113_toc 8/21/00 3:48 PM Page xxx Just a few short years ago, no one could have foreseen the huge impact that the personal computer would have on the working lives of so many people. Idling on the desk of millions of office workers around the world is a tireless instrument that extends and facilitates our ability to deliver work. Today, the personal computer and the operating systems that run it are as ubiquitous as the car, with which it shares several pow- erful characteristics. The modern car comes with a surfeit of features—sleek lines, aggressive low-cut features, and a powerful engine—all intended to tempt the buyer. But, it is the road that the car travels along that makes it truly productive. Without the road, the modern car would be sleek, beautiful, and useless. Windows 2000 Professional and most other modern personal operating systems are armed with the same sleek lines, powerful engines, and aggressive features as the modern car. To guide operating systems such as Windows 2000 Professional down the road of increased productivity, flexibility, and reliability, a robust and mission-critical server operating system infrastructure is required—an operating system infrastructure like Windows 2000 Server. A significant portion of the design objectives for the Windows 2000 development team was to ensure that Windows 2000 Server was the most efficient, scalable, and reliable Microsoft operating system for the enterprise. Complex decision-making issues that arose during the design of Windows 2000 Server were handled with ruthless efficiency. If a choice arose between compatibility and stability, it was ruled as no competition—stability won every time. That has left us with an oper- Introduction xxxi 113_MC2k_intro 8/21/00 4:13 PM Page xxxi xxxii Introduction ating system that has gone through one of the most rigorous testing cycles in operating system history. Compound this with the involve- ment of some of the best minds in the computing business, and you have a network operating system that can only be described as a winner. What does Windows 2000 Server signify to information tech- nology professionals? It means an exciting opportunity to learn new skills, provide better services, and enhance productivity (and to use cool-sounding words like ADSI and Kerberos). Windows 2000 Server ushers in a bevy of features that leverage best-of-breed technology sets. This is not technology for technology’s sake, but a technical architecture geared toward providing an infrastructure based on delivery. Even on first appearances, it is obvious that Windows 2000 Server is a vastly complex operating system. With functionality liter- ally bursting from the seams, it creates the dual opportunity for success and failure. The correctly prepared professional who under- stands the nature and complexities of Windows 2000 Server can provide an outstanding infrastructure based on its reliable, exten- sible, and flexible feature set. Those unprepared for managing and working with a product as far-reaching and complex as Windows 2000 Server should prepare for a good deal of confusion and reac- tive problem solving. Windows 2000 Server is the next-generation operating system from Microsoft that not only replaces, but also revolutionizes the network operating system product space that Windows NT 4 Server occupied. With adequate preparation, appreciable benefits can be realized by all information technology professionals, from the Dilbert-style network manager, to the technical developer who sits in a lotus position chanting C++ mantras. But, more importantly, your clients—the users—will be able to reap the rewards that go hand in hand with Windows 2000 Server. Mission-Critical Windows—A Contradiction in Terms? Rightly or wrongly, Microsoft has been soundly chastised on more than one occasion for supplying server-based operating systems that fail ungracefully under pressure. Mention Windows and Mission Critical in the same sentence, and most people are likely to www.syngress.com 113_MC2k_intro 8/21/00 4:13 PM Page xxxii choke on their coffee. In the last 10 years, mainframes and several flavors of UNIX have been the first choice for providing mission-crit- ical services, and for very good reasons. The message chanted by hardware and software vendors alike was, “Don’t use Microsoft for anything that just can’t go down”—a statement that most times I would have agreed with. Windows 2000 Server has changed all of that. The Windows 2000 product group represents the largest and most technically advanced body of work undertaken by the most successful software company in the world. It is considered by many to be the single most important milestone in the evolutionary devel- opment of the Windows family. By providing a computing platform that offers stability, high productivity, and compatibility, Microsoft is extending its software presence even further into the server space. The deluge of complaints that Microsoft has received (not to mention the battering suffered at the hands of the press) regarding its server-based operating systems has ensured that the Windows 2000 core services are built around a reliable and scalable architec- ture. Don’t get me wrong, blue screens of death are not a thing of the past, nor have required reboots been relegated to the dust pile of Windows anachronisms. What has changed is the refocus on sta- bility and on user requirements. I am not alone in wanting 99.999% uptime, scalable directory services, and a secure computing platform. Windows NT went some way to addressing all of those concerns, but not nearly far enough. Mission critical means different things to different organizations—to supermarkets, point-of-sale systems are mission critical; to e-busi- nesses, Web farms are mission critical. The common thread that runs through these disparate businesses is the requirement to provide a stable, supporting infrastructure that technologically enables mission-critical business services—a requirement to which Windows 2000 Server provides an almost unbeatable solution. That’s the good news. The bad news is that you need more than a superficial level of understanding of your network operating system, you need to get your hands dirty with the real technical nuts and bolts. This book is aimed at ensuring that your hands never look the same again! Introduction xxxiii www.syngress.com 113_MC2k_intro 8/21/00 4:13 PM Page xxxiii xxxiv Introduction Who Should Read This Book? If you work with Windows 2000 Server, or are planning to, then this book will be of use to you. It is not meant to be light bedtime reading, but an exploration of the more technical issues of Windows 2000 Server. I recommend that you gain some familiarity with Windows 2000 Server concepts before reading this book (though it is not entirely necessary, since most chapters have introductory material), and that you understand general networking and oper- ating system concepts. Don’t let that scare you though—you don’t need a degree in Quantum Physics, or need to own a personalized pocket protector to derive value from this book. What you do need is a will to get involved with the most exciting development in oper- ating systems in the new millennium. Windows 2000 Server is not a lightweight operating system. As users have become more demanding, there has been an associated increase in the complexity of the supporting technical infrastruc- ture. But even among scary-sounding Windows 2000 Server acronyms like FSMO, SDOU, and LDAP, you will find concepts such as ease of use, security, and decreased support overhead. These are certainly concepts that most people can identify with, and if you do, then you want to understand the contents of this book. How This Book Is Organized When I was initially putting together the outline for this book, I realized that it would be impossible to cover all the technology sets in as great a detail as I would have liked—not unless I was prepared to have a book published that no one was physically able to pick up! As a result, certain features of Windows 2000 Server have received greater coverage than others. Core Windows 2000 Server features like Active Directory, IntelliMirror, network services, and security rightfully receive the lion’s share of the coverage. For relative newcomers to Windows 2000 Server, I recommend that you read the chapters in the order presented in the book. Not all chapters are freestanding, and certain chapters should be grouped together around the core Windows 2000 Server features I have mentioned. For those of you looking for particular technical information, or those who need no introduction to Windows 2000 Server, feel free to page through and use this book as a technical reference. Hopefully, within no time your copy of Mission-Critical www.syngress.com 113_MC2k_intro 8/21/00 4:13 PM Page xxxiv Introduction xxxv Windows 2000 Server will take on the appearance of a truly useful book—in other words dog-eared and discolored, with a fair amount of pencil work in the margins! Acknowledgments There are a number of people I must thank; some of them provided invaluable help in writing this book, while others taught me many of the things worth knowing in life. Thanks go to Sonia Barrett, for teaching me to laugh, to smile, and to appreciate real music. To Ray Walshaw, for gifting me with confidence and teaching me the courage of my convictions. Martin Walshaw—big brothers just don’t come any better. Costas Kellas, for starting me down the road. The lads from the valley—Uruman Gwuafi, Alex Harris, David Ker, Sean Disney—thanks for teaching me that no mountain is too high—liter- ally. Andrew Williams and Syngress, for being all the things a good publisher should be. D. Lynn White, for a great job of technical editing this back breaker. My last and most important acknowledgment goes to the person who brings the light into my life. Natalie—thank you for helping me climb mountains, write books, sleep late, and most of all for being my wife—this book is yours as much as mine. Just you know why. www.syngress.com 113_MC2k_intro 8/21/00 4:13 PM Page xxxv 113_MC2k_intro 8/21/00 4:13 PM Page xxxvi Introduction to Windows 2000 Server Solutions in this chapter: ■ What’s New in Windows 2000 Server? ■ What’s Not New in Windows 2000 Server? ■ Windows 2000 Challenges Chapter 1 1 113_MC2k_CH01 8/17/00 1:42 PM Page 1 Introduction Significant changes in the way that computers are used in the workplace have heralded an increased focus on issues such as security, manage- ability, scalability, and reliability. The use of information technology has ushered in an era characterized by high availability, high productivity, and increased support levels. Unfortunately, the burden of responsibility rests squarely on the shoulders of the IT professional to ensure that the infras- tructure meets the requirements of the modern demanding user. It is no great secret, or surprise, that legacy technologies are beginning to creak under the strain of ever-increasing user requirements, stability initiatives, and management drives to lower the cost of ownership. A new technology set was needed to provide services that existing operating sys- tems could not. Microsoft itself was guilty of a lack of technical delivery with glaring omissions in the Windows NT 4 technical strategy that included the lack of a perceived stable mission-critical server platform and the absence of a cohesive infrastructure to manage configuration changes. With a vision of providing an operating system for the future, Microsoft began development on its most ambitious project to date: Windows 2000. The aims of the design team, though simple in theory, proved to be much more difficult to achieve in reality. They had to provide scalable answers to the deficiencies in Windows NT 4, and satisfy design objectives that included: ■ Increasing reliability, availability, and scalability ■ Reducing costs through simplified management ■ Providing a powerful and robust Internet and application server Much has been said about the complexity and size of this new brain- child. The modern-day software malady of ever-increasing size and com- plexity has certainly directly affected Windows 2000 Server, but not necessarily in the manner that many people perceive. There is no doubting that Windows 2000 Server is a mammoth exercise in coding complexity. Can a software project so large and intricate escape its unwieldy foundation to provide a truly stable computing platform? I can cite a classic modern example in defense of Windows 2000: its older sib- ling, Windows NT 4. Comparatively speaking, Windows NT 4 included a ver- itable minefield of code and feature changes over the ground-breaking Windows 3.x. The new operating system was to support memory protection, preemptive multitasking, and a limited directory service in a time when DOS and Windows 3.1 ruled the roost. Is the difference between Windows 2000 and Windows NT so substantial that we cannot draw confidence from the benefits gained during the migration from the veritable Windows 3.1 to the (then) cutting-edge 32-bit Windows NT platform? 2 Chapter 1 • Introduction to Windows 2000 Server www.syngress.com 113_MC2k_CH01 8/17/00 1:42 PM Page 2 Whether you plan to deploy it or are already using it, a lasting first impression of Windows 2000 Server is the vast array of integrated function- ality. Casual inspection reveals a hauntingly familiar interface—is it just Windows NT 4 with a slick version of the Windows 98 GUI? Actually, nothing could be further from the truth. By probing a little deeper it soon becomes apparent that Windows 2000 Server combines an evolutionary upgrade path with a revolutionary feature set. This chapter touches on the powerful features of Windows 2000 Server, and its effect on the organization and Administrators. Windows 2000 Server presents a radical change from its predecessor, and knowledge of its myriad of features is required to leverage its true power. What’s New in Windows 2000 Server? When confronted by the sea of features and changes that accompany Windows 2000 Server, it is easy to understand the need to address some of the new features in detail, while touching on others in no more than a cur- sory fashion. Microsoft supplies a “feature highlight” that includes almost 80 major features—enough to make the eyes water! Microsoft, to its credit, has learned that it is not possible to satisfy the diverse set of server requirements with a “one package fits all” strategy. To allow Windows 2000 Server to scale from the small business right into the multinational corporate server farm, it has been divided into a family of server operating systems (Table 1.1). Each of the various flavors supports the much-touted Active Directory, which is probably the most critical element of the Windows 2000 Server family. Active Directory simplifies management, extends interoperability with applications and devices, and improves security. The entry-level and most commonly used edition is Windows 2000 Server Standard Edition. The nomenclature for Windows 2000 Advanced Server hearkens back to the early days of Windows NT, when the name Advanced Server made its debut. Aside from its nostalgic name, Advanced Server maps most closely to Windows NT Server Enterprise Edition. It con- tains all the features and benefits of Windows 2000 Standard Edition, but includes support for larger deployments. The inclusion of support for net- work load balancing, clustering, and a more scalable memory and CPU architecture makes Advanced Server an excellent candidate for large SQL Server databases, for high-end Web servers, and for meeting the demands of high-end, critical file and application services. Windows 2000 DataCenter is Microsoft’s top-of-the-line model. In addi- tion to having all the features of the Standard Edition and Advanced Server, DataCenter supports more processors and larger amounts of memory. Windows 2000 DataCenter Server is ideal for extremely large-scale Introduction to Windows 2000 Server • Chapter 1 3 www.syngress.com 113_MC2k_CH01 8/17/00 1:42 PM Page 3 [...]...113_MC2k_CH01 4 8/17/00 1:42 PM Page 4 Chapter 1 • Introduction to Windows 2000 Server Table 1.1 Windows 2000 Server Family Description Windows 2000 Server Features Designed to be a powerful multipurpose server Ideal for workgroup and departmental servers s s s s s Windows 2000 Advanced Server Windows 2000 DataCenter Designed for intensive enterprise applications Provides further availability... the Windows 2000 Server family (Table 1.2)—and also, as usual, you can totally disregard them I would be sorely taxed to think of anything as mind-numbingly boring as watching Windows 2000 Server run on a Pentium 133MHz So this said, the recommendations should be read care- Table 1.2 Minimum Hardware Requirements for Windows 2000 Microsoft published minimum requirements for Windows 2000 Server and Windows. .. the corporate network as a whole Differences in Windows 2000 Server Security One of the enhancements to the security in Windows 2000 Server is the support for two authentication protocols, Kerberos v5 and NTLM (NT LAN Manager) Kerberos v5 is the default authentication method for Windows 2000 domains, and NTLM is provided for backward compatibility with Windows NT 4.0 and earlier operating systems Transitive... well-connected networks Operating systems such as Windows 2000 Server provide a number of advanced network services that facilitate reliable and scalable communication and connectivity A few of the network services Windows 2000 offers include: Certificate Services Several of the services available in the Windows NT 4.0 Option Pack are now included in Windows 2000 Server, including Certificate Services Certificates... RAM in the context of Windows 2000 Server: There is no such thing as too much of it! The Key to Unlocking Your Network: Active Directory The success or failure of a Windows 2000- enabled network will, in the majority of cases, hinge on the implementation of Microsoft’s directory service, Active Directory It is a fundamental change that affects the Windows operating system and Windows networking from... Internet Each object in the Active Directory can have its permissions controlled with a high level of granularity This per-property level of permissioning is www.syngress.com 113_MC2k_CH01 8/17/00 1:42 PM Page 13 Introduction to Windows 2000 Server • Chapter 1 available at all levels of the Active Directory Smart cards are supported in Windows 2000 Server to provide an additional layer of protection for... 12 Chapter 1 • Introduction to Windows 2000 Server s Per-property access control for objects s Smart card support for securing user credentials securely s Transitive trust relationships between domains s Public Key Infrastructure (PKI) Why the Change? The change in security in Windows 2000 Server is necessary as more organizations use the operating system for mission- critical applications The more... www.syngress.com 113_MC2k_CH01 8/17/00 1:42 PM Page 11 Introduction to Windows 2000 Server • Chapter 1 applied across the business Group Policy leverages the Active Directory and supports the IntelliMirror technology to control the scope and granularity of changes in configuration By providing a well-managed desktop environment through group policies, Windows 2000 eases the resolution and elimination of change and... Accounts department log on s Do not save settings on exit for all consultants s Disable the RunAs service for the whole organization except Administrators s Launch this Web page at user logon Windows 2000 Security Windows 2000 Server serves up a great number of security enhancements compared to what was available in previous incarnations of the operating system These enhancements include Public Key Infrastructure... the organizations that use it will be Security for Microsoft’s network operating system has undergone major surgery with the arrival of Windows 2000 Server What has emerged from the operating theatre is a product family that includes extensible, standards-based, mission- critical security Some of the new features include: s Multiple methods of authenticating internal and external users s Protection of . Introduction to Windows 2000 Server Solutions in this chapter: ■ What’s New in Windows 2000 Server? ■ What’s Not New in Windows 2000 Server? ■ Windows 2000 Challenges. infrastructure like Windows 2000 Server. A significant portion of the design objectives for the Windows 2000 development team was to ensure that Windows 2000 Server