Directory lets users search for a printer by features (Karen’s color printer) or by physical location (3rd floor in Cityview). This allows you to easily set system-wide printer defaults, which reduces calls to the help desk and gives you the ability to better control the use of printing resources.

In addition, the Internet Print Protocol (IPP) lets users print to a printer designated as a URL over an intranet or the Internet. Users can view print-queue status from any browser and download and install print drivers. This is not a new idea—UNIX print daemons have been printing via TCP/IP since the early 70s. And with Plug and Play that finally works, the installation and setup of printers for the workstation and server are more straightforward than ever. A user installing a printer does not need to know about driver models, printer languages, ports, or any fancy-pants computer stuff. These new printer features are real time and money savers, and they’ll make you feel like the Maytag repairman—you’ll get lonely waiting for calls on real printer problems.

Disk Quotas, your friend and mine. Some users don’t understand the idea of sharing and abuse the resources they are given. To solve this problem, you can use disk quotas to monitor and limit disk space usage on NTFS volumes by network users. These quotas can be implemented globally using group policies or on an individual basis. Quotas are both good and bad; you should have a good policy in place before implementing quotas, or you will end up with some very unhappy users. But don’t let this stop you. Good disk administration can reclaim up to 50 percent of your online storage as people delete old files and keep their play spaces more tidy (which can keep your server from locking out all users by filling up a drive with wasteful data, including AVIs and MP3s). This feature will also give you a better management tool to plan for drive upgrades and server expansion.

So with all the advancements for users, what in Windows 2000 will solve all of the support person’s woes? Well, we saved the best for last. W2K has two new management features: Remote OS Installation and IntelliMirror. Remote OS Installation provides clean, unattended desktop installation of W2K Pro. IntelliMirror retains a user's data, applications, and personal settings to regenerate on any desktop where a user logs in. These features let you make desktop assignments by group policy and have these policies apply when the user logs in, all without your participation. Isn’t that nice?

Of course, this will not be the final version of Windows. If you lived through the days of Windows 3.1 to Windows 95 migration, this evolution should be a walk in the park. Just remember: All the new cool features of W2K work only if everyone in your office is using it. The biggest stumbling block will be getting all the 95, 98, NT, and W2K clients to speak the same language. Having the same desktop OS for all your users will give you the ability to deploy a full-scale Active Directory system and have consistency in both training and support. Active Directory does not support any of the older OS installs, nor does it support MacOS, so it is imperative that all your systems are W2K compliant. In addition, with the new management systems and software distribution systems of W2K, migrating your workstations to W2K Service Pack 1 will be a piece of cake.

You’re armed with answers to many of your support call questions. It’s time to hit the field and get W2K up and running. If you are supporting a simple system configuration with one or two domains, you shouldn’t encounter major installation problems. However, if your enterprise has medium or complex configurations, you may want to surf out to Microsoft’s Web site for advice.

Plan a day of outage on the network, then drop the install CD in the drive and follow the easy prompts by using the upgrade wizard to cure almost all the woes and weirdness you might be having with NT 4.0. About an hour or so later, you will have a fully upgraded server running W2K. Check all of your configurations—you should be able to do everything that you did before.

What has this gained you, other than just a much cooler login screen and a new CD-ROM to add to your collection? After you upgrade all your workstations, you will have the ability to upgrade drivers and software, manage remote systems, and take that nap you have always wanted. Here are some Windows 2000 technologies that will affect your network:

• Active Directory—Putting all of printers, disk shares, workstations, and servers in an object-based system should be planned quite carefully.
• HSM—Putting old data onto slower media might slow you down, but data needs to be fast when it is accessed.
• Migrating DHCP and DNS—The new system could cause some workstation backlash.
• Migration of any old Novell clients—Connecting via IPX to the new system should be a major priority.

To get some of the extreme features working in your favor, get ready to spend some time catching up on distributed file systems or seek out your local Microsoft training center.

“But I still have accounting personnel who have to use Windows 95 because of the accounting system they use,” you say. Well, get the NT version of the system and you should be okay. Make sure that everyone is on the same revision in order for the new Active Directory Services and remote management to function correctly. As far as we can tell, there is no “service pack” that will make any of the old OSs W2K friendly.

The next thing that you may want to do is wait about six to eight months to start planning how to move all your auto installs, DHCP, DNS, domains, printers, and such to the new systems. In time, Microsoft will write more tools to make the migration easier.

However, if you have a firm grip on your network and have all the tools you need, by all means go for it. Planning your AD is the largest section of your new network schematic. We recommend taking a few classes to get up to speed, as it will be with you for quite a while. And a poorly planned system could result in more problems instead of the reduced system maintenance of which we all dream. To achieve the best return on your W2K investment, move every workstation and server to Windows 2000 as quickly as stability permits.

Once all your servers and clients are up to the W2K level, you will be on easy street—or at least that is what Microsoft tells us. With the new remote management systems and user maintenance systems, monitoring and keeping your software to the latest revisions should be as simple as drag and drop.

Make sure you keep your users in the loop when performing the migration. Most people find it a hassle that you are upgrading their systems just so they can get e-mail faster—or so they think. There is a learning curve in going from Win9x to W2K. It will take some training to get them used to the idea of a “client” on the network and to learn where all their files are. But the leap from NT 4.0 to W2K will be the breath of fresh air that users have been waiting for.

Your users need to be trained to understand the model of objects—how all the systems relate to one another and how easy the object tree is to follow—because it is mapped logically and not the way the HAL9000 mapped it. Your first step is to learn the Zen of Active Directory, then pass it on to your users. Some people will find it more fun treeing down the directory listings than playing Windows solitaire.

Also, you will now have the ability to use USB. Imagine letting a user plug and unplug a device, physically sharing it with others, and the driver auto-loading from your server’s driver directory.

Don’t neglect your trainers, either. In many cases, they’ll serve as your front line in pushing these new skills out to the workforce. You should ensure your enterprise is providing opportunities for IT training staff to update their own expertise on the new platform. If your corporate trainers haven’t been attending W2K classes, and preparing to teach their own, the time to begin is now.

The new Windows 2000 is the next version of NT—only the outer shell has changed. Same chassis, classier options. Users will enjoy the new, timesaving features in the new OS, and support personnel will have their load lightened.

Updating IT staff skills and certifications

Bringing an IT staff up to speed on Windows 2000 will be no small matter. There are a plethora of new wizards, utilities, applications, procedures, and practices that must be learned, not to mention new protocols, file systems, and security and management features. Further, the introduction of Active Directory Services will change the manner in which enterprise networks are designed and administered.

In order to realize the potential of the new platform, IT department employees will have to become intimately familiar with W2K, and doing so will take time and a significant investment in training. Support personnel, systems and network administrators, and other technical professionals will face the added pressure of having to develop expertise with all of Windows 2000’s new features while also maintaining day-to-day operations and the networks and systems currently in place.

Microsoft is moving aggressively to push engineers toward the new NT platform by retiring the Windows Server 3.51 and 4.0 certification tracks. Many industry observers believe the certification platforms, particularly the NT 4.0 track, are being retired much too early. Regardless, Redmond has responded by delaying NT 4.0 retirements by only two months. As a result, more than 850,000 certified Microsoft professionals will be scrambling to maintain their accredited status before their certifications begin expiring as soon as June 2001.

An entire new slate of exams began rolling out in June of 2000. While many debate the merits of IT industry certification, Windows 2000 accreditations are expected to be much more difficult to earn. As a result, they should have greater value for the IT professionals who are earning certification and for those IT departments hiring or employing certified employees.

According to an article in the June 2000 issue of Certification Magazine, International Data Corp. (IDC) studies of the Novell and Microsoft certification programs indicate enterprises enjoy considerable benefits from IT certification. And, the investments enterprises make in certifications for employees pay off quickly.

Certification Magazine says the IDC study of Microsoft’s program concluded that “a company with four servers can recoup the costs of certification in one year.” How does that happen?

Jeremy Kossen’s article states that “empirical data suggests that firms with certified employees are more productive than firms who do not employ certified staff.” Kossen adds that “both studies revealed that companies with certified staff were more efficient in two key areas: end-user support and network reliability.”

Other benefits were noted, too. Certified Microsoft engineers managed more complex problems, certified Novell staff handled more support calls per day, and the time spent solving IT problems was less when IT staff were certified.

A Dataquest market analysis published on March 8, 1999, The value of IT certification, confirms the value many IT managers place on maintaining certification. Following a comprehensive user study, Dataquest’s research revealed that “three-quarters of IT managers either agreed or strongly agreed that it is important to keep certifications updated.” Further, the study concluded that “almost 90 percent of certification candidates agreed or strongly agreed that once certified, it is important to keep a certification continually updated. Asked when would be the most appropriate time to update certifications, candidates and managers responded that every major product revision would be an appropriate time for certification update.” Certainly, Windows 2000 qualifies as the next “major product revision.”

TechRepublic recently ran a survey (albeit unscientific) on its site, and the results show IT personnel place great emphasis on certification. Respondents said they held many different certifications. Despite claims by some that IT certifications might be losing their luster, the IT professionals who responded to the survey indicated they are not only going to maintain their current certifications, but will pursue new accreditations as well. In fact, of the 60 percent responding to the poll that said they held a Microsoft certification, some 92 percent said they will maintain it.

Don’t fear losing employees you send to certification training, either. Both the Dataquest study and IDC’s research indicate that losing trained employees to better opportunities received as a result of their training isn’t a widespread issue. In fact, the Dataquest study states that, “if anything, certified employees will stay with an employer longer than those who have not received certification, and fewer than one out of 10 managers say that certified employees are more likely to leave than uncertified employees.”

As mentioned earlier, corporate trainers should already be studying for and preparing W2K classes. If your enterprise doesn’t boast an in-house training department, consider sending your IT staff to outside training facilities soon.

Just as network administrators and support personnel must upgrade their certifications while maintaining their day-to-day responsibilities, so too must trainers. Redmond has decreed that its certified trainers possess MCSEs, MCSDs, or MCDBAs.

In an effort to protect the integrity of its education program and its certified engineers and trainers, Microsoft now recommends that its certification candidates possess at least a year of experience implementing and administering enterprise systems supporting 200 to 26,000 users and five to 150 physical locations before attempting exams.

Redmond also recommends that candidates have experience supporting file and print services, databases, messaging applications, proxy servers or firewalls, dial-in servers, desktop management, and Web hosting practices. But it doesn’t end there. Candidates are also expected to have experience networking remote locations.

As you can see, the accreditation bar is being raised. The sooner your staff begins developing the expertise and skills needed to properly design, implement, and maintain a Windows 2000 network, the sooner your enterprise will enjoy the benefits the new OS offers.

Costs? We knew you’d ask sooner or later

As with any new enterprise software rollout, one of the first data points IT planners ask about Windows 2000 is the bottom line: How much will the OS cost?

Windows 2000 Professional retails for $319, which was the same price point used by Windows NT 4.0 Workstation. Upgrading from a previous version of Windows NT to Windows 2000 Professional runs $149 (after a $70 rebate), while upgrades from Windows 9x will set you back $219. This is particularly notable as there was no such upgrade previously available to consumers.

Windows 2000 Server with five-user licenses costs $999. An upgrade from previous versions of Windows NT or eligible competing products, meanwhile, runs $499. Windows 2000 Server and 10-client access licenses (CALs) cost $1,199, with such an upgrade running $599. Windows 2000 Server and 25 user licenses cost $1,799, with the equivalent upgrade requiring an $899 investment.

Windows 2000 Advanced Server retails for $3,999 and includes 25 CALs. The upgrade from Windows NT 4.0 Enterprise Edition, including 25 CALs, is $1,999. Windows 2000 Advanced Server and 25 CALs cost $3,599 when upgrading from Windows NT Server 4 or other competitive products.

According to a Joe Wilcox CNET News article, “Under the Windows NT 4 licensing program, Microsoft required a CAL for every user accessing a Windows NT server for filing and printing services, but not for Web surfers inside the corporate network or those coming in from the outside. Beginning with Windows 2000 a CAL is necessary for each individual requiring authentication, such as would be necessary for a secure online transaction.”

Thus, it stands to reason that customers looking to use Windows 2000 for e-commerce services and needing more than 50 CALs might do best purchasing Microsoft’s Internet Connector. The Windows 2000 Server Internet Connector License runs $1,999. It provides unlimited CAL licensing for Internet clients only.

Resources

What is TechRepublic?

TechRepublic (www.techrepublic.com) is the leading online destination developed exclusively for IT professionals by IT professionals. TechRepublic understands the demands, time constraints, and pressures associated with a career in information technology. The site is continually being enhanced to ensure that IT professionals have all the tools and information needed to make a difference in their careers and bring balance to their professional lives.

From the CIO to the help desk, TechRepublic provides IT professionals the ultimate experience of peer-to-peer interaction. The site's content is designed to engage, inform, and educate IT professionals with comprehensive, targeted news and information and is organized by job functions:

• Net Admin Republic features content written specifically for network administrators.
• CIO Republic provides analysis and insight for an organization's CIO, CTO, and other IT executives.
• IT Manager Republic provides information and resources for IT managers.
• Support Republic assists help desk professionals with real-world solutions.
• IT Consultant Republic features content specifically tailored to today's IT consultant.

TechRepublic was acquired by Gartner in March 2000. With the Gartner relationship, TechRepublic now provides its members the largest and most comprehensive source of IT community, content, and research.

Credits

Editor Erik Eckel, MCP+I, MCSE

Contributing Editors Ken Hardin

Contributing Writers Dave Mays

Warren Heaton, MCSE+I, CCNA

VP for Content Development Bob Artner

Senior VP for Content and Products Jeff Yocom

President Max Smith

CEO and Founder Tom Cottingham

Louisville, KY 40223

(502) 992-8000