Eric Bursley |
 |
Windows 2000:
|
In my last article I briefing touched on Intellimirror and the Active Directory features of Windows 2000. In this article I'm going to discuss them further in the hopes that you will understand this new feature that Microsoft has created.
Intellimirror will allow technical professionals to remotely install Windows 2000 Professional over the network. This will also allow for the installation and maintenance of applications, plus manage user and computer settings. Lastly, it will allow users to have their data and applications follow them from computer to computer.
To start the Intellimirror service you will need several things set up. First you will need a Windows 2000 Server installed with Remote Installation Services. This can be set up during installation of the server, or later using the add/remove programs applet on the control panel. For remote installation, your clients must have supported network hardware such as a Network PC (NetPC), PXE (Pre Boot Execution) Compatible Network Adapter, or a Boot disk with a Supported Network Adapter driver.
For Intellimirror to work properly, the following network services will also need to be installed: DHCP to assign IP address to remote boot computers, Domain Name Service to locate the directory service to authorize computer accounts, the Active Directory to locate the deployment servers and client computer accounts and finally the Remote Installation Services to manage the images and requests from the client computers.
The first stage of the Intellimirror process is when the client boots. It requests an IP address and the address of the Deployment Server. The DCHP server responds in kind with both addresses. Once the client knows the IP address, it looks for the deployment server using the Active Directory. The Deployment Server then looks over the request for the client and either gives options for the installation or passes the request onto another Deployment Server. These options will allow the user to determine which operating system they would need, or which type of installation. They can also determine whether this would be for the finance department, for example, or for managers. The installation process will then install the appropriate software needed.
The second stage of the Intellimirror process comes after the client is installed. The network administrator using the remote installation services can push applications to the client computer within their network. The applications will then appear on their start menus. The first time the user clicks on this application it will install the necessary components, and configure them for the user.
The third stage comes while the user is using the computers. Instead of the user needing to know where their software and data is, their data and software will go with them. Not only does this make it really convenient for the user, but also provides a way to keep his/her data safe. If for some reason the client computer crashes, and the hard drive needs to be replaced, the user can just install the new hard drive, and boot the computer. Intellimirror will automatically reinstall the operating system that was on it, and the data that the user needs can be copied back from the server.
With this kind of deployment a company will have a powerful utility to update antiquated operating systems and to make sure that all systems have the latest software. This will also ensure the company experiences less downtime, and will reduce the chance of losing valuable data.
The Active Directory is Microsoft's implementation of directory services. Microsoft's plan is to reduce the clutter of your network, and to allow users to find printers, file servers, and other objects in their local area more easily. If you look at today's NT network, it is very cluttered. The network that I use every day at work is a good example. If I double click on the Network Neighborhood I see a list of more than 2000 computers, all with encrypted names, and virtually no descriptions. The Active Directory will allow companies like mine to remove this clutter by setting up Organizational Units and Sites.
An Organizational Unit (OU) is similar to a resource domain in the NT4 world, but not exactly. The OU will allow network administrators the capability to allow certain users in various portions of a domain to control devices in their area. In other words if your network is spread across several physical locations, the Network Administrator can allow a manager in an area, for example, to control the print jobs on the printer in his area, but not for all printers on a file/print server.
The OU is a subdivision of the Windows 2000 domain. You can use it to divide the administration rolls out to the people that should have control instead of the Network Administrator that sometimes is never seen. In this aspect the OU is very similar to the Resource Domain of NT4.
The Active Directory also uses a hierarchical structure to store information. It does this by dividing the domain into trees and in some cases forests. The Active Directory uses domain names to structure the tree.
The domain tree structure is organized so that no trust is needed between the domains. This is because the sub domains are still part of the primary domain as shown in figure one. This is not true of the forest however. When setting up a forest, you will need to set a trust between the two domains. This will allow users of one domain to be authenticated by the other domain. Doing this will not automatically allow users access to the domain's resources. This is still authenticated by the user's rights.
Also in the Active Directory you have Sites. A Site is a physical location within your domain. For example, if you have 4 buildings spread across a city within your organization, you can separate your domain into Sites. This will assist users while viewing the catalog of the Active Directory to know where file servers are and where printers are. Continuing the example, if you were a new employee and you needed to use a printer in Building 4 on the 3rd floor east wing, you would start your search by viewing resources of building 4. You would then go to the 3rd floor and then to the East wing. The Active Directory will then show you the printers in this location.
This will also allow persons in the company to find printers at remote locations. For example, Let's say you work for a worldwide company, and you were based out of Austin TX. You need to send a hard copy of a new document to the Vice President of sales for your European Division. Using the Active Directory you can locate the printer at the Vice President's desk, and send the document to it. No faxing or email would be required.
This overview is not all-inclusive for Intellimirror or the Active Directory. I may have covered about 15% of what each of these new features of Windows 2000 Server can do. Since these are complex topics I may cover them again in future articles.
This past week I also installed Windows 2000 Server RC1. I performed an upgrade over Win2k Server RC0. The upgrade took about an hour and presented no questions at all. One bug/problem that I may have found, though, is in the boot.ini file. The default boot.ini file that was installed is not correct for a system with IDE hard drives. The boot time takes an extra 10 seconds unless you change the boot.ini file. I'm not sure if this is an actual bug, or whether Microsoft intended the boot.ini to only work with SCSI systems. I will cover the new update of Win2k Server RC1 in my next article.
Eric Bursley, MCSE
Network Engineer / Analyst
Personal Home Page