For Intel based machines, we are suggesting that an ideal configuration starts with Windows 2000 Professional or Windows XP Pro on the desktop.  As of the writing of this document, all workstations in each of the public labs will be implementing Windows XP Pro for use in the fall 2005 semester.  We recognize that in some cases, this may not be available as an option; however, if it is possible, it would be advisable. 

The minimum recommended hardware configuration for Win2K Professional and Windows XP Pro is a Pentium 300 or P-II/233 with 64MB of RAM and a 4GB hard drive with at least 1 GB of free disk space.  Also, if possible, we recommend a clean install rather than an upgrade from 98 or NT 4.0.  If a workstation is upgraded from NT 4.0, the security settings on the computer reflect that of NT 4.0 rather than Win2K/XP.  Also, be sure that common users of the machine have at least Power User permissions.

Directory Services Client

If Windows 2000 Professional or Windows XP Pro is not an option, Microsoft provides a Directory Services Client for both 9x and NT clients.  Although it does provide functionality, there are several things that potentially could be used in an AD environment that will not be available with the AD Client for Windows 9x:

• Kerberos support. The Active Directory client extension does not deliver Kerberos support to Windows 9x- and Windows NT 4.0-based clients.

• Group Policy or IntelliMirror support. The Active Directory client extension does not deliver IntelliMirror^TM management technologies or Windows 2000/XP Group Policy functionality.

• IPSec or L2TP support. The Active Directory client extension does not deliver advanced virtual private networking (VPN) protocols, like Internet Protocol Security (IPSec) or Layer 2 Tunneling Protocol (L2TP).

• SPN or mutual authentication. The Active Directory client extension does not deliver Service Principal Name (SPN) or mutual authentication.

The Client does support the following features:

• Site awareness. This includes the ability to log on to the domain controller that is closest to the client in the network and the ability to change passwords on any domain controller, instead of the primary domain controller (PDC).

• Active Directory Service Interfaces (ADSI). ADSI allows scripting to Active Directory and provides a common programming API to Active Directory programmers.

• DFS fault tolerance client. This provides access to the Windows Distributed File System (DFS) fault tolerant and fail-over file shares specified in Active Directory.

• Active Directory Windows Address Book (WAB) property pages. These allow users who have permission to change properties on user objects (for example, phone number and address) by means of the user object pages, which can be accessed by clicking the Start menu, and then pointing to Search and For People. This also includes support for display specifiers that allow rendering of new schema elements stored on the user object in Active Directory.

• NTLM version 2 authentication. The client extensions take advantage of the improved authentication features available in NTLM version 2.

The Windows 9x client is available on the Windows 2000 Server CD-ROM under the \Clients\Win9x or on the ISU Active Directory website under the tools link. 

Naming Conventions

It is also critical that standard naming conventions be followed for users, groups, and workstations within your domain.  There are several technical reasons for this:

• Directory Consistency:  In order to avoid naming conflicts within the domain, IDs must be unique throughout the tree.  In other words, unless you want to find the LAN administrator who has a user account with the name of  ‘student,’ you need to adhere to the conventions.  

• Ease of Migration:  At some point in the migration process for your domain, you’ll be moving users and computers from your domain to the Directory.  By adhering to naming standards, users will be able to login using their AD login and get the same Access Control Lists that were available with their NT 4.0 login.

Also, workstations will be able to enter into the directory with a unique name and avoid conflicting with another already existing name in the directory.