The “Zero Administration” Initiative for Windows

Microsoft Corporation

March 1997

Abstract

This document discusses Microsoft’s “Zero Administration” Initiative for the Windows® operating system. This initiative refers to a core set of technologies that will give IT professionals new levels of control and manageability over their Windows-based environment. In addition, this initiative will enable application software developers to more easily develop and deploy a wide range of applications. Specifically, this document discusses:

Introduction

As IT budgets shrink today, and personal computers become more prevalent in business, many organizations are now focusing attention on reducing total cost of ownership (TCO). While cost is unmistakably a critical component of any IT investment, it is also important to consider the comprehensive and long-term value of the computing solution and how it will service all of your organization’s needs.

Microsoft is delivering on these needs through the ongoing Microsoft® Windows Client Strategy. This strategy will deliver to customers a complete range of client solutions that address the core problems facing them today—how to reduce TCO and increase return on investment. Microsoft will do this by providing solutions that leverage the Windows operating system as it exists today and as it evolves in the future, with special emphasis on options and functionality that address customer needs for maximizing their computing investments.

Microsoft's strategy for reducing TCO is currently supported by two primary efforts—the "Zero Administration" Initiative for Windows (ZAW), which will be the focus of this document, and the Network PC Specification (see "Network PCs — Reducing Total Cost of Ownership While Leveraging the Power and Compatibility of PC Computing").

The "Zero Administration" Initiative for Windows is a key component of Microsoft’s Windows Client Strategy. It refers to a set of core technologies that will give IT professionals new levels of control and manageability over their Windows-based environments by automating such tasks as operating system updates and application installation, and providing tools for central administration and desktop system lock down. Users will be able to easily roam between different PCs without requiring their applications and files to be reinstalled each time. The "Zero Administration" Initiative for Windows will also enable application software developers to more easily develop and deploy a wide range of applications. All of these benefits will be realized without sacrificing compatibility with existing Windows-based software.

Key capabilities enabled by the "Zero Administration" Initiative for Windows are:

Automatic System Update and Application Installation

Software installation and maintenance today is typically a labor-intensive and error-prone process. Under the "Zero Administration" Initiative for Windows, this process becomes much simpler through automation. When a system component, device driver, or even a new version of the operating system is available, Windows will be configurable to automatically update itself with the new components. The system can be configured to boot in a minimal network configuration and check for any updates on the Internet/intranet. If an update is found, the system can self-update without user intervention.

In effect, “Zero Administration” means zero administration for users. For their part, administrators simply set policy. The ability to establish a central policy means that groups of users will have consistent, predictable hardware and software configurations, thereby removing the guesswork from technical support efforts. Backups, virus scanning, and checking for aging files are all server-driven. Administrators can also prevent users from installing unsanctioned applications (thus introducing viruses or incompatible DLLs) or deleting files they shouldn’t. This system “lock down” reduces the possibility of user error.

The "Zero Administration" Initiative for Windows decreases the administration burden with software and hardware initiatives that simplify and automate software installation and upgrades. From a central server, administrators can remotely install operating systems on user machines, en masse. The operating system then runs an installation service that steps through a “package” defined by each application. As a file gets installed, a system database automatically tracks which application owns it and where it is located on the user’s machine. The system also keeps track of version numbers and reference counts for DLLs.

This historical record makes it much easier to rollback an unsuccessful installation, uninstall an application at a later date, or recreate a computer that is lost or destroyed (especially convenient for laptops). It prevents shared DLLs from being deleted when one of the applications using that DLL is uninstalled. It also serves as the trigger for automatic upgrades. When the user’s system boots, it verifies version numbers for its operating system and its applications against the administrative policy; if an update is necessary, it happens automatically. Users don’t have to keep track of new software, chase after it to install it, and struggle against sharing files with other users who haven’t upgraded yet.

Tools for Centralized Administration

The general purpose framework for hosting administration tools is called the Microsoft Management Console (MMC). Tools built by Microsoft, other software vendors, or corporate programmers simply “snap-in” to this console. The goal is to let administrators create a single, customized view of all of their management tasks. This includes mainframe, minicomputer, and general network operations as well as administrative tasks for Windows and Windows NT-based desktops.

In the next major release of Windows NT, Windows NT version 5.0, the Management Console will operate over the Windows NT 5.0 Active Directory and will offer a single location for monitoring and accessing all administered objects (such as users and printers) on a distributed network. Through MMC snap-ins, administrators will gain a sophisticated interface for tracking and configuring users and resources stored in the Active Directory.

For more information on Microsoft Management Console, please see http://www.microsoft.com/management/mmc/helpmenu_productnews.htm.

Along with other Windows NT 5.0 distributed services—distributed security, the Distributed File System (Dfs), and distributed time share—the Active Directory will enable separate physical servers to appear as a single virtual server, whether those servers exist in the same room or are spread out across a continent. Windows NT will provide the tools necessary to let administrators manage the network’s physical topology and its logical view (domain trees and life-cycle operations for all directory objects) from the central location of the Active Directory. So even though the number of servers in a network may increase several fold, the management burden does not.

For more information on the Distributed File System please see http://www.microsoft.com/ntserver/guide/whitepapers.asp, and select the article, "Distributed File System: A logical View of Physical Storage."

Central Administration and System Lock Down

In most organizations, users have total control of their PCs, with the ability to install hardware and software as they please. While this level of control may be appropriate for power users, it introduces some issues for novice users who have limited knowledge of the overall system. As a result, no two PCs are the same. To solve this issue, in some environments providing the capability to constrain some of the operations is beneficial.

Windows will provide the capability to hide various devices (floppy drive, hard disk, CD-ROM, and so on) from users, presenting them with a single drive letter rooted to their home directory. Also, any object that the user does not have, such as system files, will be secured through access control lists (ACLs) to prevent tampering or inadvertent damage.

The administrator will also have a centrally-controlled application environment where he or she can specify which applications users can access and at what granular level, based on the needs of the corporate environment.

When combined with the Network PC Specification, IT managers can limit the user from re-configuring the hardware, as well as guarantee a strict level of hardware uniformity and compatibility.

Persistent Caching of Data and Configuration Information

Today’s software applications install themselves to be run on a particular PC by storing state and configuration information into the local PC’s registry. This can be problematic in a networked and mobile environment, where users who are primarily away from their desks cannot access their applications or tools from other locations. Windows 95 and Windows NT Workstation 4.0 introduced the concept of roaming user profiles for the system environment, but did not address application configuration issues.

With the “Zero Administration” Initiative for Windows, the state of the local PC can be automatically "reflected" to servers, and the hard disk is used for extensive, intelligent caching operations that are transparent to the end user. This persistent cache enables the following:

Application Flexibility to Design the Best Solutions

The Internet has enabled a category of three-tier business applications that employ database and other servers at the back-end to store data centrally, middleware to implement logic and business rules, and a "thin client" such as a Web browser for information delivery. Using this model, complex logic and data storage/maintenance tasks can be centralized under professional oversight, delivering only the value and features to end users without burdening them with configuration and administration issues. There are many such applications that run on the Windows operating system today.

The “Zero Administration” Initiative for Windows embraces the three-tier application model with a full implementation of the Active Platform—an open platform that allows developers to exploit HTML, open scripting, component architecture, and underlying system services. This will be enabled using the integrated Microsoft Internet Explorer shell as the user interface, and it will support server-based application development through the Windows NT Server and the BackOffice™ family of products.

Developers and administrators gain the flexibility to deploy both Web-style "thin client" applications, as well as the full wealth of personal productivity and client-server applications on Windows today. When used in combination with the other “Zero Administration” Initiative for Windows capabilities, administrators will be able to tune the client environment to the exact needs of each user, and be able to change these as business needs dictate.

Although the majority of the initiatives described here translate into operating system features, applications will need to adjust their behavior to avoid getting lumps of coal in their TCO stockings. For example, developers should create snap-ins so their applications can be managed from the Management Console. They should also take advantage of new APIs that allow applications to reduce power consumption when full processor power isn’t being used.

Through the Active Directory Service Interfaces (ADSI), an application can store configuration information for users and for the application itself. This makes it possible for users to access their custom environment at any time, regardless of which physical machine they use to log in. Storing configuration information in the directory also makes it possible for administrators to easily update and change resources, for example database servers and printers, without having to update each user profile or each user’s machine individually.

Most of the changes required to support The "Zero Administration" Initiative for Windows relate to application setup and running in a “locked down” environment. Currently, applications face few restrictions in where they copy files onto a user’s system; user configuration information gets mixed in with machine configuration information. Microsoft is working with independent software vendors (ISVs) to set clear guidelines for application behavior. In the "Zero Administration" Initiative for Windows, for example, application installation becomes an operating system service to take advantage of it; each application must create an installation package for the service to process. Fortunately, creating such a package will be easy, even for nonprogrammers, using a tool that will be widely available as part of the Windows Software Development Kit (SDK) and distributed on the Web.

The Zero Administration Kit for Windows NT Workstation 4.0

The Zero Administration Kit delivers the next phase of the "Zero Administration" Initiative for Windows by reducing end user operation costs on Windows NT Workstation 4.0. These costs include wasted time due to self-induced system problems and unproductive activities. Examples of contributing end user behaviors include:

Using the Zero Administration Kit, a corporation can prevent these types of actions, as well as increase manageability of Windows systems by centralizing functionality. For more information on the Zero Administration Kit please see http://www.microsoft.com/windows/zak/.

Zero Administration and Systems Management Server

Until Windows NT 5.0 and its "Zero Administration"-enabled features become available, administrators can centrally manage networked environments with help from Systems Management Server. Systems Management Server provides "Zero Administration”-like control over the state of machines running Windows 3.1 or Windows for Workgroups, as well as Macintosh® and OS/2 clients, Windows 95-based systems, and systems running Windows NT 3.51 or 4.0. It allows administrators to define and enforce policies, and to upgrade operating systems and applications, even if the networking environment is NetWare.

In addition to helping administer non-"Zero Administration" environments, Systems Management Server is designed to help upgrade servers and clients to a full "Zero Administration" environment. It can help move a system from Windows NT 4.0 to Windows NT 5.0, from Windows 95 to the next release of Windows 95 (code-named “Memphis") or from a 16-bit operating system to a 32-bit environment.

With its sophisticated and controlled distribution methodology, Systems Management Server will also enhance the management facilities of ZAW-enabled environments running Windows NT 5.0-based servers. It will also provide additional management features:

Simplifying Administrator Tasks

Other improvements to the operating system will have a direct bearing on the administrator mission—keeping networks up and running.

Conclusion

Microsoft’s strategy is to offer a complete range of client solutions that address the core problems facing customers today—how to reduce total cost of ownership and increase return on investment. This includes the need to support a full range of devices, from handheld PCs, to Windows-based terminals where applications and data reside completely on the server, to Network PCs that offer reduced cost and complexity, to portables, desktops, and high-end workstations that offer higher levels of functionality and flexibility.

Microsoft’s strategy to maximize the value of PC environments is an evolutionary one, providing dramatic new capabilities while maintaining maximum compatibility. Microsoft’s strategy is designed to allow customers to continue deploying Windows 95 and Windows NT Workstation 4.0 today, and to introduce the new features afforded by the "Zero Administration" Initiative for Windows and Network PC as part of their normal hardware and software upgrade cycle.

All Microsoft products, from the core Windows operating system to Microsoft’s wide array of desktop applications, development tools, and enterprise server applications, will support this direction over time. In addition, open standards and powerful developer kits will extend the PC platform’s benefits, ensuring that the pace of software innovation is limited only by imagination.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.