smashedbug.com, tech music and geek news

Over the past day, I have been working with the Windows Server 2003 evaluation. It is a full version of the Enterprise edition but with a 180 day limit. I ended up installing the system on my primary desktop which has the following configuration:

AMD Athlon 2100+, 512MB RAM, 40GB HD (dedicated to Win2k3, my FreeBSD drives were disconnected), DVD-ROM drive, Linksys 10/100 NIC and a SiS onboard NIC (ECS K7s5A motherboard).

I downloaded the eval and burned a CD and installed it.

The install was similar to Windows 2000’s install. An initial text based interface that asked a few basic questions (where to install, drivers, etc..) and then proceeded to do a copy. After the initial copy, it restarted the system and entered a graphical interface. The interface gave the appearance that the install would be going for 37 minutes, so I left my computer. After about 7 minutes into the install, it prompted for really basic questions (country location, time zone, etc..) — needless to say, I was slightly annoyed coming back and finding it didn’t finish. After baby-sitting the install and restarting a few more times, I finally got to login to the system.

After logging in, it notified me that all external access to the system has been blocked until I could get the latest security updates loaded on the system. Nice. So I proceeded to go to the Windows Update site and it realized there was no updates to be had (The eval copy already came with Service Pack 1).

Once this was done, it sent me into a “Manage Your Server” window which is a simplified front-end to walk through setting up various services (file, print, remote access, directory, web, mail, etc..). I tried doing the “first server” super wizard but it recognized two NICs and was hung up that one was not being utilized. So I tried loading various services individually but after some mis-steps, I ended up removing all the services and going back and having it do it automatically which seemed to work (I plugged in my second NIC, let it install remote access/VPN services and then turned around and de-installed these services).

After this happened, I realized that it did not install all of my hardware drivers nor did it prompt me to install these elements. It ended up not installing my printer, video driver, sound (understandable) and something called PCI Simple Communications Controller (currently have no idea what this is). Windows 2003 offers to go online to find the correct driver and install it. Even though several of the components were quite popular (ATI Radeon 9200 and Brother HL-1440) it was unsuccessful. So I ended up having to manually download and install the drivers. Fun.

A big focus for moving to Windows 2003 was the Active Directory and Group Policy functions. These features allow centralized administration of the desktops, users and groups. Even though I had the latest Windows Server 2003 with Service Pack 1 install CD, it did not come with the “Group Policy Management” control panel. The few books I have read regarding W2k3 have all referred to this control panel which I had to locate on Microsoft’s site, download and install. Given the superiority of this Microsoft programmed control panel over the default interface that shipped with the original, I am very surprised it was not included in the Service Pack 1 CD.

A big selling point of going to a standardized configuration was the ability to login to any desktop and have full access to settings, documents and programs. The system provides several different possibilities for this and as a result, I wanted to check these options out and determine what was best for the customer. As of right now, it appears to be very labor intensive to set this up. First, you need to create a user account, then you need to manually create a folder for the particular user for certain elements of their profile. After this, you have to create a secondary share that stores the “Folder Redirections” for things like Application Data, Desktop, My Documents and the Start Menu. I would have thought that given the homogenious nature of Windows 2003 and Active Directory, it would be able to automatically create these shares and maintain them. Perhaps it can — I am still learning.

Needless to say, one thing struck me as absolute unacceptable. The folders created for “Folder Redirection” content is setup with security settings that dictate that only the user has access to the folder. As the administrator, I cannot access these folders or adjust the permissions in the default form. Needless to say, this is slightly annoying given that I am the administrator — I don’t like Microsoft dictating my policies.

Moving along, I needed to print from my desktops. So I setup my HL-1440 as a shared printer and as expected, it showed up and I was able to point and click (driver installed automatically on the client). Nothing too impressive, I had the same setup on my FreeBSD machine. Though it gets interesting — I wanted to have it setup to notify the user that a job printed and was waiting at the printer. Very simple stuff — go into the print server window and enable that feature (checkbox). However, once that was enabled, I was no longer able to print! A job would be sent to the print queue, the print queue for some reason made two copies of the job in the queue and basically locked up the queue. Only deleting ALL the jobs in the queue was I able to switch back and disable that function.

Augh. So I figured I’d check the event viewer which is the equivilient of the /var/log directory on a UNIX machine. It proudly showed when jobs printed, but did not give any indication as to why enabling the notification made it fail. Great. So I need to figure out how to troubleshoot this .. On a Unix machine, I can increase the verbosity of the logs to give me information on every step the process takes to uncover where the issue is and generally this provides ample information to uncover the issue very quickly. Hopefully W2k3 has something similar.

Overall the ability to get into and utilizing the Active Directory as quick as I was able to was a good thing. Granted, I am still exploring Active Directory and Group Policy (entire books have been written on both of these technologies) but the features do seem like they could help keep TCO of the desktops intact. I am not too surprised — these were technologies that introduced with Windows 2000 so they have been under development for close to a decade and in deployment for 5 years.

As I continue to explore this eval version and eventually roll out the live server in a few weeks, I’ll continue to post of thoughts on the Microsoft offering. Hopefully as I continue to work with the system, some of the initial issues I have had will be apart of the learning curve rather than issues with the system.

My latest project is a bit of a tangent from what I have been doing recently. I am going to be the admin of a Windows based network. Well to be a bit more specific, there are some FreeBSD servers on this network handling a lot of the network and daemon related tasks (email, web, firewall, fax, http proxy, ftp, etc..) but the core of the network is Windows XP desktops and a Windows 2003 server (file, print and directory services).

The Scenario –

The scenario is simple — existing network consists of a huge array of random desktop machines all configured differently and a low-powered FreeBSD server. While the existing network does function and meet the needs of the users, it is lacking in serveral areas. For one thing, most of the desktops are running Windows 98 and security on the desktops is non-existant. Most of the existing data on the network is scattered with no centralized backup mechanism and many of the systems on the network are simply too old to keep up (inadaquate RAM, noisy fans/drives, non-functional optical/floppy drives, etc.).

So the network needed an upgrade. While installing some FreeBSD desktops running KDE 3.4 would have been really cool, unfortunately, like most networks, there is enough legacy software that requires Windows and lack of vendor support running their software under WINE or Windows emulation is not acceptable.

This dictated that Windows, sadly, needs to be on the desktop atleast this time around. This ultimately equates to Windows XP Pro being loaded on the desktops.

For the server we had some options: Mac OS X, Linux, FreeBSD, Linux, or Windows. Lets take a look at these one-by-one:

Mac OS X — not really viable — While an XServe would have been cool, its management features are largely targeted toward networks that include Macintosh desktops — without Macintosh desktops, the strengths of the Mac OS X Server would be not-aligned with the network.

Linux — Lots of buzz, vendor supported, yada yada .. but ultimately, the biggest gripe I have with Linux is package management and some of the inconsistencies of the OS given its kernel/distribution mentality. Since FreeBSD is capable of all server functions that Linux is capable of, I don’t see a need to settle on Linux (I actually replaced Linux with FreeBSD for this orgnization in mid-2004).

FreeBSD — The existing server platform. It has worked well for *most* stuff. There is one application on the network that I attempted to move to the server without success (on the server, the app would run very slow — moving this app over to a Win98 client and sharing over the network allowed it to function normally). A definite contender as the primary server for the network.

Windows 2003 — Windows 2003 Server is considered the Server version of Windows XP. Windows 2003 Server includes active directory, group policies, intellimirror and other technologies that integrate with Windows XP to provide centralized management of all desktops. In addition, Windows 2003 was shipped with sane security defaults and it is considered significantly better, from a security and reliability perspective, than the previous Microsoft OS releases. This month, Microsoft released the first service pack (SP1) for Windows 2003. The fact this service pack was released almost 2 years since the initial release of the OS, atleast to me, shows a big change in focus from Microsoft. The last server OS, Windows 2000 Server had its first service pack released well within the first year and the trend continued with service packs released every 8-9 months.

The biggest drawback to the total FreeBSD solution was the lack of a strong alternative to certain features such as active directory, group policies and intellimirror found in Windows 2003. While the Samba service (which provides Windows file/print services) is gaining more active directory features, it is simply not there (understandable given the Samba team must reverse engineer and then adapt Microsoft’s services to a UNIX backend). Ultimately, when comparing FreeBSD and Windows 2003 in a Windows network, the Windows server, for managing the desktops made sense.

So Windows 2003 Server wins out, this time around. Over the next several weeks, I will be deploying the WinXP Pro desktops and the Win2k3 Server and documenting my configuration and integration with FreeBSD (which will be managing ftp, web and mail services — ideally everything running off the centralized Active Directory).

It will be interesting to see how the latest Microsoft offerings stacks up to my FreeBSD systems. I must admit, looking through several Windows 2003 books, the feature set sure does look promising — many of the features I end up having to script together under the UNIX systems appears to be integrated nicely in W2k3. Of course, as what has pushed me to exploring the UNIX world so many years ago, the marketing and the reality with Microsoft tend to be two completely different things. Needless to say, I promise to be quite vocal with this rollout.