Windows 2000

1
Windows 2000

• Klara Jelinkova
• Tom Jordan
• Steve Tanner

2
Major Goals For Windows 2000

• Distributed computing
• Address the TCO issue
• Zero Administration for Windows (ZAW)
• MMC
• IntelliMirror
• Client side caching
• Support the right standards
• TCP/IP
• DNS
• Kerberos
• HTML
• LDAP

3
Presentation Goals

• Windows 2000 Overview
• Where to go from here
• How can DoIT help you
• HelpDesk and IR
• Active Directory forum

4
Hardware Support

• Plug-and-play
• Power management
• WDM driver model (with signed drivers)
• Broad device support (e.g., DVD, scanners)

5
Storage Management

• File System
• Disk quotas
• Real-time property and content indexing
• Media management
• Dynamic Disks
• Spanned volume (not fault tolerant)
• Mirrored volumes (fault tolerant)
• Striped volume (not fault tolerant)
• RAID 5

6
World Ready

• Multilingual user interface
• Same code runs anywhere
• Simultaneous support of multiple languages
• Single worldwide API

7
Application Installer

• Current problems
• Shared DLL version conflicts
• Per user, per machine state is confused
• Uninstall frequently fails
• New Setup
• New install service as part of base OS
• Shared components only in service packs
• Much stricter Windows logo program
• Developer prepares application as an MSI
  package

8
Application problems

• PeopleSoft not supported
• ODBC Problems with machines upgraded from Windows
  9.x
• WiscWorld 3.5b supported
• NAI NetShielf not supported
• SpeedDisk Unsupported
• Minor glitches in MeetingMaker, PC Anywhere and
  other apps.

9
Addressing TCO

• Common management interface (MMC)
• Snap in custom tools
• IntelliMirror
• Policy management
• Systems Management Server

10
Microsoft Management Console

• Standardized interface to all admin tools
• MMC services are termed snap ins

11
IntelliMirror

• Roaming user support
• A suite of technologies to reduce TCO.
  IntelliMirror provides for redundant copies of
  data to be stored on both the clint and server

12
Local Policy

• Administrative roles
• Administrators, power users, backup operators,
  etc.
• Membership list
• Privileges and rights
• E.g., log on locally
• Grant list
• Auditing policy
• Apply to a specific computer

13
ZAW And Microsoft Systems Management Server
Windows 2000
SMS
Feature

• Desktop locking
• Roaming user
• Disk quotas
• Client caching
• Remote boot
• Basic S/W distribution
• Advanced S/W distribution
• 16-bit client support
• HW and SW inventory
• Centralized diagnostics/troubleshooting
• Software metering
• Network tracing/monitoring

14
Preparing For Windows 2000

• Planning is key
• Take a long term view
• Expect it to take longer than youd like
• Politics
• A chance to correct things
• Remember the ability to delegate administrative
  authority
• Windows NT resource domains should go away
• Familiarize yourself with TCP/IP terminology
• Upgrade matrix is more complete
• Most Windows versions can be upgraded

15
Whats A Directory?

• Database that stores attribute/value pairs for
  every object you might want to know about
• Users (name, phone , )
• Devices (printer capabilities, )
• Programs (published interfaces)
• Etc.
• You can query it in a variety of ways
• Standard UI methods
• Custom code
• Etc.
• Database schema can be extended

16
Whats In The Active DirectoryAnd how does the
system utilize it?

• Peoples phone numbers, certificates
• (Secure) e-mail
• Account information
• Single login, secure Web access
• Components identifying information
• Class store
• Profile and configuration information
• ZAW
• Service and device information
• Network use of the directory

17
Active DirectoryBeyond the traditional directory
service
Exchange
DNS
RecipientLookup
Referrals
Browser
HTTP / LDAP
Mail Client
Address Book
Register Service
Directory
SQL Server
ReplicateStorage
Replication
Security
FindPrinter
Credential Management
Query
18
Active Directory

• Open to multiple access protocols
• Its a real database
• Every object is protected (ACL)
• Schema is stored in the directory
• Schema is extensible
• You can define
• New object types
• Additional attributes

LDAP
REPL
MAPI
Other...
Directory system agent
DB layer
Extensible storage engine
Store
19
Windows 2000 Domains

• In Windows NT 5.0 a server is either a domain
  controller or a member server
• Primary and backup DCs (Windows NT 4.0) go away
• Domain controllers have a replica of the
  directory database, member servers dont
• Can have multiple DCs within a domain
• Automatic replication for efficiency, security,
  availability
• Domain controllers can host the Global Catalog
• Enterprise wide directory containing common
  attributes
• Knows how to get to other DCs

20
To Be Clear About NetBIOS

• TCP/IP is the default Windows 2000 protocol
• NetBIOS/WINS fully supported in Windows 2000
• In fact there are several enhancements
• Provides support for down-level systems
• Once the enterprise upgrade to Windows 2000 is
  complete, DNS takes over and the WINS servers
  can be retired

21
The Domain Name System
DNS Root
com
edu
uk
microsoft.com
acme.com
purdue.edu
mit.edu
acme.co.uk
usa.acme.com
southamerica.acme.com
22
Windows NT 5.0 Domains

• Map closely to DNS domains
• An Organizational Unit (OU) allows grouping
  within a domain
• May contain other OUs, machines, users,
• Administration privilege can be delegated on a
  per OU basis
• Some terminology and concepts derived from X.500

23
Active Directory Namespace

• Domains
• DNS used as the name location service
• Organized in a true hierarchy
• Domain controllers are local to a domain
• Directory automatically fully replicated
• DCs know how to get to other DCs in the tree
• Forests
• A collection of domain trees
• Relationships explicitly established
• Global Catalog
• Can span the forest

24
Dynamic DNS

• Allows machines joining the network to register
  their name and IP address automatically
• Currently an IETF proposed standard
• RFC 2136 and 2137
• Windows 2000 will support this
• Interoperable with other implementations

25
Distributed File System

• DFS provides location independence
• You need only know how to name the file
• Server names, shares are irrelevant
• A standard feature of Windows 2000
• Also supported in Windows NT 4.0, Windows 95/98
• Similarities to existing UNIX solutions
• Terminology is different (naturally!)

26
Distributed File System

• Single drive mapping
• User unaware of physical location
• Administrative flexibility

DFS Root
Volume
Junction (reparse point)

• Access to a file\\volume\folder1\...\folder3\afi
  le.txt

27
Windows 2000 Security

• Single enterprise logon
• Integrated with Active Directory
• Delegated administrationand scalability for
  large domains
• Strong networkauthentication protocols
• Standard protocols
• Kerberos is the default

28
Integrated Security
Scenarios
29
Multiple Authentication Services
Internet Explorer, Internet InformationServer
Directory-enabled appsusing ADSI
Mail, Chat, News
DCOM application
Remote file
Secure RPC
HTTP
CIFS/SMB
LDAP
POP3, NNTP
SSPI
NTLM
Kerberos
DPA
SChannelSSL/TLS
MSV1_0/ SAM
KDC/DS
Membershipservices
30
Kerberos Advantages

• Faster
• Server scalability for high-volume connections
• Reuse session tickets from cache
• Mutual authentication of both client, server
• Delegation of authentication
• Impersonation in three-tier client/server
  architectures
• Transitive trust between domains
• Simplify interdomain trust management
• Mature IETF standard for interoperability
• Multi vendor support
• Compliant with MIT Kerberos v5 release