Windows 2000: Do all the new features make the case for Win 2000 Server?

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
 

Connecting state and local government leaders

By

The release of Microsoft Windows 2000 occurred in February with promises from Microsoft Corp. that it would be stable, secure, scalable and manageable. How well did the company deliver on those promises?

When running in a mixed NT and Win 2000 environment, an Active Directory domain controller assumes the role of the NT primary domain controller and removes the former PDC from the domain. Because the directory service is based on an extension to the Internet Domain Naming System, DNS must be present and working on the network where a domain controller for Active Directory is deployed. Win 2000 uses Dynamic DNS, an extension to DNS that allows automatic updates of machine names against IP addresses.All Active Directory objects are named in accordance with the American National Standards Institute X.500 naming structure and are connected to one another via DNS.Microsoft divides the Active Directory into sites for replication purposes. Each site must have a working DNS infrastructure and correct pointers inserted into the local DNS database.This is an easy job for those experienced in TCP/IP and DNS, and it's mandatory for successful replication inside and across sites.The Active Directory uses a multimaster replication model. This means that, unlike when using NT resource and user domains, administrators do not need to establish trusts among domains. Trusts can be established between different groups of the most elemental objects in a domain, but most network designs won't need such relationships.The simpler Active Directory model makes Win 2000 more scalable than NT.Win 2000 earns a B+ for scalability.Win 2000 should tolerate most of the commercial applications that run under NT, but you'll need to test each custom-written software product that your office uses in order to properly evaluate Win 2000's compatibility. Certainly, switching to Win 2000 means you'll have to get new system utilities, such as those from Symantec Corp. of Cupertino, Calif., as well as new antivirus software.In grading the new operating system's ability to run applications, I give Win 2000 an Incomplete.Win 2000 Server's Active Directory is a considerable improvement over NT's network domain model. If your network consists of computers that only run Windows and you plan to keep it that way, upgrading to Win 2000 likely is the right choice.Your network administrators will spend less time updating user information when people join or leave your organization, and you'll have fewer problems when users access shared resources on your network's various servers.On the other hand, if your network is a heterogeneous mixture, Active Directory may not save sufficient network administrator time and effort to make upgrading to Win 2000 worthwhile.

By Barry Nance

Special to GCN

The new OS takes some giant leaps forward, but not without a few steps back

The release of Microsoft Windows 2000 occurred in February with promises from Microsoft Corp. that it would be stable, secure, scalable and manageable. How well did the company deliver on those promises?

Two reviewers, computer analyst and consultant Barry Nance and Irv Epstein, Unisys Corp.'s vice president for Win 2000 programs, assess the new operating system, focusing on its scalability, security, directory services and handling of applications. They also list what they like best and the things they think need improvement.


Microsoft Windows 2000 is both better and worse than its predecessor, Windows NT 4.0. It improves on NT 4.0 in areas such as scalability, power management and connectivity, but it requires greater resources'in computing power, money and maintenance expertise'and burns its bridges to many existing utilities and applications.

Most of my quibbles with the operating system are fairly minor, however. The key to understanding what's good and bad about Win 2000 is its biggest new feature, Active Directory. If you choose to upgrade to Win 2000, it will likely be because you find Active Directory a compelling way to organize your network.

Active Directory, a proprietary feature that works well with other Microsoft software but poorly with any other software, constitutes the biggest difference between NT and Win 2000.

Departments and agencies that use Microsoft software exclusively may find Active Directory's time-saving, well-organized representation of network objects a worthwhile reason to switch to Win 2000. Others, likely because they also rely on operating systems such as Novell NetWare or Unix, may choose to delay upgrading or perhaps even phase out Windows from their server environments and migrate solely to Unix.

Directory services

Active Directory is Win 2000's central repository for storing log-on identifications, passwords, shared disk and printer information and other network tidbits. You administer Active Directory via the easy-to-use Microsoft Management Console to add, change or delete users as well as define relationships among the servers on your network. Computers running Win 2000 automatically share Active Directory data among themselves, making Active Directory a single point of maintenance for network data.

Each server can play one of three roles in the Active Directory infrastructure: standalone server (not a participant in Active Directory), member server (member of an Active Directory domain, but not a domain controller), or domain controller. Active Directory predefines a great number of network parameters for you, and programmers can extend it even further with custom definitions unique to your organization's network.

Unfortunately, servers running NetWare and Unix cannot interface with Active Directory to obtain user IDs, passwords or file access permissions.

I'd give Microsoft a grade of B' for its excellent but proprietary design of Active Directory.

Security

Servers can run in mixed NT and Win 2000 mode, or in native Win 2000 mode, which precludes relationships with NT domains except through directory brokerage services. Running Win 2000 in native mode removes many of the widely publicized NT LANManager security problems that plagued NT Server and makes accessing network resources quicker and simpler for both end users and administrators.

Win 2000 derives its security from Active Directory. The Win 2000 Kerberos authentication system, which works closely with Active Directory, issues an electronic ticket when a user logs on to a particular server. The OS uses the ticket as a shortcut to authenticate a user to other domain controllers without forcing the user to log on separately in each domain. The entire process is encrypted and transparent to users.

But Win 2000 is not yet certified at the National Computer Security Center's C2 security level, which could slow its adoption by government agencies. Despite the company's best design efforts, Microsoft programmers had to make several changes to Win 2000's security functions in the last few weeks before the product's release.

Microsoft already shipped security changes in the first set of patches for Windows 2000. Keep in mind that, because of its prominence, Microsoft has become a popular target for
hackers.

Win 2000 earns a C for security.






Hit List
What's good about Win 2000 Server:


  • Active Directory has a central network resource repository.
  • Many applications run faster than they do under NT 4.0.
  • Scalability is better than NT 4.0's.
  • File and print server, Web server, message queue server and File Transfer Protocol server are included.
  • IntelliMirror synchronizes files when redocking a notebook computer.
  • Installation is easier than NT 4.0.
  • Power management tools for notebook computers are included.
  • Universal Serial Bus and FireWire port connectivity are supported.
  • Management of desktop PCs is centrally administered and policy-based.
  • Dynamic Link Library replacement
    protection is included.
Wish list:

What needs to be changed or improved:


  • Make Active Directory less proprietary.
  • Improve security.
  • Expand apps that support Win 2000's clustering technology.
  • Bolster device support.
  • Make more reliable.
  • Add support for MS-DOS programs.
  • Reduce demands on processing power, RAM and disk space.
  • Avoid making system utilities and antivirus programs obsolete.
  • Reduce price.
  • Lessen maintenance requirements.




Scalability

















Applications





Active Directory







Barry Nance, a computer analyst and consultant for 28 years, writes from Wethersfield, Conn., about information technology. E-mail him at barryn@erols.com

NEXT STORY: START

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.