CIPS Connections -- Current Articles
Windows 2003 Server &
An Interview with Don Jones
by Stephen Ibaraki, I.S.P., Capilano
This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Don
Jones, an international technology consultant and a founding partner of
BrainCore.Netóa leader in technical certification and assessment development
and technologies. Don is a regular speaker at industry conferences such as
MCP TechMentor, Comdex, and more. He is currently living and working in an
RV, traveling across the country on various consulting jobs.
Q: Thank you for being with us here today. Your experiences and insights
would be of great interest to our audience.
A: Thanks very much, glad to be here.
Q: You are an expert in Microsoftís Windows Server 2003. How does Windows
Server 2003 compare with Windows 2000 Server? Why would a company want to
move to 2003?
A: Thatís a tough question for most companies. The switch from NT to 2000 was
a big, big change, and it was easy to see what was different. 2003, however,
is more like a minor revision in terms of additional features. Active
Directory, however, has seen some major changes. I think that companies
whoíve avoided moving to Active Directory thus far will see a lot to like in
2003. 2003 is also much, much more secure right out of the box. Companies
implementing Web sites and other easily attacked servers will also find a lot
to like in 2003.
All that said, companies whoíve already moved to Windows 2000 might not find
anything that really compels them. Thatís especially true, I think, for
small- to medium-sized companies whoíve already gone through the pain of a
Windows 2000 and Active Directory migration. Larger companies will gain
tremendous benefits from the new Active Directory, which is really version
2.0 of that technology.
Q: What tips can you offer in implementing Windows Server 2003?
A: Planning, planning, planning. Windows 2000 introduced a new concept for
Microsoft operating systems: Donít just click Setup and expect everything to
go smoothly. With 2000, you really had to plan your migration and deployment,
especially where Active Directory was involved, and that continues to be true
If youíre moving from 2000 Active Directory to 2003, in-place upgrades Ė as
opposed to migrations to a new server Ė are a great way to go. Itís a
painless process that works quite well. Itís also very easy to install 2003
domain controllers into a 2000 domain, and simply decommission your 2000
domain controllers one by one. When youíre finished, you can shift the domain
into 2003ís functional level and start taking advantage of new features.
This concept of functional levels is important, and itís a great idea that
Microsoftís offered. It allows a 2003 domain controller to act exactly like a
2000 domain controller, giving you as much time as necessary to get all of
your domain controllers upgraded. You wonít have many of the new Active
Directory features, but you wonít have compatibility problems, either. When
youíre completely upgraded, you raise the functional level to switch on the
Domains aside, another big area in which to be careful is IIS upgrades. IIS 6
is a complete rewrite over IIS 5. I donít recommend just upgrading Web
servers willy-nilly; do some testing and make sure your applications will
work on IIS 6. IIS 6 offers backward-compatibility modes with IIS 5, but if
you run into problems youíd be better off investing to fix your application.
IIS 6ís native architecture is faster, more stable, and more secure, so itís
wise to take advantage of it.
Q: Can you elaborate more of the security in Windows 2003?
A: In the past, Microsoftís goal was to make it easy to get a powerful server
up and running with all itís features enabled. That meant, for example,
installing IIS by default with all its features turned on. That turned out to
be a bad idea, as administrators wound up running IIS on computers without
really realizing it. When IIS was compromised by viruses like Code Red, it
ran rampant thanks to the wide IIS deployment.
Windows Server 2003 takes a different tack: To make the OS as secure as
possible out of the box. Iíve really been impressed at Microsoftís efforts in
this. For example, the default file and share permissions now list the
Everyone group with Read-only permissions, rather than with Full Control as
has been the case since NT was first introduced. I think thatís a minor
change, but with major, long-overdue implications and consequences. 2003 also
leaves IIS out by default, and if you do install IIS, it installs in a very
locked-down fashion with reduced functionality. You have to turn on the
features you need, so thereís no way administrators can claim they didnít
know those features were there.
The new security philosophy places a lot more responsibility on the
administrator. Thereís no more ďclick and itís doneĒ setup in 2003; admins
have to take more time to understand how features work, and they have to sped
more time configuring those features for full functionality. Thatís a good
thing, in my opinion. I donít think we administrators are paid to just click
buttons. Weíre paid to understand what weíre doing and to configure our
servers to be both functional and secure.
Q: What would be useful information to know about implementing and using each
of the Microsoft .NET Enterprise Servers?
A: Thatís a big topic. Today, youíve got ten to twelve .NET Enterprise
Servers, depending on how you define that brand name. Planning is crucial:
Understanding how each server works, how it interacts with the others, and
what the core administrative requirements are. Iíve actually written a book,
Special Edition Using .NET Enterprise Servers, which is coming out from Que
in February. It provides a planning and design chapter for each server
product, security chapters, and a chapter on administering each server
Knowing, for example, that SQL Server runs best on a machine by itself and
that Exchange 2000 Server has a new multi-tier architecture that can reduce
servers and increase scalability Ė those are important things to know. The
.NET Enterprise Servers are so varied and complex that you really have to do
your homework before you dive in.
And, as always, Microsoft is constantly changing things on us. They just
shipped Content Management Server 2002, a whole new version and the first
version theyíre totally responsible for. Keep in mind that they bought CMS
2001 and really just rebranded it. We know that a major realignment to the
.NET Enterprise Servers is coming in 2004 and 2005, with BizTalk Server, CMS,
and Commerce Server being collapsed into a product thatís code-named Jupiter.
Exchange, Mobile Information Server, and Internet Security and Acceleration
(ISA) Server are being recombined into two products. Itís a lot of work to
Q: Can you describe the books you have written and share some tips from your
A: My newest book, which will hopefully be out from Que in March or April, is
Windows Server 2003 Delta Guide, which I co-authored with Mark Rouse. Itís
targeted at experienced Windows administrators, and designed to help them
quickly become experts on 2003 by leveraging what they already know about
Windows. I think one of the coolest tips from that book is the new Resultant
Set of Policy (RSOP) feature from 2003ís new Active Directory Users &
Computers console. RSOP lets you play ďwhat ifĒ with Group Policy management.
You can pick policies and designate users and computers, and see what
policies a user or computer would get based on various scenarios in Active
Directory. Itís a fantastic planning and troubleshooting tool, one that used
to require third-party products.
Mike Danseglio, a Windows Server 2003 product team member, co-authored
Windows Server 2003 Security Administratorís Companion with me. Thatíll be
out from MS Press in April, I believe. Itís a complete walkthrough of
security in 2003, and provides a ton of example scenarios to help put things
into a real-world context. Itís also the first security book from Microsoft
that focuses on the whole security picture, including physical security and
human practices, not just the product. One of the most valuable chapters is
the one on smart card implementation, where we provide the first really
straightforward look at how to implement smart cards for user logons, from
start to finish. Very valuable stuff.
Iíve also written a handful of eBooks for Realtimepublishers.com. Theyíre
an awesome publisher, and they provide free eBooks on high-tech stuff. Iíve
got titles on SQL Server performance optimization and Windows 2000 Active
Directory Tips and Tricks, for example. Theyíre all top-quality books. Iíve
got a very close relationship with Realtimepublishers, and theyíre very
committed to what they do. I love writing for them.
Q: Can you detail your personal history and how you came to write? What
personally prompted you to enter the computing field? What led you to
becoming a noted expert on servers?
A: One thing kind of led to another. My first IT job was with Electronics
Boutique, the small software retailer. I worked in register support at their
home office. By the time I moved on, I was running their AS/400 in the
evenings and I wrote a new register software package. It was actually the
first point-of-sale software written for Windows 95 when that first came out.
I was a network administrator for Bell Atlantic (now Verizon), a field
engineer for a couple of consulting firms, and a Microsoft Certified Trainer.
Iíve also been a director for a consulting practice, a senior Web developer
for a ďdot com,Ē a little bit of everything. Itís given me a lot of exposure
to the business side of things. When I finally decided to go independent, I
got my first book deals, Microsoft .NET E-Commerce Bible and E-Commerce for
Dummies, with Hungry Minds (now Wiley). I turned out to love writing, and Iím
pretty fast at it. Iíve written about a dozen books in two years, and the
Delta Guide is actually the first in a new series that Iíve created with Que.
I think the key to my success thus far has been my willingness to really
spend time playing around with products. I have a half-dozen computers in the
RV, and I use Connectix Virtual PC a lot to give me even more computers to
work with. Anytime Iím writing a book, I probably install the product a dozen
times just because Iím messing with it so much, trying to find out what
breaks it and what works best. Speaking at conferences also helps keep me
relevant; when Iím not speaking, I can listen to folks like Dan Balter,
Jeremy Moskowitz, Derek Melber, and Mark Minasi Ė all great speakers, and
they really help give me new directions for study and experimentation.
Q: What are your personal goals 1, 3, and 5 years into the future?
A: Wow, everytime I try to guess that far out I wind up being surprised by
what actually happens. Iíve just become a contributing editor for MCP
Magazine, which is something Iíve wanted to do for a long time. I think my
biggest personal goals are probably company-related. BrainCore.Net produces
an amazing technology called Skillworks, which will let certification
programs like Microsoftís deliver hands-on exams through their existing exam
delivery channel. It uses real products, not simulations, and provides
automated scoring for instant results. Itís really incredible technology.
Weíre in the process of pitching it to folks like Microsoft, the Field
Certified Professionals Association, pretty much anyone whoíll listen to us.
Itís also got great applications as a hands-on pre-hiring assessment tool to
help companies hire professionals who are actually qualified for the job,
applications in training centers Ė the possibilities are unlimited, and I think
theyíll keep us working hard for the next three years or so.
Personally, there are a couple of books Iíd really love to write. I do a talk
on VBScripting for Windows Administrators thatís hugely popular; Iím doing it
for MCP TechMentor (www.techmentorevents.com) in April. In fact, TechMentor
will be carrying the talk exclusively for the foreseeable future. Iíd love to
write a companion book for that, something that shows administrators how to
take advantage of VBScript as an administrative tool, without requiring them
to become hardcore programmers in the process. Iím pitching that book to a
couple of publishers right now, and itís looking promising. Iíd also love to
write the Delta Guide for SQL Server Yukon whenever that ships, or even
co-author it with someone. Thatís going to be a major, major change for
administrators and DBAs, and I think a Delta Guide title will help them get
their hands around it more quickly.
Iím also planning to settle down in 2004. Iíve bought land in Las Vegas and I
think itís time to stop doing the RV-around-the-country thing!
Q: What ten career pointers would you provide specifically to people who wish
to enter the computing field?
A: First, pay attention to the business side of things. Donít just implement
cool stuff, always focus on what the business needs and what will benefit the
Stay on top of things. You should always be studying whatís coming next, even
if your company has no plans to implement it. You donít know where youíll be
next week, and you always need to be prepared.
Always do your best job. That seems so common sense, but youíd be surprised
how often my work is complimented simply because I donít give my customers a
hard time Ė they get good results the first time.
Set expectations. Donít promise things you canít deliver, and always deliver
your promises. The worst impression people have of IT professionals is an
inability to deliver, and thatís because itís easy for us to promise things
we canít follow through on.
You get what you pay for. Thatís true whether youíre hiring employees or
buying hardware; Compaq servers are expensive, for example, but theyíre
unbeatable. Yeah, you can find trainers whoíll work for $400 a day, but you
wouldnít work for that little money, so what makes you think a decent trainer
Attend conferences. Theyíre the best educational value on the market, and
youíll also get to network with your peers. In our industry, as in most
others, who you know is often just as important as what you know.
Always try to take a leadership role. Donít force your way into it; just look
for things that need to be done and do them. Nobody ever expects that from IT
folks, so youíll give them a pleasant surprise.
Be focused on details. Everything in IT is all about checking the right checkbox
or putting a server in exactly the right location for best effect.
Donít be afraid to interview for new jobs. The best thing you can have in IT
is breadth; as you come to know more about more and more products and
technologies, youíll find that youíre more valuable to the people who hire
you, and that more people will want to.
If you want to write books, get an agent. Iím with Studio B (www.studiob.com), and theyíre invaluable in
helping me make smart decisions and negotiating good deals. Find a publisher
you like, too, and be loyal to them as much as you can. Queís been great for
me, for example.
Q: Can you comment on the open source movement and where itís heading?
A: Open source is interesting. I think itís always going to have a place, but
I donít think itís going to take over from commercial software. I mean, you
canít develop really solid, cool technologies with no budget, and open source
has no budget. I think weíll see interesting new technologies come from open
source and get rolled into commercial products. Apple is a great example: Mac
OS X is based on BSD Unix, but has a fantastic Apple GUI for a really
Linux really annoys me, though. Actually, I should say Linux zealots annoy
me. Iím a firm believer in ďthe right tool for the right job,Ē and I use a
Mac in a lot of my work, for example. There are folks, though, that I like to
refer to as the Linux religious right, who automatically believe that
anything Microsoft does is a conspiracy designed to enslave their children or
something. I think Linux can be a fine operating system for some purposes,
but itís a terrible client operating system for the average non-technical
person, for example. Windows or Mac are much better.
The open source community needs to open its eyes, a little bit. For example,
Microsoft takes it on the chin from open source because theyíre ďjust out to
make a profit.Ē At the same time, theyíre praising Sun Ė because, I guess,
Sun isnít out to make a profit, which must disappoint their stockholders.
Lots of the old-time open source guys donít like Sun, because theyíre not
really practicing the open source philosophy. Javaís still a proprietary
technology, remember, which Sun legally controls.
And all the fuss on open source things like Linux tends to detract from some
of the real, rock-solid long-term players in the field. BSD Unix, for
example, is simply the most stable operating system in the universe. Thatís
why Apple built OS X on it. But you donít hear about people flocking to BSD
Unix for their Web servers. Why not? Because itís still all about marketing
and hype. Right now, Linux has the hype, and so thatís what people are
looking at. The distributors of Linux builds are in some ways doing to BSD
Unix what they accuse Microsoft of doing to everyone else. Itís ironic.
Q: What do your forecast as future hot topic areas or ďkiller appsĒ to start
A: Well, security, obviously. New, smarter firewall products, smarter
routers, smarter everything that protects the network Ė those will be big in
the next few years.
Everyone keeps telling me that wireless Ė things like connected PDAs and cell
phones Ė will be the next big killer app for technology, but I donít know.
Tablet PCs are making a comeback Ė remember the tablets of the early
nineties? Ė but itís really hard to make a call on any of that.
I think the next big thing will be convergence. Iím a huge home theater fan;
I have one of those RCA/DirecTV Microsoft Ultimate TV boxes. Itís like a
TiVo, but with two DirecTV tuners built in, so I can record one show while
watching a second, or record two while watching a prerecorded show. Itís got
a built-in on-screen program guide and is really easy to operate. Iíve also
been looking at the Windows XP Media Center PCs Ė the idea of having a
combined MP3 jukebox, DVD player, and personal video records fascinates me. I
want all of those technologies to coalesce into one box. All the technology
exists; somebody just needs to squeeze it all into a single box for the
perfect small-footprint home theater.
Q: What would be your recommended top ten references for the serious IT
A: Well, for Group Policy you canít beat Group Policy, Profiles, and
IntelliMirror by Jeremy Moskowitz. Heís a good friend and itís a great book.
Iím a big fan of Windows 2000 Scripting Bible by William Stanek, too, and
anyone whoís into VBScript should pick it up. A subscription to MCP Magazine
or Windows & .NET Magazine is crucial for keeping up with the latest
technologies in the Microsoft arena. I donít think any IT pro, even Unix
guys, can afford to ignore the Microsoft arena.
Mark Minasi wrote a book on Linux for Windows Administrators, and I think
itís a must-read. I wish Iíd written it! I donít think Windows folks can ignore
the Linux/Unix side of things, either. I think we all need to be better at
picking the right tool for the right job, and not just sticking with what we
happen to know.
Obviously, Windows admins need to pick up a copy of my Windows Server 2003
Delta Guide. Aside from plugging my book, I think itíll be the fastest way
for time-strapped administrators to get their hands around this new OS.
What else? Itís tough for me to say. I donít have a lot of books on my shelf,
mainly because itís so small in the RV! Oh, definitely a subscription to
Microsoft TechNet. Supporting a Windows environment without it is just
insane. And administrators who want to keep their skills up should invest in
a Microsoftís MSDN Universal. I know they pitch it as a develop product, but
you get a copy of every server product that Microsoft makes. Itís a great way
to experiment and learn new things.
Q: You have done extensive research in a number of high-tech areas. Can you
describe the results of your research and tips you can pass onto the
A: IPv6 is the latest thing Iíve been working with. Itís a great new set of
protocols, but weíre still a long way off from implementation. I know
everyone hears about this from time to time and wonders when itís going to
happen. I think the best thing anyone can do now is start evaluating future
hardware and operating system purchases for IPv6 compatibility. That way,
when times mature and we start using the protocol seriously, youíll have all
the bits in place. Most router manufacturers have got IPv6 down, and Windows
Server 2003 supports it. There are Unix/Linux implementations out there too,
although the major commercial builds donít always include it.
Q: Can you comment on the integration of mainframe, Unix, and Windows-based
technologies and how they all fit in large, complex, enterprise environments?
A: Donít forget Mac! Integration is getting easier; I actually have an
article on that very subject coming out in MCP Magazine, in the April or May
issue, I think. I think all of these technologies definitely fit. Unix
systems make great, stable, cheap Web servers Ė especially BSD Unix and Linux
systems. Windows is definitely the client OS of choice, just because so many
people know how to use it. Windows also has a lot of killer apps thatíll keep
it running on servers, too, like Exchange. I also happen to think that SQL
Server is the best database system you can get for the money. Microsoftís
done just amazing things to it over the past few years.
Microsoftís starting to use more open protocols for everything, too. I
actually gave a talk at Comdex where a Sun guy was saying that Microsoft
wants to lock you into proprietary protocols like Kerberos. My jaw dropped.
Microsoftís dropped their proprietary authentication protocol Ė NTLM Ė in
favor of the industry standard, Kerberos, which was invented at MIT, not in
Redmond. Because Microsoftís been ditching their own protocols bit by bit,
itís getting easier to integrate with Unix. Unix boxes can log on to an
Active Directory domain, for example, using a Kerberos client.
Q: What changes do you see for the future of computing, conducting business,
and the use of the Internet?
A: I think at some point soon weíre going to stop caring much about hardware.
Mooreís law has gotten us to a point where gigahertz and gigabytes just donít
matter, anymore. Thatís got to be Intelís biggest fear Ė I forget how fast my
laptopís processor is. Itís just fast enough.
I donít think weíre going to see many more revolutions on the Internet. I
think weíll see a lot of evolution: Slow changes that build on whatís come
before. Itís not that I think revolution is impossible; itís just that so
many folks lost millions on the dot com boom and bust, that I donít think
youíre going to see investment in revolution anymore, at least not for a
while. So companies will be slowly evolving. Thatís actually better; itís
more stable, and it gives business more time to evaluate what theyíve done
and make slow course corrections.
Q: Itís a blank slate, what added comments would you like to give to
enterprise corporations and organizations?
A: Focus on business, and not technology. When you do need to focus on
technology, donít believe anything anyone tells you without checking it out
yourself. I hear misinformation on a daily basis about Microsoft products,
Microsoft strategies, Apple products, Unix products Ė everyoneís putting
marketing information out there. Donít rely on the marketing to make
decisions. And donít think that independents Ė even me Ė arenít marketing;
Microsoft and Linux and everyone else has their fans, and theyíll do free
marketing for their favorite brand.
Do your research, too. People beat up on Microsoftís licensing programs, for
example, without realizing that other major companies have been doing the
same things for years. IBM AS/400 people laugh when folks get upset about
Microsoft licensing, because theyíve been dealing with similar tactics their
whole careers. So again, ignore the hype and do your research.
Q: Thank you for sharing your valuable insights with us today and we look
forward to reading your books, and articles.
A: You bet! Thanks for the time!