Windows NT 4.0: The Good, the Bad, and the Ugly

Under the hood, Windows NT 4.0 is almostthe same as its predecessors. I say "almost" because Microsoft hastaken the opportunity to make a few significant changes that will forever alterthe way some programs run under NT and how you interact with the operatingsystem.

NT 4.0 has a lot of good to offer--a new user interface (UI) taken from itssibling Windows 95, a built-in Domain Name System (DNS) server, the InternetInformation Server (IIS) Web server and Web page creation tools, a new TelephonyApplication Program Interface (TAPI), a network monitor, new automated setuptools, and the hundreds of little ruffles and flourishes that distinguish itfrom its 3.x predecessors. Mac users will be happy to see that NT 4.0 Serverincludes some new file and print services (to learn about these services, seethe sidebar, "Windows NT 4.0 Services for Macintosh," page 123). But4.0 also has its share of problems, such as the uncertainty about changes insystem stability that result from moving the UI to kernel mode, the clientlicense question, and the elusive documentation.

NT 4.0's changes are more evident in Workstation than Server. This factdoesn't mean Microsoft is finished with NT Server by any means. Improvements tothe next major NT release, NT 5.0, will spotlight Server, so stay tuned.

The User Interface
The most obvious change to NT 4.0 is its UI.At a glance, I have a hard time telling whether a machine is running Windows 95or NT 4.0. Screen 1 shows the new and improved UI. The Win95 interface is a vastimprovement over the Windows 3.x interface and a pleasure to work with. Butimprovement comes at a cost: Low-speed 486 workstations that run well under NT3.x can be sluggish under NT 4.0. Server performance, however, seems unaffected.My company's 33MHz 486DX file server runs painfully slow when accessing the NT4.0 UI. However, the same machine zaps files out onto the network under NT 4.0as fast as or faster than it did under NT 3.51.

True to its secure nature, NT 4.0 improves the usability of its userprofiles. These profiles let users have their own desktop, persistent networkconnections, and personal directories. If you install Microsoft Office, NTstores your application settings and documents in user profiles.

Unfortunately, I've found a few gotchas with NT 4.0's new profiles.Throughout my NT 4.0 beta process, I performed a lot of reinstalls. Because Iwrite notes to myself, to-do lists, and the like, I put these notes on mydesktop. Under NT 4.0, this is not a good habit. Every time you reinstall NT 4.0as a fresh install, you delete any user profiles, including any desktops anddata on them. Worse, NT 4.0 treats personal directories to the same immolation.Applications such as Word put documents in the user's personal directory bydefault, so users can lose months of work. The moral of the story: Don't keepyour Word documents in your personal directory, and don't leave necessary itemson the desktop--use shortcuts instead.

NT creates a new user profile when you create a new user account. Separateuser profiles are useful, but their administration can be cumbersome. Like manynetwork administrators, I have two user accounts: my mere mortal account and myAdministrator account. I have no way of installing a program such as Office andtelling it, "While you're at it, remember these settings for user Mark2."

In the same way, if you dual-boot Win95 and NT, you may have to install allyour programs twice, which can take a lot of time. If you're installingeverything twice, load Win95 and all your 32-bit Windows applications on thesystem first. Then load NT and search for the program files--winword. exe,excel.exe, ppt.exe, etc. Click Taskbar's Advanced Configuration tocreate shortcuts from these programs to your Start Programs menu. This is theonly approach I know that works, but it's clumsy. You end up wasting time re-creating your groups every time you install NT or log on as a new user in NT.

The UI Shifts to Kernel Mode
One area where NT never impressedanyone was its realtime animation support. For example, you can play theMicrosoft Hearts game against the computer or other players on an NT 3.51network, but it crawls. The animation that shows cards appearing on the baize isglacially slow. The Win95 Plus Pack's Pinball game also runs under NT 3.51, butis unplayably slow. NT 4.0, in contrast, runs both applications quickly,seemingly as fast as Win95.

To accomplish realtime animation, Microsoft modified NT's architecture. Allversions of NT Server and Workstation consist of modules, and each module has aprivilege level of user mode or kernel mode. NT allocates an area of memory thatuser-mode modules can't work outside of. This limitation is important becauseprogrammers often make the mistake of letting their programs attempt to writedata outside the program's allotted memory space. NT prevents this practice sothat the ill-mannered program can't overwrite data or program areas of anotherprogram and make the victim program crash or behave strangely. So, the worstthat a user-mode module can do is overwrite its own data areas--a user-modeprogram can crash only itself.

In contrast, kernel-mode modules are trusted with the entire computer--theycan access any hardware and any memory. A mistake in a kernel-mode program cancause the program to damage dozens of other programs.

So why build anything to run in kernel mode when such programs canbe so dangerous? First, these programs are necessary--something (aprogram, driver, or other software) has to manipulate the computer's hardware.Second, kernel-mode programs don't go through as much OS red tape as user-modeprograms. Parts of the OS that are kernel-mode programs run quicker than partsthat are user-mode programs. But when the kernel-mode parts fail, they can crashthe system.

With NT 4.0, Microsoft moved the user interface from user mode to kernelmode. The first result is immediately obvious: Applications with a lot ofanimation, such as Pinball or Hearts, run much faster than they did on NT 3.51.Most Win95 games should run smoothly under NT 4.0. This newfound ability isclearly part of Microsoft's strategy--for the first time, NT has a joystickdriver that loads by default when you install NT.

But what you gain in speed, you give up in reliability. NT 4.0's UIdefinition now includes third-party video and print drivers as trusted parts ofthe OS. And that scares me. In fact, video drivers aren't written to bestable; they're written to be fast and to crank out a lot of WinMarks orWinstones or whatever the graphic benchmark du jour is. Similarly, manygood printer manufacturers, such as Hewlett-Packard, update their print driversseveral times a year. A standard part of my Windows 3.x troubleshooting routinewas to get the latest HP drivers when things started crashing. An update wasoften the solution. Imagine the frustration of having a major file or databaseserver go down during a busy day just because your printer doesn't like someTrueType font!

Microsoft says that as long as you buy video boards and printers thatMicrosoft has tested--those on the Hardware Compatibility List (HCL)--you'llhave no trouble. Perhaps Microsoft is right. But I've already noticed that my NT4.0 workstations are less stable than those running 3.51. I've even crashed anNT machine with an old MS-DOS game.

My advice on living with a kernel-mode UI is simple: Run the 640 * 48016-color VGA driver on your servers. This driver is well understood, wellwritten, and well tested. Also, put your shared printers on a relatively smallnumber of dedicated print servers. If they crash, they rob only your networkprinting function, not your file and application services.

The License Issue
One major drawback of upgrading to NT Server4.0 is the cost: You must rebuy all your client licenses. The true cost ofswitching from NT 3.x to NT 4.x is that you must buy an upgrade for each clientlicense, at a list price of $25 apiece. In a firm with 10,000 employees, that'sa quarter of a million dollars in upgrades--yikes! You didn't have to repurchaseyour licenses when you went from NT 3.5 to 3.51 because it was a minor upgrade,says Microsoft. To make matters worse, NT 5.0 is quickly approaching, whichmeans you may have to fork over all the cash again in a year or so.

I asked a Microsoft representative whether large companies will want toupgrade their workstations now and save money by waiting for NT 5.0 beforeupgrading their servers--he sidestepped. He explained that anyone with more than50 employees needs to be on Microsoft's Select plan, which lets the company paya kind of flat subscription fee. This fee entitles the company to distribute anyMicrosoft product, including client licenses. This approach leads me to believethat Microsoft's pricing strategy is aimed at fairly small businesses. Beforeupgrading, check whether your firm is part of the Select program. If not, do themath. Signing up for this plan or waiting for NT 5.0 may pay you well.

NT 4.0 Simplifies Intranetting
NT 4.0's TCP/IP tools underscoreMicrosoft's focus on Internet tools. You can't throw out your UNIX machines andrun your entire Internet on NT just yet, but 4.0 brings you a step closer.

NT 4.0 ships with a built-in DNS server, which replaces the need for athird-party solution. (For more information on DNS and Windows Internet NameService--WINS--in NT 4.0, see Spyros Sakellariadis, "Configuring andAdministering DNS," August 1996.) As with other standard DNS servers, NTaccepts traditional bind files. I recommend that you use these bind files to runthe server. The setup wizards are somewhat quirky. (If you don't have O'Reilly'sDNS and Bind by Paul Albitz and Cricket Liu, get it--Web addresswww.ora.com/catalog/dns. It's good and describes in excruciating detail how toset up a standard DNS server and how to create bind files.)

After you set up DNS to use the bind files, you can hand-enter the namesand IP addresses of every PC on your network. To add these names and addresses,you use the new DNS manager. Screen 2 shows this administrative tool. NT 4.0improves on the traditional bind system by letting you query a WINS server.

Suppose you have a computer named ruby in a domain jewels.com. If I try toPING ruby.jewels.com, my computer uses DNS to get the IP address forruby.jewels.com. Eventually, the DNS request filters its way to the DNS serverat jewels.com. If the network administrator hasn't added ruby's IP address tothe system DNS, the DNS server asks the WINS server at jewels.com, "Do youknow a computer named ruby?" If so, the DNS server responds to the initialrequest with ruby's IP address. Very neat, and very dynamic.

Be prepared to work with your Internet Service Provider (ISP) if youinstall the dynamic WINS connection: The WINS directive confused my ISP'sUNIX-based DNS servers, forcing me to remove WINS from my DNS server. If Iremove the WINS directive, the UNIX DNS and NT DNS machines communicate justfine. So WINS and DNS linkage is a great feature, but I'm sad to say it doesn'twork if your ISP doesn't use NT machines.

NT ships with NSLOOKUP, a useful tool for troubleshooting DNS problems.Getting help for this tool is a bit arcane, however: You must access a commandprompt, type NSLOOKUP, and then type a question mark on a line by itself.Perhaps one day we'll see an implementation of NSLOOKUP's older sibling, DIG, onNT. (DIG, a common UNIX utility for debugging DNS servers, is much more powerfulthan NSLOOKUP.)

Microsoft's NT-based Web server, IIS, and newly acquired Web developmenttool, FrontPage, ship with NT 4.0 Server. Both tools let you set up and publishyour Web pages without third-party tools. FrontPage automates several basic Webpage functions such as saving form results to a file, building a discussiongroup on a Web site, adding time and date stamps, and offering search engines.FrontPage could benefit from templates. I get tired of having to tell it to makeevery Heading 1 paragraph dark green. But all in all, FrontPage is a wonder anda real addition to NT.

NT 4.0 lets you implement IP routing without two separate network cards inyour system, which simplifies routing between a RAS connection and a LANconnection. NT 4.0 includes the algorithm for Routing Information Protocol (RIP)routing and support for bootp forwarding, but doesn't support the commonintranet routing protocol, Open Shortest Path First (OSPF), or ExternalGateway/Border Protocol (EGP/EBP) routing.

Although making a system into a LAN-to-WAN Internet gateway is easier withNT 4.0 than with 3.51 (for more on gateways in NT 4.0, see my column, "UnlockYour Gateway to the Internet," June 1996), it's still a chore. AMicrosoftie in the routing group tells me that this process won't be simplifieduntil NT 5.0.

LAN-to-LAN routing with RAS is possible in NT 4.0. You can have a networkuptown and a network downtown talk via NT machines and modems, ISDN, or framerelay rather than routers. But this routing still takes some work. On the downside, NT's TCP/IP still doesn't dynamically reroute reliably. For example, ifyou give your system two default gateways and shut down the first, NT won'tfigure out how to use the second to access the Internet.

When you're ready to access the Internet, NT 4.0's multilink Point-to-PointProtocol (PPP) lets you connect faster than before. Previously, you couldconnect to the Internet with only one ISDN channel at 56 Kilobits per second(Kbps) or 64 Kbps. Now you can attach two ISDN adapters, enable the multilinkPPP to dial your ISP, and let NT combine two data streams into one, giving you112 Kbps or 128 Kbps. You can use several modems, direct serial connections, andISDN connections--anything RAS and Dial-Up Networking (DUN) support. However,this configuration works only if your ISP supports multilink PPP. (Most don'tyet, but many will soon.)

NT 4.0 brings virtual private networking to the Internet with thePoint-to-Point Tunneling Protocol (PPTP). With PPTP, you can connect to yourcorporate server over the Internet from a remote location. To begin, under DUN,you install two modems: the physical modem attached to your system and abogus modem called the PPTP service.

To attach to your network over the Internet, you make two dial-upconnections. The first is the usual PPP-based dial-up connection to theInternet. Then you run the second dial-up connection and tell it to place acall, not with your modem but with your PPTP service. When Dial-Up Networkingprompts you to enter the dial-up phone number, you (and this is the undocumentedpart) fill in the IP address of your corporate RAS server (that servermust also be running PPTP). The second dial-up connection is a domain logon,where your message runs past any firewalls straight to the RAS server, whichthen authenticates you. From that point on, you're connected to your corporatenetwork as if you were on site or had dialed directly into your office's RASserver.

Telephony Application Program Interface
NT 4.0 also includes theTelephony Application Program Interface (TAPI), a nice feature that unifiedcommunications programming under Win95 and will no doubt benefit NT as well.With old operating systems, each communication program had to load its ownmodem-specific drivers. So if you ran four different communications programs onyour computer, you ended up telling four different programs what kind of modemyou had. Under NT 4.0, you can buy communications applications that are TAPIenabled, which means they can interrogate your system for modem informationrather than interrogating you.

Network Monitor
In all the years I've worked with PC networks,one of the most desirable, sought-after, and expensive tools for networktroubleshooting has been the network sniffer. Put simply, a sniffer lets you seeeverything going through your network cable. A full-blown network snifferrecords every piece of data that goes back and forth on the network--atroubleshooter's dream and a security officer's nightmare. At one point, onenetwork sniffer product was going for $18,000.

Microsoft's sniffer application, the Network Monitor, ships as part of theServer Management System (SMS), but SMS is expensive and a Network Monitorshould have been part of NT Server from the start. With NT Server 4.0, Microsofttakes a step in the right direction by including a slightly dumbed-down versionof Network Monitor.

Screen 3 shows the Network Monitor included in NT Server 4.0. To access theNetwork Monitor, open the Control Panel and click the Network service. Highlightthe Services tab, and click Network Monitor Tools and Agent to createthe service. Note that Network Monitor does not install with NT Server bydefault, so you may have to add the Network Monitor Tools and Agent. If youdon't see the service listed, click Add and add it from the NT installation CD.

Microsoft probably dumbed down the NT version of Network Monitor to keepthe full-blown version viable as a standalone product. (The full-blown versionof Network Monitor that ships with SMS tracks and records all data goingon the network.) The version of Network Monitor that ships with NT Serverrecords only network frames originating with or destined for the particularserver on which it is running. So, if you want to use Network Monitor to examinetraffic from your server to machine X and from machine X to your server, you'lllove the Network Monitor version that ships with NT Server. If, however, youwant to use Network Monitor to examine traffic moving between machine X andmachine Y, you can't do that with the version that ships with NT 4.0 Server,assuming that your server is neither machine X nor Y. Still, it's a neat tool.

Simplifying Setup
The NT 4.0 Setup program acts like a typicalMicrosoft Wizard, but it doesn't let you use Back to undo decisions atmany important steps, and that's annoying. For example, if you designate aserver as a Backup Domain Controller (BDC) early in the Setup process and laterfind out the machine can't contact the Primary Domain Controller (PDC) to verifyyour authorization to install a new BDC, you're stuck: You can't backtrack toinstall a simple server. You have to turn the computer off and start over.

No matter how good or bad the Wizard is, however, the only perfect Wizardwould be one that asks you every question relevant to the installation and says,"Go get some lunch, and I'll get this set up." I hate babysitting anNT installation, and Microsoft includes a tool, Setup Manager, with NT 4.0 tomake it easier.

Setup Manager asks you questions about how to set up your computer, andthen generates a setup script. You feed the setup script to WINNT32 or WINNT.These two setup helper programs come with NT and use the information the scriptssupply. The result is an almost unattended installation.

WINNT32 can do the entire installation unattended, except for theEnd User License Agreement. I'm not sure what good an unattended installation isif you have to attend to the F8 key to acknowledge that you have read and agreeto the End User License Agreement. Microsoft probably has an undocumentedparameter on WINNT32 to get past this, like the /iw parameter for Windows 95unattended installations. Microsoft appears to have added FrontPage too late forit to be part of the unattended installation. You can't install FrontPageautomatically when the rest of NT installs.

NT 4.0 simplifies installing applications to several machines, thanks totwo utilities: sysdiff and rollback. Sysdiff lets you take snapshots of asystem's configuration at any moment, and rollback lets you return theconfiguration to that point. The idea is this: Suppose you're about to put a newdrawing program called Esketch on 500 NT workstations. You don't want to run theEsketch setup program 500 times, so you run sysdiff before you install Esketchon the first computer. Then you run sysdiff after you install Esketch. Sysdiffthen reports exactly what changed and gives you a script to help you quicklyroll out Esketch to other machines.

At least sysdiff and rollback are supposed to work that way.They've been around for the past few months, but I've yet to see anydocumentation on them (nor will any documentation appear in the NT box,according to a Microsoft representative). Instead, look for help on the Web atsome point.

My biggest quibble with NT 4.0 is that the documentation for the newfeatures--PPTP, FrontPage, sysdiff and rollback, and the DNS server--isvirtually nonexistent. The few clues in the Help files are the onlydocumentation available, at least in the beta versions. Microsoft reportedrecently that, "94 percent of all bugs reported in the NT 4.0 beta testprogram were found internally." No wonder. No one else could even get thenew subsystems running. As of this writing, Microsoft has hinted that moreinformation will be available in the Resource Kit, which will appear in November(according to one Microsoft source) or in the first quarter of 1997 (accordingto another).

NT 4.0's new UI, Web support, and setup tools add up to a much improved OS.Just make sure you select the best licensing option for your needs and stickwith video boards and printers from Microsoft's HCL. On the whole, NT 4.0 isworth buying, but much of what NT Server fans are waiting for won't appear untilNT 5.0. (For a summary of the good and the bad, see the sidebar above.)