In-Depth

Sonic Boom! Windows 2002 Smashes the Barrier

The next version of Windows is a worthy upgrade from Windows 2000, addressing several weaknesses and adding needed functionality. A Windows expert briefs you on the features and the limitations.

If you’ve ever taken a leisurely cross-country drive, you may have gone through the little town of Alton, Illinois. What makes Alton special is that it lies at the confluence of the two greatest rivers in North America, the Mississippi and the Missouri. When you stand at the bank where the two rivers mix, you feel part of a grand natural history. You also get a glimpse of the goo that’s been dumped in the rivers upstream of where you stand. Windows 2002 represents a great confluence as well, the merging of two 32-bit code bases that began life as Windows NT and Windows 95. All future Windows platforms will have the reliability and performance of the Windows 2000 code base, and the features and functionality of Windows Me. That’s not to say Windows 2002 is without its flaws. You’ll find more than a little goo here as well. But for now let’s focus on the dramatic parts of the scenery.

What’s in a Name?
Before we talk about features, let’s talk about names. Microsoft’s officially dubbed the desktop version of the OS “Windows XP,” as in “eXPerience the difference.” There will be two XP versions: XP Professional, designed for corporate desktops, and XP Home Edition, designed for consumer desktops. The Home Edition lacks many of the features needed for corporate network environments, like the ability to join a domain or take advantage of group policies to maintain a “managed” environment. (See “Windows XP: The Most Stable OS Yet.”)

For the server line, Microsoft’s decided to retain the year designator, so the products will be released as Windows 2002 Server, Advanced Server and Datacenter Server.

To avoid confusion, I’ll refer to the general product line as Windows 2002 and use the name XP only when specifically discussing the desktop products. The features I discuss here are based on Windows 2002 beta 2, build 2462.

What About Windows 2002?

So, now that you’re furiously preparing for your Windows 2000 certification before the clock strikes midnight on your Windows NT 4.0 title, are you starting to wonder if that, too, will be gone with the wind once Windows 2002 goes into heavy adoption?

Not to fear, IT pros. Microsoft’s latest pronouncements on the subject indicate that you should keep on your present path. Once you update your NT certification to 2000, it won’t be in any danger of quick extinction.

According to Microsoft’s training and certification site (www.microsoft.
com/ trainingandservices
), “MCSEs in the Windows 2000 track will not be required to pass Windows XP Professional/Whistler exams to retain MCSE certification.”

Microsoft adds that if you’re already working on your Win2K certification and want to upgrade to Windows 2002, you have that option. You can go solely for 2002 exams to finish up, or mix Win2K and 2002 exams. It won’t matter as far as your certification’s concerned.

Microsoft also says that skipping Win2K certification altogether and going straight to 2002 certification would be a mistake. Windows 2002 is built on top of Win2K, and you need grounding in the Win2K technologies to successfully use the next version. In other words, learn to walk before trying to run.

Of course, there aren’t any Windows 2002 exams available yet, and there’s no telling at this point when they’ll be available. The product, along with Windows XP, was scheduled to be released in the second half of this year, but that timetable (surprise!) appears to be slipping, to the point where Microsoft is now making noises about a Windows 2002 release in the first half of, appropriately enough, 2002. —Keith Ward

[As of July 2001, Microsoft has another name for Whistler. It's now to be called Windows .NET Server.—Ed.]

Improving Active Directory
Active Directory (AD) is the cornerstone of all current Windows server products. Windows 2002 makes nearly 400 changes to AD. Most involve housekeeping updates. Some support added features.

Many of those AD changes modify the contents of the AD schema. This means that upgrading a Win2K domain controller (DC) to Windows 2002 involves upgrading the schema as well. Like a classic NT domain, you must first upgrade the PDC Emulator. The schema changes replicate outward from there and are compatible with Win2K.

Two major AD changes in Windows 2002 correct subtle flaws in the initial release. One flaw involves the way connections are calculated between sites. In AD replication, one DC in each site has responsibility for mapping out connections between bridgeheads in its site to bridgeheads in other sites. This DC is called the Inter-Site Topology Generator, or ISTG; it’s generally the first DC promoted in the site. A service called the Knowledge Consistency Checker (KCC) running on the ISTG determines the necessary connections between bridgeheads based on a spanning-tree algorithm. The KCC service runs every 15 minutes and calculates the connection map for sites within the forest.

Large Win2K-based organizations with hundreds of sites can experience problems if the KCC calculations exceed the time allotted to them. If this happens, connections must be created and managed manually. Windows 2002 streamlines the inter-site connection calculations and dramatically improves the scalability of the directory replication infrastructure.

Another problem affects organizations of all sizes. It involves the way AD replicates the member attribute for groups. In Win2K, the member attribute replicates as a single entity. This causes problems if multiple administrators change the membership of the same group during the same replication cycle. For example, one administrator might add user Sally to the Sales group while, at the same time, another administrator might add user Henry to the same group. Only one of those modifications eventually ends up in all AD replicas. The other is lost.

Understandably, this causes distress to the user who expected to get new security permissions or to be included in an Exchange e-mail distribution list. Microsoft fixed the problem in Windows 2002 by separately replicating each Distinguished Name (DN) in the member list. Now, when Sally is added to the Sales group at the same time that Henry is added by another administrator, both updates end up in all AD replicas.

Unfortunately, these changes to the Windows 2002 replication engine are incompatible with Win2K. If you want the added functionality Windows 2002 server provides, you must first upgrade all your DCs to Windows 2002 then bump up the Functionality Level of the forest to enable the replication changes. Win2K AD is assigned Functionality Level 0. Windows 2002 can go to Level 1 once all DCs have been upgraded. This change to the Functionality Level is done at the command line using NTDSUTIL.

Forest Management — Or Lack Thereof
One badly needed AD feature may not make it into Windows 2002: a prune-and-graft utility for moving domains into and out of an existing forest. Granted, the technological challenges of altering a forest are formidable. In a merge operation, two different AD schemas must be cross-connected, compared, copied, collated and combined without corrupting the AD database. In a prune operation, unique identifiers must be changed while retaining full functionality in the resultant forests. Future betas will probably include the ability to delete Class and Attribute objects from the schema, an action that isn’t currently supported. This ability might mature into a full-blown prune-and-graft utility.

Windows 2002 includes a stopgap until Microsoft (or a talented third-party company) can devise a prune-and-graft utility. The stopgap is a new trust type called a Forest Trust. This type of trust combines the two-way, transitive Kerberos authentication that makes a single forest so flexible with an external trust relationship similar to a classic NT trust.

Using a Forest Trust, you can create a two-way relationship between forests so that security principals from all domains in one forest can be placed on Access Control Lists (ACLs) in all domains in the other forest and vice versa. Names and Security IDs (SIDs) are published and not allowed to overlap. Organizations with diverse IT groups that don’t coordinate with each other—universities and governments come to mind, as do corporate conglomerates and outsourcing firms—can use Forest Trusts to knit together disparate pieces of their AD. Like the changes to the replication engine, Forest Trusts also require Functionality Level 1, meaning that all DCs must be running Windows 2002.

Forest Trusts aren’t a panacea for inter-forest operations. For one thing, they aren’t transitive between multiple forests; Forest A and Forest C can’t share security principals through a common trust with Forest B. Forests connected by Forest Trusts also don’t share a common schema, making it difficult to deploy applications and management tools that rely on AD.

The remaining AD improvements aren’t nearly as obvious as those previously mentioned, but they go a long way toward making Windows 2002 a desirable upgrade from Win2K. They include:

  • The ability to cache Global Catalog (GC) queries at a standard DC. Under Win2K, users can’t log on without physical connectivity to a GC. In Windows 2002, users with access to a local DC can continue to log on even if they’ve lost contact to a GC.
  • The ability to create an ad-hoc Naming Context (NC) to hold application objects that don’t need to be replicated throughout a forest.
  • An improved version of the AD Migration Tool that can preserve passwords and profiles when migrating users between domains.
  • Support for RFC 2589 dynamic LDAP entries. This permits putting time-dependent information in the Directory, such as a user’s current location.
  • Support for RFC 2830 secure connections over Transport Layer Security (TLS) when sending LDAP queries to a DC.
  • The ability to use a tape backup of the AD database (NTDS.DIT) to populate the database on a new DC. This greatly simplifies DC deployments in situations where it’s not practical to ship an entire server.
  • Increasing the maximum number of objects stored in the Directory to more than a billion. Replicating updates to such a monster database might turn into something of a strain, but all that headroom is reassuring.

Windows 2002 Answers The 64-Bit Question
In spite of a long and sometimes painful path to market, platforms based on Intel’s new Itanium processor will be debuting soon. Without an operating system, these 64-bit Intel Architecture (IA-64) systems would be nothing more than expensive plant stands, so much of the impetus in getting Windows 2002 out the door is to have a Windows operating system ready for Itanium. After all, 64-bit distributions of Linux are already circulating in alpha/beta form.

As you might expect, IA-64 systems function quite a bit differently than their IA-32 cousins. One difference that will have an immediate effect on system administrators is the Extensible Firmware Interface, or EFI. The EFI configures the system, stores this configuration information, and reports it to the OS upon request. If you’ve ever worked with Alpha or RISC systems, you’ll be comfortable working with the EFI.

One EFI function is to prepare the system’s mass storage devices. IA-64 systems use a new disk partitioning scheme called GUID Partition Tables, or GPTs. GPT disks can host large partitions more effectively than Master Boot Record (MBR) disks. They also don’t have many of the special gimmicks and hidden partitions that litter the MBR disk landscape.

A GPT disk partition contains a Globally Unique Identifier, or GUID, that acts as a reference for cataloging the partition in the operating system’s object namespace. This eliminates name collisions. The partition header also contains a “friendly name” similar to the volume name on MBR disks, along with a code that identifies the partition’s purpose. For example, every GPT disk has a single EFI System Partition (ESP) that contains the operating system’s bootstrap files. It also has a single Microsoft Reserved Partition (MSR) that contains the database used to manage dynamic disks and an OEM partition that contains disk utilities provided by the hardware vendor (similar in function to the system partitions used by Compaq). There are data partitions, as well. As IA-64 systems gain market share, you can expect to see updates to the classic disk-management tools.

You can get more information about GPT disks at www.microsoft.com/hwdev/ storage/Windows 2002-GPT_FAQ.htm. For more information on IA-64 systems and EFI, visit developer.intel.com/design/ IA-64/presentation.htm.

Server Administration In Your PJs
In The Legend of Sleepy Hollow, Washington Irving told of a mysterious apparition that could ride a horse just like an ordinary man even though he had no head. I’m sure Irving would be proud to know that he could inspire a feature in a piece of technology as foreign to 18th- century New England as chocolate-covered bananas on a stick.

A headless server has no mouse, no keyboard and no video card. The goal of headless server technology is to deliver “lights-out” server room operation. Barring hardware failures, you should be able to sit at home and manage any Windows 2002 system. If you have a broadband connection, you can configure your server room and download a movie trailer for The Lord of the Rings at the same time.

You communicate with a headless server in one of three ways: Remote Desktop, a terminal server session providing full User Interface (UI); Console Management, which gives access through a telnet session or remote shell console; and Out-of-Band Management, which works through a serial port console.

Remote Control
The core operating system components of both Windows 2002 and Win2K incorporate the multi-user architecture initially developed by Citrix. (Citrix is still going strong with add-on products that leverage their ICA communications protocol. See www.citrix.com for details.) In Windows 2002 the technology has been given a new name, Remote Desktop, and an expanded feature set.

The two-session remote administration mode that was introduced as an option in the Win2K Server family has been made a fixed component for every Windows 2002 server. You don’t need to install any additional services or pay additional license fees. You only pay a fee if you install terminal services in Application Sharing mode.

In addition, every XP Professional desktop supports a single-session Remote Desktop connection. This permits an administrator to connect to the desktop to resolve problems or install software. XP also has a Remote Assistance feature that permits a user to “invite” an administrator to interact with the local desktop. This lets a Help Desk technician with appropriate permissions connect to the user’s desktop and troubleshoot or demonstrate how to use an application.

The underlying Remote Desktop Protocol (RDP) has been enhanced with features that have, up until now, only been available with Citrix MetaFrame and ICA clients, including true 24-bit color and high-resolution video instead of the 256-color, 800x600 sessions currently supported by terminal services; automatic client drive, printer, and serial port redirection, enabling a user with a Remote Desktop session from a PC to see the PC’s peripherals from within the Remote Desktop session; and audio redirection.

With these enhancements, you can manage all aspects of a server (or an XP desktop, for that matter) from a terminal session. Figure 1 shows an example of the MMC-based Remote Desktop console. With appropriate VPN connections through your firewall, you can manage your entire server farm across the Internet at virtual wire speeds.

Win2K Remote Desktop Console
Figure 1. The MMC-based remote desktop console in Windows 2002 can maintain multiple connections. (Click image to view larger version.)

Command Performance
In the past Microsoft has been—well, let me be kind—a little reluctant to support a command-line environment. After all, Windows is all about sizzling graphics and cool special effects. But for rapid, efficient server management, you just can’t beat a console session.

In the last couple of years, Microsoft has done an about-face and added many features to improve console administration. Windows Script Host, for example, provides native support for VBscript and Jscript along with the ability to call other script engines. If you’ve taken a look at the Win2K Server Resource Kit, you’ll find a copy of ActivePERL and a pile of PERL scripts. Getting command-line access is easier, too. All versions of Win2K and Windows 2002, except for XP Home Edition, ship with a decent telnet service.

(Note: Unfortunately, Microsoft didn’t provide a Secure Socket Layer (SSL) version of telnet in either Win2K or Windows 2002. So, while you can use NTLM authentication to initiate a telnet session, the ongoing telnet communication isn’t encrypted. This means that security-conscious administrators still need third-party telnet tools that don’t reveal data streams.)

Microsoft improves console functionality still more in Windows 2002 by including lots and lots of new command-line utilities in the core product, rather than tossing them in the Resource Kit. This means the utilities are supported and documented and have a consistent syntax. Many of the utilities permit you to specify another computer with alternate credentials to simplify enterprise management. The list of new command-line utilities includes:

  • Bootcfg—Manage the contents of BOOT.INI so you can change the boot order from a command line.
  • Tasklist—A much-enhanced version of the tlist utility that displays the executable, PID, status, memory usage, user name and session number (for processes running in multi-user terminal service sessions).
  • Driverquery—Dumps a list of the running drivers (as opposed to the processes shown in Tasklist) and their parameters.
  • DS utilities—A set of utilities for adding, modifying, removing, querying and moving directory service objects.
  • Event log utilities—A set of utilities that allows you to initiate an executable or script in response to an Event Log entry, to create your own ad-hoc log entries, look for a specific type of Event Log entry, then execute a particular executable or script if it occurs. This has been a long time coming.
  • RSOP—Windows 2002 includes a Resultant Set of Policies MMC snap-in that calculates and displays the policies applied to any user or computer based on their position in AD. A command-line version of this tool, GPResult, produces a command-line output of the same information. This utility is an absolute must for troubleshooting group policies.
  • FSUtil—A quick way to handle various common file system chores. For example, if you wanted to turn off short file name generation, you could enter:
    fsutil behavior set disable8dot3 on
  • Windows Management Instrumentation Commands (WMIC)—For my money, the most exciting of all the new technologies that have come from Microsoft in the last few years is Windows Management Instrumentation (WMI). You can learn just about anything about a system from a properly constructed WMI script. For those administrators who’d rather open an artery than do programming, Windows 2002 includes a console utility called WMIC that permits you to get a quick listing of any of the WMI base classes. Figure 2 shows a telnet session with a partial list of the available classes. Just enter the class name and, voilá, out comes a columnized report of all the properties.
Telnet console
Figure 2. This telnet console shows the WMI classes available in WMIC. (Click image to view larger version.)

Out-of-Band Management
Remote Desktop and telnet can keep you in command of a server only so long as you have a network connection to it. But what to do if a server has a problem that prevents it from coming up on the network? You need an Out-Of-Band (OOB) management interface to do your diagnostic work.

Windows 2002 includes an OOB feature set called Emergency Management Services, or EMS. You enable EMS by placing a couple of redirect statements in BOOT.INI. If you’ve ever worked with a debug session on NT or Win2K, you’ll quickly get the hang of EMS.

The primary interface to EMS is a serial port console called the Special Administration Console, or SAC. You can connect to the SAC console using another PC via a null-modem cable, or you can use a modem or a port on a classic serial-interface terminal server. The current beta doesn’t include support for USB or FireWire connections.

The SAC console provides a suite of functions such as killing a process or restarting the system. Figure 3 shows the SAC console seen from HyperTerminal. EMS also includes a !SAC console that gives OOB access in the event of a system failure. You can use !SAC to view log entries then restart the server. The shift from SAC to !SAC happens automatically in the event of a blue screen stop.

SAC Console
Figure 3. The SAC console seen from HyperTerminal. (Click image to view larger version.)

Windows 2002 includes native support for using the Remote Installation Service, or RIS, to install servers. You can also use RIS to install Windows 2002 on a headless server. Windows 2002 has a special Startrom.com image that redirects the OSChooser menus and character-based output to the server’s serial port. You connect to the serial port, select an image from the installation list, then let the RIS client do its thing. With a properly prepared RIS setup script in place, Setup will finish its chores automatically. In 30 to 40 minutes you can make a Remote Desktop or telnet connection to the server and finish configuring it.

A Quick Recovery
When the drive or array holding the OS decides to go to that big spindle in the sky—notice I say “when,” not “if” (I’m pretty cynical about these things)—you find yourself in something of a quandary. To restore the operating system, you must first install an OS so you can install your tape backup software, mount last night’s tape and restore the original contents of the drive. Installing a fresh OS takes time, and if your server uses an OEM HAL or needs special drivers, you’ll spend even more time rooting around for driver disks.

What’s needed is a quick and easy way to recover the OS drive. Nearly all third-party backup applications have an emergency recovery feature of one form or another, and Microsoft includes one in Windows 2002. The feature is called Automated System Recovery (ASR).

ASR takes a snapshot of the operating system partition and saves it to tape (or a file, if you choose). ASR also saves configuration information to a floppy. To perform an ASR restore, boot to the Setup CD and press F5 when prompted. This starts the ASR Wizard. You then mount the ASR tape in the tape drive and the configuration floppy in the floppy drive, click a couple of items in the Wizard, and sit back. The ASR routine partitions the drive based on the original partition information and restores the operating system from the files on the tape. If you’ve made any changes since the last ASR snapshot, you can go on to restore the partition from the last tape backup.

ASR requires that you have an attached tape drive or a drive with media that can be read by the files loaded by the Setup CD. This could require you to install a SCSI card (or FireWire board, or some other mass storage interface) temporarily into the server. That’s still faster than doing a full-blown OS install.

ASR isn’t a replacement for a true image backup such as eSupport Essentials from Previo Inc. (formerly, Stac Software). It does, however, give you a fast, straightforward way to get your system back on the road to wellness.

Best Of The Rest
Every list has a miscellaneous section. For example, whenever I’m asked to list the Seven Dwarves, I always say, “Grumpy, Dopey, Sneezy, Doc, and miscellaneous.” The term miscellaneous may make you think trivial, but frankly, when it comes to simplifying day-to-day administrative chores, I find myself relying quite a bit on little miscellaneous features. Here are a few in Windows 2002.

Without question, the most difficult part of designing an AD domain is deciding how best to configure DNS. Integrating AD into an existing DNS infrastructure can sometimes cause strain in even the most collegial IT groups.

One way of getting around DNS hassles is setting up a Windows DNS server that’s authoritative for the AD domain and forwards all other requests to the main DNS server. This can be difficult to configure, though, if the organization has several DNS domains or maintains extranet connections to outside organizations with their own DNS infrastructure.

Windows 2002 DNS makes it possible to configure forwarding to particular servers based on the domain name associated with the query. For instance, you can forward queries for a subsidiary domain to that subsidiary’s DNS server and all other requests to the main DNS server or to an ISP’s DNS server. Figure 4 shows what this configuration looks like in DNS Management console.

Forwarders tab
Figure 4. The Forwarders tab from the DNS Management console, showing conditional forwarding.

Credentials Caching
It seems that no matter how well you construct your AD forest, you end up with servers that aren’t members of a domain in the forest. You may have standalone servers in your DMZ or application servers whose owners refuse to join them to a domain. Or you may work in an outsource firm with VPN connections to customer servers in a variety of domains. For whatever reason, at some point you find yourself in multiple password purgatory.

Windows 2002 alleviates some of the problems of handling multiple passwords by storing them in a special credentials cache. The cache stores alternate credentials for servers that aren’t in your domain or forest.

The credentials cache is encrypted with the user’s master encryption key and stored in the non-roaming portion of the user profile, similar to the way the system handles Encrypting File System keys.

Device Driver Rollback
How many times have you updated a device driver and watched your system disappear into the Blue Screen of Death? Win2K has a few recovery options. You can try booting to the Last Known Good Configuration, but this only restores the old Registry key, not the original driver. Blue screen again. You can try booting to Safe Mode, but if the driver was part of the initial critical system drivers, it’s hello, Mr. Blue Screen once again. Ultimately, you can boot to the Recovery Console and disable the service or replace or rename the driver. This leaves you with the chore of replacing the driver with the original, which might not be readily available.

Windows 2002 has a new feature called driver rollback. When you replace a device driver, the old driver and its associated Registry entries are saved. If the new driver causes problems, you can boot to Safe Mode, open the properties for the device, and roll back to the original driver. Figure 5 shows the rollback option for a network card driver. If the driver affects a critical system function, you can boot to the Recovery Console, rename the driver to get past the blue screen, then use rollback to restore the original driver.

Alt text here
Figure 5. The device driver rollback option in Device Manager.

NTFS Permissions Calculator
The introduction of inheritable permissions in Win2K added a lot of flexibility to managing large and complex NTFS file systems. Flexibility is inextricably linked to complexity, though, and it can be a little frustrating to determine who has what permissions at any given point in a deep NTFS directory structure.

Windows 2002 improves this situation quite a bit by including an Effective Permissions window as part of the ACL editor. Figure 6 shows an example. All you need to do is open the Security properties for a particular folder or file, select the Effective Permissions tab, and enter the name of a user or group; the display shows you the permissions that would be applied.

Effective Permissions tab
Figure 6. The Effective Permissions tab of the NTFS Security Settings window.

What’s Not So Hot
At the beginning of this article, I said there was some goo as well as glory in Windows 2002. One of the gooiest, stickiest and messiest of the new features involves copy protection.

There’s no doubt whatsoever that piracy runs rampant throughout the world. Who knows how many millions of copies of software are used daily without a nickel going to the vendor that created and marketed that software? Vendors have tried many forms of copy protection over the years to control this unlicensed use of their products. Except for niche, high-value products, though, the marketplace has rejected most copy protection schemes—not because users in the marketplace like stealing software, but because most copy protection schemes place an inordinate burden on the administration of the product.

Starting with Windows 2002 (and Office XP as well), Microsoft has decided to cross the copy protection Rubicon with a product activation feature designed to ensure that each particular copy of Windows 2002 is installed on one—and only one—computer. Each retail copy of Windows 2002 must be activated within 30 days of installation. If you fail to activate the product, it’ll cease to function in any way except to support the product activation process.

Activation’s managed by a service called Out-of-Box-Experience, or OOBE. The interface for the service takes the form of an Activation Wizard. During the initial operating system installation, Setup prompts for the 25-character Product Key printed on the jewel box or CD sleeve. This uniquely identifies a single instance of the product.

At the first logon following Setup, the Activation Wizard launches and calculates an Installation ID. This ID is derived from certain key hardware items. Microsoft hasn’t (and probably won’t) reveal which components go into the algorithm. More on this in a moment.

The Wizard then contacts an activation center clearinghouse to obtain an Activation ID. This can be done across the Internet if you have an existing connection or by modem. The ID can also be obtained from a customer support center, which has a local phone number in almost every country. The Activation Wizard prompts you with the Installation ID and gives you a place to enter the (very long) Activation ID. Figure 7 shows an example.

Product Activation Wizard
Figure 7. The Product Activation Wizard, showing Installation ID and entry form for Activation ID. (Click image to view larger version.)

The good news, at least for corporate users, is that product activation is only required for retail versions of Windows 2002. Products purchased under volume agreements or master licensing arrangements are exempt from per-seat activation. The master license itself must be activated, but only once.

There are dozens of issues involved in product activation, most of them centering around privacy and maintenance. Let me cover a few highlights.

If the work doesn’t affect hardware used to calculate the activation algorithm, then nothing happens. Microsoft won’t say exactly what hardware goes into the calculation, but it doesn’t appear to include network cards, video boards, or the like.

Additional Information

To learn more about Windows 2002, the best place to start is, of course, the source. Find the general description page at www.microsoft.com/WINDOWS2000/
future/whistler.asp

Beta 2 of Windows 2002 and XP is available if you have a subscription to MSDN or TechNet Plus. You can sign up for the XP Preview program for $10 to be included in the distribution of the final XP release candidates. Go to Microsoft’s XP beta site listed above at www.Microsoft.com/
windowsxp
.

A Windows 2002 site should be forthcoming as the server products get closer to release.

Download the most current Software Developer’s Kit (SDK) at http://msdn.Microsoft.com/
msdownload/platformsdk/
sdkupdate/
. The documentation contains lots of information about how Windows 2002 and XP function and plenty of sample scripts.

To compare how Microsoft did on fulfilling one user’s Windows 2002 requests, see, “My Whistler Whish List,” by Jeremy Moskowitz in the March issue of MCP Magazine.

Intel’s Web site for Itanium information is at http://developer.intel.com/
design/IA-64/index.htm
. To learn more about the Extensible Firmware Interface (EFI) specification, go to http://intel.com/technology/
efi/drafts_overview.htm
.

If you reinstall the operating system on the same machine, then reactivation takes place automatically (if you have an Internet or modem connection). Somewhere in the bowels of Microsoft, the Activation Wizard modifies a database record to indicate that Product Key XXXXXXX has been reinstalled using the same Activation ID and that’s that. The same is true if you phone a customer service center.

If you replace key hardware components, move the operating system drive to another machine, or reinstall the same Product ID on different hardware, then you’ll need to contact a customer service center to explain the circumstances and get a new Installation ID. Support centers are open 24x7.

This copy protection scheme will undoubtedly have lots of growing pains. It’s been in operation for a while in Australia and some Pacific Rim countries and is now making its North American and European debut with Office XP.

Is Windows 2002 Worth The Wait?
Administrators often ask, “Should we postpone our Win2K server migration and wait for Windows 2002?” If I may borrow a phrase from my nuclear submarine days, “Proceed all ahead flank with Win2K and don’t spare the neutrons.” The sooner you can get out from under the limitations of classic NT, the better. You can always upgrade to Windows 2002 when it becomes available.

The features in Windows 2002 make it a compelling upgrade opportunity. The new Forest Trust gives large organizations the design flexibility to quickly absorb and divest business units. The replication engine modification that treats individual group members as discrete units gives administrators the freedom to modify group membership on any DC without worrying about stepping on each other’s work. The new Terminal Server features make Windows 2002 truly competitive to Citrix MetaFrame in features and performance. Best of all is the ability to manage a group of servers quickly and easily using command-line utilities and scripts.

Final release of Windows 2002 server is still months away. Microsoft hasn’t firmed up packaging or pricing. Beta 2 of Server and Advanced Server are available for evaluation. Get a copy and start testing in your lab. I think you’ll like what you see.

Featured