MISSION CRITICAL! WINDOWS 2000 SERVER ADMINISTRATION

xi Chapter 1: Introduction to Windows 2000 Server 1 Introduction 2 The Key to Unlocking Your Network: Active Directory 5 Differences in Windows 2000 Server Security 12 Comprehensive File

FREE Monthly Technology Updates

One-year Vendor Product Upgrade Protection Plan

FREE Membership to Access.Globalknowledge

If it’s a high-risk, high-impact, must-not-fail situation, it’s MISSION CRITICAL!

Robin Walshaw, MCSE

Technical Editor:

D Lynn White, MCPS, MCSE, MCT, MCP+I

”This book is perfect for administrators who

need an advanced Windows 2000 reference.

I will turn to it again and again.“

–Eric Livingston,

Vice President and Chief Technology Officer

AppNet, Inc.

With over 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we have come to know many of you personally By listening, we've learned what you like and dislike about typical computer books The most requested item has been for a web-based service that keeps you current on the topic of the book and related technologies In response, we have created solutions@syngress.com, a service that includes the following features:

■ A one-year warranty against content obsolescence that occurs as the result of vendor product upgrades We will provide regular web updates for affected chapters.

■ Monthly mailings that respond to customer FAQs and provide

detailed explanations of the most difficult topics, written by content experts exclusively for solutions@syngress.com

■ Regularly updated links to sites that our editors have determined offer valuable additional information on key topics.

■ Access to “Ask the Author”™ customer query forms that allow readers to post questions to be addressed by our authors and editors.

Once you've purchased this book, browse to

www.syngress.com/solutions

To register, you will need to have the book handy to verify your purchase Thank you for giving us the opportunity to serve you.

s o l u t i o n s @ s y n g r e s s c o m

M I S S I O N C R I T I C A L !

WINDOWS 2000

SERVER ADMINISTRATION

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents The Work is sold

AS IS and WITHOUT WARRANTY You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other dental or consequential damages arising out from the Work or its contents Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

inci-You should always use reasonable case, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc “Career Advancement Through Skill Enhancement™,” “Ask the Author™,” “Ask the Author UPDATE™,” and “Mission Critical™” are trademarks

of Syngress Publishing, Inc Brands and product names mentioned in this book are trademarks or service marks

of their respective companies.

KEY SERIAL NUMBER

Mission Critical Windows 2000 Server Administration

Copyright © 2000 by Syngress Publishing, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis- tributed in any form or by any means, or stored in a database or retrieval system, without the prior written per- mission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

Printed in the United States of America

1 2 3 4 5 6 7 8 9 0

ISBN: 1-928994-16-4

Copy edit by: Beth Roberts Proofreading by: Fred Lanigan

Technical edit by: D Lynn White Page Layout and Art by: Reuben Kantor

Index by: Robert Saigh and Shannon Tozier

Co-Publisher: Richard Kristof

Distributed by Publishers Group West

Ralph Troupe and the team at Callisma for their invaluable insight into thechallenges of designing, deploying and supporting world-class enterprise net-works

Karen Cross, Kim Wylie, Harry Kirchner, John Hays, Bill Richter, Kevin Votel,Brittin Clark, Sarah Schaffer, Ellen Lafferty and Sarah MacLachlan of

Publishers Group West for sharing their incredible marketing experience andexpertise

Mary Ging, Caroline Hird, and Simon Beale of Harcourt International formaking certain that our vision remains worldwide in scope

Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of HarcourtAustralia for all their help

David Buckland, Wendi Wong, David Loh, Marie Chieng, Lucy Chong, LeslieLim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthu-siasm with which they receive our books

Kwon Sung June at Acorn Publishing for his support

Ethan Atkin at Cranbury International for his help in expanding the Syngressprogram

Special thanks to the professionals at Osborne with whom we are proud topublish the best-selling Global Knowledge Certification Press series

v

From Global Knowledge

At Global Knowledge we strive to support the multiplicity of learning stylesrequired by our students to achieve success as technical professionals Asthe world's largest IT training company, Global Knowledge is uniquelypositioned to offer these books The expertise gained each year from pro-viding instructor-led training to hundreds of thousands of students world-wide has been captured in book form to enhance your learning experience

We hope that the quality of these books demonstrates our commitment toyour lifelong learning success Whether you choose to learn through thewritten word, computer based training, Web delivery, or instructor-ledtraining, Global Knowledge is committed to providing you with the verybest in each of these categories For those of you who know Global

Knowledge, or those of you who have just found us for the first time, ourgoal is to be your lifelong competency partner

Thank your for the opportunity to serve you We look forward to servingyour needs again in the future

Warmest regards,

Duncan Anderson

President and Chief Executive Officer, Global Knowledge

About the Author

Robin Walshaw (B.Sc Computer Science, MCSE, DPPM) is an independent

consultant who delivers strategic Windows 2000 solutions to large tions around the globe Born in England, Robin spent the majority of his ear-lier years in Scotland and South Africa One of the first MCSEs in Africa, heenjoys being at the forefront of new developments in network and operatingsystem architecture

corpora-With a flair for developing strategic IT solutions for diverse clients, hehas worked in the world of computers in eight countries, and has traveled toover thirty countries in the last ten years A veteran of numerous global pro-jects, Robin has honed his skills across of a wide variety of platforms andtechnologies

Though an industrious computer professional by day, by ‘night’ Robin

is an experienced mountain guide Robin is a keen sportsman and has aged to balance work with a passion for climbing the world’s highest moun-tains, culminating in an attempt on the North Ridge of Mount Everest

man-Residing with his wife, Natalie, in London and South Africa, Robin can

be contacted via email at rwalshaw@hotmail.com Displaying Herculeanresolve, Natalie simultaneously manages to keep Robin’s feet on the groundand a smile on his face Some men just have all the luck

Contributors

Melissa Craft (CCNA, MCSE, Network+, CNE-3, CNE-4, CNE-5, CNE-GW,

MCNE, Citrix) is a Director of e-Business Offering Development for MicroAge.MicroAge is a global systems integrator headquartered in Tempe, Arizona.MicroAge provides IT design, project management and support for distributedcomputing systems Melissa develops enterprise-wide technology solutions andmethodologies for client organizations These technology solutions touch everypart of a system’s lifecycle—from network design, testing and implementation

to operational management and strategic planning Melissa holds a bachelor’sdegree from the University of Michigan and is a member of the IEEE, theSociety of Women Engineers and American MENSA, Ltd Melissa currentlyresides in Phoenix, Arizona with her family, Dan, Justine and Taylor, and hertwo dogs, Marmaduke and Pooka

Debra Littlejohn Shinder (MCSE, MCP+I, MCT) is an Instructor in the AATP

program at Eastfield College, Dallas County Community College District,where she has taught since 1992 She is Webmaster for the cities of Seagovilleand Sunnyvale, Texas, as well as the family Web site at www.shinder.net Sheand her husband, Dr Thomas W Shinder, provide consulting and technicalsupport services to Dallas area organizations She is also the proud mom of adaughter, Kristen, who is currently serving in the U.S Navy in Italy, and ason, Kris, who is a high school chess champion Deb has been a writer formost her life, and has published numerous articles in both technical and non-technical fields She can be contacted at deb@shinder.net

Thomas W Shinder, M.D (MCSE, MCP+I, MCT) is a Technology Trainer and

Consultant in the Dallas-Ft Worth metroplex Dr Shinder has consulted withmajor firms, including Xerox, Lucent Technologies, and FINA Oil, assisting inthe development and implementation of IP-based communications strategies

Dr Shinder attended medical school at the University of Illinois in Chicago,and trained in neurology at the Oregon Health Sciences Center in Portland,Oregon His fascination with interneuronal communication ultimately meldedwith his interest in internetworking and led him to focus on systems engi-neering Tom works passionately with his beloved wife, Deb Shinder, to designelegant and cost-efficient solutions for small- and medium-sized businessesbased on Windows NT/2000 platforms

Technical Editor

D Lynn White (MCPS, MCSE, MCT, MCP+I) is President of Independent

Network Consultants, Inc Lynn has more than 14 years experience in working and programming She has been a system manager in the mainframeenvironment as well as a software developer for a process control company.She is a technical author, editor, trainer, and consultant in networking andcomputer-related technologies Lynn has been delivering mainframe,

net-Microsoft-official curriculum and other networking coursed in and outside theUnited States for more than 12 years

xi

Chapter 1: Introduction to Windows 2000 Server 1

Introduction 2

The Key to Unlocking Your Network: Active Directory 5

Differences in Windows 2000 Server Security 12

Comprehensive File, Print, and Web Services 17

Chapter 2: Active Directory—The Heart of

Introduction 28

Where Active Directory Fits in the Overall Windows

Developing a Naming Strategy 40Active Directory’s Integration with DNS 41How Active Directory Uses DNS 43

Domain Plan Including DNS Strategy 58

Organizational Unit Structure 60

OU Objects in the Active Directory 60

Summary 63FAQs 64

Chapter 3: Migrating to Windows 2000 Server 67

Introduction 68

Primary Domain Controllers (PDCs) 76Changes Required when Upgrading a

Nested Groups 94

Delegating Administrative Authority 95Insert into the Replication Topology 96Migrating from Novell Directory Services 97Upgrade Clients to Windows 2000 Professional 98Summary 100FAQs 102

Chapter 4: Implementing Domains, Trees

Introduction 104

Installing the First Domain in Active Directory 105

Integrating DNS into the Active Directory 110

Sizing the Active Directory Store 139

Summary 145FAQs 147

Chapter 5: Planning and Implementing Active

Introduction 150The Function of Sites in Active Directory 150Default-First-Site-Name 153Replicated Active Directory Components 153

Schema and Configuration Containers 155

Configuring Site Replication Components 166

Replication in Active Directory 170

Where to Place Global Catalog Servers 177Implementing a Site Structure in Active Directory 178

Replication Monitor (REPLMON) 183Replication Administrator (REPADMIN) 183DSASTAT 183Understanding Time Synchronization in Active Directory 184Summary 185FAQs 187

Chapter 6: Advanced Active Directory 189

Introduction 190Interfacing with Active Directory 190ADSI 190RPC 192

DCOM 193Exchange Server Active Directory Connector 193Synchronizing with the Novell Directory Service 195

Microsoft’s Metadirectory 195

Implementing a Disaster Recovery Plan 200Modeling Sites with Disaster Recovery in Mind 201The Active Directory Database File Structure 204Backup 205Creating an Emergency Repair Disk 206Recovering a Failed Domain Controller 208Authoritative Restore of Deleted Objects 208

Add a Server to Two Different Sites Simultaneously 214

Chapter 7: Configuring IntelliMirror 223

Introduction 224

How Group Policies Are Applied 229

Group Policy Information Storage 231

Link a Group Policy Object to a Container 241Keeping Groups from Growing Over Time 242Delegating Control of Group Policy 243

Policy Executes in the Wrong Way 246

Groups 247

Viewing Security Features in Active Directory

IP Security Policies on Active Directory 256

Access Control Entries (ACEs) 257

Summary 260FAQs 261

Chapter 8: Managing Settings, Software, and User Data with IntelliMirror 263

Introduction 264Deploying Software with Group Policies 264

ZAP Files 273

Targeting Software and Using the Software

Software Installation Options 281

Application Deployment Walkthrough 285

Managing User and Computer Settings 287Using Administrative Templates 288Assigning Registry-Based Policies 290Creating Custom Administrative Templates 293Adding Administrative Templates 299

Assigning Script Policies to Users and Computers 301

Summary 305FAQs 306

Chapter 9: Managing Users and Groups 309

Introduction 310

Defining an Acceptable Use Policy 310Requirements for New User Accounts 312Default User Account Settings 313

Account Policy Configuration 315Modifying Properties for User Accounts 317

Other Active Directory Users and Computers Functions 320

Mapping a Certificate to a User 321Using Groups to Organize User Accounts 323

Adding Users through Group Settings 328

Preparing to Create Local Groups 331

Settings Saved in a User Profile 339

Creating Individualized Roaming User Profiles 341

Setting Up a Roaming User Profile 342Assigning Customized Roaming Profiles 343

Home Directories and My Documents 343

Creating Multiple User Accounts 345Migrating Users from a Windows NT 4.0 Domain 345

Creating New Active Directory Users in Bulk 346Importing Users from Novell Directory Services (NDS) 348Summary 348FAQs 349

Chapter 10: Managing File and Print Resources 351

Introduction 352

Configuration Options for Windows 2000 Storage 365

How NTFS Permissions Are Applied 370

Using Special Access Permissions 375

Copying and Moving Files and Folders 378

Creating Shared Folders 381

Assigning Permissions to a Shared Folder 383

Planning the Print Environment 386Local, Remote, and Network Printers 386Creating the Print Environment 386

Installing a Network Printer 387Installing a Printer from Another Server 388

Security/Sharing Permissions 389

Specifying Printer Priorities 391

Managing Documents in a Print Queue 392Setting Priority, Notification, and Printing Time 392Administering Printers by Using a Web Browser 393Summary 394FAQs 396

Chapter 11: Inside Windows 2000 TCP/IP 397

Introduction 398

IP Address Classes and Subnets 398

Seven Layers of the Networking World 401

TCP 404UDP 405

IP 405ARP 408ICMP 408IGMP 408

Windows 2000 TCP/IP Stack Enhancements 410

DHCP 412DNS 412SNMP 412

ARP 412Hostname 413Ipconfig 413Nbtstat 414Netstat 415Nslookup 415Ping 416Route 417Tracert 417Pathping 418Netdiag 419SNMP 421

Using Windows 2000 Monitoring Tools 425

Buffers 430

Summary 437FAQs 439

Chapter 12: Managing Windows 2000 DHCP Server 441

Introduction 442

The Process of Obtaining a Lease 442DHCPDISCOVER 443DHCPOFFER 443DHCPREQUEST 443

DHCPACKNOWLEDGMENT (DHCPACK) 444DHCP Negative Acknowledgment (DHCPNACK) 444

DHCP Options Order of Precedence 456

Optimizing Lease Management Practices 466

Determining the Number of DHCP Servers to Use 467

Chapter 13: Managing Windows 2000 DNS Server 477

Introduction 478

Compatibility of DNS Server Versions 485

RFC 2137 Secure DNS Updates 491

Registration of Server in DNS Using the SRV Record 493

DNS Server Roles and Security Topology 494

Configuring DNS Services 503Creating Forward Lookup Zones 503Creating Reverse Lookup Zones 507

Chapter 14: Managing Windows 2000 WINS Server 521

Introduction 522

B-Node 524P-Node 524M-Node 524H-Node 525

NetBIOS Name Registration Request 528

Connecting WINS Servers through Replication 535Designing a Network of Multiple WINS Servers 538

New Features in Windows 2000 WINS 541

Chapter 15: Windows 2000 Security Services 561

Introduction 562Windows 2000 Security Infrastructure 562

Kerberos 565Private/Public Key Pairs and Certificates 566

Contents of a Microsoft Kerberos Ticket 576Delegation of Authentication 576Preauthentication 576

Using the Security Configuration Tool Set 579Security Configuration Tool Set Overview 579Security Configuration and Analysis Snap-In 579Security Configuration and Analysis Database 581Security Configuration and Analysis Areas 581Security Configuration Tool Set User Interfaces 582

Local Policies and Event Log 586

Restricted Groups 586

Security Configuration in Group Policy Objects 589Additional Security Policies 589

Using the Security Configuration and

Using Security Settings Extension to

Chapter 16: Securing TCP/IP Connections 599

VPN Definitions and Terminology 609

Security Issues Pertaining to VPNs 610

Data Security 611Windows 2000 Security Options 611

Remote User Access Over the Internet 614Connecting Networks Over the Internet 615Tunneling Protocols and the Basic Tunneling

Requirements 616Windows 2000 Tunneling Protocols 617Point to Point Tunneling Protocol (PPTP) 617Layer 2 Tunneling Protocol (L2TP) 618

How to Configure a PPTP Device 618

How L2TP Security Differs from PPTP 619Interoperability with Non-Microsoft VPN Clients 621

Overview of IPSec Cryptographic Services 622

Confidentiality 624

Encapsulating Security Payload (ESP) 625Security Associations and IPSec Key Management

Building an IPSec MMC Console 629

Rules 631Flexible Negotiation Policies 634Filters 635

Summary 642FAQs 643

Chapter 17: Connecting Windows 2000 Server 645

Introduction 646Connecting to the Internet with Windows 2000 Server 646Internet Connection Sharing (ICS) 646

What Do You Need to Use ICS? 646

ICS Address Autoconfiguration and the

Private Network Addresses vs Public Addresses 648Using Internet Connection Sharing 649Using ICS with a VPN Connection 649

Configuring Applications and Services 649

What Happens When You Enable ICS? 650Network Address Translation (NAT) 651

Setting Up the NAT Computer 652

Setting Up the NAT Client Computers 656

Accessing Other Computers’ Printers and

Accessing Other Computers’ Resources

Protecting Your Computer from Unauthorized Access 659Comparison of ICS, NAT, and Windows Routing 660

A Windows 2000 Routed Connection 660

Security 661How Do NAT and ICS Protect My Network? 661Security Issues with Routed Connections 662

Authentication and Encryption 672

RADIUS 673Summary 674FAQs 675

Just a few short years ago, no one could have foreseen the huge impactthat the personal computer would have on the working lives of so manypeople Idling on the desk of millions of office workers around the world

is a tireless instrument that extends and facilitates our ability to deliverwork Today, the personal computer and the operating systems thatrun it are as ubiquitous as the car, with which it shares several pow-erful characteristics

The modern car comes with a surfeit of features—sleek lines,aggressive low-cut features, and a powerful engine—all intended totempt the buyer But, it is the road that the car travels along thatmakes it truly productive Without the road, the modern car would besleek, beautiful, and useless Windows 2000 Professional and mostother modern personal operating systems are armed with the samesleek lines, powerful engines, and aggressive features as the moderncar To guide operating systems such as Windows 2000 Professionaldown the road of increased productivity, flexibility, and reliability, arobust and mission-critical server operating system infrastructure isrequired—an operating system infrastructure like Windows 2000Server

A significant portion of the design objectives for the Windows 2000development team was to ensure that Windows 2000 Server was themost efficient, scalable, and reliable Microsoft operating system for theenterprise Complex decision-making issues that arose during thedesign of Windows 2000 Server were handled with ruthless efficiency If

a choice arose between compatibility and stability, it was ruled as nocompetition—stability won every time That has left us with an oper-

Introduction

xxxi

ating system that has gone through one of the most rigorous testingcycles in operating system history Compound this with the involve-ment of some of the best minds in the computing business, and youhave a network operating system that can only be described as awinner.

What does Windows 2000 Server signify to information nology professionals? It means an exciting opportunity to learn newskills, provide better services, and enhance productivity (and to usecool-sounding words like ADSI and Kerberos) Windows 2000 Serverushers in a bevy of features that leverage best-of-breed technologysets This is not technology for technology’s sake, but a technicalarchitecture geared toward providing an infrastructure based ondelivery

tech-Even on first appearances, it is obvious that Windows 2000Server is a vastly complex operating system With functionality liter-ally bursting from the seams, it creates the dual opportunity forsuccess and failure The correctly prepared professional who under-stands the nature and complexities of Windows 2000 Server canprovide an outstanding infrastructure based on its reliable, exten-sible, and flexible feature set Those unprepared for managing andworking with a product as far-reaching and complex as Windows

2000 Server should prepare for a good deal of confusion and tive problem solving

reac-Windows 2000 Server is the next-generation operating systemfrom Microsoft that not only replaces, but also revolutionizes thenetwork operating system product space that Windows NT 4 Serveroccupied With adequate preparation, appreciable benefits can berealized by all information technology professionals, from theDilbert-style network manager, to the technical developer who sits

in a lotus position chanting C++ mantras But, more importantly,your clients—the users—will be able to reap the rewards that gohand in hand with Windows 2000 Server

Mission-Critical Windows—A Contradiction

in Terms?

Rightly or wrongly, Microsoft has been soundly chastised on morethan one occasion for supplying server-based operating systems

that fail ungracefully under pressure Mention Windows and

Mission Critical in the same sentence, and most people are likely to

choke on their coffee In the last 10 years, mainframes and severalflavors of UNIX have been the first choice for providing mission-crit-ical services, and for very good reasons The message chanted byhardware and software vendors alike was, “Don’t use Microsoft for

anything that just can’t go down”—a statement that most times I

would have agreed with Windows 2000 Server has changed all ofthat

The Windows 2000 product group represents the largest andmost technically advanced body of work undertaken by the mostsuccessful software company in the world It is considered by many

to be the single most important milestone in the evolutionary opment of the Windows family By providing a computing platformthat offers stability, high productivity, and compatibility, Microsoft

devel-is extending its software presence even further into the serverspace

The deluge of complaints that Microsoft has received (not tomention the battering suffered at the hands of the press) regardingits server-based operating systems has ensured that the Windows

2000 core services are built around a reliable and scalable ture Don’t get me wrong, blue screens of death are not a thing ofthe past, nor have required reboots been relegated to the dust pile

architec-of Windows anachronisms What has changed is the refocus on bility and on user requirements

sta-I am not alone in wanting 99.999% uptime, scalable directoryservices, and a secure computing platform Windows NT went someway to addressing all of those concerns, but not nearly far enough

Mission critical means different things to different organizations—tosupermarkets, point-of-sale systems are mission critical; to e-busi-nesses, Web farms are mission critical The common thread thatruns through these disparate businesses is the requirement to provide a stable, supporting infrastructure that technologicallyenables mission-critical business services—a requirement to whichWindows 2000 Server provides an almost unbeatable solution

That’s the good news The bad news is that you need more than asuperficial level of understanding of your network operating system,you need to get your hands dirty with the real technical nuts andbolts

This book is aimed at ensuring that your hands never look thesame again!

Who Should Read This Book?

If you work with Windows 2000 Server, or are planning to, then thisbook will be of use to you It is not meant to be light bedtime

reading, but an exploration of the more technical issues of Windows

2000 Server I recommend that you gain some familiarity withWindows 2000 Server concepts before reading this book (though it

is not entirely necessary, since most chapters have introductorymaterial), and that you understand general networking and oper-ating system concepts Don’t let that scare you though—you don’tneed a degree in Quantum Physics, or need to own a personalizedpocket protector to derive value from this book What you do need is

a will to get involved with the most exciting development in ating systems in the new millennium

oper-Windows 2000 Server is not a lightweight operating system Asusers have become more demanding, there has been an associatedincrease in the complexity of the supporting technical infrastruc-ture But even among scary-sounding Windows 2000 Serveracronyms like FSMO, SDOU, and LDAP, you will find concepts such

as ease of use, security, and decreased support overhead These arecertainly concepts that most people can identify with, and if you do,

then you want to understand the contents of this book.

How This Book Is Organized

When I was initially putting together the outline for this book, Irealized that it would be impossible to cover all the technology sets

in as great a detail as I would have liked—not unless I was prepared

to have a book published that no one was physically able to pickup! As a result, certain features of Windows 2000 Server havereceived greater coverage than others Core Windows 2000 Serverfeatures like Active Directory, IntelliMirror, network services, andsecurity rightfully receive the lion’s share of the coverage

For relative newcomers to Windows 2000 Server, I recommendthat you read the chapters in the order presented in the book Notall chapters are freestanding, and certain chapters should begrouped together around the core Windows 2000 Server features Ihave mentioned For those of you looking for particular technicalinformation, or those who need no introduction to Windows 2000Server, feel free to page through and use this book as a technical

reference Hopefully, within no time your copy of Mission-Critical

Windows 2000 Server will take on the appearance of a truly useful

book—in other words dog-eared and discolored, with a fair amount

of pencil work in the margins!

courage of my convictions Martin Walshaw—big brothers just don’tcome any better Costas Kellas, for starting me down the road Thelads from the valley—Uruman Gwuafi, Alex Harris, David Ker, SeanDisney—thanks for teaching me that no mountain is too high—liter-ally Andrew Williams and Syngress, for being all the things a goodpublisher should be D Lynn White, for a great job of technicalediting this back breaker

My last and most important acknowledgment goes to the personwho brings the light into my life Natalie—thank you for helping meclimb mountains, write books, sleep late, and most of all for being

my wife—this book is yours as much as mine Just you know why

Introduction to Windows 2000 Server

Solutions in this chapter:

■ What’s New in Windows 2000 Server?

■ What’s Not New in Windows 2000 Server?

■ Windows 2000 Challenges

Chapter 1

1

Significant changes in the way that computers are used in the workplacehave heralded an increased focus on issues such as security, manage-ability, scalability, and reliability The use of information technology hasushered in an era characterized by high availability, high productivity, andincreased support levels Unfortunately, the burden of responsibility restssquarely on the shoulders of the IT professional to ensure that the infras-tructure meets the requirements of the modern demanding user

It is no great secret, or surprise, that legacy technologies are beginning

to creak under the strain of ever-increasing user requirements, stabilityinitiatives, and management drives to lower the cost of ownership A newtechnology set was needed to provide services that existing operating sys-tems could not Microsoft itself was guilty of a lack of technical deliverywith glaring omissions in the Windows NT 4 technical strategy that

included the lack of a perceived stable mission-critical server platform andthe absence of a cohesive infrastructure to manage configuration changes With a vision of providing an operating system for the future, Microsoftbegan development on its most ambitious project to date: Windows 2000.The aims of the design team, though simple in theory, proved to be muchmore difficult to achieve in reality They had to provide scalable answers tothe deficiencies in Windows NT 4, and satisfy design objectives that

included:

■ Increasing reliability, availability, and scalability

■ Reducing costs through simplified management

■ Providing a powerful and robust Internet and application serverMuch has been said about the complexity and size of this new brain-child The modern-day software malady of ever-increasing size and com-plexity has certainly directly affected Windows 2000 Server, but not

necessarily in the manner that many people perceive

There is no doubting that Windows 2000 Server is a mammoth exercise

in coding complexity Can a software project so large and intricate escapeits unwieldy foundation to provide a truly stable computing platform? I cancite a classic modern example in defense of Windows 2000: its older sib-ling, Windows NT 4 Comparatively speaking, Windows NT 4 included a ver-itable minefield of code and feature changes over the ground-breaking

Windows 3.x The new operating system was to support memory protection,

preemptive multitasking, and a limited directory service in a time whenDOS and Windows 3.1 ruled the roost Is the difference between Windows

2000 and Windows NT so substantial that we cannot draw confidence fromthe benefits gained during the migration from the veritable Windows 3.1 tothe (then) cutting-edge 32-bit Windows NT platform?

Whether you plan to deploy it or are already using it, a lasting firstimpression of Windows 2000 Server is the vast array of integrated function-ality Casual inspection reveals a hauntingly familiar interface—is it justWindows NT 4 with a slick version of the Windows 98 GUI? Actually,nothing could be further from the truth By probing a little deeper it soonbecomes apparent that Windows 2000 Server combines an evolutionaryupgrade path with a revolutionary feature set.

This chapter touches on the powerful features of Windows 2000 Server,and its effect on the organization and Administrators Windows 2000Server presents a radical change from its predecessor, and knowledge of itsmyriad of features is required to leverage its true power

What’s New in Windows 2000 Server?

When confronted by the sea of features and changes that accompanyWindows 2000 Server, it is easy to understand the need to address some ofthe new features in detail, while touching on others in no more than a cur-sory fashion Microsoft supplies a “feature highlight” that includes almost

80 major features—enough to make the eyes water!

Microsoft, to its credit, has learned that it is not possible to satisfy thediverse set of server requirements with a “one package fits all” strategy Toallow Windows 2000 Server to scale from the small business right into themultinational corporate server farm, it has been divided into a family ofserver operating systems (Table 1.1)

Each of the various flavors supports the much-touted Active Directory,which is probably the most critical element of the Windows 2000 Serverfamily Active Directory simplifies management, extends interoperabilitywith applications and devices, and improves security

The entry-level and most commonly used edition is Windows 2000Server Standard Edition The nomenclature for Windows 2000 AdvancedServer hearkens back to the early days of Windows NT, when the nameAdvanced Server made its debut Aside from its nostalgic name, AdvancedServer maps most closely to Windows NT Server Enterprise Edition It con-tains all the features and benefits of Windows 2000 Standard Edition, butincludes support for larger deployments The inclusion of support for net-work load balancing, clustering, and a more scalable memory and CPUarchitecture makes Advanced Server an excellent candidate for large SQLServer databases, for high-end Web servers, and for meeting the demands

of high-end, critical file and application services

Windows 2000 DataCenter is Microsoft’s top-of-the-line model In tion to having all the features of the Standard Edition and AdvancedServer, DataCenter supports more processors and larger amounts ofmemory Windows 2000 DataCenter Server is ideal for extremely large-scale