November 1999

Supporting Clients in Your Windows 2000 Environment

by Judi Kling

So there you are with a Windows 2000 Active Directory structure-DNS configured and an Active Directory forest set up with your domain controllers all installed-now what? If you're like most folks, you'll want to make sure that the clients who used your Windows NT servers can use your new Windows 2000 servers.

In this article, we'll take a look at client support in a Windows 2000 network. Client support includes down-level client connections, the Active Directory client add-on for Windows 9x computers, and upgrading to Windows 2000 Professional. Let's get started.

Down-level client support

Down-level clients include any client operating system you currently have connected to your Windows NT network. Most likely, you've got a mix of Windows 95, Windows 98, and Windows NT 3.5x or 4.0 Workstation computers. You might even have some older systems running Windows NT 3.5, Windows 3.1, Windows for Workgroups 3.11, or MS-DOS. Thankfully, after you upgrade the servers in your network to Windows 2000, your servers present themselves as Windows NT domain controllers to your down-level clients. No special client configuration is necessary for client logons to continue being validated by your servers and for your clients to be able to access resources. Your users can come in, log on to their new domain, and start using network resources just like they've always done.

Windows 2000 servers use Kerberos as their native authentication method; however, they maintain NTLM authentication for backward compatibility. Support for NTLM enables your down-level clients to be authenticated to any domain in your AD forest. AD resources appear to your down-level clients as normal Windows NT shares. They use the same browsing or connection mechanism to connect to AD resources as they do with Windows NT resources.

Figure A shows you what an AD-published folder and printer look like to a Windows 98 client without the Active Directory add-on installed. Just like in Windows NT, your down-level clients must know the physical location of the shared resource to connect to it.

Figure A: This is an Active Directory shared folder (share1) and printer (printer1) as seen by a Windows 98 client without the add-on Active Directory Client installed.
[ Figure A ]

While it might seem like business as usual for your down-level clients, they do benefit from working in the Windows 2000 environment. The AD transitive trusts enable down-level clients to access resources from all over your AD forest, without setting up and configuring complicated trust relationships. If you wanted to, you could leave all your client machines alone and your users would have no more complaints than they did when they were working in the Windows NT environment.

The Active Directory client

The Active Directory client is the network client software that enables client access to Windows 2000 AD networks, and, once logged on to a Windows 2000 domain, to benefit from Windows 2000 features. These features include functioning as Kerberos-enabled clients and access to AD information published in their forest.

Active Directory client support is built-in for all versions of Windows 2000. For computers running Windows 95 and Windows 98, you can install add-on Active Directory client software, but only for the Windows 9x platform. Microsoft's official position at this time is that there won't be an AD client add-on for any operating systems other than the Windows 9x platform. So for your Windows NT client computers to be Kerberos-enabled and have full access to all AD resources, you must upgrade them to Windows 2000.

You have two options for Active Directory client support-the AD client add-on for Windows 9x and upgrading to Windows 2000 Professional. Let's look at the least invasive option first: the Active Directory client add-on for the Windows 9x platform.

Directory Service Client software for Windows 9x

You'll find this add-on in any of the Windows 2000 server installation CD-ROMs in the \Clients\Win9x folder. Double-click on the DSCLIENT.EXE file to start the setup program. It's a fairly quick and simple setup program, guided by a wizard. However, you must have Internet Explorer 4.0 or higher installed on the Windows 95 or 98 client for the AD client to install properly.

As shown in Figure B, the first screen you'll see is a Welcome screen containing a brief description of what the Directory Service Client is. Click Next to advance through the wizard. Setup will copy some files to the client's hard drive. The only real step you'll have is to restart the computer when prompted.

Figure B: This is the Welcome screen of the Directory Service Client Setup Wizard.
[ Figure B ]

Once you have the Directory Service Client installed, your domain logon is validated through Kerberos authentication. You can also search the AD for published printers. From the Start | Find menu, you'll find a new choice-For Printers. This feature (only available on clients with Active Directory Client software) is helpful because your users don't need to know the physical location of a printer. All they need to know is the value of one of the printer's attributes, such as the printer name or type, as shown in Figure C. Depending on their permissions, clients can use the printer search results to install a printer or to open the print queue.

Figure C: Use the Find Printers dialog box to search for an AD published printer from a Windows 98 client with the Directory Service Client installed.
[ Figure C ]

Earlier we stated that the Active Directory client add-on was less invasive than upgrading to Windows 2000 Professional. Unlike an upgrade, which can't be reversed, you can easily uninstall the Directory Service Client. The Add/Remove Programs applet in Control Panel lists DS Client for Windows 9x. To remove it, select the client, click Add/Remove, and then OK to remove the software, as shown in Figure D.

Figure D: Use the Add/Remove Programs applet to uninstall the DS Client for Windows 9x.
[ Figure D ]

It's important to note that even with the Active Directory client add-on, you're still not a fully-functioning member of your Active Directory domain. While the Directory Service Client is better than nothing, it's not as good as upgrading your clients to Windows 2000 Professional. So let's take a look at the process for upgrading.

Upgrading to Windows 2000 Professional

Windows 2000 Professional is the next generation product replacing Windows NT Workstation. Microsoft designed it to be your standard business desktop operating system no matter what the size of your organization. You can upgrade to Windows 2000 Professional from any of your clients, including those running Windows NT Workstation 3.51 or 4.0, Windows 95, or Windows 98. Very handily, the Windows 2000 Professional upgrade program recognizes all released service packs for Windows NT Workstation 3.51 and 4.0 and upgrades them too.

You might be asking, "If I upgrade to Windows 2000 Professional what settings get transferred?" That's a good question! If you upgrade from Windows NT Workstation 3.51 or 4.0, all user and system settings are preserved and all application information is upgraded. When you upgrade from Windows 95 or 98, user and system settings are preserved just like with Windows NT Workstation 3.51 or 4.0, but not all application information can be upgraded.

In addition, if you have protocols installed, other than TCP/IP, IPX/SPX, and NetBEUI, they won't be upgraded. If you upgrade any Windows 3.1 clients, the information contained in the win.ini and control.ini files is preserved, and any program groups are migrated to the default user profile.

If you have Windows NT Workstation 3.1 or 3.5 clients and want to preserve your settings, you'll have to upgrade the clients to Windows NT Workstation 3.51 or 4.0 first, and then upgrade to Windows 2000 Professional. The setup program for Windows 2000 Professional doesn't support an upgrade from Windows NT Workstation 3.1 or 3.5. The supported upgrade paths are shown in Figure E.

Figure E: Use this diagram to identify your computer's upgrade path to Windows 2000 Professional.
[ Figure E ]

Winnt32.exe is the program you'll use to upgrade your Windows NT Workstation 3.51 or 4.0, and Windows 95 or 98 clients. You'll use Winnt.exe to upgrade your Windows 3.1 clients. The installation of the operating system itself is automatic and requires very little user intervention.

However, before the upgrade of the operating system begins, Setup prompts you for software and hardware upgrade files, called Upgrade Packs. Setup uses these Upgrade Packs to make a specific piece of hardware or a software package compatible with Windows 2000 Professional. You get Upgrade Packs either directly from Microsoft or independent software vendors depending on the hardware or software.

After the prompt for Upgrade Packs, the Setup program asks you if you want to upgrade your disk drive to NTFS, and then searches for incompatible hardware, software, or settings. Setup then creates an upgrade report that you can print or save. This is extremely helpful if you have incompatibility issues you didn't know about.

You can stop the Setup program, return to your previous operating system, and use the upgrade report to examine and hopefully fix any problems before attempting the upgrade again. From this point on, however, the upgrade is automatic and doesn't require any user intervention until you're prompted to remove the installation CD-ROM and reboot.

Once upgraded and joined to a domain, your Windows 2000 Professional clients function as Kerberos-enabled clients and have full access to the AD information published in their forest. A Directory icon in My Network Places makes browsing the AD easy for any user logged on to the domain, as shown in Figure F. Once a user opens the Directory icon, he gets a bird's eye view of the top domain of all domain trees in his AD forest. For example, Figure G shows you an AD forest containing three domain trees. You won't see the branches of the domain trees in Figure G because the child domains are contained inside of their parent domain containers.

Figure F: You can use the Directory icon in My Network Places on a Windows 2000 Professional computer to browse the Active Directory.
[ Figure F ]

Figure G: Our sample Active Directory forest consists of an AD forest with three domain trees.
[ Figure G ]

A great boon for Windows 2000 Professional clients is the ability to search the AD for any type of AD resources. (This feature is available in both Windows 2000 Server and Windows 2000 Professional.) From within any Explorer window, by using the Find utility, users can search an individual domain-or the entire AD-to find resources such as:

Users, contacts, and groups
Computers
Printers
Shared folders
Organizational units

Figure H shows you an example of the Find utility on a Windows 2000 Professional computer. In our example, we searched the entire AD for users named Mark. Once you find the AD object you're looking for, you can open the object from the search window.

Figure H: You can use the Find utility from within an Explorer window in Windows 2000 Professional to search for AD objects.
[ Figure H ]

By default, all users can view the properties of AD objects. As shown in Figure I, you'd be able to open the MKLING user object and find information such as a telephone number or email address. Notice in Figure I that although you can view the information, these fields are unavailable. Unless you're an administrator or have been specifically given permissions to edit an AD object, you won't be able to do anything other than view the information.

Figure I: You can view the properties of an AD object from the Find search results list.
[ Figure I ]

Just like with the Directory Service Client for Windows 9x, Windows 2000 Professional clients have an additional menu choice off their Start | Search menus. The For Printers menu choice enables these clients to quickly complete a search for published printers in the Active Directory.

Conclusion

This article has given you some food for thought as to which client operating systems to use in your Windows 2000 network. In your planning stages, you'll want to examine the network needs of your existing clients, and then match those needs to one of the three Windows 2000 client support scenarios we talked about in this article. With such a variety of support options, you should be able to mix and match to choose a client migration strategy that goes smoothly for your IS staff and doesn't disrupt your users' ability to complete their work.

If you'd like additional information on deploying Windows 2000 Professional in your network, Microsoft has a deployment guide available at www.microsoft.com/WINDOWS2000/library/planning/reskit/dpg.asp. The guide is a DOC file and can be downloaded directly from this Web page.

Copyright © 1999, ZD Inc. All rights reserved. ZD Journals and the ZD Journals logo are trademarks of ZD Inc. Reproduction in whole or in part in any form or medium without express written permission of ZD Inc. is prohibited. All other product names and logos are trademarks or registered trademarks of their respective owners.