Large Installation System Administration of Windows NT Conference
August 6-8, 1998
NTnix . . . You Are There
by George M. Jones
Windows Management Roadmap
Nikhil Joshi and Tom Phillips, Microsoft Corporation
Summary by John Holmwood
This talk, which was intended to provide a roadmap of the changes
Microsoft is making to the manageability of Windows NT, was broken into
two parts. Tom Phillips talked about the Windows Management
Architecture (WMA) and Nikhil Joshi discussed the NT File System
The WMA provides the management framework and structure to assist
system administrators in managing Windows NT. It includes the suite of
applications formerly called Web Based Environment Management (WBEM).
It is based on the Windows Management Instrumentation (WMI) object
model. Phillips demonstrated several applications that use the WMI:
Disk performance. Phillips demonstrated the WMI object model
using a script program developed by Computer Associates. He noted that
supporting the WMI interfaces is a requirement for getting device
drivers certified for NT 5.
Microsoft management console. Phillips demonstrated the Common
User Interface in the new management console. He noted that it was
possible to group tools appropriate for a particular management
function, such as database management, and save the tool set so that
the administrators will have a specific set of tools appropriate to
Windows Scripting Host. Phillips demonstrated the new scripting
architecture, Windows Scripting Host, by resetting all network adapters
in a sub-net without using the GUI. This demo drew cries of "about
time" from the audience.
Automatic software installation. Using the new Policy Manager,
Phillips created a policy to have an application automatically upgraded
on a user's desktop. He used the Active Directory to find the file
share that contained the new application. When he logged on as that
user, the new application was automatically downloaded to the
workstation. This drew questions regarding license management and
network bandwidth requirements, which he dodged.
At this point, Nik Joshi took over the presentation. He provided some
historical background on the evolution of Microsoft filesystems, then
talked about the new NTFS. The biggest news was the changes between NT
5 and NT 4 NTFS. The NT 5 installation process converts the old NTFS to
the new one automatically. Once the file system has been converted, it
cannot be converted back to the NT 4 version. This means that the NT 5
NTFS should not be used on a dual boot (NT 4/NT5) computer. NT 5 should
be installed on a separate machine.
NT 5 has incorporated the Veritas Logical Disk Manager and Eastman HSM,
as well as file encryption and disk quotas. Joshi provided three
Volume manager. Joshi first demonstrated the Disk Manager
application. The capabilities will be familiar to any UNIX system
administrator; all the Unices I know now include the Veritas Logical
Disk Manager. However, judging by the audience reaction, NT sysadmins
will appreciate the functionality.
Plug and play. Joshi demonstrated the new plug and play
capabilities by installing a PCMCIA NIC into his laptop while it was
running. The system detected the new card and loaded the correct
drivers and protocol stack automatically. It simply worked before our
Resource Kit. In order to demonstrate the tool set incorporated
into the NT 5 Resource Kit, Joshi demonstrated the Nettest tool, which
he characterized as Ipconfig on steroids. Microsoft has done
significant work to make the Resource Kit easier to use.
Session: Management and Monitoring
Summary by Chris Barnash
Patch32: A System for Automated Client OS Updates
Gerald Carter, Auburn University
Patch32 was created to "provide for completely automated, remotely
administered updates to Microsoft's 32 bit operating systems." In
addition, the goals for Patch32 included the ability to support Windows
95 and Windows NT with the same update method, and the ability to
provide an update method that is free.
The Patch32 system is made up of two main components, the server and
the client. The server in Carter's implementation consists of Samba
running on a Sparc Ultra 170. On this server is a share that provides a
central location for the distribution of client updates. The client
side of Patch32 consists of a Perl for Win32 script, which is executed
by the client during the boot process.
The Patch32 Perl script is charged with several tasks. First, it
determines what version of the operating system is running on the
client. On the basis of this information, it determines the location of
the patches on the server, and the method of installation. (The
installation method differs between Windows 95 and Windows NT.) Next,
it parses a file containing a list of patches stored on the server to
determine which patches are available for installation. For each patch
in the list, the Patch32 Perl script queries the client's registry to
determine if the patch is already installed. If it is not installed, it
installs the patch, otherwise it continues down the list. Upon
completion, a message is displayed providing information on the
installation. If the client is Windows 95, the patches will take effect
after the next reboot. If the client is Windows NT, the Resource Kit's
shutdown utility is used to reboot the system.
Documentation and source code for Patch32 can be found at
Monitoring Utilization in an NT Workstation Lab
Paul Kranenburg, Erasmus University, Rotterdam
Paul Kranenburg discussed his solution for monitoring usage in the
computer labs at Erasmus University -- a Windows NT utmp service.
The utmp service relies on NT's built-in auditing features to document
LOGON and LOGOFF events. Specifically, SUCCESSFUL LOGON and SUCCESSFUL
LOGOFF events are used to identify when a particular computer is being
The data gathered by the utmp service can be used in one of two ways.
Short-term data provides for immediate notification of computers that
may be down. An on-screen map displays all of the workstations with
color codes that identify the status of the computers. A kiosk showing
this map is also set up at the entrance of the labs to assist in
finding available computers. The long-term data statistics can be
graphed to provide utilization reports, which in turn are used to
determine if the current number of workstations is sustaining the needs
of the department.
The author can be reached at
Summaries by John Holmwood
Windows NT -- A New O/S that Architecturally Isn't so New
Mark Russinovich, Systems Internals
Mark Russinovich maintains the Systems Internals Web site, a resource
for Windows NT and Windows 9x utilities. He is also the author of the
NT Internals column in Windows NT magazine. Russinovich opened his
presentation with a short history of the development of UNIX and
Windows NT, and then compared the core services of Windows NT and UNIX.
(Russinovich carefully pointed out that he was talking about the NT
exec, not the Win32 APIs that are layered on top of the exec, and that
he was talking about UNIX in general, not any specific implementation.)
The areas of comparison were:
Architecture overview. The main architectural difference is that
UNIX does not have a HAL. Windows NT is so much like VMS that it is
possible to follow what NT is doing internally by using the VMS
internals documentation. He provided a Rosetta Stone for translating
VMS documentation to NT.
Namespace. The Object Manager defines NT's namespace. This makes
the namespace uniform. The UNIX namespace is defined in terms of the
filesystem. It doesn't need an Object Manager. Russinovich believes the
NT method is superior.
Process management. NT process management includes processes,
threads, and a scheduler. The NT kernel mode is fully preemptive. In
this category, the Unices vary significantly. A UNIX process is similar
to an NT file handle. The kernel is cooperatively preemptive.
Memory Management. NT and UNIX are similar here.
Security. Both NT and UNIX are rated C2 secure systems. NT uses
ACLs, users, and groups. The groups are nestable. There are about 20
different privileges. Security is handled by the Object Manager. UNIX
has a simpler security model based on Users and Groups. ACLs have been
added to some versions. Security is applied to files. This difference
is due to the differences noted in the namespace section.
Synchronization and IPC. Similar. Russinovich moved over this
I/O. NT I/O is centered around the file object. This allows a
layered driver architecture that can support asynchronous operations
including hardware interrupt support. Plug and play capability is
coming in NT 5. UNIX I/O is centered around vnode/inodes. Traditional
I/O is synchronous. Some versions have split interrupts to support
File disk cache. NT has a single global cache. The virtual file
cache is mapped into the kernel memory cache. UNIX uses disk block
cache. Some of the newer versions use the same cache model as NT.
Networking. Lots of interfaces, lots of protocols. The
difference is the layered model in NT. Only streams are layered in
Integrated database. NT has a Configuration Manager Registry.
UNIX uses config files.
Extensibility. In NT, all drivers are dynamic. There is a rich
set of operating system APIs for drivers. The layered I/O allows
drivers to add functionality. UNIX supports dynamically loaded
extensions. The degree of operating system support services varies from
very limited to a set approaching those provided by NT.
Portability. In terms of CPUs supported, UNIX is available on
everything. NT is only available on x86 and Alphas.
Russinovich finished his presentation by tackling the question, "Which
is better -- UNIX or NT." He put up charts of published Specweb and
TCP-C benchmarks. His conclusion was that NT is as good as UNIX for
small- to medium-sized servers and will get better in the larger-server
space over time.
NT 5.0 Migration Strategies
Curtis Cummings, Microsoft Corporation
Curtis Cummings is responsible for IT support at Microsoft. He started
work on Windows NT when it was the Cairo project. He is responsible for
the rollout of NT 5 at Microsoft, which runs its entire company on
Windows NT. He has 150 NT servers running the Beta 1 NT 5 software. The
talk included a great deal of light banter between the speaker and the
audience. Todd Needham of Microsoft fielded marketing questions for
Cummings. Since Curt had a microphone and Todd didn't, this
occasionally gave the impression of Curt acting as Todd's puppet.
Cummings started his talk by describing the Internal Technology Group's
(ITG) environment, noting that his clients run "dog food," Microsoft's
term for Alpha code. Two years ago, Microsoft didn't use DNS
internally. In response to a question from the audience, Cummings noted
that only his new administrators use the Microsoft GUI interface to
DNS. Everyone else uses the command line interface.
He then described issues in migrating to NT 5 using the ITG experience
as an example.
Use what you've got. Most of your infrastructure can continue to
be used. You will probably have to beef up the server hardware.
Cummings shared the ITG Network Plan to test NT 5 RAS services. When
asked if Microsoft would be sharing the results of the ITG test, Todd
stated that they would be publishing their acceptance test criteria.
Pick a migration approach. Cummings described ITG's migration
plan in detail. The schedule has slipped. His slides showed ITG's
rollout completing by the end of 1998. This has been changed to
coincide with the official release of Windows NT 5. They plan is to
have all of their servers using NT 5 in production when NT 5 is
Namespace design. Cummings devoted a quite a bit of time to the
new DNS-like domain structure that Microsoft has set up for NT 5. He
believes this is one of the biggest changes for people who are used to
Tools. According to Cummings, the Microsoft Management Console
(MMC) is "a way cool tool." On the other hand, he uses SMS because he
is not given any other choice. ITG had to build their own tools for
managing NT 5. The MMC gives them a consistent interface for the tools
they developed. Microsoft sent the ITG staff to Perl courses, and now
most of their internal tools are written in Perl. There was a lot of
support for an audience request to have access to the ITG tools.
Policy manager. Cummings believes that the policy manager in NT
5 is a "big deal" for the support staff in terms of both administrative
support for it and
planning and definition of appropriate policies.
Planning your Infrastructure. Cummings talked about how to plan
your server infrastructure. Bandwidth requirements will be the major
issue. There was a suggestion from the audience that ITG should do its
bandwidth testing on the India link (ITG's slowest link, 64KB).
Migration Order. Microsoft's migration order looks backward;
they're doing the most critical components first. This is required to
initiate the new services. Their fallback position is "God help us!"
Security. A member of the audience from MIT confirmed that
Microsoft is working closely with MIT to make Microsoft's Kerberos
interoperate with the standard implementation.
Bringing the "Real" Internet to
Bo Ahlberg, MetaInfo, Inc.
Bo Ahlberg was the chief technology officer at MetaInfo. MetaInfo has
ported the IETF reference version of BIND and sendmail to Windows NT.
MetaInfo was recently acquired, and Ahlberg is not staying with the new
organization. He noted that the engineer who actually did the port
wasn't allowed to do the presentation, so we were stuck with him. His
talk was subtitled "Making NT into a Real 'Forking' OS."
The first third of this talk was on the general problems MetaInfo
encountered in porting UNIX applications to NT: a fork is not a thread,
a file descriptor is not a handle, there are no common tools, and a
daemon is not a service.
He then briefly described porting tactics:
Start from the beginning and design with the other architecture in
Fix what you've got; this teaches you your design weaknesses.
Starting over is sometimes cheaper than using what you've got; you can
design in portability.
In the final section of the talk Ahlberg described the port of BIND and
sendmail -- or, more accurately, the mistakes, the successes, and
the lessons learned.
BIND. They created a service wrapper for BIND to make it fit the
NT architecture, and modified the error code to use the Event Log.
This allowed the BIND daemon to run as a child process. The lessons
learned were that NT-ifying UNIX code is wrong; maintaining
compatibility with the "owner" of the code is a "good thing";you
shouldn't mix MFC with services; and sometimes it's easier to fix the
environment than it is to fix the program.
sendmail. Sendmail would not work without a fork architecture,
which NT didn't have. After several tries, the project team created a
fork environment for NT.
Ahlberg ran out of time before competing all of his slides. He rushed
through the conclusion that it is possible to port UNIX applications to
NT but the work needs to be planned and scoped very carefully; then you
need to "UNIX-ify" NT, not the reverse.
Windows NT Tips and Tricks
Robert O'Brien, Microsoft Corporation; Brian O'Neil, Mike Wei, and
Andie O'Brien, Collective Technologies
Summary by Chris Barnash
The Windows NT graphical user interface often leads system
administrators to believe that it is impossible to run headless,
remotely managed, NT servers. But according to Robert O'Brien, it is
possible to deploy NT servers in this fashion.
O'Brien's talk, entitled "Windows NT Lights Out Operation," focused on
the setup and update of remotely managed NT servers. O'Brien outlined
five major steps for deployment: (1) Choose a system console solution.
Several hardware vendors, such as Compaq, DEC, HP, and Intel, offer
Integrated Remote Console Boards. (2) Choose a telnet/secure shell
solution. Microsoft is working on Services for UNIX, which will include
this. Also, several third-party vendors offer telnet/secure shell
services, including Seattle Lab and DataFellows. (3) Choose a remote
Win32 solution, such as Carbon Copy (Compaq), PCAnywhere (Symantec),
Remote Possible (CA Associates), and Virtual Network Computing (ORL).
(4) Develop an OEM-unattended installation process. Two options exist
for this step. Microsoft has developed a process for unattended
installs, which can be found at
<http://www.microsoft.com/ntworkstation/ntwnew/info/deployguide.htm>. The other option is to use a disk cloning
technique, like Ghost. (5) Choose a network management/monitoring
solution. This can be accomplished with Microsoft Systems Management
Server, Tivoli, Computer Associates Unicenter TNG, or Hewlett Packard
O'Brien's paper on the Windows NT Lights Out Operation, slides from the
presentation, and tools to assist administrators with deployment can be
<ftp://ftp.msftlabs.com/loop>. Additional information on Windows
NT management can be found at
Brian O'Neil discussed Windows NT Terminal Server, a redesign of
Windows NT Server backend that supports thin clients. Windows NT
Terminal Server can provide the use of Windows NT on clients that
cannot run Windows NT. The idea is very similar to Xterms in the UNIX
world. Thin clients (such as a 386) can run the Windows GUI without the
need to actually run the full-blown Windows NT on the desktop. More
information on Windows NT Terminal Server can be found at
Mike Wei discussed UNIX and Windows NT filesharing with respect to
interoperability, performance, security, and name-space consistency.
The most interesting part of the discussion was that of Microsoft's
Distributed File System (DFS) for Windows NT. DFS is similar to NFS
under UNIX. It allows an administrator to set up mount points instead
of shares assigned to different drive letters. DFS will be included in
Windows NT 5.0 and is available as a download for Windows NT 4.0. For
more information on DFS, see
Andie O'Brien discussed several mechanisms for monitoring multiple NT
servers. The Performance Monitor can be used to monitor several aspects
of a computer, including processor, memory, and page file utilization.
Another built-in NT tool is the Event Log. Keeping an eye on the logs
can help pinpoint problems. O'Brien also gave pointers to several
third-party monitoring programs from HP, NetiQ, and Heroix.
NT 5 Administration: Change and Configuration Management
Dan Plastina and Mike Cherry, Microsoft Corporation
Summary by John Holmwood
This presentation, the final session of the conference, was meant to be
a demonstration and discussion of the behind-the-scenes technology that
supported the new Change and Configurations Management in Windows NT 5.
Predictably, most of the demonstrations did not work the first time.
Unfortunately, most attendees missed some or all of the talk, which was
liberally interspersed with lively audience discussion after each demo.
In fact, Remy Evard, co-chair of the conference, had to ask the
audience to hold off on questions so that the formal part of the talk
could be completed in two hours. When I left after three hours to catch
my plane home, Plastina and Cherry were still fielding questions from
the few people left in the audience.
NetPC boot. The first demonstration was the NetPC network boot.
This failed the first time they tried it, but eventually, with Cherry
working in the background while Plastina talked, they managed to get it
working. The functionality requires a special NIC card that supports
the PXWE protocol (NetPC & PC98) on the client and the new Active
Directory, DNS, and DHCP services on the server. The functionality is
automatic with NT 5 DHCP; other DHCPs should work with the new NIC
The boot sequence starts by running fdisk on the client hard drive.
Dual boot configurations are not compatible with this feature. Plastina
solicited feedback from the audience on the need to support dual-boot
systems; the response was mixed.
Application management capabilities. During this demonstration,
Cherry was able to automatically install an application by selecting
the application. However, his attempt to demonstrate that the
application could be installed simply by invoking a document created by
the application failed.
A request came from the audience for this capability to be included in
NT 4.5. Mike and Dan pointed out that half the problem was in the
client and half in the server. On the server side, the solution relies
heavily on NT 5 technologies such as Active Directory, Kerberos, and
caching. There is little chance of these functions appearing in an NT 4
Policy management. The policy management user interface is
likely to change before NT 5 ships. Policy will became part of the
property of the container. Much of Policy Editor functionality is not
scriptable. (Plastina regrets this decision). Policies are more
consistent than in NT 4, but user permissibles aren't interfered with.
Synchronization manager. The synchronization manager manages the
client-side cache. Plastina tried, unsuccessfully, to demonstrate the
system synchronizing a file. He did demonstrate the synchronization
options available on the system. The synchronization function requires
Windows NT 5 server as the fileserver. It uses the SMB redirector so
won't work with NFS or Novell. The speakers dodged the question of
testing the functionality with Samba.
Roaming profiles. Plastina commented on the effort that has gone
into Office 2000 to make it an "awesome" roaming application. The
application now understands the difference between user data (e.g., my
dictionary) and application data. During the questions after this demo,
a lot of hostility regarding roaming profiles came up. This appeared to
be a case of killing the messenger. Plastina handled the shots very
well. Roaming profiles are useful for the segment of user environments
where users can add their own applications. For more locked-down
environments, policies in NT 5 can redirect where files are obtained
from without using roaming profiles.
There was also a lot of hostility over Microsoft not following its own
application guidelines with respect to DLLs. Plastina's response was
that Microsoft application groups could no longer change O/S DLLs. This
will eliminate some of the problem of applications interfering with
Plastina would really like samples of real login scripts so that
Microsoft can understand what workarounds for NT 4 people are using.
This will help make the NT 5 functionality better. Send scripts with
commentary to <firstname.lastname@example.org>.