Let’s move on now to what’s really important in this chapter: my opinion (grin). What follows is my personal expression of things I really like about Windows 2000 and why I like them. (My gripes follow in the next section, which is somewhat longer than this one.)
I must confess I like the Microsoft Management Console (MMC) and consider it a big improvement over the old Windows NT administration tools. I can add all the snap-ins I want to a single console and manage virtually anything on any machine in the network. This is cool. In addition, I can customize the console with taskpads and different views, and I would do so if I only had the time (see the beginning of Chapter 5, for a brief walk-through on how to customize MMC consoles). The one thing Windows 2000 hasn’t done for me yet is provide me with more hours in the day.
I love the idea that I can remotely administer Windows 2000 servers from a 486 running Windows 95 with the Terminal Services Client installed. I was ready to toss out my old hardware or donate it to the Linux community until I found out I could breathe new life into old hardware by running Terminal Services on my network. Now if only I could run it from my Palm Pilot using a wireless modem while flying at 28,000 feet to the Bahamas . . .
Finally, a real directory service for Microsoft Windows! NT just didn’t cut it with its one-way trusts and flat domain namespace. Active Directory lets you build real enterprise-level networks with hierarchical structure that facilitates distributed management through delegation and Group Policy. And it’s simple to install and get going, although any real implementation requires careful planning so you won’t have to trash it later and start from scratch.
Active Directory Service Interface (ADSI) is a standard set of interfaces for accessing and manipulating information in a directory, as in Active Directory. Using ASDI, you can write scripts to automatically manage users, groups, computers, services, shares, print queues, and just about anything else on Windows 2000. Great stuff!
One of my favorite Windows 2000 Server features is Group Policy, a powerful tool for performing tasks such as managing and locking down user and computer configuration settings on desktop machines; remotely installing software packages; controlling security settings across sites, domains, and organizational units in the enterprise; redirecting users’ work folders to network file servers for easy backup and management; configuring how startup, shutdown, logon, and logoff scripts will run; and so on. And all this can be managed from any Professional machine on which the Windows 2000 administration tools have been installed!
Something that really should have been included in NT (and could have been, since the underlying filesystem architecture was built to support it) is disk quotas. Disk quotas let you manage how much disk space users can use on an NTFS volume.
I always used to worry that a lost laptop meant data falling into the wrong hands. But not with Windows 2000 (as long as the user doesn’t have a blank password configured!) The Encrypting File System can encrypt data in selected folders on NTFS volumes so that it cannot be accessed and understood by anyone except the logged-on user (or a designated administrator). This feature, together with Windows 2000’s support for Plug and Play ACPI power management, makes Windows 2000 a laptop user’s dream (and a dream for administrators whose users use laptops).
On Windows NT, third-party vendors supplied much needed tools for accessing NTFS partitions from a command prompt. Windows 2000 goes one better by including an optional Recovery Console you can install and use if any of your critical system files become corrupt or go missing and prevent you from booting to the GUI. If this happens, you can use the Recovery Console to copy system files from the Windows 2000 CD or a distribution server and fix your system so it can boot properly. Good stuff.
Microsoft has
powerfully enhanced the Windows command set with new commands,
including the powerful Netshell (netsh
)
command, which you can use to do automated or batch administration of
DHCP, WINS, and remote-access servers. The new Secondary Logon
feature lets you perform administrative tasks while logged on to a
workstation with an ordinary domain user account. A new
auto-completion feature lets you enter the start of a file or folder
name and have Windows 2000 guess the rest and complete it for you.
All in all, you can do a lot more administration (including remote
administration) from the command line than you could using Windows
NT.
I love the two accessibility features, Magnifier and On-Screen Keyboard. They’re implemented wonderfully and are fun to play with. (I don’t have any serious disabilities myself, except my sense of humor.) On the other hand, Narrator definitely needs some work, as I can’t understand a word it says.
Internet printing is a great new feature, allowing you to print to a print device on the Internet or a corporate intranet using a URL. Very cool.
Right-click on My Computer and select Manage, and the Computer Management administrative console opens up. This is a nice touch, but it would be nice to see it elsewhere, like right-click on My Network Places and select Configure to set up your network, or right-click on My Documents and select Redirect to change the target location for the folder to a network share, or right-click on a folder in Windows Explorer and select Security to open the property sheet for the folder with the focus on the security tab (they did this for Sharing, right?), and so on.
Speaking of right-clicking, try opening the Start menu and, while you’re pointing to some Start menu item (like Imaging in the Accessories program group), right-click on the item and select Properties. This is a fast way of determining the executable file associated with an item on the Start menu, so you can run the file from the command line in the future. Or you can select Sort by Name to rearrange the order of items in your Start menu (this should be done automatically though).
And speaking of the command-line, right-click on the taskbar at the bottom of the screen, and select Toolbars → Address to put an Address bar right on the taskbar (you can also drag it off and have it float). Type anything into this Address bar to run or open it; for example, type My Computer, Control Panel, C:, C:\Winnt, a UNC path, a URL, or a command. If you type something Windows doesn’t recognize, it assumes you have entered a URL and opens Internet Explorer to find the item on the Internet.
Enough! I’m happy with the product. It’s time to voice a few gripes, though.
Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.