Detailed analysis is required to determine your preferred client-computer configuration. Starting with the ideal configuration, which uses the most functional and best-performing client software, evaluate each feature against your organization’s needs and environment to determine whether the feature is appropriate and compatible. If you are considering different configuration alternatives, repeat this evaluation for each configuration.
The following sections describe feature options and decisions to evaluate in specifying the network client configuration.
When deciding where to place Windows 98 files, consider how the computers will be used, and evaluate the benefits of each placement option. Determine whether the computers are personal workstations, portable computers that occasionally connect to the network, or computers that are shared by more than one person.
This section provides detailed discussions of the features that might be included in an ideal network client configuration.
For best performance, select a network client that uses a 32-bit redirector for network access. Windows 98 includes the 32-bit Microsoft Client for NetWare Networks and the Client for Microsoft Networks; each of these has a 32-bit redirector. The benefits of using a 32-bit, protected-mode client include the following:
If you are using another type of network, contact your network vendor regarding the availability of a 32-bit, protected-mode network client.
If you select a 32-bit, protected-mode network client, by default Windows 98 also sets up a 32-bit, protected-mode protocol. Even if you are running a real-mode client such as the Novell 3.x workstation shell (NETX) with a real-mode implementation of Internet Packet Exchange/Sequenced Packet Exchange (IPX/SPX) to access NetWare servers, you can still load the 32-bit version of the Microsoft IPX/SPX-compatible protocol. The benefits of adding the protected-mode protocol are better performance and better stability for network communications to servers that are not running NetWare (for example, computers running Windows 98 or Microsoft Windows NT®).
In addition, for protocols, such as Transmission Control Protocol/Internet Protocol (TCP/IP), the Microsoft 32-bit version enables additional functionality (such as the ability to use Dynamic Host Configuration Protocol [DHCP] and Windows Internet Naming Service [WINS] servers) that dynamically set the Internet Protocol (IP) addresses and resolve computer names for client computers on the network. Each protocol has a number of benefits, as discussed in Chapter 15, "Network Adapters and Protocols. "
For best performance, use the latest network adapter drivers available. These should be network driver interface specification (NDIS) 5.0 – compatible drivers that provide Plug and Play capabilities. Such drivers take up no real-mode memory and can be loaded or unloaded dynamically as required.
The only instances in which you would not use the latest drivers are:
The following optional features are recommended for your preferred configuration. These features define how Windows 98 will be installed and administered in your organization. Some features that enable centralized and remote management of Windows 98 are much easier to install initially, than they are to roll out after Windows 98 has been installed. Microsoft recommends that you include these remote management features, whether you intend to use them or not. By doing this, the potential benefits of having them installed outweighs the cost of including them in your initial installation.
For centralized administration of client computers, you must enable Group policies. Group policies allow you to centrally edit and control individual user and computer configurations. For example, if you want to place a custom Start menu on user desktops or limit access to Control Panel options, Group policies make it easy to do so for a large number of users from a central location.
For information on the types of restrictions available and for details on how to implement system policies, see Chapter 8, "System Policies. "
There are two reasons for enabling User Profiles. First, User Profiles must be enabled for Group Policies to work. Second, with user profiles, users can use personalized desktop settings each time they log on to a computer. This is especially useful for multiple users sharing a single computer who want to customize their desktops and have those custom settings loaded at logon. Conversely, a single user can move between computers using the same profile if the administrator stores that profile on the server. An administrator can also take advantage of profiles to require that a mandatory desktop configuration be loaded each time a user logs on. The ability to change profile settings can be controlled by the administrator. For information on how to use user profiles, see Chapter 7, "User Profiles. "
The Windows Scripting Host provides a low-memory scripting host that is ideal for non-interactive scripting needs, such as logon scripting or administrative scripting. In combination with Group Policies the Windows Scripting Host enables comprehensive configuration management of the Windows 98 desktop.
To administer a computer’s registry remotely, first install the network service called Microsoft Remote Registry Service, enable user-level security, and enable the Remote Administration feature. Remote administration capabilities allow you to conduct a variety of tasks remotely over the network such as administering the file system, sharing or restricting directories, and querying and making changes to the registry. If you plan to do any of these tasks, be sure to enable this feature during Windows 98 installation. For information on adding the Microsoft Remote Registry Service and other network services using Microsoft Batch 98 and INF Installer (Infinst.exe), see Chapter 3, "Custom Installations. "
You should not enable Remote Administration if you do not need these services, because doing so causes unnecessary, extra processes to run on the client computer and on the network. These extra remote services could theoretically be used by individuals on the network—provided they knew the appropriate password—to access information on client computers. However, Windows 98 comes with security capabilities to protect against unauthorized use of the Remote Registry Service. For more information, see Chapter 23, "System and Remote Administration Tools. "
User-level security is based on user account lists stored on Windows NT or Novell NetWare servers. The user accounts specify which users have access rights on the network. Windows 98 passes a user’s request for access to the servers for validation. Pass-through user-level security protects shared network resources by requiring that a security provider authenticate a user’s request to access resources.
User-level security is required for remote administration of the registry and for network access to full user profiles. For more information about implementing security in Windows 98, see Chapter 9, "Security. "