Windows 2003 Server & Industry Trends
This week, Stephen Ibaraki, I.S.P., has an
exclusive interview with Don Jones, an international technology
consultant and a founding partner of BrainCore.Net—a leader in
technical certification and assessment development and technologies.
Don is a regular speaker at industry conferences such as MCP
TechMentor, Comdex, and more. He is currently living and working in
an RV, traveling across the country on various consulting jobs.
Q: Thank you for being with us here today. Your experiences and
insights would be of great interest to our audience.
A: Thanks very much, glad to be here.
Q: You are an expert in Microsoft’s Windows Server 2003. How does
Windows Server 2003 compare with Windows 2000 Server? Why would a
company want to move to 2003?
A: That’s a tough question for most companies. The switch from NT to
2000 was a big, big change, and it was easy to see what was
different. 2003, however, is more like a minor revision in terms of
additional features. Active Directory, however, has seen some major
changes. I think that companies who’ve avoided moving to Active
Directory thus far will see a lot to like in 2003. 2003 is also
much, much more secure right out of the box. Companies implementing
Web sites and other easily attacked servers will also find a lot to
like in 2003.
All that said, companies who’ve already moved to Windows 2000 might
not find anything that really compels them. That’s especially true,
I think, for small- to medium-sized companies who’ve already gone
through the pain of a Windows 2000 and Active Directory migration.
Larger companies will gain tremendous benefits from the new Active
Directory, which is really version 2.0 of that technology.
Q: What tips can you offer in implementing Windows Server 2003?
A: Planning, planning, planning. Windows 2000 introduced a new
concept for Microsoft operating systems: Don’t just click Setup and
expect everything to go smoothly. With 2000, you really had to plan
your migration and deployment, especially where Active Directory was
involved, and that continues to be true with 2003.
If you’re moving from 2000 Active Directory to 2003, in-place
upgrades – as opposed to migrations to a new server – are a great
way to go. It’s a painless process that works quite well. It’s also
very easy to install 2003 domain controllers into a 2000 domain, and
simply decommission your 2000 domain controllers one by one. When
you’re finished, you can shift the domain into 2003’s functional
level and start taking advantage of new features.
This concept of functional levels is important, and it’s a great
idea that Microsoft’s offered. It allows a 2003 domain controller to
act exactly like a 2000 domain controller, giving you as much time
as necessary to get all of your domain controllers upgraded. You
won’t have many of the new Active Directory features, but you won’t
have compatibility problems, either. When you’re completely
upgraded, you raise the functional level to switch on the new
Domains aside, another big area in which to be careful is IIS
upgrades. IIS 6 is a complete rewrite over IIS 5. I don’t recommend
just upgrading Web servers willy-nilly; do some testing and make
sure your applications will work on IIS 6. IIS 6 offers
backward-compatibility modes with IIS 5, but if you run into
problems you’d be better off investing to fix your application. IIS
6’s native architecture is faster, more stable, and more secure, so
it’s wise to take advantage of it.
Q: Can you elaborate more of the security in Windows 2003?
A: In the past, Microsoft’s goal was to make it easy to get a
powerful server up and running with all it’s features enabled. That
meant, for example, installing IIS by default with all its features
turned on. That turned out to be a bad idea, as administrators wound
up running IIS on computers without really realizing it. When IIS
was compromised by viruses like Code Red, it ran rampant thanks to
the wide IIS deployment.
Windows Server 2003 takes a different tack: To make the OS as secure
as possible out of the box. I’ve really been impressed at
Microsoft’s efforts in this. For example, the default file and share
permissions now list the Everyone group with Read-only permissions,
rather than with Full Control as has been the case since NT was
first introduced. I think that’s a minor change, but with major,
long-overdue implications and consequences. 2003 also leaves IIS out
by default, and if you do install IIS, it installs in a very
locked-down fashion with reduced functionality. You have to turn on
the features you need, so there’s no way administrators can claim
they didn’t know those features were there.
The new security philosophy places a lot more responsibility on the
administrator. There’s no more “click and it’s done” setup in 2003;
admins have to take more time to understand how features work, and
they have to sped more time configuring those features for full
functionality. That’s a good thing, in my opinion. I don’t think we
administrators are paid to just click buttons. We’re paid to
understand what we’re doing and to configure our servers to be both
functional and secure.
Q: What would be useful information to know about implementing and
using each of the Microsoft .NET Enterprise Servers?
A: That’s a big topic. Today, you’ve got ten to twelve .NET
Enterprise Servers, depending on how you define that brand name.
Planning is crucial: Understanding how each server works, how it
interacts with the others, and what the core administrative
requirements are. I’ve actually written a book, Special Edition
Using .NET Enterprise Servers, which is coming out from Que in
February. It provides a planning and design chapter for each server
product, security chapters, and a chapter on administering each
Knowing, for example, that SQL Server runs best on a machine by
itself and that Exchange 2000 Server has a new multi-tier
architecture that can reduce servers and increase scalability –
those are important things to know. The .NET Enterprise Servers are
so varied and complex that you really have to do your homework
before you dive in.
And, as always, Microsoft is constantly changing things on us. They
just shipped Content Management Server 2002, a whole new version and
the first version they’re totally responsible for. Keep in mind that
they bought CMS 2001 and really just rebranded it. We know that a
major realignment to the .NET Enterprise Servers is coming in 2004
and 2005, with BizTalk Server, CMS, and Commerce Server being
collapsed into a product that’s code-named Jupiter. Exchange, Mobile
Information Server, and Internet Security and Acceleration (ISA)
Server are being recombined into two products. It’s a lot of work to
Q: Can you describe the books you have written and share some tips
from your books?
A: My newest book, which will hopefully be out from Que in March or
April, is Windows Server 2003 Delta Guide, which I co-authored with
Mark Rouse. It’s targeted at experienced Windows administrators, and
designed to help them quickly become experts on 2003 by leveraging
what they already know about Windows. I think one of the coolest
tips from that book is the new Resultant Set of Policy (RSOP)
feature from 2003’s new Active Directory Users & Computers console.
RSOP lets you play “what if” with Group Policy management. You can
pick policies and designate users and computers, and see what
policies a user or computer would get based on various scenarios in
Active Directory. It’s a fantastic planning and troubleshooting
tool, one that used to require third-party products.
Mike Danseglio, a Windows Server 2003 product team member,
co-authored Windows Server 2003 Security Administrator’s Companion
with me. That’ll be out from MS Press in April, I believe. It’s a
complete walkthrough of security in 2003, and provides a ton of
example scenarios to help put things into a real-world context. It’s
also the first security book from Microsoft that focuses on the
whole security picture, including physical security and human
practices, not just the product. One of the most valuable chapters
is the one on smart card implementation, where we provide the first
really straightforward look at how to implement smart cards for user
logons, from start to finish. Very valuable stuff.
I’ve also written a handful of eBooks for
They’re an awesome publisher, and they provide free eBooks on
high-tech stuff. I’ve got titles on SQL Server performance
optimization and Windows 2000 Active Directory Tips and Tricks, for
example. They’re all top-quality books. I’ve got a very close
relationship with Realtimepublishers, and they’re very committed to
what they do. I love writing for them.
Q: Can you detail your personal history and how you came to write?
What personally prompted you to enter the computing field? What led
you to becoming a noted expert on servers?
A: One thing kind of led to another. My first IT job was with
Electronics Boutique, the small software retailer. I worked in
register support at their home office. By the time I moved on, I was
running their AS/400 in the evenings and I wrote a new register
software package. It was actually the first point-of-sale software
written for Windows 95 when that first came out.
I was a network administrator for Bell Atlantic (now Verizon), a
field engineer for a couple of consulting firms, and a Microsoft
Certified Trainer. I’ve also been a director for a consulting
practice, a senior Web developer for a “dot com,” a little bit of
everything. It’s given me a lot of exposure to the business side of
things. When I finally decided to go independent, I got my first
book deals, Microsoft .NET E-Commerce Bible and E-Commerce for
Dummies, with Hungry Minds (now Wiley). I turned out to love
writing, and I’m pretty fast at it. I’ve written about a dozen books
in two years, and the Delta Guide is actually the first in a new
series that I’ve created with Que.
I think the key to my success thus far has been my willingness to
really spend time playing around with products. I have a half-dozen
computers in the RV, and I use Connectix Virtual PC a lot to give me
even more computers to work with. Anytime I’m writing a book, I
probably install the product a dozen times just because I’m messing
with it so much, trying to find out what breaks it and what works
best. Speaking at conferences also helps keep me relevant; when I’m
not speaking, I can listen to folks like Dan Balter, Jeremy
Moskowitz, Derek Melber, and Mark Minasi – all great speakers, and
they really help give me new directions for study and
Q: What are your personal goals 1, 3, and 5 years into the future?
A: Wow, everytime I try to guess that far out I wind up being
surprised by what actually happens. I’ve just become a contributing
editor for MCP Magazine, which is something I’ve wanted to do for a
long time. I think my biggest personal goals are probably
company-related. BrainCore.Net produces an amazing technology called
Skillworks, which will let certification programs like Microsoft’s
deliver hands-on exams through their existing exam delivery channel.
It uses real products, not simulations, and provides automated
scoring for instant results. It’s really incredible technology.
We’re in the process of pitching it to folks like Microsoft, the
Field Certified Professionals Association, pretty much anyone who’ll
listen to us. It’s also got great applications as a hands-on
pre-hiring assessment tool to help companies hire professionals who
are actually qualified for the job, applications in training centers
– the possibilities are unlimited, and I think they’ll keep us
working hard for the next three years or so.
Personally, there are a couple of books I’d really love to write. I
do a talk on VBScripting for Windows Administrators that’s hugely
popular; I’m doing it for MCP TechMentor (www.techmentorevents.com)
in April. In fact, TechMentor will be carrying the talk exclusively
for the foreseeable future. I’d love to write a companion book for
that, something that shows administrators how to take advantage of
VBScript as an administrative tool, without requiring them to become
hardcore programmers in the process. I’m pitching that book to a
couple of publishers right now, and it’s looking promising. I’d also
love to write the Delta Guide for SQL Server Yukon whenever that
ships, or even co-author it with someone. That’s going to be a
major, major change for administrators and DBAs, and I think a Delta
Guide title will help them get their hands around it more quickly.
I’m also planning to settle down in 2004. I’ve bought land in Las
Vegas and I think it’s time to stop doing the RV-around-the-country
Q: What ten career pointers would you provide specifically to people
who wish to enter the computing field?
A: First, pay attention to the business side of things. Don’t just
implement cool stuff, always focus on what the business needs and
what will benefit the business.
Stay on top of things. You should always be studying what’s coming
next, even if your company has no plans to implement it. You don’t
know where you’ll be next week, and you always need to be prepared.
Always do your best job. That seems so common sense, but you’d be
surprised how often my work is complimented simply because I don’t
give my customers a hard time – they get good results the first
Set expectations. Don’t promise things you can’t deliver, and always
deliver your promises. The worst impression people have of IT
professionals is an inability to deliver, and that’s because it’s
easy for us to promise things we can’t follow through on.
You get what you pay for. That’s true whether you’re hiring
employees or buying hardware; Compaq servers are expensive, for
example, but they’re unbeatable. Yeah, you can find trainers who’ll
work for $400 a day, but you wouldn’t work for that little money, so
what makes you think a decent trainer would?
Attend conferences. They’re the best educational value on the
market, and you’ll also get to network with your peers. In our
industry, as in most others, who you know is often just as important
as what you know.
Always try to take a leadership role. Don’t force your way into it;
just look for things that need to be done and do them. Nobody ever
expects that from IT folks, so you’ll give them a pleasant surprise.
Be focused on details. Everything in IT is all about checking the
right checkbox or putting a server in exactly the right location for
Don’t be afraid to interview for new jobs. The best thing you can
have in IT is breadth; as you come to know more about more and more
products and technologies, you’ll find that you’re more valuable to
the people who hire you, and that more people will want to.
If you want to write books, get an agent. I’m with Studio B (www.studiob.com),
and they’re invaluable in helping me make smart decisions and
negotiating good deals. Find a publisher you like, too, and be loyal
to them as much as you can. Que’s been great for me, for example.
Q: Can you comment on the open source movement and where it’s
A: Open source is interesting. I think it’s always going to have a
place, but I don’t think it’s going to take over from commercial
software. I mean, you can’t develop really solid, cool technologies
with no budget, and open source has no budget. I think we’ll see
interesting new technologies come from open source and get rolled
into commercial products. Apple is a great example: Mac OS X is
based on BSD Unix, but has a fantastic Apple GUI for a really
Linux really annoys me, though. Actually, I should say Linux zealots
annoy me. I’m a firm believer in “the right tool for the right job,”
and I use a Mac in a lot of my work, for example. There are folks,
though, that I like to refer to as the Linux religious right, who
automatically believe that anything Microsoft does is a conspiracy
designed to enslave their children or something. I think Linux can
be a fine operating system for some purposes, but it’s a terrible
client operating system for the average non-technical person, for
example. Windows or Mac are much better.
The open source community needs to open its eyes, a little bit. For
example, Microsoft takes it on the chin from open source because
they’re “just out to make a profit.” At the same time, they’re
praising Sun – because, I guess, Sun isn’t out to make a profit,
which must disappoint their stockholders. Lots of the old-time open
source guys don’t like Sun, because they’re not really practicing
the open source philosophy. Java’s still a proprietary technology,
remember, which Sun legally controls.
And all the fuss on open source things like Linux tends to detract
from some of the real, rock-solid long-term players in the field.
BSD Unix, for example, is simply the most stable operating system in
the universe. That’s why Apple built OS X on it. But you don’t hear
about people flocking to BSD Unix for their Web servers. Why not?
Because it’s still all about marketing and hype. Right now, Linux
has the hype, and so that’s what people are looking at. The
distributors of Linux builds are in some ways doing to BSD Unix what
they accuse Microsoft of doing to everyone else. It’s ironic.
Q: What do your forecast as future hot topic areas or “killer apps”
to start researching now?
A: Well, security, obviously. New, smarter firewall products,
smarter routers, smarter everything that protects the network –
those will be big in the next few years.
Everyone keeps telling me that wireless – things like connected PDAs
and cell phones – will be the next big killer app for technology,
but I don’t know. Tablet PCs are making a comeback – remember the
tablets of the early nineties? – but it’s really hard to make a call
on any of that.
I think the next big thing will be convergence. I’m a huge home
theater fan; I have one of those RCA/DirecTV Microsoft Ultimate TV
boxes. It’s like a TiVo, but with two DirecTV tuners built in, so I
can record one show while watching a second, or record two while
watching a prerecorded show. It’s got a built-in on-screen program
guide and is really easy to operate. I’ve also been looking at the
Windows XP Media Center PCs – the idea of having a combined MP3
jukebox, DVD player, and personal video records fascinates me. I
want all of those technologies to coalesce into one box. All the
technology exists; somebody just needs to squeeze it all into a
single box for the perfect small-footprint home theater.
Q: What would be your recommended top ten references for the serious
A: Well, for Group Policy you can’t beat Group Policy, Profiles, and
IntelliMirror by Jeremy Moskowitz. He’s a good friend and it’s a
great book. I’m a big fan of Windows 2000 Scripting Bible by William
Stanek, too, and anyone who’s into VBScript should pick it up. A
subscription to MCP Magazine or Windows & .NET Magazine is crucial
for keeping up with the latest technologies in the Microsoft arena.
I don’t think any IT pro, even Unix guys, can afford to ignore the
Mark Minasi wrote a book on Linux for Windows Administrators, and I
think it’s a must-read. I wish I’d written it! I don’t think Windows
folks can ignore the Linux/Unix side of things, either. I think we
all need to be better at picking the right tool for the right job,
and not just sticking with what we happen to know.
Obviously, Windows admins need to pick up a copy of my Windows
Server 2003 Delta Guide. Aside from plugging my book, I think it’ll
be the fastest way for time-strapped administrators to get their
hands around this new OS.
What else? It’s tough for me to say. I don’t have a lot of books on
my shelf, mainly because it’s so small in the RV! Oh, definitely a
subscription to Microsoft TechNet. Supporting a Windows environment
without it is just insane. And administrators who want to keep their
skills up should invest in a Microsoft’s MSDN Universal. I know they
pitch it as a develop product, but you get a copy of every server
product that Microsoft makes. It’s a great way to experiment and
learn new things.
Q: You have done extensive research in a number of high-tech areas.
Can you describe the results of your research and tips you can pass
onto the audience?
A: IPv6 is the latest thing I’ve been working with. It’s a great new
set of protocols, but we’re still a long way off from
implementation. I know everyone hears about this from time to time
and wonders when it’s going to happen. I think the best thing anyone
can do now is start evaluating future hardware and operating system
purchases for IPv6 compatibility. That way, when times mature and we
start using the protocol seriously, you’ll have all the bits in
place. Most router manufacturers have got IPv6 down, and Windows
Server 2003 supports it. There are Unix/Linux implementations out
there too, although the major commercial builds don’t always include
Q: Can you comment on the integration of mainframe, Unix, and
Windows-based technologies and how they all fit in large, complex,
A: Don’t forget Mac! Integration is getting easier; I actually have
an article on that very subject coming out in MCP Magazine, in the
April or May issue, I think. I think all of these technologies
definitely fit. Unix systems make great, stable, cheap Web servers –
especially BSD Unix and Linux systems. Windows is definitely the
client OS of choice, just because so many people know how to use it.
Windows also has a lot of killer apps that’ll keep it running on
servers, too, like Exchange. I also happen to think that SQL Server
is the best database system you can get for the money. Microsoft’s
done just amazing things to it over the past few years.
Microsoft’s starting to use more open protocols for everything, too.
I actually gave a talk at Comdex where a Sun guy was saying that
Microsoft wants to lock you into proprietary protocols like
Kerberos. My jaw dropped. Microsoft’s dropped their proprietary
authentication protocol – NTLM – in favor of the industry standard,
Kerberos, which was invented at MIT, not in Redmond. Because
Microsoft’s been ditching their own protocols bit by bit, it’s
getting easier to integrate with Unix. Unix boxes can log on to an
Active Directory domain, for example, using a Kerberos client.
Q: What changes do you see for the future of computing, conducting
business, and the use of the Internet?
A: I think at some point soon we’re going to stop caring much about
hardware. Moore’s law has gotten us to a point where gigahertz and
gigabytes just don’t matter, anymore. That’s got to be Intel’s
biggest fear – I forget how fast my laptop’s processor is. It’s just
I don’t think we’re going to see many more revolutions on the
Internet. I think we’ll see a lot of evolution: Slow changes that
build on what’s come before. It’s not that I think revolution is
impossible; it’s just that so many folks lost millions on the dot
com boom and bust, that I don’t think you’re going to see investment
in revolution anymore, at least not for a while. So companies will
be slowly evolving. That’s actually better; it’s more stable, and it
gives business more time to evaluate what they’ve done and make slow
Q: It’s a blank slate, what added comments would you like to give to
enterprise corporations and organizations?
A: Focus on business, and not technology. When you do need to focus
on technology, don’t believe anything anyone tells you without
checking it out yourself. I hear misinformation on a daily basis
about Microsoft products, Microsoft strategies, Apple products, Unix
products – everyone’s putting marketing information out there. Don’t
rely on the marketing to make decisions. And don’t think that
independents – even me – aren’t marketing; Microsoft and Linux and
everyone else has their fans, and they’ll do free marketing for
their favorite brand.
Do your research, too. People beat up on Microsoft’s licensing
programs, for example, without realizing that other major companies
have been doing the same things for years. IBM AS/400 people laugh
when folks get upset about Microsoft licensing, because they’ve been
dealing with similar tactics their whole careers. So again, ignore
the hype and do your research.
Q: Thank you for sharing your valuable insights with us today and we
look forward to reading your books, and articles.
A: You bet! Thanks for the time!