Comparing Sun Solaris 7, Windows nt server 0, and Windows 2000 Server

Windows 2000 Server Implementation Details

Management Presentation Services

The console itself is a Windows-based multiple document interface (MDI) application that heavily utilizes Internet technologies. The MMC does not provide any management behavior, but it provides a common environment for snap-ins, which are written both by Microsoft and independent software vendors. The snap-ins themselves provide the actual management functionality.

The MMC interfaces permit the snap-ins to integrate with the console. These interfaces only deal with user interface extensions. The author of the snap-in determines the functionality of each snap-in. The relationship with the console is that it shares a common hosting environment and cross-application integration. Development framework to build MMC-based applications is provided as part of the Windows Software Developer Kit (SDK) and is available for general use.

Administrators can create custom management consoles by combining various snap-ins and then saving the console for later use or sharing with other administrators. This model provides the administrator with efficient tool customization and the ability to create multiple tools of different levels of complexity for task delegation, among other benefits. Administrators can define the configuration of snap-ins to manage a particular problem, save the configuration as a compound file, and then send it to others as the de facto environment in which to manage the scenario at hand.

Although it was introduced in Windows NT Server 4.0, the implementation in Windows 2000 Server contains numerous snap-ins to accomplish common management tasks. Some examples of MMC snap-ins are:

• 
  Computer Management snap-in is an administrator’s computer configuration tool. It is designed to work with a single computer, and all of its features can be used from a remote computer, allowing an administrator to troubleshoot and configure a computer from any location on the same network. It provides access to the base Windows 2000 Server tools (viewing events, creating shares, managing devices, and so forth), but also dynamically discovers what server services and applications there are to administer.
  
• 
  Disk Management snap-in is a graphical tool for managing disks that replaces the Disk Administrator from prior versions of Windows NT. It supports partitions, logical drives, and the new dynamic volumes. It contains shortcut menus and wizards to simplify creating volumes as well as initializing and upgrading disks. All changes are dynamic and can be implemented without rebooting the system or interrupting users.
  
• 
  System Service Management snap-in allows administrators to stop, start, pause, and resume services on local and remote computers, replacing the Service Control Panel application from previous versions of Windows NT. Service monitoring support is also provided to allow Windows 2000 Server to automatically restart the service, run a script or .exe, or reboot the server in the event that a mission-critical service fails.
  
• 
  Device Manager and Hardware Wizard provides a snap-in that allows administrators to configure devices and resources on the system. Adding new hardware, changing device properties, unplugging or ejecting devices, and resolving hardware conflicts can all be easily accomplished within this module.
  

Management Instrumentation Services

WMI in Windows 2000 Server has both a Kernel-Mode and User-Mode component. WMI unifies management instrumentation from many diverse sources into a single model and expresses the information using a WBEM-compliant data schema known as the Common Information Model (CIM). Via CIM, WMI allows management applications used by the administrator to access and control all managed devices, drivers, services, and applications in a single, consistent way. At the kernel level in Windows NT, WMI is also used to manage drivers operating within the Windows Driver Model (WDM). Services also exist to collect data from the 32-bit Windows environment, data from the Registry, from the Performance Monitor and from SNMP and DMI. This data is all consolidated within WMI and then presented via CIM.

Via WMI, Windows-based management applications can use DCOM/COM-based applications to access, monitor, and control devices and applications either as discrete elements or as independent components within the enterprise. These interfaces are accessible for programs and scripts, either directly through its own API set or through ODBC, OLE DB, and ADSI. From non-Windows environments, access to the schema will also be available via popular Web based technologies such as XML, HTML, and ASP.

CIM has become widely supported by third-party vendors as a means of gathering management information via WMI. Microsoft Systems Management Server 2.0 in conjunction with third-party solutions from major players such as BMC Software, Compuware Corporation, Computer Associates International, Hewlett-Packard, and Tivoli Systems have all announced support for CIM on Windows 2000 Server.

As with Windows NT Server 4.0, a Simple Networking Management Protocol (SNMP) monitoring agent is also included, allowing any standardized SNMP management package to monitor machines running Windows 2000 Server.

Management Scripting Services

WSH is a language-independent scripting host for ActiveX scripting engines running on 32-bit Windows platforms. WSH allows scripts to be run directly on the desktop or from the command prompt. Both Microsoft VBScript and Microsoft JScript development software are supported as scripting language choices as part of the Windows 2000 operating system. There is also a Perl engine available with the services for UNIX add-on pack. Third parties can also provide ActiveX scripting engines for other popular languages such as TCL, REXX, Python, and others.

Two separate ActiveX interfaces are provided. Administrators can use that object provided by Windows Script Host (WSH) and any ActiveX controls that expose ActiveX automation interfaces to perform various administrative tasks on the Windows platform.

Automation can be provided through defining a scripted action as a result of one or more events occurring, where the script acts on controllable applications either via ActiveX Automation, or indirectly via CIM. In more complex situations, an action may take place as a result of events arriving over time in a specific sequence. Administrators can also use the object interfaces provided by WSH and any ActiveX controls that expose automation interfaces to perform various administrative tasks against the operating system.

Another powerful management scripting feature of Windows 2000 is the net shell (netsh). Net shell provides a command-line interface for configuring routing, remote access, DHCP, WINS and other essential network services. Not only can administrators configure these services, but they can use netsh to create scripts to automate local and remote service management as well. The net shell also features single command configuration save and restore for routing, remote access, DHCP, WINS and other supported services.

Group Policy Services

Administrators can use the Group Policy Editor and its extension to define Group Policy options for managed desktop configurations for computers and users. With the Group Policy Editor, administrators can specify the following settings:

• 
  Software Policies, to mandate registry settings on the desktop, including operating system components and applications.
  
• 
  Scripts (such as computer startup and shutdown, logon and logoff).
  
• 
  Software Installation options including lists of available applications for users, and so forth.
  
• 
  User and Data Settings for file deployment and redirecting special folders.
  
• 
  Security Settings to configure access restrictions for both the local computer as well as domain and network related options.
  

The specifics of the Group Policy infrastructure in Windows 2000 Server can be summarized as follows:

• 
  Administrative Templates – The Group Policy Editor requires a source to create the user interface settings an administrator can set. For this purpose, the Group Policy Editor can use either an MMC extension snap-in to the Group Policy Editor snap-in or an ASCII file referred to as an administrative template. The administrative template specifies the registry settings that can be modified through the Software Policies extension of the Group Policy Editor. It consists of a hierarchy of categories and subcategories that together define how the options are displayed through the Group Policy Editor user interface. It also indicates the registry locations where changes should be made if a particular selection is made, specifies any options or restrictions (in values) that are associated with the selection, and in some cases specifies a default value to use if a selection is activated.
  
• 
  Group Policy Editor – The Group Policy Editor is an MMC snap-in that includes built-in features for setting Group Policy. Group policies define the various components of the user’s environment that system administrators need to manage and include software settings, application deployment options, scripts, user data and settings options, and security settings.
  
• 
  Application Deployment Editor – The Application Deployment Editor is an MMC snap-in extension of the Group Policy Editor that to centrally manage software distribution. With the Application Deployment Editor, administrators can install, assign, publish, update, repair, and remove software for groups of users and computers.
  
• 
  Security Configuration Editor – The Security Configuration Editor is used by the Group Policy Editor to define security configuration for computers within a Group Policy Object. A security configuration consists of security settings applied to each security area supported for Windows 2000 Professional or Server. This security configuration is included within a GPO and is then applied to computers as part of the Group Policy enforcement. Areas that can be configured via the Security Configuration Editor include the following:
  
• 
  Account Policies – Refers to computer settings for password policy, lockout policy, and Kerberos policy in Windows NT domains.
  
• 
  Local Policies – Includes security settings for Audit policy, user rights assignment, and security options. Local policy allows administrators to configure who has local or network access to the computer and how local events are audited.
  
• 
  Event Log – Controls security settings for the Application, Security, and System event logs. Administrators can access these logs using the Event Viewer.
  
• 
  Restricted Groups – Computer security settings for built-in groups that have certain predefined capabilities. Restricted Group policies affect the memberships of groups such as the built-in local groups including Administrators, Power Users, Print Operators, and Server Operators or global groups such as Domain Administrators.
  
• 
  System Services – Controls configuration settings and security options for system services such as network services, file and print services, telephony and fax services, Internet services, and so forth. The Security Settings extension directly supports general settings for each system service including startup mode and security on that service.
  
• 
  Registry – Used to configure and analyze settings for security descriptors (including object ownership), the Access Control List (ACL), and auditing information for each object (volume, directory, or file) in the local file system.
  
• 
  
  
• 
  Windows Installer Service – The Windows Installer Service is responsible for managing application installation, modification, repairs, and removal. It includes an operating system-resident install service, a standard format for component management, and a management API for applications and tools. The elements comprising the Windows Installer Service can be summarized as follows:
  
• 
  Resident Install Service – Windows Installer Service is a resident feature of the Windows 2000 operating system. It will also be provided via a redistributable pack for Windows 9x and Windows NT 4.0 platforms. The Windows Installer Service Pack for those platforms will be made available to the developer community for distribution as part of their products. Once installed in the operating system, the Windows Installer Service can process installation requests from Windows installer-enabled applications. Future versions of the Designed for Microsoft Windows Logo Program will standardize on Windows Installer for setup.
  
• 
  Component Management Format – Windows Installer views all applications as being composed of three logical building blocks – products, features, and components. A product corresponds to a single package or SKU. Features refer to parts of a product from the user’s perspective. Finally, a component refers to the parts of a product from the developer’s perspective. Each Windows installer product is described in the form of a single Windows Installer package file. This file (.msi) is in a database format that has been optimized for installation performance and describes, among other things, the relationships between features, components, and resources for a given product. At installation time, the Windows Installer service opens the package file for the product and determines the installation operations that must be performed to install that product.
  
• 
  Management API – The Windows Installer Service provides management API-enabling tools which allow application developers to programmatically inventory a computer’s contents, install and configure Windows Installer products, install and configure Windows Installer features, and determine the path to specific Windows Installer components on the computer. The most key feature of the management API is that it allows the Windows Installer service to manage all file paths on behalf of an application. At runtime, a Windows Installer-installed application can ask the Windows Installer service for the path to a given component. This level of indirection completely frees applications from hard dependency on static file paths.
  
• 
  On-Demand Installation of Products – Windows Installer supports advertisement at the product level. Both the Shell and OLE use the Windows Installer Management API in Windows 2000 Server, therefore allowing an entire product to be advertised. Advertising a product installs only the entry points to it, including desktop and Start menu shortcuts, file extensions, and OLE registration. When a user triggers the activation of the application, the operating system calls Windows Installer to install the necessary features of the advertised product. When the installation is complete, Windows Installer will automatically launch the application for the user.
  
• 
  On-Demand Installation from Within Applications – The on-demand install capability ensures that all application features are available to users – even those that were not previously installed. Instead of requiring users to rerun Setup to add optional components, Windows Installer is automatically called when a user makes a feature request to silently install the optional components.
  
• 
  Runtime Resource Resiliency – The Windows Installer management API enables dynamic repair of an application in much the same way that it enables on-demand installation. When an application calls Windows Installer to resolve a path, Windows Installer performs two checks. The first verifies that the requested component is installed. The second verifies whether or not the component is properly installed (assuming that the first check succeeded). In the case that it is not, an on-demand repair shall be performed, allowing applications to repair itself silently within the course of normal usage.