Professional Documents
Culture Documents
Instructional Writing Sample: Windows 2000
Instructional Writing Sample: Windows 2000
Release 1.0
ED2KZ9DDW2P
- PROPRIETARY AND CONFIDENTIAL INFORMATION -
These education materials and related computer software program (hereinafter referred to as the "Education Materials") is for th e end user’s informational
purposes only and is subject to change or withdrawal by Computer Associates International, Inc. ("CA") at any time. These Educat ion Materials may not
be copied, transferred, reproduced, disclosed or distributed, in whole or in part, without the prior written consent of CA.
These Education Materials are proprietary information and a trade secret of CA. Title to these Education Materials remain with CA, and these Education
Materials are protected by the copyright, trademark and trade secret laws of the United States and international treaties. All authorized reproductions
must be marked with this legend.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THESE EDUCATIONAL MATERIALS "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY
FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THESE EDUCATION MATERIALS, INCLUDING WITHOUT
LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH
LOSS OR DAMAGE.
THE USE OF ANY PRODUCT REFERENCED IN THESE EDUCATION MATERIALS AND THESE EDUCATION MATERIALS IS GOVERNED
BY THE END USER’S APPLICABLE LICENSE AGREEMENT.
Provided with "Restricted Rights" as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or DFARS Section
252.227.7013(c)(1)(ii) or applicable successor provisions.
© 2000 Computer Associates International, Inc. - Mark Phillips, Contributing Editor - John Melendez, Managing Editor
One Computer Associates Plaza, Islandia, NY 11749
All trademarks, trade names, service marks or logos referenced herein belong to their respective companies.
Call Computer Associates technical services for any information not covered in this manual or the related publications. In North America, see your
Computer Associates Product Support Directory for the appropriate telephone number to call for direct support, or you may call 1 -800-645-3042 or 516-
342-4683 and your call will be returned as soon as possible.
Outside North America, contact your local Computer Associates technical support center for assistance.
Table of Contents
Computer Associates International Discovering and Deploying Windows 2000 MS120 iii ■
1
What’s New in Windows 2000
What’s New in
Windows 2000
Module 1
Introduction 1
Microsoft revamped the way you administer your network under Windows 2000.
They designated the Microsoft Management Console (MMC) as the native
administration tool for Windows by providing a common management framework for
network management. Instead of having various applications on your server to manage
your network, you use the MMC as a shell for “snap-in” applications. The MMC hosts
monitoring and configuration tools for the entire enterprise, presenting them in a
consistent graphical interface that bundles information and functionality. For example,
the MMC enables you to access and use tools such as User Manager, Disk Administrator,
and Event Viewer from a single interface, where previously you would have needed to
open several administrative tools. The modular architecture of MMC makes it easy for
network developers to create snap-in applications that leverage the platform while
easing administrative load. A successful transition to Windows 2000 depends greatly on
mastering the MMC.
to your administrators. Microsoft provides standard tools with the operating system that
help users perform everyday administrative tasks. These are part of the All Users profile
of the computer and are located in the Administrative Tools group on the Startup menu.
Microsoft considers the MSC files a new paradigm for file types. Console files are like
document files. MMC snap-ins initialize and manipulate MSC files. The MMC is part of
the Software Developer’s Kit (SDK), thereby enabling developers to extend Microsoft
tools. For example, in NT 4.0 the Event Viewer does not let developers extend its
functionality to their own custom application. With the MMC, developers can write their
own diagnostic snap-in and have the event log be an extension of their MMC snap-in.
The default MSC files for the native administrative tool are in the \WINNT\system32 folder
of the system root.
The console does not manage behavior—the MMC is essentially a web browser (albeit
highly powerful and flexible). Administrators no longer need to isolate problems
through Network Monitor and open an additional container to configure or
troubleshoot these problems. Instead, they do all work through the MMC and its snap-
ins. The MMC snap-ins are actually COM programs that either stand alone or serve as
extensions to existing, independent snap-ins. For example, the Event Viewer and other
native administration tools can serve as independent snap-ins or as extensions to a
customized snap-in written by Microsoft or third-party developers.
The MMC graphical interface has two views that are very similar to Microsoft Explorer.
The leftmost view is the Scope Pane, which displays the master tree of the saved console
file. The other view is the Results Pane, which shows details of a selected area of the
Scope Pane.
Here are the major features and enhancements that the MMC offers:
■ Dynamic extensions
The MMC offers two modes: author mode and user mode. In author mode, the author
(administrator) of the console file has total control over its contents as well as the MMC
toolbar, the snap-in toolbar, and similar administrative elements. Author mode also
controls access in user mode; user mode has access only to those items so designated in
author mode. The user must be in author mode to change the console file (e.g., load/
unload a snap-in or web page). Through delegated access, administrators can create
custom console files that grant full access to users in user mode while restricting those
users from loading or unloading snap-ins or changing window views.
Task Pads 1
By using Dynamic HTML Task Pads, you can help administrators who work in a task-
oriented environment rather than the typical object-oriented environment. For example,
you may have Internet Information Server with multiple roots and may want only a
particular administrator to manage the Sales virtual root. You delegate this granular level
of task through a simplified DHTML-controlled display to accommodate less
experienced administrators. This helps them perform particular tasks without having to
load or unload the proper snap-in (similar to a customized Administrative Wizard).
We recommend installing and storing consoles in a shared volume on the server where
all the console files reside together. Administrators may open, load, or unload console
files from any machine, or they may have snap-ins load automatically.
Microsoft has built extensive management features into the Windows 2000 operating
system. These features are referred to collectively as application management and fall under
the umbrella of IntelliMirror technology from Microsoft. IntelliMirror is replication
technology that piggybacks on the NT Server 2000 Active Directory. IntelliMirror lets
users store and synchronize data and system resources on 2000-based remote servers and
local machines. Besides providing customers with client-side caching and remote-boot
capabilities, the interim builds of the IntelliMirror code feature Microsoft Installation
Services. This enables administrators to assign and install operating system and
application releases from a central code server.
IntelliMirror Features 1
■ Functional setup
■ Domains
■ Computers
■ Groups
■ Organizational Units
■ Users
Note • Note: A Forest is comprised of domain trees that cooperate with one another
forming noncontiguous namespaces (e.g. acme.com and corp.com).
From this tool, an administrator can manage each of the domains in the forest, manage
trust relationships between domains, configure the mode of operation for each domain
(Native or Mixed Mode), and configure the alternative User Principal Name (UPN)
suffixes for the forest.
Group Policy 1
Group Policy is the central component of the change and configuration management
features of Microsoft Windows 2000. Group Policies specify settings for groups of users
and computers, including software policies, software installation, security settings,
scripts (computer startup and shutdown; user logon and logoff), and user documents
and settings. The administrator uses the Group Policy Editor (GPE) to manage policy.
The GPE contains various built-in features for setting policy that third parties can extend
the GPE to host other policy settings. A Group Policy Object (GPO) stores all of the data
generated by the GPE and these GPOs replicate to all Domain Controllers within a single
domain. Group Policy reduces Total Cost of Ownership (TCO) by allowing
administrators to enhance and control users’ desktops. Enabled by Windows 2000 Active
Directory, Group Policy includes filtering based on security group membership.
■ Folder redirection—a unique feature of Windows 2000 that allows users and
administrators to redirect the path of a folder to a new location. The new location can
be a folder on the local machine or a directory on a network share. Users have the
ability to work with shared documents on a secure server as if the documents were
based on the local drive.
■ Scripts—run by the computer at startup and shutdown or when the user logs on or
off the computer.
Offline Folders 1
Offline folders make it possible for users to work with shared documents. When users
enable files or folders to be available offline, they are able to read the copy of the shared
files stored on the local machine even if a network failure occurs. When users regain
network access, they copy the edited documents back to the network share.
Synchronization Manager 1
Every time you log on and off your computer, you can have Synchronization Manager
automatically synchronize the information that is available to you offline. By
synchronizing when you log on, any changes you made offline are saved to the network.
In general, you can synchronize any offline items created by programs that support
Synchronization Manager, such as Offline Folders or Internet Explorer. You can
synchronize individual files, entire folders, and offline Web pages, as well as other items.
Windows Installer 1
Software installation leverages the new Windows Installer that is a part of the Windows
family of operating systems. To manage applications you need applications that can be
loaded by Windows Installer. These packages should contain both the Windows Installer
instructions for installation, as well as the actual application files and components.
Applications that you manage, including the application packages and the application
files, have to be available on a network share on your evaluation network. Users need
the ability to read from the network share. You accomplish this by creating a network
share, copying the Windows Installer packages to the network share, and setting the
appropriate permissions for the share (Everyone = Read; Administrators = Full Control,
Change, Read). Group Policy ties software installation to the Active Directory. The
Application Deployment Editor (ADE) is an extension to the Group Policy Editor (GPE)
snap-in to the Microsoft Management Console (MMC). The Active Directory Manager
■ 1-10 Computer Associates International Discovering and Deploying Windows 2000 MS120
What’s New in Windows 2000 ■
Windows 2000 Enhanced Management Features
(MMC snap-in) in the Administrative Tools program group already has a GPE snap-in
and an ADE extension. You may either follow these steps to configure your own snap-in
and extension, or use the Active Directory Manager.
For example, an administrator at Microsoft might assign the Microsoft Word application
to everyone working there. Microsoft Word will be advertised, and therefore it will now
be available on everyone's desktop. The next time a person logs on to Windows NT,
Microsoft Word will appear on the person’s Start menu and the Registry will be updated
with the information about the application, including the location of the package and
the location of the source files for the installation. With this advertisement information
on the user’s PC, the application will then install the first time that the user activates it.
An administrator can assign an application to any person or any computer in a Group
Policy Object (GPO). A GPO is typically associated with an Active Directory container,
such as a Site, Domain, or Organizational Unit (SDOU). Additionally, an administrator
can use a GPO to provide additional granularity for Software Installation.
A package contains all the information necessary to describe how to install an application
in every conceivable situation—on different platforms, with different sets of previously
installed products, with previous versions of a product, and with different default
installation locations.
Windows 2000 Software Installation makes it easy for administrators to ensure that
people in their organizations have the software they need. The administrator uses the
Application Deployment Editor (ADE) to assign, publish, or upgrade applications for
individuals. These managed applications use the Windows Installer service for
installation, which is generally transparent to people using the operating system. Most
users have minimal interaction with this service.
For example, an application that an administrator assigns to a user will be visible on that
user’s Start menu the next time he or she logs on. The first time that the user selects the
application from the Start menu, the application will automatically install and then start
so that the user can begin working. An application that an administrator publishes to
users will be available via the Add/Remove Programs control panel so those users can
install the application. People will use the Add/Remove Programs control panel to
modify, repair, or remove applications that they have on their computers. The Add/
Remove Programs control panel uses the Windows Installer service to install and
subsequently modify, repair, or remove applications from their systems.
Roaming Profiles 1
Roaming profiles allow users to “roam” among computers within the corporate network.
Users who have a roaming user profile may log on to a machine, run applications, edit
documents, and log off. At logoff, their user profile is copied to a server. When they log
on to another computer, all of their profile information—including their Start menu
customizations and the contents of their My Documents folder—is copied to the second
machine.
■ 1-12 Computer Associates International Discovering and Deploying Windows 2000 MS120
What’s New in Windows 2000 ■
Directory Services
Directory Services
• Active Directory (AD)
• Flexible Querying of Information
• Security of Information
• Replication of Information for Performance
and Fault Tolerance
• Partitioning of Information
• Extensibility of the Directory
Directory Services 1
Active Directory (AD), the directory service contained in Windows 2000, stores
information about objects on the computer network and makes that information easy
for administrators and users to find and use. AD extends the features of previous
Windows-based directory services and adds entirely new features to provide improved
query capabilities, simplified domain administration, and administration that supports
delegation of authority. With AD, network users can access resources anywhere on the
network with a single network logon. Similarly, administrators have a single point of
administration for all objects on the network, and can organize these objects into a
hierarchical structure.
Active Directory 1
Active Directory consists of the directory itself—a store of all objects known on the
network—and the services that AD provides to make the information about those
objects accessible and useful. Objects stored in the directory include users, groups,
computers, domains, organizational units, and security policies. You do not have to
keep the information for all objects on the network in one store. Instead, each domain
keeps its own directory store that holds the information for all objects for that domain.
Each domain directory also contains metadata, such as the list of all domains and
domain trees in the enterprise, the location of all global catalog servers, and the schema.