Timing
Timing is very important for any new application, but especially for a network operating system. You must
determine what effects it will have on the users of the network and how much time it will take to implement
the new security features that are required for your organization. This is one reason it is good to begin with a
controlled lab environment. This will give you a good idea of how long it will take to implement your plan in
the production environment. Another issue to consider is other activity in your organization. If it is a
particularly busy time of year, you may want to hold off the implementation until things calm down
somewhat.
Cost
Cost analysis for upgrading to Windows 2000 Server goes well beyond the cost for the licenses. It must also
include any hardware upgrades that are required, as well as the cost of training users and administrators in
the use of the new features available in Windows 2000 domains, especially Active Directory and the new
security features available with Distributed Security Services. You must determine whether the greater
security available in Windows 2000 Server lessens the chance of downtime due to security incidents. With
less downtime, the organization may experience greater productivity, which may lead to an increased return
on investment.
Resources
Resources consist of both humans and hardware. Both must be analyzed to ensure that sufficient resources
are available to implement and sustain the upgrade to Windows 2000 Server. Windows 2000 Server has
higher minimum requirements than did previous versions of the operating system, so you may have to add
new hardware or enhance the existing hardware in your organization. You also need to analyze the human
resources that are available for implementing and administering the upgrade.
Summary
Windows 2000 Server adds a great number of security enhancements to those that were available in previous
versions of the operating system. These enhancements include Public Key Infrastructure capabilities, the
Kerberos v5 authentication protocol, smart card support, the Encrypting File System, and IPSec. These new
additions to security are necessary to protect data as organizations start depending on their information
technology infrastructure even more than in the past. Any vulnerability could wreak havoc on those
mission-critical systems.
The Network Security Plan is vital to the upgrading of your network from Windows NT 4.0 to Windows
2000 Server. It must be carefully thought out so that your organization can take advantage of the new
security features in Windows 2000 Server. If the plan is not thought out carefully, then the necessary security
you desire may not be put into place. At a minimum your Network Security Plan must include security group
strategies, security group policies, network logon and authentication strategies, and strategies for information
security.
Before you upgrade to Windows 2000 Server in a production environment, you need to test it. The test
environment should mimic the production environment so that you can obtain an accurate picture of how the
implementation will affect the production environment. When you are satisfied with the results of your
testing, you should carefully consider the timing of rolling out the upgrade to the production environment to
ensure that there will not be an interruption during a particularly busy time for your organization.
FAQs
Q: Why do I have to upgrade my primary domain controller first?
A: The primary domain controller must be upgraded first to ensure a successful upgrade of a Windows
NT domain to a Windows 2000 domain. Information from the Security Accounts Manager on the PDC
is copied over to the data store of the Active Directory.
Q: How can I enable my Windows 98 clients to use Kerberos v5 authentication?
A: Install the Distributed Security Client on all of your Windows 98 clients.
Q: Can I still use Windows NT 4.0 backup domain controllers in a Windows 2000 domain?
A: Yes, Windows NT 4.0 BDCs can still be used in a Windows 2000 domain. One of the Windows
2000 Server domain controllers acts as a PDC emulator, so communication can occur to/from the
Configuring Windows 2000 Server Security:The Windows 2000 Server Security Migration Path
http://corpitk.earthweb.com/reference/pro/1928994024/ch01/01-04.html (2 of 3) [8/3/2000 6:50:59 AM]