Windows 2000

Discovering and Deploying Windows 2000

Student Guide
MS120

Release 1.0
ED2KZ9DDW2P
 - PROPRIETARY AND CONFIDENTIAL INFORMATION -

These education materials and related computer software program (hereinafter referred to as the "Education Materials") is for th e end user’s informational
purposes only and is subject to change or withdrawal by Computer Associates International, Inc. ("CA") at any time. These Educat ion Materials may not
be copied, transferred, reproduced, disclosed or distributed, in whole or in part, without the prior written consent of CA.

These Education Materials are proprietary information and a trade secret of CA. Title to these Education Materials remain with CA, and these Education
Materials are protected by the copyright, trademark and trade secret laws of the United States and international treaties. All authorized reproductions
must be marked with this legend.

RESTRICTED RIGHTS LEGEND

TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THESE EDUCATIONAL MATERIALS "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY
FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THESE EDUCATION MATERIALS, INCLUDING WITHOUT
LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH
LOSS OR DAMAGE.

THE USE OF ANY PRODUCT REFERENCED IN THESE EDUCATION MATERIALS AND THESE EDUCATION MATERIALS IS GOVERNED
BY THE END USER’S APPLICABLE LICENSE AGREEMENT.

The manufacturer of this documentation is Computer Associates International, Inc.

Provided with "Restricted Rights" as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or DFARS Section
252.227.7013(c)(1)(ii) or applicable successor provisions.

© 2000 Computer Associates International, Inc. - Mark Phillips, Contributing Editor - John Melendez, Managing Editor
One Computer Associates Plaza, Islandia, NY 11749

All rights reserved.

All trademarks, trade names, service marks or logos referenced herein belong to their respective companies.

Call Computer Associates technical services for any information not covered in this manual or the related publications. In North America, see your
Computer Associates Product Support Directory for the appropriate telephone number to call for direct support, or you may call 1 -800-645-3042 or 516-
342-4683 and your call will be returned as soon as possible.

Outside North America, contact your local Computer Associates technical support center for assistance.
Table of Contents

1 • What’s New in Windows 2000

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Microsoft Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Task Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Windows 2000 Enhanced Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
IntelliMirror Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Remote Boot Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Active Directory Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
Offline Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Synchronization Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Windows Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Application Deployment Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
Remote Installation Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
Roaming Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Flexible Querying of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
Security of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14
Replication of Information for Performance and Fault Tolerance . . . . . . . . . . . . . . . . . 1-15
Partitioning of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Extensibility of the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Integration with DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
Interoperation with Other Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Active Directory Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Smart Card Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
Storage Features and Disk Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Clustering Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
Plug and Play and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28

Computer Associates International Discovering and Deploying Windows 2000 MS120 iii ■
 1
What’s New in Windows 2000

What’s New in
Windows 2000

Module 1

Computer Associates International Discovering and Deploying Windows 2000 MS120

1- 1 ■
■ What’s New in Windows 2000
Introduction

Introduction 1

From the outset, Microsoft designed Windows NT to provide a fully integrated,

extensible networking architecture. They designed the NT operating system to be
portable, robust, and reliable also ensuring the security and stability of network and
server. Windows 2000 furthers these advances in distributed computing made by NT 4.0.
Microsoft 2000 Server is a multipurpose operating system built on a reliable, secure, and
open architecture. New features in Windows 2000 provide improved performance and
more cost-effective networking. The advanced capabilities of Active Directory, Dynamic
DNS, Microsoft Management Console, Zero Administration for Windows, and other
features combine to make a powerful tool kit for developing and deploying enterprise
applications. Microsoft Windows 2000 provides a scalable, reliable, and secure
infrastructure capable of serving the overwhelming majority of enterprise customer
needs.

■ 1- 2 Computer Associates International Discovering and Deploying Windows 2000 MS120

 What’s New in Windows 2000 ■
Microsoft Management Console

Microsoft Management Console

• A Shell for holding “snap-in” Applications
• Provides a Toolkit for Administrators
• Unique to each Support Person
• Author Mode and User Mode
• Task Pads
• The ultimate Control Panel for Win2K

Microsoft Management Console 1

Microsoft revamped the way you administer your network under Windows 2000.
They designated the Microsoft Management Console (MMC) as the native
administration tool for Windows by providing a common management framework for
network management. Instead of having various applications on your server to manage
your network, you use the MMC as a shell for “snap-in” applications. The MMC hosts
monitoring and configuration tools for the entire enterprise, presenting them in a
consistent graphical interface that bundles information and functionality. For example,
the MMC enables you to access and use tools such as User Manager, Disk Administrator,
and Event Viewer from a single interface, where previously you would have needed to
open several administrative tools. The modular architecture of MMC makes it easy for
network developers to create snap-in applications that leverage the platform while
easing administrative load. A successful transition to Windows 2000 depends greatly on
mastering the MMC.

The Microsoft Management Console unifies and simplifies day-to-day system

management tasks. It hosts tools composed of one or more applications and displays the
tools as consoles. You build these tools using one or more modules called snap-ins. The
snap-ins may also include additional extension snap-ins. These snap-ins assign
functionality that allow single-seat control, monitoring, and administration of
widespread network resources. The MMC organizes the snap-ins in a tree-like hierarchy.
Since snap-ins are removable, you can customize the tools you need and distribute them

Computer Associates International Discovering and Deploying Windows 2000 MS120

1- 3 ■
■ What’s New in Windows 2000
Microsoft Management Console

to your administrators. Microsoft provides standard tools with the operating system that
help users perform everyday administrative tasks. These are part of the All Users profile
of the computer and are located in the Administrative Tools group on the Startup menu.

A powerful feature of the Microsoft Management Console is that it enables system

administrators to create special tools that delegate specific administrative tasks to users
or groups. Building tools with MMC’s standard user interface is simple. System
administrators start with an existing console and modify or add components to fulfill
their needs, or they can create an entirely new console. They can scale a tool up or down,
integrate it seamlessly into the operating system, repackage it, and customize it. When
they save these custom tools as MMC saved console (MSC) files, administrators can send
the files by email, share them in a network folder, or post them on the Web. In addition,
administrators can use system Group Policy settings to assign tools to users, groups, or
computers. With the MMC, system administrators can create unique consoles for
workgroup managers. When managers open a document, they may access only those
tools provided by the administrator.

Microsoft considers the MSC files a new paradigm for file types. Console files are like
document files. MMC snap-ins initialize and manipulate MSC files. The MMC is part of
the Software Developer’s Kit (SDK), thereby enabling developers to extend Microsoft
tools. For example, in NT 4.0 the Event Viewer does not let developers extend its
functionality to their own custom application. With the MMC, developers can write their
own diagnostic snap-in and have the event log be an extension of their MMC snap-in.
The default MSC files for the native administrative tool are in the \WINNT\system32 folder
of the system root.

■ 1- 4 Computer Associates International Discovering and Deploying Windows 2000 MS120

 What’s New in Windows 2000 ■
Microsoft Management Console

The console does not manage behavior—the MMC is essentially a web browser (albeit
highly powerful and flexible). Administrators no longer need to isolate problems
through Network Monitor and open an additional container to configure or
troubleshoot these problems. Instead, they do all work through the MMC and its snap-
ins. The MMC snap-ins are actually COM programs that either stand alone or serve as
extensions to existing, independent snap-ins. For example, the Event Viewer and other
native administration tools can serve as independent snap-ins or as extensions to a
customized snap-in written by Microsoft or third-party developers.

The MMC graphical interface has two views that are very similar to Microsoft Explorer.
The leftmost view is the Scope Pane, which displays the master tree of the saved console
file. The other view is the Results Pane, which shows details of a selected area of the
Scope Pane.

Here are the major features and enhancements that the MMC offers:

■ Author mode (gives administrative control to author of file)

■ Help file index integration with snap-ins

■ Auto-code downloading from server in Windows 2000

■ Dynamic extensions

Note • A snap-in or extension can dynamically load another snap-in or extension

as needed. The stand-alone snap-in will turn on or off other extensions without
manual intervention.

The MMC offers two modes: author mode and user mode. In author mode, the author
(administrator) of the console file has total control over its contents as well as the MMC
toolbar, the snap-in toolbar, and similar administrative elements. Author mode also
controls access in user mode; user mode has access only to those items so designated in
author mode. The user must be in author mode to change the console file (e.g., load/
unload a snap-in or web page). Through delegated access, administrators can create
custom console files that grant full access to users in user mode while restricting those
users from loading or unloading snap-ins or changing window views.

The MMC also performs enterprise management by supporting roaming users, by

controlling access to individual snap-ins, and by customizing the tools to support multi-
tiered management support. Administrators use the Group Policy component to specify
users or groups who may author console files, as well as the snap-ins they may use.

Computer Associates International Discovering and Deploying Windows 2000 MS120

1- 5 ■
■ What’s New in Windows 2000
Microsoft Management Console

Task Pads 1

By using Dynamic HTML Task Pads, you can help administrators who work in a task-
oriented environment rather than the typical object-oriented environment. For example,
you may have Internet Information Server with multiple roots and may want only a
particular administrator to manage the Sales virtual root. You delegate this granular level
of task through a simplified DHTML-controlled display to accommodate less
experienced administrators. This helps them perform particular tasks without having to
load or unload the proper snap-in (similar to a customized Administrative Wizard).

We recommend installing and storing consoles in a shared volume on the server where
all the console files reside together. Administrators may open, load, or unload console
files from any machine, or they may have snap-ins load automatically.

■ 1- 6 Computer Associates International Discovering and Deploying Windows 2000 MS120

 What’s New in Windows 2000 ■
Windows 2000 Enhanced Management Features

Windows 2000 Enhanced

Management Features
• IntelliMirror
• Remote Boot Features
• Active Directory Manager
• Group Policy
• Offline Folders
• Synchronization Manager
• Windows Installer
• Application Deployment Editor
• Remote Installation Service
• Roaming Profiles

Windows 2000 Enhanced Management Features 1

Microsoft has built extensive management features into the Windows 2000 operating
system. These features are referred to collectively as application management and fall under
the umbrella of IntelliMirror technology from Microsoft. IntelliMirror is replication
technology that piggybacks on the NT Server 2000 Active Directory. IntelliMirror lets
users store and synchronize data and system resources on 2000-based remote servers and
local machines. Besides providing customers with client-side caching and remote-boot
capabilities, the interim builds of the IntelliMirror code feature Microsoft Installation
Services. This enables administrators to assign and install operating system and
application releases from a central code server.

IntelliMirror Features 1

■ Operating system and application deployment for computers and users

(administered via central code server)

■ Scheduled inter-site replication

■ Improved replication topology management

■ Partial replica global catalog

■ Application Deployment Editor tool for publishing and assigning applications

Computer Associates International Discovering and Deploying Windows 2000 MS120

1- 7 ■
■ What’s New in Windows 2000
Windows 2000 Enhanced Management Features
Remote Boot Features
■ Functional setup
■ Ability to boot an IntelliMirror client in disconnected mode
Remote Boot Goals
■ Simplify management of server images (the most costly challenge of remote boot
today)
■ Automatic O/S update and simple repair
■ Maintain ability to function off line
The following table shows an overview of Windows 2000 management features:
Table 1-1 • Windows 2000 Management Features
Features Functionality
User Document Mirroring of user data to
Management the network and caching of
selected network data
locally
Software Installation Robust just-in-time
software installation
(applications, service
packs, and operating
system upgrades) to users
and computers
User Settings Management Mirroring of user settings to
the network and
application of
administrator set defaults
to the user’s environment
Remote OS Installation Operating system
installation from network
servers
■ 1- 8 Computer Associates International Discovering and Deploying Windows 2000 MS120
1
Technology Used
Active Directory, Group
Policy, Offline Folders,
Synchronization Manager,
Disk Quota, and
enhancements to the
Windows shell
Active Directory, Group
Policy, Windows Installer,
Application Deployment
Editor, Add/Remove
Programs control panel,
and enhancements to the
Windows shell
Active Directory, Group
Policy, Offline Folders,
Roaming User Profiles, and
enhancements to the
Windows shell
Active Directory, Group
Policy, Remote Installation
Service, Remote Install–
capable workstation
(NetPC, or PC98)
 What’s New in Windows 2000 ■
Windows 2000 Enhanced Management Features

Active Directory Manager 1

Active Directory Manager is a Microsoft Management Console snap-in with a unified

user interface to add, manage, and control the following objects:

■ Domains

■ Computers

■ Groups

■ Organizational Units

■ Users

Active Directory Tree Manager

The Active Directory Tree Manager, represented in administrative tools by the Domain
Tree Management icon, provides a graphical view of all the domain trees in the forest.

Note • Note: A Forest is comprised of domain trees that cooperate with one another
forming noncontiguous namespaces (e.g. acme.com and corp.com).

From this tool, an administrator can manage each of the domains in the forest, manage
trust relationships between domains, configure the mode of operation for each domain
(Native or Mixed Mode), and configure the alternative User Principal Name (UPN)
suffixes for the forest.

Group Policy 1

Group Policy is the central component of the change and configuration management
features of Microsoft Windows 2000. Group Policies specify settings for groups of users
and computers, including software policies, software installation, security settings,
scripts (computer startup and shutdown; user logon and logoff), and user documents
and settings. The administrator uses the Group Policy Editor (GPE) to manage policy.
The GPE contains various built-in features for setting policy that third parties can extend
the GPE to host other policy settings. A Group Policy Object (GPO) stores all of the data
generated by the GPE and these GPOs replicate to all Domain Controllers within a single
domain. Group Policy reduces Total Cost of Ownership (TCO) by allowing
administrators to enhance and control users’ desktops. Enabled by Windows 2000 Active
Directory, Group Policy includes filtering based on security group membership.

Microsoft Windows 2000 Group Policy includes:

■ Software policies—registry settings that are written to the HKEY_LOCAL_MACHINE

(HKLM) and HKEY_CURRENT_USER (HKCU) trees to configure the behavior of system
services, desktop look and feel, and application settings.

■ Software installation—the ability to assign or publish an application.

■ Security settings—local computer, domain and network security settings

Computer Associates International Discovering and Deploying Windows 2000 MS120

1- 9 ■
■ What’s New in Windows 2000
Windows 2000 Enhanced Management Features

■ File deployment— improved features for administrators to more easily determine

the files, folders, and applications that a user will be able to access. Administrators
have the capability to remotely deploy a file to a user’s desktop or restrict a group of
users from using an application.

■ Folder redirection—a unique feature of Windows 2000 that allows users and
administrators to redirect the path of a folder to a new location. The new location can
be a folder on the local machine or a directory on a network share. Users have the
ability to work with shared documents on a secure server as if the documents were
based on the local drive.

■ Scripts—run by the computer at startup and shutdown or when the user logs on or
off the computer.

Offline Folders 1

Offline folders make it possible for users to work with shared documents. When users
enable files or folders to be available offline, they are able to read the copy of the shared
files stored on the local machine even if a network failure occurs. When users regain
network access, they copy the edited documents back to the network share.

Synchronization Manager 1

Synchronization Manager compares items on the network to those opened or updated

while working offline, and making the most current version available to both your
computer and the network. By using Synchronization Manager, you ensure that you have
the latest information from your network or the Internet when you are disconnected and
working offline.

Every time you log on and off your computer, you can have Synchronization Manager
automatically synchronize the information that is available to you offline. By
synchronizing when you log on, any changes you made offline are saved to the network.
In general, you can synchronize any offline items created by programs that support
Synchronization Manager, such as Offline Folders or Internet Explorer. You can
synchronize individual files, entire folders, and offline Web pages, as well as other items.

Windows Installer 1

Software installation leverages the new Windows Installer that is a part of the Windows
family of operating systems. To manage applications you need applications that can be
loaded by Windows Installer. These packages should contain both the Windows Installer
instructions for installation, as well as the actual application files and components.
Applications that you manage, including the application packages and the application
files, have to be available on a network share on your evaluation network. Users need
the ability to read from the network share. You accomplish this by creating a network
share, copying the Windows Installer packages to the network share, and setting the
appropriate permissions for the share (Everyone = Read; Administrators = Full Control,
Change, Read). Group Policy ties software installation to the Active Directory. The
Application Deployment Editor (ADE) is an extension to the Group Policy Editor (GPE)
snap-in to the Microsoft Management Console (MMC). The Active Directory Manager

■ 1-10 Computer Associates International Discovering and Deploying Windows 2000 MS120
 What’s New in Windows 2000 ■
Windows 2000 Enhanced Management Features

(MMC snap-in) in the Administrative Tools program group already has a GPE snap-in
and an ADE extension. You may either follow these steps to configure your own snap-in
and extension, or use the Active Directory Manager.

Advertising an application makes it appear to be installed on a user’s desktop. However,

an advertised application may not actually be installed. When an application is
advertised, the shortcuts for the application are added to the appropriate locations,
including the Start menu or the Desktop, and the appropriate collection of Registry
entries for the application are added to the local Registry. The Windows Installer then
installs the application the first time that the user either selects the application's shortcut
from the Start menu or opens a document associated with the application.

For example, an administrator at Microsoft might assign the Microsoft Word application
to everyone working there. Microsoft Word will be advertised, and therefore it will now
be available on everyone's desktop. The next time a person logs on to Windows NT,
Microsoft Word will appear on the person’s Start menu and the Registry will be updated
with the information about the application, including the location of the package and
the location of the source files for the installation. With this advertisement information
on the user’s PC, the application will then install the first time that the user activates it.
An administrator can assign an application to any person or any computer in a Group
Policy Object (GPO). A GPO is typically associated with an Active Directory container,
such as a Site, Domain, or Organizational Unit (SDOU). Additionally, an administrator
can use a GPO to provide additional granularity for Software Installation.

A package contains all the information necessary to describe how to install an application
in every conceivable situation—on different platforms, with different sets of previously
installed products, with previous versions of a product, and with different default
installation locations.

An administrator may choose to publish an application that is not necessarily required

for people to perform their jobs but might occasionally be helpful to them. For example,
Microsoft Image Composer is a powerful application that allows people to create
illustrations and drawings. Not everyone in an organization may need Image Composer,
but some would benefit from having this application available. Therefore, an
administrator could decide to publish Image Composer. Published applications do not
appear to be installed on the local machine. Published applications are advertised, but
the advertisement is made to the Active Directory, rather than to the local PC Registry.

Application Deployment Editor 1

Windows 2000 Software Installation makes it easy for administrators to ensure that
people in their organizations have the software they need. The administrator uses the
Application Deployment Editor (ADE) to assign, publish, or upgrade applications for
individuals. These managed applications use the Windows Installer service for
installation, which is generally transparent to people using the operating system. Most
users have minimal interaction with this service.

For example, an application that an administrator assigns to a user will be visible on that
user’s Start menu the next time he or she logs on. The first time that the user selects the
application from the Start menu, the application will automatically install and then start
so that the user can begin working. An application that an administrator publishes to

Computer Associates International Discovering and Deploying Windows 2000 MS120

1-11 ■
■ What’s New in Windows 2000
Windows 2000 Enhanced Management Features

users will be available via the Add/Remove Programs control panel so those users can
install the application. People will use the Add/Remove Programs control panel to
modify, repair, or remove applications that they have on their computers. The Add/
Remove Programs control panel uses the Windows Installer service to install and
subsequently modify, repair, or remove applications from their systems.

Remote Installation Service 1

Microsoft created the Windows2000 Remote Installation Service based on customer

feedback. One of the most challenging and costly functions performed by IT staff today
is the deployment of a new operating system to new or existing client computers. The
Remote Installation feature leverages the new DHCP-based remote boot technology to
assist IT staff with the deployment of Windows 2000 Workstation. It reduces and in
some cases eliminates the need to visit each client computer to perform the operating
system installation.

Installation Service is critical to the future of Microsoft's delivery of operating system

updates and service packs. When users log onto a Windows 2000 corporate network, the
central code server will register information about which operating system release is
running on a particular device or client. With user and/or administrator permission, the
server will automatically download the latest release to an individual's desktop.
Application deployment across a large organization is often cumbersome administrative
burden. Most Windows applications are installed using binary application files, such as
DLL s and EXE s, that must reside on a server or the system directories. They also contain
shared components for use by multiple applications, Registry entries, and user-specific
data. If your organization extends across a country or around the world, it is almost
physically impossible to go to each machine to install a new application. Updating or
troubleshooting applications and then reporting the results becomes expensive. This
enhancement of application management is a result of Microsoft’s Zero Administration
for Windows (ZAW) initiative.

Some of the features of ZAW include:

■ User freedom from setup

■ Setup and installation transparent to the user

■ Applications run without installation

■ Applications update automatically

Roaming Profiles 1

Roaming profiles allow users to “roam” among computers within the corporate network.
Users who have a roaming user profile may log on to a machine, run applications, edit
documents, and log off. At logoff, their user profile is copied to a server. When they log
on to another computer, all of their profile information—including their Start menu
customizations and the contents of their My Documents folder—is copied to the second
machine.

■ 1-12 Computer Associates International Discovering and Deploying Windows 2000 MS120
 What’s New in Windows 2000 ■
Directory Services

Directory Services
• Active Directory (AD)
• Flexible Querying of Information
• Security of Information
• Replication of Information for Performance
and Fault Tolerance
• Partitioning of Information
• Extensibility of the Directory

Directory Services 1

Active Directory (AD), the directory service contained in Windows 2000, stores
information about objects on the computer network and makes that information easy
for administrators and users to find and use. AD extends the features of previous
Windows-based directory services and adds entirely new features to provide improved
query capabilities, simplified domain administration, and administration that supports
delegation of authority. With AD, network users can access resources anywhere on the
network with a single network logon. Similarly, administrators have a single point of
administration for all objects on the network, and can organize these objects into a
hierarchical structure.

Active Directory 1

Active Directory consists of the directory itself—a store of all objects known on the
network—and the services that AD provides to make the information about those
objects accessible and useful. Objects stored in the directory include users, groups,
computers, domains, organizational units, and security policies. You do not have to
keep the information for all objects on the network in one store. Instead, each domain
keeps its own directory store that holds the information for all objects for that domain.
Each domain directory also contains metadata, such as the list of all domains and
domain trees in the enterprise, the location of all global catalog servers, and the schema.

Computer Associates International Discovering and Deploying Windows 2000 MS120

1-13 ■