Latest version of NT blends the best of two OSes

Is Microsoft Windows NT Workstation 4.0 still the champ?

Workstation 4.0 arrived as the most streamlined and reliable graphical operating system
that Microsoft Corp. had ever turned out. After the GCN Lab’s second examination of a
beta version of NT Workstation 5.0, I’ve concluded that NT 4.0 may still be the most
streamlined, though 5.0 does have greater stability.

During the seemingly unending development and testing of NT 5.0 on the workstation
side, Microsoft has promoted it as a universal operating system for desktop and portable
use. On the server side, Microsoft has ventured out into the enterprise server space,
hoping to consolidate its hold in new workgroup and departmental sales.

In this review, I’ll look at what NT Workstation 5.0 will mean for government
users. In the next issue, I’ll look at the second beta of NT Server 5.0 and the
Active Directory.

Workstation 5.0 tries to satisfy 99 percent of its potential users. Like Microsoft
Office 97, it has more features than most people will ever need, want or understand.

Mixed into the cornucopia are truly helpful plug-and-play device installation, better
management of applications and hardware, and better security. But Microsoft still
doesn’t understand that the best OS for a graphics workstation might not fit desktops
or notebooks, and vice versa. More targeted versions of NT, based on the same kernel but
optimized for different environments, would have been a better approach.

Ironically, although NT 5.0 is supposed to replace Windows 9x, the only reason NT is
still around is that Windows 95 didn’t meet everyone’s needs, especially at the
higher end.

Microsoft is promoting Workstation 5.0 as the best of Windows NT combined with the best
of Windows 9x. In truth, its sum is greater than its parts.

The first thing you notice is how different installing Workstation 5.0 is from the 4.0
installation. Not only can you upgrade from Windows 9x and keep all your settings, you can
set Workstation 5.0 to install itself, unattended.

A number of new wizards help with device and network setup. But the wizards are enough
unlike those of NT 4.0 that most people will take time to get used to them, even though
they’re sick and tired of trying to install and manage new devices—if they can
find the right NT driver, that is.

NT has always excelled in leveraging network connections to supply services.
Workstation 5.0 supports several additions to the TCP/IP stack that improve network
throughput considerably.

Workstation 5.0 also has more advanced virtual private networking features. You can
choose from the Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol or IPSec
protocol to set up a connection. You authenticate via Kerberos 5, Remote Authentication
Dial-in User Service, smart cards or public-key encryption.

The new wizards definitely make it easier to set up VPN connections and avoid
configuration errors.

NT in general, and NT 4.0 specifically, has several strikes against it when it comes to
security, however. Microsoft programmers are still a little green in the security area; NT
4.0 was the first Microsoft OS that could even lay claim to business-class security.

The old LAN Manager security model on which NT was based never aspired to more than
workgroup-level security. Couple that with a complex security policy and the lack of a
directory service, and you are in trouble.

Strike two: Because NT 4.0 is so much easier than many Unix operating systems,
individuals and offices unfamiliar with security practices are using it. NT 4.0 has become
a victim of its own popularity.

Finally, NT is so large, complex and infrastructure-heavy that a few security holes are
inevitable. Compared with an OS such as Linux, NT is much harder to debug and to cleanse
of security holes.

So is it three strikes and out for NT 5.0? No. Microsoft has made several acquisitions
to gain a little more institutional knowledge about security.

One major step forward is the Encrypting File System in NT 5.0. It encrypts files or
directories with a randomly generated key unrelated to the keys used for public- or
private-key encryption.

EFS also encrypts temporary files associated with already encrypted files. If you open
an encrypted file in Corel WordPerfect, the temporary files for it are also encrypted.

NT 5.0 has robust support for public/private-key encryption and smart cards. The
Kerberos 5 security protocol not only provides a widely recognized level of security, it
also can exchange Kerberos security certificates with other operating systems including
most forms of Unix.

Workstation 5.0 works better on the road than 4.0. An Advanced Configuration and Power
Interface protects mobile users against poor battery performance. They can hot-plug PC
Cards, thanks to the addition of device Plug and Play.

The best thing about Workstation 5.0 as a mobile platform is that it supports offline
network access. Cached documents, directories and network paths are fully addressable
after the mobile device disconnects from the network. Once it reconnects, a wizard
synchronizes the file versions with those on the server.

Workstation 5.0 can easily cache Web pages for offline perusal. And direct connections
to other computers via infrared ports or cables are simpler to set up and use.

Continuing 5.0’s theme of better connectivity, Microsoft’s Telephony
Application Programming Interface 3.0 can handle voice, video and data on a single TCP/IP
network. This will be a boon for mobile users and telecommuters, provided they have enough
bandwidth. TAPI 3.0 also improves interaction with remote users and field offices.

Universal Serial Bus devices will work with Workstation 5.0, and clients can send print
jobs over an intranet or the Internet to printers operating under Windows NT Server 5.0.
Microsoft has added Hypertext Markup Language printer management and the ability to grab
print drivers through a uniform resource locator.

All this complexity, of course, means more things to manage. Workstation 5.0 has the
same Microsoft Management Console used in NT 4.0 Enterprise Edition and slated for NT
Server 5.0. The console sets up an open environment for which Microsoft and other vendors
will write management plug-ins. No matter what part of a PC you are trying to manage, you
do it within the same interface.

The main plug-in for PCs running NT 5.0 is the Computer Manager. This one tool replaces
the NT 4.0 Event Monitor, Device Manager and User Manager. In addition, Computer Manager
is the front door to system tools and storage management.

Software management has always been a weak point in Windows 9x and NT 4.0. Workstation
5.0 has better tools.

Successful installation and removal of software until now has depended on how well the
software developer followed Microsoft’s standards. In NT 5.0, the Windows Installer
Service will play a larger role. It will monitor and enforce correct installation, putting
Dynamic Link Library files in the new program’s own directory as the first real cure
for DLL conflicts.

Because it monitors and keeps a log file, Workstation 5.0 will do much better at
uninstalling programs’ associated files and registry entries. Even the Beta 2 version
I tested could install and uninstall programs cleanly.

Perhaps the biggest change for software management is IntelliMirror. When Workstation
5.0 works in tandem with Server 5.0, IntelliMirror provides server-based central
management of user settings and user document data. It can repair damaged application
files while ensuring that settings and documents follow their owners around no matter
where they log in.

Workstation 5.0 deals with a failed software installation by rolling back the
application to its previous working state. If a new application fails, 5.0 can undo the
installation, removing related files and registry entries.

Naturally, many of these promised features depend on other vendors’ designing
their applications to take advantage of the Windows Installer API.

Current NT 4.0 users will appreciate the lower rate of rebooting under NT 5.0.
Microsoft has numbers to back up this claim; according to the NT 5.0 reviewer’s
guide, the number of scenarios under which the OS must be rebooted has dropped from about
50 to five. This is an even bigger boon for Server 5.0 administrators, but Workstation 5.0
users certainly will welcome it.

Another reliability plus is the Windows Driver Model. Shared between Windows 98 and NT
5.0, WDM is a common driver framework for many types of devices. Third-party drivers will
be tested and, if passed, will get a digital signature from Microsoft. The digital
signature authenticates the driver to NT 5.0.

Part of NT Workstation 5.0, of course, is the Internet Explorer 5.0 browser. Other
features include asynchronous transfer mode support, a personalized Start menu and many
extras.

Because it is destined for wide deployment, NT 5.0’s peaks and potholes will be a
fact of life for most users, who will need retraining. For administrators and support
staff, this is not an upgrade to be taken lightly. Government sites should do testing and
evaluation before putting 5.0 on user desktops.

The investment probably will be worth it for many offices.

I would have liked to see more support for server environments other than NT,
specifically Novell NetWare and Novell Directory Services. As it stands, NT Workstation
5.0 will work best on NT Server 5.0 networks.

Considering the fact that NDS is a much more mature directory service, it’s a
shame Microsoft is reinventing the wheel and forcing users to put up with Active
Directory’s growing pains.

Thankfully, the system requirements for NT 5.0 are the same as for 4.0: at least a
166-MHz Pentium PC with a minimum 274M of free storage and 32M RAM—more is better.