W2K Education is a Must

After returning from the Windows 2000 launch in San Francisco in late February, final release code in hand, I have spent every minute of my spare time pouring over Windows 2000 installation and configuration. I tried several different system configurations, installed Active Directory, DNS (domain name system), used the client management tools, and drove policies across my network. Windows 2000 has some really cool technology.

So what have I learned? If I had to sum it up in one statement, it would be get started on learning about Windows 2000. Figure out how your organization might deploy it, whether or not you currently have plans to use it. Be forewarned, knowledge of Windows NT 4.0 doesn’t necessarily translate into mastery over Windows 2000.

Just learning how to configure Organizational Units and how to apply group policies to them is an eye-opening experience. On a single system with a limited number of inherited policies, it’s fairly straight forward. You can issue a domainwide policy that doesn’t override local policies, then configure local policies for your users and live happily ever after.

But life is not that simple. Group policies are most effective when there are not a huge number of them. This means policy inheritance will be a fact of life; it also means you need to consider what happens when you start to inherit divisional and corporate-level policies that conflict with your Organizational Unit policies.

It is possible to prevent higher-priority policies from overriding Organizational Unit policies -- but only if higher level policies are not configured to prevent overriding. But by doing so, you are ensuring the number of policies created throughout your organization will grow exponentially and on an ad-hoc basis. Letting this happen erodes away one of the key benefits of a managed environment.

What’s worse is it can be difficult to tell at a glance which policies conflict with others, and what resulting policy rules will be enforced on a given client system.

Application repackaging is another area that will present challenges. New applications may come with the right install files, but existing applications need to be repackaged to be deployed by IntelliMirror. Without that package format, you can’t take advantage of the publish and assign application deployment technology in Windows 2000. Finally, if you have a mixed Windows and Unix shop, you have to decide how to resolve the static vs. dynamic DNS issue.

I recently spoke with Henry Nash, director of development and one of the key people running the Windows 2000 deployment program at Credit Suisse First Boston. As one of Microsoft’s rapid deployment program partners, Credit Suisse First Boston has an aggressive program in place to move to Windows 2000.

As of mid-February, the company had 100 Windows 2000 Servers installed and another 500 clients. The company’s target is about 15,000 client machines and 6,000 servers. Full deployment will take several years. The company is moving from a heavy Windows NT environment -- desktop and server -- to an end-to-end Windows 2000 configuration.

Among the lessons they’ve learned is that Active Directory planning takes three to six months of planning. "You need buy-in from many more people than you think. You think it’s a technical problem, but it’s not. If you want to have separate infrastructures in some locations, that has a lot of impact on how you set up Active Directory," Nash observed. He cautions to do it once, and do it right. "Like all directory structures, changing [Active Directory] after you’ve deployed [it] is really hard."

If you’re not a member of the rapid deployment program, chances are good that you’re only starting to think about how you might move to Windows 2000. If you’re not planning to move to Windows 2000, you still need to think through how you might move to Windows 2000, in case it starts to happen without your input.

If you don’t have the resources to set up a test configuration, enroll in a training class to learn about Windows 2000 deployment and configuration. It will be time well-spent if you plan to move to Windows 2000, or even if you don’t plan to move to Windows 2000. But you’ll have good, technical reasons to back up your decision. --Al Gillen is research manager for server Infrastructure software at IDC. (www.idc.com) and former editor-in-chief of ENT. Contact him at agillen@idc.com.