Although Windows 2000 Professional can be used with stand-alone computers, it is only in conjunction with a Windows 2000 Active Directory domain that the complete array of Windows 2000 Professional's powerful security, system management, networking, and other features can be fully utilized. Some of the key features of Windows 2000 Professional are described in the following sections.
Windows 2000 Professional provides a number of security features for local and network applications.
Encrypting File System (EFS)
The EFS component permits encryption of folders and files. When a folder or file is encrypted, an encryption certificate and a private key are generated that are used later to perform the decryption. EFS is a particularly valuable feature for mobile systems where confidential data may be at risk should the computer be lost or stolen. EFS can be used whether the computer operates as a stand-alone system or participates on a network as a member of an Active Directory domain.
Public Key Infrastructure (PKI)
Public key cryptography is an important security mechanism for protecting Internet, intranet, and e-commerce data. Windows 2000 Professional includes native PKI support that can take full advantage of public key cryptography. PKI provides an integrated set of tools and services for support of public key-based applications.
Standard Network Authentication Protocols
Windows 2000 Professional supports a number of network authentication protocols including:
· Kerberos 5, the default network authentication program for computers running Windows 2000 Professional.
· Windows NT LAN Manager version 2 (NTLMv2), which provides enhanced authentication and session security over the previous NTLM implementation included with Windows NT 4.0 and Windows 9x operating systems.
· Extensible Authentication Protocol (EAP), a new programming interface that allows third-party security protocols to be installed and used.
Smart Card Support
Smart cards are credit card-sized electronic cards that can provide tamper-resistant, highly portable storage for digital identification and credentials. Smart card support is integrated into Windows 2000 Professional.
Virtual Private Networks (VPNs)
VPNs allow Windows 2000 Professional clients to use the Internet to create secure paths or pipelines over the Internet to their corporate local area networks (LANs).
VPN technology is especially useful in mobile computer applications because it enables users to dial into most local Internet Service Providers (ISPs) and set up a secure VPN session with their corporate LAN over the Internet.
This can significantly reduce long-distance dial-up charges. Windows 2000 supports key VPN tunneling protocols including the Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), and Internet Protocol Security (IPSec).
Windows 2000 Professional includes manageability features that make it easier for IT professionals to deploy, support, and update the OS over the network. The management tools and services described in this section are used in conjunction with Windows 2000 Server management services.
Group Policy is a Windows 2000 Server utility that enables system administrators to customize and define rules for many aspects of a client computer user's environment. By defining security settings, software installation options, desktop settings, and other resources, system administrators can create standard system configurations for specialized groupings of users and computers. Benefits for client systems include time and cost savings associated with system uniformity and automated software installation and updates.
IntelliMirror management technologies are a collection of features on a Windows 2000-based server that permits Windows 2000 Professional clients to mirror user data, transparently install or repair application programs, and store customized OS settings on Windows 2000 servers. IntelliMirror has the following main features.
· User Data Management - This "roaming" feature allows Windows 2000 Professional users to store their My Documents folder on the server and replicate it to an off-line files cache on the client system. With the files in an off-line files cache, users can disconnect from their network and still access the files in their My Documents folder, even though these files are normally accessed over the network. If User settings management is also enabled, users can roam to other Windows 2000 Professional-based clients on the corporate network and access their data. When the client reconnects or logs off of the network, the My Documents folder is synchronized with the mirrored copy stored on the network. This feature is particularly useful for users who have a need to frequently disconnect their portable computer from the network.
· User settings management - Similar to the roaming "My Documents" feature, the user settings management feature stores users' desktop settings such as Start Menu configurations, Internet shortcuts, and other user preferences in a directory structure on the server. The profiles are replicated to the local client's hard-disk drive each time the user logs into the domain. The profile is mirrored on the user's local hard-disk drive so that if the user doesn't have access to the network, the client can still boot with the locally stored copy of the profile.
· Software installation and maintenance - This feature allows deployment and management of policy-based application software throughout a Windows 2000 Active Directory domain. Group policy options specify the software that is to be installed, upgraded, or removed, and Windows Installer Service lets system administrators automate the software installation and configuration of client systems. Once programs are installed on the client, the Windows Installer Service tracks versions of shared components and performs routine checks to ensure that program components are still intact. The automatic repair function of applications installed via the Windows Installer Service allows a corrupt application to repair itself automatically, instantly, and without any interaction on the part of a user or system administrator. This policy-based installation and maintenance capability reduces client-side management costs by providing centralized application management and by removing some of the most common issues that require technician visits to users' systems.
Microsoft Installer technology helps eliminate problems caused by application program installation or uninstallation errors. The operating system can recognize and repair such problems. For example, a newly installed application that has a Dynamic Link Library (DLL) with the identical name of another application's DLL would cause a conflict. The Installer can fix this problem automatically by storing the DLLs in different folders.
Microsoft Installer works with the Windows Installer Service provided in the Windows 2000 Server operating system.
Microsoft Management Console (MMC)
Designed for system managers running Windows 2000 clients, MMC is an extensible console framework that provides a common environment for specialized management applications called snap-ins . Snap-ins are ActiveX® controls that provide system management functions or behaviors that system and network administrators can combine to create many types of administration tools. As the primary management host for Windows 2000 Professional, MMC provides a single interface for many client and server management tools.
The Synchronization Manager lets users synchronize various resources. From the Items to Synchronize window, users can set the Synchronization Manager to automatically synchronize files, folders, e-mail, and off-line Web pages every time they log on or off of the network. Synchronization Manager synchronizes only the resources that have changed or have been updated since the last synchronization process.
Stability and Reliability
Like Windows NT Workstation, the 32-bit Windows 2000 Professional OS protects itself against the failure of nonnative 16-bit Windows and 16-bit MS-DOS® programs by running those programs in a protected subsystem that has its own separate memory space. This protected kernel-mode architecture makes Windows NT Workstation and Windows 2000 Professional more stable and reliable. Windows 2000 Professional has added a number of new improvements in core-system file integrity, driver signing and authentication, reduced boot scenarios, and others, which make it more robust than previous Windows operating systems. The following sections describe several of the operating system's stability and reliability features.
Windows File Protection (WFP)
The WFP feature (also available in Windows Me as System File Protection [SFP]), safeguards against core-system file corruption during application program installations. It prevents the replacement, corruption, or deletion of protected system files by verifying the source and version of a system file before it is installed. Digital signature technology is also used to verify the correct version of the file(s) to be installed.
Driver Signing and Authentication
Driver authentication is an integrated process in Windows 2000 Professional. All device drivers are required to pass rigorous tests for stability before they can be issued a signature. Users can specify strict validation policies to prevent the installation of unsigned drivers or drivers whose validity cannot be authenticated.
Reduced Reboot Scenarios
Windows 2000 Professional requires fewer planned and unplanned system restarts than Windows NT 4.0. To improve the operating system's stability and reliability, Microsoft eliminated more than 75 scenarios in Windows NT 4.0 (such as adding a network protocol or installing a new device) that required a system reboot. Microsoft has reduced the number of reboot scenarios in Windows 2000 Professional to fewer than 10. Microsoft has also reduced the total number of reboot scenarios in Windows Me.
Multiple User Profiles
Windows 2000 Professional supports multiple user profiles on the same machine. This feature protects one user's data from being viewed by an unauthorized user. In a work environment, administrators can configure computers such that users have their own protected sets of data, application programs, and preferences.
Network configuration tools are built into both Windows 2000 Professional and Windows Me, making it easier for users to establish Internet and other network connections. The following features help improve Internet connectivity.
Network Connection Wizard
The Network Connection Wizard guides users through the process of establishing access to the Internet and other networks. It also simplifies the setup procedures required for file, printer, and other device sharing across the network.
Microsoft's Internet Explorer 5 is included with Windows 2000 Professional. The browser allows close integration of the Internet into the user's desktop environment. The browser includes AutoComplete and AutoCorrect features, which help reduce the need to repeatedly enter information into the browser.
A consolidated search capability makes it easier to perform highly targeted and refined searching.
For each remote network connection profile, such as a dial-up or VPN connection, Internet Explorer version 5 allows a user to specify different proxy configuration information. This is useful for mobile users who, while traveling, must connect to multiple remote networks with varying proxy configurations.
Internet Connection Sharing (ICS)
This feature allows multiple PCs in home networks or small office networks to share a single dial-up or broadband connection to the Internet. A single Windows 2000 Professional client connected to the Internet can provide Internet connectivity for up to 10 additional Transmission Control Protocol/Internet Protocol (TCP/IP) clients, regardless of the operating system they are running.
ACPI Power Management
Windows 2000 Professional supports the latest Advanced Configuration and Power Interface (ACPI) power management functions. ACPI provides user-defined, low-power standby modes that conserve energy while not shutting the computer down entirely. ACPI power management modes include:
· Standy mode - In standby mode, the computer is put into a low-power state. Devices such as the monitor and hard disks are switched off, consuming less power. When the computer is returned to full operation, the desktop is restored to its previous state. Standby mode is particularly useful for conserving battery power in portable computers. However, because standby mode does not save the desktop state to disk, a power failure while on standby can result in the loss of unsaved information.
· Hibernate mode - Hibernate mode saves everything that is in system memory to disk, then switches off the monitor and hard-disk drive and shuts the computer down. On restart, the system is restored to its previous state. An enhanced version of the ACPI power management utility that also supports fast boot capabilities is available in Windows Me. Both Windows 2000 Professional and Windows Me also support the earlier Advanced Power Management (APM) initiative.
Hot Docking and Undocking Services
This feature enables users to dock and undock portable computers without rebooting or changing the computer's hardware configuration. When docking, new hardware is automatically detected and installed.
This feature also allows open application programs and documents to continue to run even as the computer is moved from one location to another.
Hot docking and undocking functionality is also available in Windows Me.
In contrast to the business-related features offered in Windows 2000 Professional, the majority of Windows Me features are targeted at the consumer market. The following sections describe many of the key consumer-oriented features available in Windows Me.
Key Features of Windows Me
Windows Me is the successor to Windows 98 Second Edition (SE). Windows Me includes special tools for working with rich multimedia content such as videos, photos, and music, and it offers enhanced home networking and built-in support for broadband Internet connectivity. It also has a redesigned Help Center to make setup and troubleshooting faster and easier.
The Windows Me desktop looks similar to the Windows 2000 Professional desktop. However, Windows Me is based on the Windows 9x kernel rather than the Windows NT kernel. Windows Me was designed specifically with the home computer user in mind, and focuses on the following areas:
· Improved digital media and entertainment capabilities
· Enhanced home networking features
· PC Health applications
· Integrated PC Help
Digital Media and Entertainment
Windows Me has built-in tools for handling multimedia video, still
photography, music, and games, including:
· Windows Movie Maker
· Windows Image Acquisition (WIA) and My Pictures folder
· Windows Media Player
Windows Movie Maker
Windows Me adds a new feature called Windows Movie Maker, which provides functionality for transferring digital and analog video from a video camera or a VCR to the computer's hard-disk drive for editing (additional video capture hardware is required). Windows Movie Maker provides basic video editing capabilities such as shot detection, linear editing, and video clip drag-and-drop.
Video clips can be viewed using Windows Movie Maker and Windows Media Player 7
Still-frame thumbnails help users locate and organize video clips for editing. Windows Movie Maker records in the Windows Media format (WMF). Improved WMF video compression technology permits storage of up to 20 hours of video on 1 gigabyte (GB) of disk space.
WIA and My Pictures Folder
Windows Me adds a new WIA feature for acquiring and importing images from cameras and scanners, and a new My Pictures folder to facilitate storing and organizing images and digital snapshots.
The WIA feature includes a new wizard that automatically recognizes many popular scanners and cameras. When a WIA-compatible camera or scanner is connected to the computer's Universal Serial Bus (USB), the wizard installs it as a browsable external device. Windows ME users can access these devices and view or download their contents without the need for additional software.
Digital images can be downloaded directly to an application program, such as a word processor or e-mail program, or they can be downloaded to the My Pictures folder for storage or editing. Images in the My Pictures folder can be viewed as thumbnails, viewed at full size, scaled up and down, rotated, or viewed as a full-screen slide show.
Windows Media Player
The Windows Media Player (version 7) has been redesigned in Windows Me. It includes a new graphical interface, better audio and video playback capability, and support for the latest audio, video, and image file formats.
· New interface look and feel - The Windows Media Player default console has a more contemporary look than previous versions. Console buttons are clearly defined, and single-click access is available for most common Media Player functions, including the built-in radio tuner and the WindowsMedia.com media guide. Improved audio and video output features include a 10-band audio equalizer and video controls for adjusting video brightness, contrast, hue, and saturation. The default console can be customized via selectable "skins" and visualizations. (Skins are different console designs that can be selected to change the look of the player. Visualizations are images, generated electronically and in real time, that change in response to audio signals.)
· Enhanced music jukebox features - An integrated jukebox provides digital audio playback, recording, music library management tools, and enhanced play-list functionality. The jukebox supports CD DataBase (CDDB) format and can automatically retrieve and display artist and track titles from an online CD database when a CD is inserted into the CD player. Windows Media Player can play WMF and MP3 files and can record WMF files.
Improved Home Networking
An increasing number of households have more than one computer. Recent PC industry estimates suggest that the majority of consumer PC sales today are made to families that already have at least one PC in the home. The proliferation of PCs in the home, in conjunction with broadband Internet access, is driving demand for home networking connectivity. Windows Me includes a Home Networking Wizard that makes it easier to set up and use a network of home computers. Home networking features in Windows Me include the following.
File, Printer, and Other Device Sharing
With a home network, users can share computing resources including files, printers, and scanners, and can even play multiplayer games with others on the network. When new resources are added to the home network, Windows Me automatically detects them.
Internet Connection Sharing
Windows Me provides Internet Connection Sharing (ICS), enabling multiple computers to share a single Internet connection simultaneously. The Home Networking Wizard guides home PC users through the process of configuring a home-network host and linking multiple computers through the host system for the Internet connection. The wizard also creates a setup disk that can be used to configure other systems on the home network.
Support for Major Home Networking Technologies
Windows Me supports several home network technologies, including:
· Home Phoneline Networking Alliance (HomePNA) - Home networking technology that uses standard twisted pair telephone lines already installed in most homes
· 10BASE-T and 100BASE-T Ethernet - LAN technology that provides 10/100 megabits per second (Mbps) data transfer over Category 5 unshielded twisted-pair (CAT 5, UTP) cable
· Wireless Ethernet - Institute of Electrical and Electronic Engineers (IEEE) 802.11 Ethernet wireless networks
Universal Plug and Play
Windows Me provides support for Universal Plug and Play (UPnP), a Microsoft initiative to support consumer devices on home networks. Though few devices are available to take advantage of it today, UPnP is expected to extend home computer network device support to include control of "smart" consumer devices such as home security systems, kitchen appliances, home lighting, and temperature control.
Internet Explorer 5.5
Microsoft's Internet Explorer 5.5 browser is included with Windows Me. This browser features enhanced security, improved printing capabilities (including print preview), better overall performance, and improved search capabilities.
Bundled with the new browser version are Microsoft's instant message service, MSN Messenger, as well as its e-mail program, Outlook Express.
Several reliability and performance enhancements have been added to Windows Me that are designed to help maintain PC health.
System File Protection
This feature protects critical system files from being overwritten accidentally or through unauthorized access. If a critical system file is overwritten or corrupted during application program installation, Windows Me restores the file-protecting system stability while allowing the application to install without error.
The Windows Me System Restore utility protects the OS from corruption by giving the user the opportunity to return an unstable system to an earlier stable condition. System Restore creates a "snapshot" of the operating system image after a specified number of hours of cumulative system operation or prior to the installation of many application programs. Should the system become unstable, the user can opt to restore the system a to point in time when it was stable.
Limited MS-DOS Support
In the interest of improving system stability and reliability, legacy support for Real Mode DOS applications has been eliminated. Most DOS applications can still be run in Windows Me, but only in the protected mode in which other Windows application programs run.
Windows Me is the first Windows operating system to implement fast-boot capability. The goal of Fast Boot is to make the Windows desktop available to the user as quickly as possible. With the implementation of fast-boot-optimized PC hardware, boot times of less than 30 seconds can be achieved.
Microsoft is providing computer manufacturers with boot-time measurement tools to help identify devices and device drivers that can be optimized to provide fast-boot performance. Dell plans to provide fast-boot-optimized hardware for full support of Fast Boot.
The Windows Me AutoUpdate feature supports automatic downloads of operating system updates from Microsoft without user intervention. Whenever the computer is connected to the Internet, Windows Me checks for critical OS updates and downloads them in the background. The OS then alerts the user that an update is available for installation. If the user accepts, the update is installed. Users can disable the AutoUpdate feature from the Control Panel.
Unified Help and Support
The Unified Help Center in Windows Me has been redesigned from the Windows Help application in Windows 98 SE. Help is now a browser-like application that launches all Help files from a single location. Built-in hooks have been added to the Help application to support future integrated help from third-party hardware and software vendors.
The following table summarizes the main Windows 2000 Professional and Windows Me features discussed in this article, plus additional key features. Feature Windows 2000 Professional Windows Me
Fast Boot Support No Yes Hot docking Yes Yes Multiple user profiles Yes No NetMeeting (audio/video conferencing over the Internet) Yes Yes Unified PC Help (combines and integrates Help resources) No Yes Win32 Driver Model (supports device driver compatibility for Windows 2000 Professional and Windows Me devices) Yes Yes Hardware Multiple monitor support Yes Yes Plug and Play support Yes Yes Power management support ACPI/APM ACPI/APM USB 1.0 and IEEE 1394 support Yes Yes Universal Plug and Play support No Yes Integrated Security Support Encrypting File System (EFS) Yes (NTFS 5 only) No Network authentication protocols supported Kerberos 5, EAP, NTLM None Public Key Infrastructure (PKI) Yes No Smart Card support Yes No VPN support Yes Yes Stability/Reliability AutoUpdate No Yes Core system file protection Windows File Protection (WFP) System File Protection (SFP) Driver signing and authentication Yes Yes Real-mode MS-DOS support No No Protection against errant Windows 16- and Windows 32-bit programs Yes No Reduced Reboot Scenarios Yes Yes System Restore No Yes Windows Management Interface (WMI) support Yes No Manageability1 Active Directory (a directory service for information about objects on the network) Yes No Group Policy Yes No IntelliMirror Yes No Synchronization Manager Yes No Multimedia DVD support2 Yes Yes (new interface, new functionality) Image device support (WIA provides browsable image device support and native image capture support) TWAIN WIA, TWAIN WebTV for Windows No Yes Windows Media Player (Media Player 7 was developed for Windows Me but is also being made available for other Windows operating systems) Yes (Version 6) Yes (Version 7) Windows Movie Maker No Yes Compatibility File systems supported File Allocation Table (FAT) 32, NTFS 4, NTFS 5 FAT 16, FAT 32 Hardware autodetection and configuration during installation Yes Yes Runs MS-DOS and Win16 programs Most (emulator) Most (emulator) Runs MS-DOS and Win16 device drivers Virtual DOS Virtual DOS Ease of Use Automatic detection of local file and printer shares No Yes Home Networking Wizard No Yes Internet Connection Sharing Yes Yes Network Connection Wizard Yes Yes Personalized menus (adapt to user's work habits; displays programs and features selected most often by user) Yes Yes 1 Used in conjunction with Windows 2000 Server2 Requires add-on decoder for DVD-Video support
Though they share similar interfaces, Microsoft's two newest operating systems, Windows 2000 Professional and Windows Me, have different heritages and are aimed at different target markets. Windows 2000 Professional is based on the Windows NT core, making it a robust operating system for running critical applications. This inherent stability combined with a rich set of network and system management features make Windows 2000 Professional ideal for business and enterprise use. The Windows Me operating system is the latest upgrade to Windows 98 SE. Because it is based on Windows 95/98 kernel code, it has fewer of the corporate-enterprise and client-management features that are available in Windows 2000 Professional. Windows Me has features designed specifically for the consumer market such as digital multimedia, home networking, and gaming support.
Dell will begin shipping desktop and portable systems with factory-installed Windows Me in the third quarter.
Microsoft has announced that Windows Me will be the last of the Windows 95/98-based operating systems. The company plans to merge future consumer and enterprise operating systems into a single product family that shares the Windows 2000 code base.
For More Information
For more information about the technologies discussed in this article, see the following Web sites:
· Microsoft Corporation (http://www.microsoft.com/)
· Home Phoneline Networking Alliance (http://www.homepna.org/)
· Universal Plug and Play Forum (http://www.upnp.org/)
· Related Vectors articles (http://www.dell.com)
See more articles on similar topics