Tweaking the system
Go under the hood of Win 2000 to pump up performance
By Barry Nance
Special to GCN
Let's say you've made the jump to Microsoft Windows 2000; you did your homework, planned your migration and figured out what you wanted Active Directory to do for you. Then you clicked on the CD, and presto'you're running Win 2000.
Now it's time to tweak. You'll want to get the most out of the new operating system, and it won't happen automatically. Here are some tips to help you move toward a smooth operation.
If you presently use Domain Name System on your network, the new relationship between DNS and Active Directory may surprise you.
Active Directory stores computer names, shared folder identifications, user identifications and other information in a central directory. Be aware that setting up an Active Directory server by default also creates a new DNS server.
To avoid this default behavior, make sure your existing DNS server is up and running on the network during the Win 2000 installation process. It'll then detect the existing server and forgo creating a new DNS server.
If you have a large network with many Windows NT computers to deal with and you plan to use Active Directory, a few software vendors already have tools to help ease the workload.New approach to security
FastLane Technologies Inc. of Halifax, Nova Scotia (www.fastlane.com
), says its DM/Suite product will help Win 2000 migration efforts by automating some directory-related tasks.
Utility tape drive software often fails after a Win 2000 upgrade. To automatically move files to and from tape, the new Hierarchical Storage Management's Removable Storage Manager gains exclusive control of the tape drive. You'll need to disable HSM or get a second tape drive to use your tape drive software.
Microsoft's approach to security has changed with the release of Win 2000. Because unprivileged users have fewer permissions than they do with NT, attempts to install a server application or service on Win 2000 are likely to fail if you're using other than an administrator-level account ID. The failure happens because unprivileged users are not allowed to put new files or change old files in the Windows system directory.
On the other hand, Win 2000 security gives you more options, better granularity and more consistent behavior'especially for Web applications'than does NT. Win 2000 offers some handy Web server security wizards to help walk you through the new security options.
Once you install the new Internet Information Server (IIS) 5.0'the Win 2000 Web server software'you'll find the Internet Services Manager console looks different from NT's console. For instance, the access and content control permissions on a Web site's Virtual Directory tab or Home Directory tab are no longer grouped separately.
Microsoft also has added a new checkbox labeled 'script source access.' Check this new option to allow Web access to script resources. Uncheck it to keep Web site visitors from being able to view your Active Server Page scripts.
NT could only run each Web application as a separate process. Under Win 2000, you can choose from three levels of Web application protection. These three options are in the dropdown list labeled Application Protection, which specifies Low, Medium or High protection.
The Low option runs the Web application as an IIS process, the Medium option runs the application in a separate memory space and the High option fully isolates the Web application from other Win 2000 applications.
Win 2000 changes the way remote control utilities intercept and redirect screen contents. If you use software such as Carbon Copy or PC Anywhere, you'll need to upgrade your remote control software.
I can't help you avoid every single obstacle and gotcha in a Win 2000 migration, but I hope you find these tips useful.Barry Nance, a software developer and consultant for 29 years, is the author of Introduction to Networking, 4th Edition and Client/Server LAN Programming. You can e-mail him at firstname.lastname@example.org.