Sunteți pe pagina 1din 16

Windows 2000

Discovering and Deploying Windows 2000

Student Guide MS120

Release 1.0 ED2KZ9DDW2P

- PROPRIETARY AND CONFIDENTIAL INFORMATION These education materials and related computer software program (hereinafter referred to as the "Education Materials") is for th e end users informational purposes only and is subject to change or withdrawal by Computer Associates International, Inc. ("CA") at any time. These Educat ion Materials may not be copied, transferred, reproduced, disclosed or distributed, in whole or in part, without the prior written consent of CA. These Education Materials are proprietary information and a trade secret of CA. Title to these Education Materials remain with CA, and these Education Materials are protected by the copyright, trademark and trade secret laws of the United States and international treaties. All authorized reproductions must be marked with this legend.

RESTRICTED RIGHTS LEGEND TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THESE EDUCATIONAL MATERIALS "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THESE EDUCATION MATERIALS, INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE. THE USE OF ANY PRODUCT REFERENCED IN THESE EDUCATION MATERIALS AND THESE EDUCATION MATERIALS IS GOVERNED BY THE END USERS APPLICABLE LICENSE AGREEMENT. The manufacturer of this documentation is Computer Associates International, Inc. Provided with "Restricted Rights" as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or DFARS Section 252.227.7013(c)(1)(ii) or applicable successor provisions.

2000 Computer Associates International, Inc. - Mark Phillips, Contributing Editor - John Melendez, Managing Editor One Computer Associates Plaza, Islandia, NY 11749 All rights reserved. All trademarks, trade names, service marks or logos referenced herein belong to their respective companies. Call Computer Associates technical services for any information not covered in this manual or the related publications. In North America, see your Computer Associates Product Support Directory for the appropriate telephone number to call for direct support, or you may call 1 -800-645-3042 or 516342-4683 and your call will be returned as soon as possible. Outside North America, contact your local Computer Associates technical support center for assistance.

Table of Contents
1 Whats New in Windows 2000
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Microsoft Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Task Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Windows 2000 Enhanced Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 IntelliMirror Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Remote Boot Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Active Directory Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Offline Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Synchronization Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Windows Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Application Deployment Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 Remote Installation Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 Roaming Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 Flexible Querying of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14 Security of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14 Replication of Information for Performance and Fault Tolerance . . . . . . . . . . . . . . . . . 1-15 Partitioning of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 Extensibility of the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 Integration with DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 Interoperation with Other Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17 Active Directory Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20 Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20 Smart Card Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21 Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 Storage Features and Disk Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 Disk Defragmenter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 Clustering Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25 Plug and Play and More . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28

Computer Associates International Discovering and Deploying Windows 2000 MS120

iii I

1
Whats New in Windows 2000

Whats New in Windows 2000


Module 1

Computer Associates International Discovering and Deploying Windows 2000 MS120 1- 1

I Whats New in Windows 2000


Introduction

Introduction
From the outset, Microsoft designed Windows NT to provide a fully integrated, extensible networking architecture. They designed the NT operating system to be portable, robust, and reliable also ensuring the security and stability of network and server. Windows 2000 furthers these advances in distributed computing made by NT 4.0. Microsoft 2000 Server is a multipurpose operating system built on a reliable, secure, and open architecture. New features in Windows 2000 provide improved performance and more cost-effective networking. The advanced capabilities of Active Directory, Dynamic DNS, Microsoft Management Console, Zero Administration for Windows, and other features combine to make a powerful tool kit for developing and deploying enterprise applications. Microsoft Windows 2000 provides a scalable, reliable, and secure infrastructure capable of serving the overwhelming majority of enterprise customer needs.

I 1- 2

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Microsoft Management Console

Microsoft Management Console


A Shell for holding snap-in Applications Provides a Toolkit for Administrators Unique to each Support Person Author Mode and User Mode Task Pads The ultimate Control Panel for Win2K

Microsoft Management Console


Microsoft revamped the way you administer your network under Windows 2000. They designated the Microsoft Management Console (MMC) as the native administration tool for Windows by providing a common management framework for network management. Instead of having various applications on your server to manage your network, you use the MMC as a shell for snap-in applications. The MMC hosts monitoring and configuration tools for the entire enterprise, presenting them in a consistent graphical interface that bundles information and functionality. For example, the MMC enables you to access and use tools such as User Manager, Disk Administrator, and Event Viewer from a single interface, where previously you would have needed to open several administrative tools. The modular architecture of MMC makes it easy for network developers to create snap-in applications that leverage the platform while easing administrative load. A successful transition to Windows 2000 depends greatly on mastering the MMC. The Microsoft Management Console unifies and simplifies day-to-day system management tasks. It hosts tools composed of one or more applications and displays the tools as consoles. You build these tools using one or more modules called snap-ins. The snap-ins may also include additional extension snap-ins. These snap-ins assign functionality that allow single-seat control, monitoring, and administration of widespread network resources. The MMC organizes the snap-ins in a tree-like hierarchy. Since snap-ins are removable, you can customize the tools you need and distribute them

Computer Associates International Discovering and Deploying Windows 2000 MS120 1- 3

I Whats New in Windows 2000


Microsoft Management Console

to your administrators. Microsoft provides standard tools with the operating system that help users perform everyday administrative tasks. These are part of the All Users profile of the computer and are located in the Administrative Tools group on the Startup menu.

A powerful feature of the Microsoft Management Console is that it enables system administrators to create special tools that delegate specific administrative tasks to users or groups. Building tools with MMCs standard user interface is simple. System administrators start with an existing console and modify or add components to fulfill their needs, or they can create an entirely new console. They can scale a tool up or down, integrate it seamlessly into the operating system, repackage it, and customize it. When they save these custom tools as MMC saved console (MSC) files, administrators can send the files by email, share them in a network folder, or post them on the Web. In addition, administrators can use system Group Policy settings to assign tools to users, groups, or computers. With the MMC, system administrators can create unique consoles for workgroup managers. When managers open a document, they may access only those tools provided by the administrator. Microsoft considers the MSC files a new paradigm for file types. Console files are like document files. MMC snap-ins initialize and manipulate MSC files. The MMC is part of the Software Developers Kit (SDK), thereby enabling developers to extend Microsoft tools. For example, in NT 4.0 the Event Viewer does not let developers extend its functionality to their own custom application. With the MMC, developers can write their own diagnostic snap-in and have the event log be an extension of their MMC snap-in. The default MSC files for the native administrative tool are in the \WINNT\system32 folder of the system root.

I 1- 4

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Microsoft Management Console

The console does not manage behaviorthe MMC is essentially a web browser (albeit highly powerful and flexible). Administrators no longer need to isolate problems through Network Monitor and open an additional container to configure or troubleshoot these problems. Instead, they do all work through the MMC and its snapins. The MMC snap-ins are actually COM programs that either stand alone or serve as extensions to existing, independent snap-ins. For example, the Event Viewer and other native administration tools can serve as independent snap-ins or as extensions to a customized snap-in written by Microsoft or third-party developers. The MMC graphical interface has two views that are very similar to Microsoft Explorer. The leftmost view is the Scope Pane, which displays the master tree of the saved console file. The other view is the Results Pane, which shows details of a selected area of the Scope Pane. Here are the major features and enhancements that the MMC offers:
I I I I

Author mode (gives administrative control to author of file) Help file index integration with snap-ins Auto-code downloading from server in Windows 2000 Dynamic extensions
Note A snap-in or extension can dynamically load another snap-in or extension

as needed. The stand-alone snap-in will turn on or off other extensions without manual intervention.

The MMC offers two modes: author mode and user mode. In author mode, the author (administrator) of the console file has total control over its contents as well as the MMC toolbar, the snap-in toolbar, and similar administrative elements. Author mode also controls access in user mode; user mode has access only to those items so designated in author mode. The user must be in author mode to change the console file (e.g., load/ unload a snap-in or web page). Through delegated access, administrators can create custom console files that grant full access to users in user mode while restricting those users from loading or unloading snap-ins or changing window views. The MMC also performs enterprise management by supporting roaming users, by controlling access to individual snap-ins, and by customizing the tools to support multitiered management support. Administrators use the Group Policy component to specify users or groups who may author console files, as well as the snap-ins they may use.

Computer Associates International Discovering and Deploying Windows 2000 MS120 1- 5

I Whats New in Windows 2000


Microsoft Management Console

Task Pads
By using Dynamic HTML Task Pads, you can help administrators who work in a taskoriented environment rather than the typical object-oriented environment. For example, you may have Internet Information Server with multiple roots and may want only a particular administrator to manage the Sales virtual root. You delegate this granular level of task through a simplified DHTML-controlled display to accommodate less experienced administrators. This helps them perform particular tasks without having to load or unload the proper snap-in (similar to a customized Administrative Wizard). We recommend installing and storing consoles in a shared volume on the server where all the console files reside together. Administrators may open, load, or unload console files from any machine, or they may have snap-ins load automatically.

I 1- 6

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Windows 2000 Enhanced Management Features

Windows 2000 Enhanced Management Features


IntelliMirror Remote Boot Features Active Directory Manager Group Policy Offline Folders Synchronization Manager Windows Installer Application Deployment Editor Remote Installation Service Roaming Profiles

Windows 2000 Enhanced Management Features


Microsoft has built extensive management features into the Windows 2000 operating system. These features are referred to collectively as application management and fall under the umbrella of IntelliMirror technology from Microsoft. IntelliMirror is replication technology that piggybacks on the NT Server 2000 Active Directory. IntelliMirror lets users store and synchronize data and system resources on 2000-based remote servers and local machines. Besides providing customers with client-side caching and remote-boot capabilities, the interim builds of the IntelliMirror code feature Microsoft Installation Services. This enables administrators to assign and install operating system and application releases from a central code server.

IntelliMirror Features
I

Operating system and application deployment for computers and users (administered via central code server) Scheduled inter-site replication Improved replication topology management Partial replica global catalog Application Deployment Editor tool for publishing and assigning applications

I I I I

Computer Associates International Discovering and Deploying Windows 2000 MS120 1- 7

I Whats New in Windows 2000


Windows 2000 Enhanced Management Features

Remote Boot Features


I I

Functional setup Ability to boot an IntelliMirror client in disconnected mode

Remote Boot Goals


I

Simplify management of server images (the most costly challenge of remote boot today) Automatic O/S update and simple repair Maintain ability to function off line

I I

The following table shows an overview of Windows 2000 management features:


Table 1-1 Windows 2000 Management Features Features Functionality Technology Used

User Document Management

Mirroring of user data to the network and caching of selected network data locally

Active Directory, Group Policy, Offline Folders, Synchronization Manager, Disk Quota, and enhancements to the Windows shell Active Directory, Group Policy, Windows Installer, Application Deployment Editor, Add/Remove Programs control panel, and enhancements to the Windows shell Active Directory, Group Policy, Offline Folders, Roaming User Profiles, and enhancements to the Windows shell Active Directory, Group Policy, Remote Installation Service, Remote Install capable workstation (NetPC, or PC98)

Software Installation

Robust just-in-time software installation (applications, service packs, and operating system upgrades) to users and computers Mirroring of user settings to the network and application of administrator set defaults to the users environment Operating system installation from network servers

User Settings Management

Remote OS Installation

I 1- 8

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Windows 2000 Enhanced Management Features

Active Directory Manager


Active Directory Manager is a Microsoft Management Console snap-in with a unified user interface to add, manage, and control the following objects:
I I I I I

Domains Computers Groups Organizational Units Users

Active Directory Tree Manager


The Active Directory Tree Manager, represented in administrative tools by the Domain Tree Management icon, provides a graphical view of all the domain trees in the forest.
Note Note: A Forest is comprised of domain trees that cooperate with one another

forming noncontiguous namespaces (e.g. acme.com and corp.com).

From this tool, an administrator can manage each of the domains in the forest, manage trust relationships between domains, configure the mode of operation for each domain (Native or Mixed Mode), and configure the alternative User Principal Name (UPN) suffixes for the forest.

Group Policy

Group Policy is the central component of the change and configuration management features of Microsoft Windows 2000. Group Policies specify settings for groups of users and computers, including software policies, software installation, security settings, scripts (computer startup and shutdown; user logon and logoff), and user documents and settings. The administrator uses the Group Policy Editor (GPE) to manage policy. The GPE contains various built-in features for setting policy that third parties can extend the GPE to host other policy settings. A Group Policy Object (GPO) stores all of the data generated by the GPE and these GPOs replicate to all Domain Controllers within a single domain. Group Policy reduces Total Cost of Ownership (TCO) by allowing administrators to enhance and control users desktops. Enabled by Windows 2000 Active Directory, Group Policy includes filtering based on security group membership. Microsoft Windows 2000 Group Policy includes:
I

Software policies registry settings that are written to the HKEY_LOCAL_MACHINE (HKLM) and HKEY_CURRENT_USER (HKCU) trees to configure the behavior of system services, desktop look and feel, and application settings. Software installation the ability to assign or publish an application. Security settings local computer, domain and network security settings

I I

Computer Associates International Discovering and Deploying Windows 2000 MS120 1- 9

I Whats New in Windows 2000


Windows 2000 Enhanced Management Features

File deployment improved features for administrators to more easily determine the files, folders, and applications that a user will be able to access. Administrators have the capability to remotely deploy a file to a users desktop or restrict a group of users from using an application. Folder redirection a unique feature of Windows 2000 that allows users and administrators to redirect the path of a folder to a new location. The new location can be a folder on the local machine or a directory on a network share. Users have the ability to work with shared documents on a secure server as if the documents were based on the local drive. Scripts run by the computer at startup and shutdown or when the user logs on or off the computer.

Offline Folders
Offline folders make it possible for users to work with shared documents. When users enable files or folders to be available offline, they are able to read the copy of the shared files stored on the local machine even if a network failure occurs. When users regain network access, they copy the edited documents back to the network share.

Synchronization Manager

Synchronization Manager compares items on the network to those opened or updated while working offline, and making the most current version available to both your computer and the network. By using Synchronization Manager, you ensure that you have the latest information from your network or the Internet when you are disconnected and working offline. Every time you log on and off your computer, you can have Synchronization Manager automatically synchronize the information that is available to you offline. By synchronizing when you log on, any changes you made offline are saved to the network. In general, you can synchronize any offline items created by programs that support Synchronization Manager, such as Offline Folders or Internet Explorer. You can synchronize individual files, entire folders, and offline Web pages, as well as other items.

Windows Installer
Software installation leverages the new Windows Installer that is a part of the Windows family of operating systems. To manage applications you need applications that can be loaded by Windows Installer. These packages should contain both the Windows Installer instructions for installation, as well as the actual application files and components. Applications that you manage, including the application packages and the application files, have to be available on a network share on your evaluation network. Users need the ability to read from the network share. You accomplish this by creating a network share, copying the Windows Installer packages to the network share, and setting the appropriate permissions for the share (Everyone = Read; Administrators = Full Control, Change, Read). Group Policy ties software installation to the Active Directory. The Application Deployment Editor (ADE) is an extension to the Group Policy Editor (GPE) snap-in to the Microsoft Management Console (MMC). The Active Directory Manager I 1-10

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Windows 2000 Enhanced Management Features

(MMC snap-in) in the Administrative Tools program group already has a GPE snap-in and an ADE extension. You may either follow these steps to configure your own snap-in and extension, or use the Active Directory Manager. Advertising an application makes it appear to be installed on a users desktop. However, an advertised application may not actually be installed. When an application is advertised, the shortcuts for the application are added to the appropriate locations, including the Start menu or the Desktop, and the appropriate collection of Registry entries for the application are added to the local Registry. The Windows Installer then installs the application the first time that the user either selects the application's shortcut from the Start menu or opens a document associated with the application. For example, an administrator at Microsoft might assign the Microsoft Word application to everyone working there. Microsoft Word will be advertised, and therefore it will now be available on everyone's desktop. The next time a person logs on to Windows NT, Microsoft Word will appear on the persons Start menu and the Registry will be updated with the information about the application, including the location of the package and the location of the source files for the installation. With this advertisement information on the users PC, the application will then install the first time that the user activates it. An administrator can assign an application to any person or any computer in a Group Policy Object (GPO). A GPO is typically associated with an Active Directory container, such as a Site, Domain, or Organizational Unit (SDOU). Additionally, an administrator can use a GPO to provide additional granularity for Software Installation. A package contains all the information necessary to describe how to install an application in every conceivable situationon different platforms, with different sets of previously installed products, with previous versions of a product, and with different default installation locations. An administrator may choose to publish an application that is not necessarily required for people to perform their jobs but might occasionally be helpful to them. For example, Microsoft Image Composer is a powerful application that allows people to create illustrations and drawings. Not everyone in an organization may need Image Composer, but some would benefit from having this application available. Therefore, an administrator could decide to publish Image Composer. Published applications do not appear to be installed on the local machine. Published applications are advertised, but the advertisement is made to the Active Directory, rather than to the local PC Registry.

Application Deployment Editor


Windows 2000 Software Installation makes it easy for administrators to ensure that people in their organizations have the software they need. The administrator uses the Application Deployment Editor (ADE) to assign, publish, or upgrade applications for individuals. These managed applications use the Windows Installer service for installation, which is generally transparent to people using the operating system. Most users have minimal interaction with this service. For example, an application that an administrator assigns to a user will be visible on that users Start menu the next time he or she logs on. The first time that the user selects the application from the Start menu, the application will automatically install and then start so that the user can begin working. An application that an administrator publishes to
Computer Associates International Discovering and Deploying Windows 2000 MS120 1-11

I Whats New in Windows 2000


Windows 2000 Enhanced Management Features

users will be available via the Add/Remove Programs control panel so those users can install the application. People will use the Add/Remove Programs control panel to modify, repair, or remove applications that they have on their computers. The Add/ Remove Programs control panel uses the Windows Installer service to install and subsequently modify, repair, or remove applications from their systems.

Remote Installation Service


Microsoft created the Windows2000 Remote Installation Service based on customer feedback. One of the most challenging and costly functions performed by IT staff today is the deployment of a new operating system to new or existing client computers. The Remote Installation feature leverages the new DHCP-based remote boot technology to assist IT staff with the deployment of Windows 2000 Workstation. It reduces and in some cases eliminates the need to visit each client computer to perform the operating system installation. Installation Service is critical to the future of Microsoft's delivery of operating system updates and service packs. When users log onto a Windows 2000 corporate network, the central code server will register information about which operating system release is running on a particular device or client. With user and/or administrator permission, the server will automatically download the latest release to an individual's desktop. Application deployment across a large organization is often cumbersome administrative burden. Most Windows applications are installed using binary application files, such as DLL s and EXE s, that must reside on a server or the system directories. They also contain shared components for use by multiple applications, Registry entries, and user-specific data. If your organization extends across a country or around the world, it is almost physically impossible to go to each machine to install a new application. Updating or troubleshooting applications and then reporting the results becomes expensive. This enhancement of application management is a result of Microsofts Zero Administration for Windows (ZAW) initiative. Some of the features of ZAW include:
I I I I

User freedom from setup Setup and installation transparent to the user Applications run without installation Applications update automatically

Roaming Profiles
Roaming profiles allow users to roam among computers within the corporate network. Users who have a roaming user profile may log on to a machine, run applications, edit documents, and log off. At logoff, their user profile is copied to a server. When they log on to another computer, all of their profile informationincluding their Start menu customizations and the contents of their My Documents folderis copied to the second machine.

I 1-12

Computer Associates International Discovering and Deploying Windows 2000 MS120

Whats New in Windows 2000 Directory Services

Directory Services
Active Directory (AD) Flexible Querying of Information Security of Information Replication of Information for Performance and Fault Tolerance Partitioning of Information Extensibility of the Directory

Directory Services
Active Directory (AD), the directory service contained in Windows 2000, stores information about objects on the computer network and makes that information easy for administrators and users to find and use. AD extends the features of previous Windows-based directory services and adds entirely new features to provide improved query capabilities, simplified domain administration, and administration that supports delegation of authority. With AD, network users can access resources anywhere on the network with a single network logon. Similarly, administrators have a single point of administration for all objects on the network, and can organize these objects into a hierarchical structure.

Active Directory
Active Directory consists of the directory itselfa store of all objects known on the networkand the services that AD provides to make the information about those objects accessible and useful. Objects stored in the directory include users, groups, computers, domains, organizational units, and security policies. You do not have to keep the information for all objects on the network in one store. Instead, each domain keeps its own directory store that holds the information for all objects for that domain. Each domain directory also contains metadata, such as the list of all domains and domain trees in the enterprise, the location of all global catalog servers, and the schema.

Computer Associates International Discovering and Deploying Windows 2000 MS120 1-13