I’ve been using Windows as a network administrator for just over 6 years now. I’ve used NT4 servers, 2000 servers, and Windows 2003, and there has been a tremendous improvement with each version. There are still some things that drive me nuts in my job, though, and this is a chronicle of the top five.
First off, let me get this out of the way – none of these are going to be about security. An OS is usually a better reflection of the administrator than of the manufacturer. This recent article at InfoWorld suggests that it’s poor administration that causes many system comprimises, and I firmly believe that a good administrator can keep Windows just as secure as Linux or UNIX with the proper skill and care. System patches and updates should be applied, application updates should be diligently monitored, and the proper filtering and gateways should be activated. So, given that security is, at least in this article, more a product of the admin than the environment, I have not included any reflection of security or the politics of the company.
One: Folder Options
“Folder Options” is the name of the dialog box that controls Explorer options (Explorer is the default file manager for Windows). On a workstation, this is purposely configured to do some simple things like hide file extensions, hidden files, core OS/system files, and configure the behavior of title and address bars. On a server, however, it’s very important for an admin logged in at the console to have as much access as possible. A server is not a desktop system, or rather, should not be, and as a result, the default options should be configured for server use.
Two: Internet Connection Wizard
The concept of the “Wizard,” which walks you through a configuration in simple, easy to understand steps, has gone through some revisions. Most of the time, wizards tend to aggravate power users these days. There was a time not too long ago when wizards were very helpful and many appreciated them. Having built countless Windows workstations, I can tell you that the Internet Connection Wizard (ICW), is by far the most annoying of all wizards. As a network administrator, you should understand the concepts of gateways and proxy servers. These days, a server should expect to connect through a LAN and not need proxy authentication. The few people who need those options should know where to configure it.
As if to add insult to the matter, the ICW asks you with EVERY setup, which, incidentally, is once PER PROFILE, per machine, to setup an “internet e-mail account,” which is Hotmail/MSN based, of course. No one using a server and configuring IE for the first time should be thinking, “I wonder how to set up an e-mail account — ooh! Here’s a way!” Again, if they are, then they probably aren’t qualified to configure a server. The fact that Microsoft invites this bahvior by making Windows servers accessible to people like this does not bode well for the quality of network admins.
Three: Windows Media Player
I can swallow that IE is tied to the core code of the file manager and thus cannot be stripped out of the OS easily without sacrificing some functionality. I think the desired behavior, which I witness with Konquerer too, is that if I type a URI into my file manager that it passes it off to a browser of some kind (it should be noted though, that Konq is not a pre-requesite to installing Linux.) I’m not thrilled that I HAVE to have a browser on my servers, which shouldn’t be used for internet surfing – even Windows Update should have a stand alone piece for servers, but that aside, there’s a bigger issue.
Why must I have a media player on my server? And why are the codecs so important? How come just to install this media player, I have to reboot my server? Anyway, who out there is using WMP on their servers? This appears to be a case of using the same code base for their Server line as their workstation line. If I’m wrong, which I could be, as I’ve not audited any of Microsoft’s code nor am I qualified to review it, then I ask, WHY? And if I’m right, then why haven’t they removed the functionality? And if it’s tightly integrated, why haven’t they changed that? I don’t see a reason why multimedia capabilities should be buried and tied so deeply to the core of your operating system. Dump WMP from the server line. One way or another. Period.
Four: Licensing
Hands down the absolute worst part of using Windows Servers in a domain is the Licensing application. For a company that is to determined to stump the pirates, who makes my life a living hell with endless activations or steep entry fees for corproate licensing, this is the saddest part of their OS. There is a little known application, simply called “Licensing,” which runs on your designated Licensing server in your domain. This can be totally separate from your Terminal Services Licensing server.
Licensing is completely unintuitive and behaves unlike any other Windows application. Right clicks bring up useless menus. The terms are not well explained, the help files are useless, and here’s the best part: the microsoft.com site is mostly useless. It contains virtually no documentation. So, in an effort to get more information, I called Microsoft, whose support techs told me that if I needed help, I’d have to open an incident (for those not “in the know,” am individual support ticket, or “incident,” with Microsoft costs $245). So I replied, “I need help making sure the software I bought from you, which is properly configured as far as I can tell, is legit, something I know your company takes seriously. Your program is telling me otherwise. You have provided no documentation, and your technet site is bare.” Still, no love from Redmond. Later I fixed the problem by revoking every single license that Licensing had doled out. No service was interupted for any user. What’s the purpose of this thing?
Licensing is important to those of us who run large enterprises. There should be a really high quality, easy to use AD (Active Directory) snap-in or stand-alone app to track licensing, report problems, and help the sysadmin rectify legitimate problems. If Microsoft intends to push licensing and activation and combine that with lawsuits for corporations that don’t comply, the least they can do is provide a means for tracking the licenses when the enterprise starts getting to big to do in Excel.
Five: Updates and Maintenance
While this complaint lies much more in the architecture of the software rather than the behavior, it’s the biggest pain. If you’ve ever had to maintain more than about 3 servers at once, you’re familiar with exactly how much work goes into keeping Windows Servers updated. In fact, there’s a running joke with some of my collegues that running Windows Update is a full time job. The thing is, Windows Update, even version 5 so far, still requires a reboot the vast majority of the time.
In fact, simply installing Windows Update version 5 took two reboots for me. Then there were two reboots running the updates. Sure, it’s a nice interface, by why can’t Windows shut down just a few services yet? With their new GDI+ Detector, they used Windows update to install a piece of software that checks if you’re running apps that are vulnerable to the recent JPEG execution comprimise. Can’t Microsoft write something into Windows Update that downloads a piece of software, executes, shuts down networking, replaces/updates components, restarts the services, and resumes the Windows Update? How come a bunch of geeks have pretty much mastered distributed computing with BitTorrent, eDonkey, jigdo, GFS, etc and online updates via yum, apt-get, Red Hat Network, YAST, etc, but Windows Update still has to do one piece at a time, punctuated by several reboots?
We run terminal services via thin clients (running Windows CE) at my company. At any given time, there might be 150 active profiles on a terminal server, and the registry can bloat up to 300 megabytes. I’ve even seen it top out around 800 MBs, which is pretty crazy when it can sustain itself around 15-35 MBs on a server. Terminal servers require a nightly reboot to work well. So important is this, so much does it drain a server to handle this load multiple days, that we have scripted reboots into the normal routine just to assure that the servers get a “fresh start.” This practice has been validated by the Microsoft people I deal with. (Sidenote: investigation into our specific registry bloat was researched exhaustively by very capable higher level Microsoft techs who man their profile support department. An 800 MB registry is not typical.)
In the end, Windows still has some pretty amazing stuff. The GUI management tools for domains are unmatched by anything in the Linux/Unix world (except perhaps by Novell’s NetWare Admin, which will probably, in some form, be running on Linux for Linux soon enough). There’s no way to real standard in alternate realms for joining computers the way that Microsoft domains do. I haven’t seen failed dependances in years, save one component that required an MDAC update, something you probably wouldn’t need on most computers anyway. Furthermore, Microsoft truly offers, for better or worse, an end-to-end solution that requires very little “futzing” to make work. I could easily name dozens of things that make me crazy: buried admin tools (try to find “Remote Desktop Connection”), the “Show Files” warning in system directories, the presence of Outlook Express in servers, the painstaking effort it takes to setup lockdown policies, the lack of administrate-ability from the command line, the lack of SSH support, and until WUS is released, the lack of a good update distribution application. Despite some shortcomings and a lengthy wishlist, Windows does make an increasingly capable server product.
The rebooting is _almost_ understandable, atleast depending on
the tings that get updated. If it’s a core program/library/kernel/driver that’s updated, one might as well reboot, for all running things to pick it up.
Same thing on linux(almost), you update e.g. gtk or say libpng, you don’t have to reboot, _but_ running programs still uses the old library. All programs affected have to be restared. If a core lib like e.g. glibc is updated, you migth as well just reboot. You don’t want to risk having some program running with the old/insecure one ?
What is not understandable is the per update install/reboot ofcourse. Clicking through wizards, installing, reboot, process next update. Annoying as he**.
Please give us win-get update && win get upgrade
System patches and updates should be applied, application updates should be diligently monitored, and the proper filtering and gateways should be activated.
I haven’t done any Windows server admin stuff for years, but I remember back in the days of NT4, applying patches and updates used to break stuff. For example, going from SP3 to SP4 caused several sites in IIS to break (for what reason I don’t remember). I don’t know if has gotten any better since then, but we’d always wait at least 2 or 3 weeks to see how much damage a particular patch caused
Also, the reboot issue is definitely valid here since we’re talking about servers, which need to be up and running as much as possible. Why people want to apply it to the desktop also is beyond me.
Hell, Linux also installs media playing apps on a server. This complaint is stupid. It’s part of the OS and you get it for free. But how does a media player get in the way of serving webpages (regardless of the OS).
On Windows Update:
Firstly, if you want to automate Windows Update _at all_, you should be using SUS. That removes the need to manually run Windows Update on your servers. It can also automatically reboot the machines after patch installation, if that’s what you want to do.
Secondly, in general you can install multiple updates at once without rebooting. True, there are some that must be installed separately (and are clearly indicated as such), but they aren’t common and most of them can be bundled in together, installed all at once and only require one reboot for multiple items.
Licensing:
I agree completely. There needs to be a single place admins can go to check that their licensing obligations are being met. I imagine this is what the Licensing Service is *supposed* to do, but in practice it’s so flaky as to be worthless – most Windows admins I’ve ever talked to refuse to use it (it’s not actually required for anything to work, AFAIK).
Bundled software (WMP, OE, etc):
I really don’t get why people get their undies in such a twist about this. The amount of disk space used is insignificant on any remotely modern machine. No processor time or memory is used unless the programs are actually run.
These applications are included by default because largely the same codebase is used. I’m pretty sure, if you really want to, you can completely uninstall them with a little bit of fiddling in the INF files, but really I don’t see the point – they don’t do anything if you’re not using them.
On a workstation, this is purposely configured to do some simple things like hide file extensions
I have never understood the sense in that, even on a desktop machine. I would have thought that MS would had the common sense to discard that feature years ago. How do they expect people to spot dangerous ‘.jpg’ files, if the file extension is hidden?
While I’m a Linux person myself, it’s refreshing to see a well thought-out article.
To the people who commented about WMP, OE, etc. being bundled not being a big idea: I’m sure the author understands that it’s not causing any harm. I think the way he sees it (as would I) is that Microsoft doesn’t think deep enough about what the function of their product really is. Even if all they did was remove their icons from the default profile, at least it’d give the appearance that they’re actually going for a real server. While you say “what’s the harm?” we say “why to begin with?”.
I would like to note that this article is one of the very few truly unbiased ones I’ve read here on OSNews. I like the author’s uncluttered, non-loaded language going down directly to facts and opinion backed up with facts. Not another pretending to be a master / ubergeek without the necessary substance.
The article left out the biggest annoyance of Windows servers is their subpar command-line environment. Couple that with the insecure and piss poor telnet server and you have a very irritating problem.
And yes, I do know about their little ksh copy.
“Hell, Linux also installs media playing apps on a server. This complaint is stupid. It’s part of the OS and you get it for free. But how does a media player get in the way of serving webpages (regardless of the OS).”
Linux has, nor will it ever, install a piece of extra software; it is a kernel so stop pretending there is only one linux distribution.
The Media player is annoying because of updates I imagine, and for anal retentive admins it’s annoying cause it eats xxxMB of disk space. I imagine much of windows, like IE, is annoying because of this. Often servers run off small hard drives, hooked up to large RAIDs. You use the RAID for data, so you put all your software on the small onboard HD, and so wasting xxxMB on anything you won’t ever use is annoying.
But you can remove WMP, but I don’t think they make it as easy as it should be.
Icons (should) indicate what type of a file it is on a desktop OS and you still see the extension on the left in the description & when you rename the file you don’t accidently rename the extension
The thing I don’t like about the bundled software such as WMP and OE is that they also have holes in them. With each additional software package you install you add possible holes or ways into the server. This happens both in the windows and the linux world. When you upgrade wmp 9 you have to install more patches to secure it. Now I know that on an average server someone is not going to be using WMP or OE. But if some unknowing admin did they could be compromising all the security measures in place to just check their mail or view a movie they had remotely downloading. Less software means less things to patch.
Anyone else that needs to maintain a Windows 2003 Server having issues with DNS resolving? And before you jump to the Google gods and come back with an EDNS server error, I’ve been there. 🙂
This isn’t a problem with my machine being a DNS server, it’s being a client that’s not working. About once a week, DNS resolving will just STOP all together. I have to restart the machine in order for it to do any resolving whatsoever.
Anyone else having this problem?
the “show files”-problem:
just delete “folder.htt” and “desktop.ini” in the problem-folders (c:program files, c:winnt, c:winntsystem32) and the problem’s gone.
the wmp-problem:
wmp is probably embedded because ie (& explorer) use it by default. for example: media preview uses it (select for example c:winntclock.avi and you’ll notice a small media player embedded in the explorer sidebar). wmp is a thing many applications assume it exists. it’s something like the common controls. it’s just something an application can use. and wmp6 (the default wmp on w2k) isn’t bloated.
Quote “Linux also installs media playing apps on a server”
Linux for the desktop or linux for the server?
My linux server has no mediaplayer at all installed, hell, my Linux server doesn’t even have X installed, I’ve got a stable kernel, and Apache, php and mysql… thats what I need, I can do my work in the command line and it free’s up as much resources as possible.
Your statement is invalid, Linux installs what you tell it to, nothing more….nothing less.
I’ve run into this problem on XP machines… basically what is happening is that if the DNS client service’s connection to a DNS server in your DNS server list times out then it drops the DNS server from the list. This is particularly frustrating if you have a local DNS server listing hosts for your local network as your primary DNS and an external DNS as your secondary. If your primary doesn’t respond in time (I haven’t figured out what the default timeout is) it gets dropped and then your machine can’t resolve local hostnames.
The only way I’ve found to resolve this is to disable the DNS Client service. I haven’t found any detrimental effect of this as it’s just a chaching DNS server anyway. This resolves the issue and I wish it would come as disabled from the get-go.
In general, installing Linux on the server should not install any sort of media player. I can’t remember if RHEL installs it by default, but distros like Debian don’t even install an X server by default.
Anyone else that needs to maintain a Windows 2003 Server having issues with DNS resolving? And before you jump to the Google gods and come back with an EDNS server error, I’ve been there. 🙂
Anything in the event logs ? Does ipconfig /flushdns fix it ? If you fire up nslookup and manually specify a different nameserver does it work ?
The error messages on Windows generally suck. They are often vague to the point of being useless for pinpointing a problem.
Several error messages I’ve had the pleasure of researching point to several possible problems on both Microsoft’s knowledge base and Google. Guess what, half the time none of these possible solutions even work.
Also, the reboot issue really is a problem for servers despite what several Microsoft apologists want to tell you.
The lack of a useful command line is somewhat an annoyance but not crucial as remote desktop is actually pretty decent so long as you don’t intend to use it over dialup. Windows Scripting Host allows you to automate a surprising number of tasks as well.
With all of that said, I still prefer to deploy *BSD and Linux given the choice.
To those who were saying “Whats the big deal” about installing those apps by default. I have some news for you. Diskspace is NOT the issue. It’s security. When you have apps like WMP that ‘call home’ all the time they are opening an attack avenue to the internet. OE is another one. If WMP was JUST a media player and not tied into the OS and doing things behind the scenes that you don’t know about then it would be ok.
Read the EULA from WMP and see what I mean. You give permission to MS for all sorts of things that shouldn’t be required just for a media player.
The amount of rebooting needed by Windows is idiotic. I just installed Norton SystemWorks. After installing, I needed to reboot. Since I am used to the way Windows works, I expected this. But I was told to reboot a second and third time after running Live Update. That is ridiculous. It wasn’t a yes/no choice either just click OK and boom.
I have no problem rebooting to replace critical system files but having to restart for a webbrowser upgrade is uncalled for.
In linux you can go without rebooting a lot longer than in windows. Of course you need to reboot if you upgrade your kernel but you don’t need to do it RIGHT AWAY. Unless there is a CRITICAL security fix involved of course. Same applies for things like glibc. But if I upgrade my webserver software I just restart that piece of software and not reboot the entire system.
The excessive need to reboot in Windows makes me sick.
Windows was never made to serve in the first place. Servers do not need GUIs.
I’ve been working with NT since 3.5, and yes some of these “desktop-platform” annoyances should not be happening on a server. However, most of these go away using custom or unattended installs – I have never set a server up without a custom tweak script of some sort.(e.g. Explorer Views, Removing Components like Games and Mediaplayer…) At least they *finally* put Tab-completion as the default.
CLI – I use it all the time (I never go without the Reskit & Support tools)… the real annoyance is that these are not part of the standard server build. (however I integrate these in all my custom builds anyway).
He forgot Microsoft Messenger (not the messenger service) — Why the hell is this needed on a server – Period?
Me stupid – me read article again – found media player is mentioned.
My favorite Windows Server stupidity story is the time I was at a clients office working on a problem with one of their workstations. I noticed out of the corner of my eye that one of the employees in the office was doing what appeared to be work at the server, or so I thought. A short time later other employees in the area I was in began to ask if something I was doing was “slowing down the network”. Getting curious i wandered by the NT4.0 server to see the employee “working” on a game of “3D Pinball”! (D’oh) Now theres a really stupid component for Microsoft to include in their default server install!
about the windows media complaint.
in my department there is server dedicated to serve live video streams. WMP is required to serve those streams using the windows media codecs.
The amount of rebooting needed by Windows is idiotic. I just installed Norton SystemWorks. After installing, I needed to reboot. Since I am used to the way Windows works, I expected this. But I was told to reboot a second and third time after running Live Update. That is ridiculous. It wasn’t a yes/no choice either just click OK and boom.
This is an application problem, not a Windows problem. The list of things in Windows that actually _require_ reboots (rather than just ask for them as a matter of course) is about as long as the list for any other OS. 9/10 times only a logoff/logon sequence is required, if even that.
I have no problem rebooting to replace critical system files but having to restart for a webbrowser upgrade is uncalled for.
True enough, but you have to remember where the target audience of the bulk of these patches – normal people. These users don’t know how to restart services (or even what services are). They don’t understand that if you replace a system library that a few running applications rely on, those applications must be restarted. It’s far, far easier (and saner) to tell these people to just reboot, rather than “restart your applications” or “log off and back on again”.
Really, reboots aren’t that big of a deal. You shouldn’t be applying patches outside of maintenance windows and services that require 24/7 availability should have automatic, redundant backup systems such that the machine going down – for any reason – doesn’t affect the service.
“Bundled software (WMP, OE, etc):
I really don’t get why people get their undies in such a twist about this. The amount of disk space used is insignificant on any remotely modern machine. No processor time or memory is used unless the programs are actually run.”
So – they aren’t used, but at the same they can’t be removed? Something don’t twist…
Actually, it means that Windows design is crappy. Why on earth a server should need a media player, internet browser, or graphics environment (yeah, I know win server can run in a headless mode) is beyond me. It just means its design is crappy, and there’re can be only two reasons why it isn’t removed: 1) Microsoft wants to force everyone to run their products to guarantee their monopoly or 2) internet explorer/windows media player code is actually used somewhere because it’s really part of the “core OS” and you can’t remove it.
“in my department there is server dedicated to serve live video streams. WMP is required to serve those streams using the windows media codecs.”
So, uh, what are the news? We know that. You can install equivalent software in linux. You just aren’t _forced_ to do it.
Internet explorer is a hole of bugs, for example. And you can’t remove it, so you’re stuck with something full of holes Just By Design. Yes, you actally can not use it, but I’d rather remove that POS and not having to care…
in my department there is server dedicated to serve live video streams. WMP is required to serve those streams using the windows media codecs.
So Microsoft actually has to split the package into
* one for the desktop, with the codecs (Preferably optional. They already did that anyway its just not available yet.)
* one for the server (preferably optional too.). Both use the very same codecs. That’s not rocket science, is it?
One big problem in Windows on the server front is that you are unable to remove unnecessary applications, like Internet Explorer and Windows Media Player. Now, for those of you that don’t think it is a problem, you’re wrong, and heres why. Let’s say there is an exploit in something that your serving over the internet, for example IIS (I know, it sounds impossible for IIS to have holes, but just roll with it). Let’s say this exploit only gives this user local access, which might not seem like a big deal. The cracker can now can work on getting admin rights through exploits in any of the installed components, like IE and WMP. This is why it is important for servers to contain only the bare minimum.
I think it is needed for this product.
http://www.microsoft.com/windows/windowsmedia/9series/server.aspx
I think it is a dependency.
But you are correct it should not be shipped with a server OS unless required.
I can just imagine the complaints in the future. “Why the hell do I need a music store in my server?”
:B
I have enjoyed using nLite (http://nuhi.msfn.org/) as a tool for creating my customized Windows installation disks with custom drivers. Utilizing nLite, you can remove IE, Outlook Express, and Media Player.
My linux server has no mediaplayer at all installed, hell, my Linux server doesn’t even have X installed, I’ve got a stable kernel, and Apache, php and mysql… thats what I need, I can do my work in the command line and it free’s up as much resources as possible.
If you install RHEL/SuSE/Mandrake/Debian, you get GNOME/KDE. Gnome/KDE is needed for all kinds of server configurations – printing, web, services, etc. Once you install Gnome/KDE, you automatically get all the media players (arts/xmms/esd)
I’ve not yet seen a Gnome-Server-Only or KDE-Server-Only package.
You may be a CLI god but doesn’t mean every other server sysadmin knows how to configure a linux server without a GUI.
best regards
Dev
If you install RHEL/SuSE/Mandrake/Debian, you get GNOME/KDE.
Uhm. No. Read what Rayiner said.
If you install Debian, you can chose for X / KDE / GNOME but by default its off. That counts for: hamm, slink, potato, woody, sarge (beta). I’m very sure of that because i’ve installed all these versions and i installed them several times.
The same is true for Gentoo as well. Its been a while since i installed Mandrake/SUSE/RedHat though. In the past it was true for at least RedHat 5.0 – 6.2. I think its still true, but feel free to proof otherwise preferably credible sources.
Ofcourse, its pure logic a ‘desktop’ version of an OS installs a GUI. Doh! So don’t bother to start about e.g. Fedora. Thank you.
So – they aren’t used, but at the same they can’t be removed? Something don’t twist…
Sure they can, you just need to do a bit of (trivial) fiddling.
Actually, it means that Windows design is crappy. Why on earth a server should need a media player, internet browser, or graphics environment (yeah, I know win server can run in a headless mode) is beyond me.
What definition of “need” are you using here ?
It just means its design is crappy, and there’re can be only two reasons why it isn’t removed: 1) Microsoft wants to force everyone to run their products to guarantee their monopoly or 2) internet explorer/windows media player code is actually used somewhere because it’s really part of the “core OS” and you can’t remove it.
Or 3) it only really matters to vanishingly small number of people who aren’t worth ramping up an entire distribution channel.
Hell, Linux also installs media playing apps on a server.
Oh yes? And the sun evolves around the earth.
Please,
* name the exact software package.
* which provides a function similar to WMP in regard of playing a video meant to be seen local on a monitor.
* proof the software is not split up into several packages, e.g. ‘appname-codecs, appname-plugins, appname-server, appname-client’.
* proof it is installed on various, popular distributions (e.g. not your own) meant for (but not restricted to) server purpose.
* proof it cannot be uninstalled in a sane, easy and officially supported manner.
* proof it is selected during install by default.
* proof it cannot be deselected during install.
Good luck. I demand the impossible.
If you install RHEL/SuSE/Mandrake/Debian, you get GNOME/KDE. Gnome/KDE is needed for all kinds of server configurations – printing, web, services, etc. Once you install Gnome/KDE, you automatically get all the media players (arts/xmms/esd)
I’ve not yet seen a Gnome-Server-Only or KDE-Server-Only package.
You may be a CLI god but doesn’t mean every other server sysadmin knows how to configure a linux server without a GUI.
This is pure nonsense! If you want a gui use webmin.
The reason that just the network stack can’t be restarted if a patch is applied to it is because the Kernal needs to be unloaded from memory. The Linux Kernal is a monolithic kernel too.
Plus Windows doesn’t have a built in procedure for refreshing the registry, so once a change is made that effects various programs then everything needs, mainly apps, to be restarted.
We have an enterprise of 2500 workstations and 300 servers.
License manager was never correct. We disabled it on our servers and workstations about 2 years ago, not a single problem as a result. Just make sure that you disable the services on all stations. We have made the changes on the images.
DS
I work at school in I.T in australia. In Australia most of school have to use ISP based proxy server and Windows Update V5 does not work and fails, also a lot of microsoft software does not like proxy servers e.g Windows Auto Update and Time Update. Also We had large issues with sus server because it has proxy server settings in it that do not work right. Lot of time sus drop downloading updates after first update. We also had TSI looking for settings and have found it is a bug.
From a security standpoint, I can understand what the author is talking about with extra apps (WMP, IE) and other apps discussed in the comments section.
In a real world situation, more apps = more overhead for hardening a server. Each program has it’s own possible flaws and allows wrongdoers more avenues for abuse. Granted, security patches exist and will continue to exist, and proper administration would fix any problems with let’s say.. Windows GDI+ issues…. but out of the box that is more work for me to be doing (wasted bandwidth per server) or time devoted to creating a good image that’s been set up properly.
I don’t approve of laziness, but in a true business/work situation, how is the TCO lowering if I have more work to do from the get-go?
Yes, you’re right, Linux is a monolithic kernel. Funny how well it handles updates though – the only thing I’ve had to reboot any of my machines to update was the kernel. I’d just like to see the same functionality from Windows.
I think this is more likely because the GUI is tied into Windows. In Linux I can update KDE while in KDE, and restart it to take effect. To accomplish a similar feat in Windows requires a reboot.
Plus a good bit of laziness, where they couldn’t be bothered making things restartable 🙂
“If you install RHEL/SuSE/Mandrake/Debian, you get GNOME/KDE. Gnome/KDE is needed for all kinds of server configurations – printing, web, services, etc. Once you install Gnome/KDE, you automatically get all the media players (arts/xmms/esd)
I’ve not yet seen a Gnome-Server-Only or KDE-Server-Only package.”
Didn’t look very hard, did you? I’d lay money there’s a way with all the distros you mentioned (PS. Mandrake isn’t a server distro) – I installed KDE on my machines, because I wanted a GUI, but could have happily skipped that if I really wanted.
I’m not sure exactly how GNOME and KDE are required for these services you claim – Apache works fine without a GUI on the server, for example. Haven’t tried with CUPS, but I’d bet it does too.
And no, you don’t automatically get “all the media players”. XMMS has *nothing* to do with KDE, and afaik not GNOME either. KDE can be installed without aRts quite happily – for a server you could happily skip the entire multimedia package, as well as the games etc.
I’m not bothered that you’re saying something against his holiness the penguin, but you should try to make sure you’re right before doing so.
Windows Server 2003 turns on hidden files and extensions by default.
With regards to installing WMP, IE and OE etc on the server, having these “tester” apps on the server can help diagnose network faults or test config changes.
Alot of this article talks about the desktop of these editions… however…
What about command line? The article neglects alot of it and includes stuff about windows media player…
i think the title is misleading or to general as i have never used the media player on a server.
Okay, fair point, but those apps should *not* be on a server by default. They’re just potential exploits – anyone using a server is quite capable of installing them if they want them.
I suppose it’s all part of using the same line for clients and servers – as far as I can tell 2k3 is practically identical to XP, other than the themes being off by default and the Licensing thing which I’m too scared to touch.
I work at school in I.T in australia. In Australia most of school have to use ISP based proxy server and Windows Update V5 does not work and fails, also a lot of microsoft software does not like proxy servers e.g Windows Auto Update and Time Update. Also We had large issues with sus server because it has proxy server settings in it that do not work right. Lot of time sus drop downloading updates after first update. We also had TSI looking for settings and have found it is a bug.
Sounds like your proxy server sucks – what software is it using ?
From a security standpoint, I can understand what the author is talking about with extra apps (WMP, IE) and other apps discussed in the comments section.
[…]
I don’t approve of laziness, but in a true business/work situation, how is the TCO lowering if I have more work to do from the get-go?
The real question is, what scenario are you envisaging where WMP is plays a part in a security breach that would be substantially changed by not having WMP on the system at all ?
internet explorer
outlook express
windows media player
windows messenger etc etc etc to 9999999th degree
can all be locked down via settings in the apps and more importantly via group policy.
for those writing here that are unfamiliar with group policy and the granular control it implements on the server and the clients and the network, learn a little before inserting foot in mouth.
i have noted a very big improvement in windows update since v5 came out.
as someone already pointed out, if running a windows based server, SUS should be deployed as it is a free tool.
all of the things the author writes about are quibbles with the os that at the same level were addressed by the first paragraph he wrote about security:
no os is perfect, no os ships that perfectly matches the thousands of implementations it will address, no os maker can please all clients with 1 version.
bottom line, tweak your os on the desktop or server to fit your needs. the problem is only when you cant do it, cant do it without massive effort, cant do without added cost, etc.
all of the issues brought up in the article are valid, but are likewise easily addressed by a competent admin….just like security.
expecting apple, ms, redhat, ibm, hp, sun, novell, or whoever to make you an os that does exactly what you want right out of the box is a pipe dream….though with ibm and others you can pay them to configure it for you at a very steep price.
Seriously. I have two w2k3 servers. While I noticed a speed improvement over nt4 the GUI on these machines still consume server resources. It is still a patch and reboot nightmare. Maybe I should sue for repetitive reboot syndrome.
I’m not sure exactly how GNOME and KDE are required for these services you claim – Apache works fine without a GUI on the server, for example. Haven’t tried with CUPS, but I’d bet it does.
I can confirm this for Debian Stable/Woody. Cups installs quite happily without any gui. It does require some components common with X, such as the font renders, but there’s no mention of anything like xserver, xclients, or xbase.
Heck, Debian even lets you install parts of, or full X enviroments (ranging from xclock to GNOME/KDE) and login managers without installing an xserver…
“If you install RHEL/SuSE/Mandrake/Debian, you get GNOME/KDE. Gnome/KDE is needed for all kinds of server configurations – printing, web, services, etc. Once you install Gnome/KDE, you automatically get all the media players (arts/xmms/esd)
I’ve not yet seen a Gnome-Server-Only or KDE-Server-Only package.”
The last Gnu/Linux server install I performed (White Box Enterprise Linux 3) gave me four options – Personal Desktop, Workstation, Server, and Custom. Selecting the Server option does not install any kind of GUI, the Gnome/KDE environments, nor any media players.
Since this WBEL 3 is built from Red Hat Enterprise Linux 3 sources (see http://whiteboxlinux.org/ for more info), I seriously doubt RHEL 3 behaves any differently.
Besides, any competent UNIX/Linux administrator does not need a GUI/Desktop environment to maintain a server. It’s additional overhead is undesirable.
Literally everything can be done quickly and easily from the command line.
@ Anonymous.
What you have said is correct, but it should be done by default.
Actually isn’t it already done by default with server 2003. I remember Eugenia review of converting the server 2003 into a workstation. She had to re-enable these things.
except wehn one helps me do something that i have never done before or something i dont specialize in.
good point about them getting in the way of the savvy admin.
ms however has decided that they sell well and others agree:
http://www.pcmag.com/article2/0,1759,1437884,00.asp
(a long but comprehensive read i recommend to anyone that works in the small biz space)
this is a very good article about servers for small businesses (tiny workgroups up to about 75-100 pcs/employees)….compares ms, apple, linux….
ms small biz server gets editors choice and is a blockbuster seller for ms. despite ms problems, both apple and linux could stand to learn a little about the price, feature set, and ease of use that ms has shipped in this product.
as for wizards again:
“The IT-oriented set will be pleased with the many configuration wizards, which make even the most complex installation and configuration tasks straightforward.”
“Beneath its interface, SBS 2003 is a complex set of different servers, services, and applications. While installation and configuration wizards help achieve a quick setup, the underlying architecture contains many components: The core operating system is driven by Windows Server 2003 including IIS (Internet Information Services); e-mail runs on Exchange Server 2003, and collaborative functions are handled by SharePoint Services. Outlook 2003, Microsoft SQL Server, and FrontPage are also included in the package.”
“Our only concern—and a minor one—is that even with all the wizards and tremendous improvements in usability, end users might be overwhelmed by the plethora of features.”
“Those already familiar with setting up SBS will recognize the new To Do List page as the first significant change in the latest version of the product. This page, which offers a compilation of wizards, appears after the initial installation is complete and the administration console is launched.”
so in a small biz with up to about 100 employees, how many can afford on staff a master admin for sql server 2000, windows server 2003, isa firewall server 2000, exchange email server 2003, sharepont services, etc etc?
wizards help even a savvy admin manage things that they may not be all that proficient in.
You get what you pay for either in time or money. The author of that article has one legitimate beef and that is the number of times necessary to reboot the server when patches have to be applied. This is a problem thats plagued m$ for years and should have been addressed a long time ago, but its microsoft so you learn to build your network around such weaknesses.
As an example 2 or more clustered and load balanced servers, connected to a san via. fcp, ifcp or iscsi, would mean for alot better network persistence. Reboots become a none issue- as they should be. Patch one windows box, reboot it and everything keeps on chugging along just fine. Do the same to the others when you are sure you wont have issues with the last one. If you are running GSX or ESX it becomes even easier.
In 7 years I have had to use microsoft’s paid support twice. One was for nt 3.5 for an issue I dont remember and the other was an early domain issue with windows 2000 which was primarily my fault for not looking into the new requirements of native win2k domains before jumping right in.
Microsoft still allows you to set seats for client licenses unlike almost every other server product (novell and sgi irix come to mind) that will squeal at you if you go over. And if your users are on windows 2000 or windows xp they dont take up any cals. volume licensing and server deployment and management of client patches is pretty painless if you spend the time to look into it.
Hard to believe no one knows this but you can pull out most accessory applications if you do an unattended install. IE stays though. But considering the default security configuration under 2003 I don’t see why anyone would care if its there.
And for gods sake if you are going to have you entire company live in terminal server get citrix metaframe and do some research or atleast do some fact finding with reguards to resource allocations and limitations before you commit to a platform. If you cant find the white papers you need on the win2k3 website try using the “search” window.
In short- do some research. All platforms have their strengths weaknesses and quirks. Its up to the admin to make sure it all works and stays working and you can’t do that without doing your homework first.
and just something to note I recently setup an osx server to run extensis portfolio and font server at my office. OS X server also requires regular reboots after patches- you always get what you pay for in time or money.
Ok chaps, you’re all right and I’m wrong. Please let this die and sorry for opening my yap. The way I install servers and the way you install servers is obviously different. I like having X Windows on my servers and you don’t. I like having GUIs for Gnome and you don’t.
The only OS that doesn’t install any media stuff is FreeBSD (or OpenBSD/DragonFly/NetBSD). With the BSDs you can install X and get xterm + twm. In Linux, invariably if you install X, you get the whole desktop environment.
Peace.
> The author of that article has one legitimate beef and
> that is the number of times necessary to reboot the
> server when patches have to be applied.
whatever. in your biased opinion. i think that the gripes make perfect sense. wasted resources **should be everyones problem, except may be lazy admins who dont care about an addtl application that might be comprimised. over-simplified marketing towards the nontechie means more holes and eventually more viruses.
> And for gods sake if you are going to have you
> entire company live in terminal server get
> citrix metaframe
this guy does run citrix. he said so in a different articles comments. i know for a fact that when you run many users on a terminal server MS recommends rebooting. there’s a whitepaper on it on microsoft.com if you want to do the research. anyway, citrix itself is just one big dirty hack.
My biggest gripe, and I think it is the most important, is the unbelieveable lack of logging. If something goes wrong, event viewer is either empty or has something useless and you have to pray someone else has already uncovered its meaning. On Unix systems, practically every server application logs to /var/log or such. You at least have a good chance to solve the problem or at worst narrow it down to the application that is the source of the trouble.
I find it incredibly annoying that sometimes, for inexplicable reasons, errors start showing up in my application log about how client computers cannot find their GUIDs in the active directory. I have searched EVERYWHERE I COULD for a solution to this nagging problem, but I have ended up having to remove the client computers from the domain and rejoin them so they can generate a fresh GUID, only to have the same problem crop up a week or two later.
Also, I think that windows still needs a reboot in order to get GPO computer policies to apply since they are basically HKEY_LOCAL_MACHINE registry mods.
At home, I use gentoo
Sorry, but Linux is just a kernel. It is up to the distributions on how to package and install things. In Debian, you can easily install a complete server without ever having to install x-windows.
You’re totally wrong.
Actually, i have yet to try a linux distro where i can’t choose exactly which packages to install.
That i might have to do a little more than click off a check box in the installer is a different story. So if your server install comes with a media player, then it is because you told it to install it, not because someone at redhat or whatever distro you use decided to install it for you.
Though i will agree that it would be nice if you could get a barebones gui easily.
Yeah, i agree with you, i like having a gui on my servers, just what i’m more used to, even if i do most of my work in xterm, however, i’ve tried a number of linux distro’s (red hat/fedora, mandrake, gentoo, SuSE, and during the install process i was always given the option to install individual programs. Yes, if you’re complaint is that by default they install it, then yes, for some of them, by default they do install all sorts of additional programs with X, but with linux distros, you can always choose to uncheck them. Or if, by some chance you do install it, you can uninstall it. You can’t do that with these programs in windows, and i think that’s what’s so frustrating to people.
FYI:
Also, I think that windows still needs a reboot in order to get GPO computer policies to apply since they are basically HKEY_LOCAL_MACHINE registry mods.
In Windows 2000, secedit /refreshpolicy.
In XP, gpupdate.
I don’t want to start a religious distribution war, but to answer the (silly) discussion about GUIs on Linux servers:
Gentoo – barebones server (as bare as you can get).
’emerge windowmaker’ gives you a barebones GUI
‘USE=-X emerge webmin cups’ gives you pretty much of a remote graphical managment platform with no GUI overhead on the server (also, no monitor, keyboard, or mouse). Serial cables for off-network management.
I would say that yes, Windows does have a place in the server marketplace just because of the apps/vendors that write, but I should be able to build a stripped down NON-GUI server with only the application components that I require (DNS, SQLServer, DHCP, File/Print, Directory, blah, blah, blah.). Servers SERVE, they do not and should not be required to show pretty pictures on a monitor.
As for my biggest complaint – it is the lack of logging at any reasonable level and the fact that the logs are locked up in a propretary graphical viewer that is impossible to GREP without having a freakin 800×600 (or better) WINDOWS desktop. I know that I can use (and have used) other utilities to consolidate and convert Event Viewer messages into text/Syslog type connections, but this should be the default, not what is currently provided.
Second on my list is the fact that EVERYTHING is CLICKY-CLICKY-CLICKY. Good gracious. Give us some text configuration files to GREP, AWK, SED and (perl/tcl/python/ruby/bash) script upon. We have like 400 Windows servers and 15 Windows admins. I am the sole Unix admin for 60 Sun/HP/Linux servers which actually do most of the computational and serving of buisness data (4 Terabyte databases, clustered web servers, all systems monitoring and alerting, DNS, DHCP, Syslog, Source Control, Email, etc.). If I had to do all of this configuration and managment through a GUI, I would go mad and I just wouldn’t be able to do it on my own. For example, I can just update one sshd_config file and with one command send it on its way to all 60 machines including a restart to the ssh servers – and without a reboot and without impacting ANY users current connections. I’m sure that Group Policy is supposed to have the same effect, but I know that it is much more difficult to get the same results for the Windows equivalent of remote access – Terminal Services.
Look at this thread. No wonder the MS has a large share of servers – put up a SUS server. Configure group policy (for your servers – huh?). 800 MB registries. Cluster your server so that you can reboot every night. Aaaaack!
I’m going to bed.
“The only OS that doesn’t install any media stuff is FreeBSD (or OpenBSD/DragonFly/NetBSD). With the BSDs you can install X and get xterm + twm. In Linux, invariably if you install X, you get the whole desktop environment.”
Have you ever tried any of the “simple” distros of linux? dselect XFree, emerge xorg-x11, I don’t remember in slack, but it’s the same way. You get X, you get twm, and you get eterm. That’s how it works for them. Maybe, before making sweeping statements about how “everything” works, you should actually try it out…
Ok chaps, you’re all right and I’m wrong. Please let this die and sorry for opening my yap. The way I install servers and the way you install servers is obviously different. I like having X Windows on my servers and you don’t. I like having GUIs for Gnome and you don’t.
You really should learn how to admin from the command line. It’s much easier in the long run, and more flexible, less ambiguous.
The only OS that doesn’t install any media stuff is FreeBSD (or OpenBSD/DragonFly/NetBSD). With the BSDs you can install X and get xterm + twm. In Linux, invariably if you install X, you get the whole desktop environment.
Correct for BSD. I can install X without any window manager on my FreeBSD box. Even if I install a window manager, I don’t get the media players. I have to install these separately, explicitly. I prefer it that way: the only software that’s on my box are those that I installed. Nothing else.
Wrong for Linux. Depends on the Linux distro. Some, for example gentoo and arch, encourage the same philosophy as above. You do a minimal install, then get whatever you need.
I would say that yes, Windows does have a place in the server marketplace just because of the apps/vendors that write, but I should be able to build a stripped down NON-GUI server with only the application components that I require (DNS, SQLServer, DHCP, File/Print, Directory, blah, blah, blah.). Servers SERVE, they do not and should not be required to show pretty pictures on a monitor.
The “GUI overhead” argument is as dumb as the “wasted disk space” argument. An idle GUI isn’t going to have any appreciable amount of “overhead” and if it does, it’s time to upgrade.
As for my biggest complaint – it is the lack of logging at any reasonable level and the fact that the logs are locked up in a propretary graphical viewer that is impossible to GREP without having a freakin 800×600 (or better) WINDOWS desktop. I know that I can use (and have used) other utilities to consolidate and convert Event Viewer messages into text/Syslog type connections, but this should be the default, not what is currently provided.
What’s your objective ? I mean, in the (relatively short) time I’ve been adminning Windows machines, I don’t think I’ve ever wanted to grep through stuff in the event log. The only time I’ve ever wanted or needed to search through “logs” the relevant application has kept its own. As it should, I might add – the event viewer is really only for telling you something happened. Detailed information on what actually did happen should be logged elsewhere.
Second on my list is the fact that EVERYTHING is CLICKY-CLICKY-CLICKY. Good gracious. Give us some text configuration files to GREP, AWK, SED and (perl/tcl/python/ruby/bash) script upon.
Uh, is there anything in particular you want to *achieve* doing that, or is it just a safety blanket ?
Almost to a man, when I hear people asking about this sort of stuff, it’s mainly because they want to admin their Windows machine like a unix box. They want to do something like have some script log into each machine and fiddle a few registry settings, or connect to each machine and do a ‘shutdown /r’. What they should really be doing, is changing those settings via GPOs/AD (or possibly editing via Remote Registry) and using commands like ‘shutdown /m \MACHINE /r’ from their admin station.
We have like 400 Windows servers and 15 Windows admins. I am the sole Unix admin for 60 Sun/HP/Linux servers which actually do most of the computational and serving of buisness data (4 Terabyte databases, clustered web servers, all systems monitoring and alerting, DNS, DHCP, Syslog, Source Control, Email, etc.). If I had to do all of this configuration and managment through a GUI, I would go mad and I just wouldn’t be able to do it on my own.
Yes, well, you might find Windows admins have the same things to say about doing all their tasks through a commandline and fifty different types of text configuration file…
If you try and admin a Windows network like you would a Unix network, you will become extremely frustrated in very short order – likewise if you try and admin a unix network like you would a Windows network.
For example, I can just update one sshd_config file and with one command send it on its way to all 60 machines including a restart to the ssh servers – and without a reboot and without impacting ANY users current connections. I’m sure that Group Policy is supposed to have the same effect, but I know that it is much more difficult to get the same results for the Windows equivalent of remote access – Terminal Services.
This is exactly what group policies are for. The theory (as far as I can tell) behind adminning a Windows network is that you don’t think of it as a collection of individual machines and try to administer each one. Instead, you arrange them in Active Directory with appropriate GPOs, etc and then change stuff in the AD, not on the individual machines.
Also, really, you shouldn’t be using RDP for most individual machine admin tasks – that’s what the MMC and its snap-ins are for.
Look at this thread. No wonder the MS has a large share of servers – put up a SUS server. Configure group policy (for your servers – huh?). 800 MB registries. Cluster your server so that you can reboot every night. Aaaaack!
Yeah, because no-one in unix-land keeps local patch repositories, uses tools like cfengine, has rogue programs use up disk space and memory and has redundant systems for high availability…
This is new at slashdot.
http://yro.slashdot.org/yro/04/09/29/017249.shtml?tid=109&tid=123&t…
– no easy way to backup / restore ACLS on a file server that is not part of a domain (need sysintyernals freebies for that)
– complete mess that you get into when mixing filesystem-level acls and cifs-level share permissions
– largely over-done acls: there needs to be an EXTRA button to see what are the actual permissions applied to any given file/user combination, summing all its parents acls. Plus the config dialog is cryptic: how can you have permissions that are not set either to yes or no?
– cannot run any app as a service as easily as you do with *nix (srvany is a very limited dirty hack)
– cannot schedule tasks to run every n minutes or hours, unless you schedule them to run every day + repeat themselves every x time: who the hell came up with such a mind-bending scheme?
– cannot (at least with NT,2000) set simple IE policies to clients such as ‘use http 1.1 thru proxies’, but you can change the IE logo
– it’s 2003 and notepad still sucks at opening large files. how are admins supposed to analyze IIS logs?
– all in all cannot script/admin the server without installing extra command line utilities, since cmd basically sucks. p.s. yes I know this has got better and better, and I know that with a little bit VBS you can do wonders, but I still think that learning COM for scripting daily tasks is a complete waste of time
Maybe I should sue for repetitive reboot syndrome.
Nooo, don’t do that! You would be countersued by Microsoft. And they would take away everything you own and cherish. Or so it says in the EULA. 😉
I haven’t read all the comments, so excuse me if someone else already mentioned it, but as far as I know, one can simply select not to install WMP during the installation of windows Server 2003.
On the whole, good article, not so blatantly anti-MS and Pro-*nix.
Ok,
For those of you that are actually working to solve these issues:
1. SSH for Windows. http://sshwindows.sourceforge.net. Can integrate with Windows domains and Active Directory (if you are in mixed mode). I am doing this now. You can also use Cygwin if you are so inclined .
2. Refreshing Group Policy: secedit /refreshpolicy MACHINE_POLICY at a command prompt.
3. UNIX Shell: See Cygwin or Microsoft’s port of a mostly working UNIX environment (SFU) that they bought from someone else.
4. For getting work done remotely: TightVNC over SSH. Much better than Terminal Services if you have to deal with apps that are console-only or cantankerous in Terminal Services mode, like Oracle. Also works well for Exchange Server .
5. PuTTY. Possibly the best SSH client I have ever used, and the easiest to install .
6. PSFTP. From the same author. This lets you batch script SFTP transfers using an ftp-like client.
7. The PSTools (www.sysinternals.com). This toolset is worth it just for psshutdown, pskill, and pslist.
8. Foundstone FPort 2.0. Will not work with Windows Server 2003, but is very much like lsof for Windows 2000, XP SP1, and NT4. I haven’t run this with Win98 yet.
9. Grep’s equivalent is FINDSTR and it can be run from the CLI. Findstr /? gets you a help page.
10. Security Configuration And Analysis. This is an MMC that’s buried, but will give you control over many features of Windows, moreso than the GPOs do.
Thank you.
MBP
Well, i would like to switch to native mode and
if i realy have to work remotely i prefer ssh2 and would
install a heavily fortified ssh-server on Adamantix in the DMZ , or a good implemented VPN would be more apropiate.
Problem is that a admin simply hasn’t the time to read every day the feeds from multiple security listings.How would you know if some patch realy closes some hole or takes away
a other obstacle.He can’t diff himself away through every
patch in order to see what specic issue is going to be tackled.
Windows update will never be run directly run from a PDC or BDC, instead it would be more likely the case that an SUS server downloads the security database from Microsoft .
The clients could then be updated from the intranet.
downloads .
i’m glad the author mentioned windows media player. the earlier comments are right, it’s not doing anything just sitting there if it doesn’t get used, but say an admin is doing some work and decides to pop in his britney cd, not wmp is going out to the internet to download album info. why is this functionality necessary or even possible on a server?
second is i’d extend that to IE. i was walking past a guy admining one of our development servers and while working he was checking his hotmail account. um… that’s what desktops are for. there’s no reason IE needs to be included (make it an option, but not by default). i know windows update requires IE, but that should change too.
and as for linux requiring reboots on updates too, anyone who suggested this has no familiarity with the init command (init 1, drop into single user mode, init 3 (or 5) get back to your normal operating mode). the only time a linux box really needs a reboot is for a new kernel.
My biggest beef with Win32 systems would be the filesystem. If you could replace or delete “open” files (ie, if NTFS had POSIX filesystem semantics), you wouldn’t need to reboot so much, you wouldn’t run into all of those “someone has this PDF open for reading, so you can’t save the updated version” problems, etc.
– chrish
You forget that the server version is made by the same people who make the desktop versions. They make the same interface, they make the same dll’s, the only difference between server and desktop is that one has less limitations turned on.
But if you had been paying attention for the last 10 years then you would have noticed these things.
…is when I want to save or delete a file and the OS says that someone already has it open.
Who?
That’s what I’d like to know.
Kramii.
Good article. And personally I think that of all of the points you raise, Licensing is undoubtedly the worst, and one of the things that I like so much about using Linux. My theory about the Microsoft Licensing application (tinfoil hats ready) is that it works badly on purpose. Consider: Microsoft cares a lot about licensing, and even created headaches like Windows Product Activation to enforce it. So ask yourself: if they care so much, why did they make the application so hard?
A few years ago I worked on a Windows network and my company decided to make sure our licensing was compliant. So I tried to make an Access database to keep track of all of the various licenses we used. This included, for example, Windows 95 with a Windows 98 upgrade, Office 95 Standard with an Office 97 Professional upgrade, and so forth. And do you have to have the original OEM licenses for each computer? Because we had them, but they were a mess and took up a lot of space.
I never completed the project – it was simply too hard to keep track of it all. And much easier to ensure compliance by purchasing site licenses. The amount of time a systems admin spends on licensing costs money, so it’s worthwhile for many companies to free up their technical people and buying site licensing. This, I think, is the reason Microsoft licenses are so complex. Only very large corporations would buy site licenses if individual and per-seat licenses were easy to manage.
You’re wrong,
Linux doenst install anything… Linux is a kernel. Some Distributions may include the option to install desktop packages along with server stuff… but that’s not a rule.
With GNU/Linux you can have total control on what is being installed on your system… My servers, for example, dont have even the XWindows binaries installed!
With Windows you dont have a choice… the GUI is installed by default on the servers, along with media players, internet browsers, etc, etc, etc… stuff that you will never use.
— Dev Mazumdar wrote: —
Hell, Linux also installs media playing apps on a server. This complaint is stupid. It’s part of the OS and you get it for free. But how does a media player get in the way of serving webpages (regardless of the OS).
—
if the gui now is so good, and really do help the admins (I’m confident it does) why haven’t they put the GUI on a separate machine and made a protocol for administration of the server instead? (that way, GUI stays and the server looses all of its bloat)
and regarding the article, good done. me like.
if the gui now is so good, and really do help the admins (I’m confident it does) why haven’t they put the GUI on a separate machine and made a protocol for administration of the server instead? (that way, GUI stays and the server looses all of its bloat)
and regarding the article, good done. me like.
Like what Webmin/Usermin does using TCP/IP and HTTPS?
The lack of advanced file versioning is a pain.
This guy is just another Windows sysadmin that don’t know how to use *nix, BSD, Linux…
SSH, shell (bash/zsh,…) is all you need.
Who need a server with a GUI, WMP, MESSENGER and IE anyway?
Ho yeah, a Windows sysadmin.
BTW how can you call yourself a system when you know ONLY 1 operating system and you think the operating system is the best because of the Graphical intercace?
I’m always wondering – why many *nix admins are so hostile to their Windows counterparts? Don’t you think that Windows is a different platform and has somewhat different way of administration and philosophy? And why do you think that Windows admins aren’t familiar with “other” systems? And can you run Exchange on *nix?
“The amount of rebooting needed by Windows is idiotic. I just installed Norton SystemWorks.”
That would mean that your rebooting is being caused by Norton SystemWorks, not Windows, yes?
My Linux server doesn’t have X installed, or any form of media software. It’s purely command line driven and hasn’t failed me in 6 years.
Once, at my old employer, while I was upgrading our version of Veritaus backup software, we found we could not do so because it’s instaler would not run in anything less then 16bit video mode. We had to upgrade the video card to install the new backup software on the server. That type of sloppy procedures is what makes people gripe about MS even though in this case it is not theire fault. But they do contribute to the application venders laziness and sloppy coding by setting the example.
This is what happons when a server becomes a commodity item for the average user. I believe that MS is trying to make servers behave and act like desktops, but this approach can not work as the tasks are different. The old saying of the right tool for the right job comes to mind. Servers should be specialized machines that do a few tasks and nothing else.
you don’t have to be a CLI god, you simply have to be capable of choosing “individual package selection” during installation and de-selecting media players, or whatever else you don’t want to install. And also, none of the distributions you mentioned need a graphical environment to use any of the servers you mentioned. On Mandrake (dunno about the other distros) you can even use many of the drak* tools from the CLI – they have alternative curses frontends for when you aren’t running in a GUI.
Microsoft is trying to make a administrative interface that can be operatede even by clueless people.
The problem is… once you have this kind of interface more and more clueless users are used to do administrative jobs, just because they’re cheaper than real administrators.
What is the point?
The point is that if your actual administrator cant handle the current tasks, Microsoft tells the company to upgrade the Windows version with the new brand one that has a shinny interface filled with wizards that can turn any brain-damaged monkey into a sysadmin.
Instead of hiring more capable people, or investing on training…
“Mandrake isn’t a server distro”
Yes, it is. It has an excellent security model whose higher levels are designed for server usage, packages pretty much every type of server you’re ever going to need, and is easily configurable in a server setup. Heck, there’s even a lot of drak* tools specifically meant for server use. Just because Mandrake has a lot of desktop users doesn’t make it a desktop-only distro.
How about some kind of GUI application able to translate commands via a GUI interface to a remote server which doesn’t run X but runs e.g. SSH for authentication layer between the GUI application and the server. Webmin is an example of said description, but there’s probably more out there. Heck, Linuxconf did exactly this, too.
I help maintain a very large organization and I guess my biggest annoyance with Windows is having to set up printers for each person that uses the computer. Why can’t I simply install a printer and have anyone that uses that computer have access to the printer?
I know about profiles, but if the admin changes the screen size (to 1024×768) and another person logs on, the screen size is 1024, not 800×600 like the person had set.
U need “con2prt.exe” and “ifmember.exe” from Reskit! Then u can use it in Logonscripts like this:
———-login.cmd—————
\SERVER
etlogonifmember Usergroup1
if errorlevel 1 goto Usergroup1#
:UserGroup1
if /i %username%==Heinz.Schenk goto Heinz
:Heinz
%logonserver%
etlogoncon2prt /c “\serverHPLaserJet1”
goto END
:END
———————————-
or hostnamebased:
if /i %computername%==PC01 goto Printer1
:Printer1
con2prt /cd \serverprthpdj1
goto END
:END
Very simple!
Where are my backslashes??? #+?#+*
————————–
\\SERVER\netlogon\ifmember Usergroup1
if errorlevel 1 goto Usergroup1#
:UserGroup1
if /i %username%==Heinz.Schenk goto Heinz
:Heinz
%logonserver%\netlogon\con2prt /c “\\server\HPLaserJet1”
goto END
:END
———————————-
or hostnamebased:
if /i %computername%==PC01 goto Printer1
:Printer1
con2prt /cd \\server\prthpdj1
goto END
:END
Sorry!
You always could use Linux and Cups.
Amazingly easy, fast, maintable, secure and open-source.
Its really like configuring once using all…
ps. it really intergrates nicely with samba.
http://www.cups.org
First, just about every linux distro allows you to do custom installs where you can pick and choose how you want your machine to be setup.
redhat, fedora, suse, all allow for minimal intsalls without Guis, and allow for installs without media playes or how ever you want them.
debain and gentoo. defualt to very minimal installs, but allow you to install it however you want.
this business of linux has to have a media player for servers installs with a gui is utter nonsense.
sheesh
Nex6
if the gui now is so good, and really do help the admins (I’m confident it does) why haven’t they put the GUI on a separate machine and made a protocol for administration of the server instead? (that way, GUI stays and the server looses all of its bloat)
Like what Webmin/Usermin does using TCP/IP and HTTPS?
Like what Novell Netware started doing in the mid-1990s with NDS and nwadmin/nwadmn32?
great “news”.
I’m always wondering – why many *nix admins are so hostile to their Windows counterparts? Don’t you think that Windows is a different platform and has somewhat different way of administration and philosophy? And why do you think that Windows admins aren’t familiar with “other” systems? And can you run Exchange on *nix?
Part of the reason is that we have choices about what software to install. For instance, I can install a combination of Postfix (SMTP), Dovecot (IMAP/POP3), Amavis (Email Virus Scanner plugin), Clam AV (Anti-virus), and MailMan (Mailing Lists). Or I can install Courier (has separate SMTP, IMAP/POP3, and Mailing List components), Amavis, Open Antivirus ScannerDaemon, and OpenLDAP (Address database). Other combinations exist, too.
Of course, if we want ease of use, we can also buy and install Novell GroupWise and eDirectory. If we have desktop linux/unix machines, we can even add Ximian Evolution in there, too.
“These applications are included by default because largely the same codebase is used. I’m pretty sure, if you
really want to, you can completely uninstall them with a little bit of fiddling in the INF files, but really I
don’t see the point – they don’t do anything if you’re not using them.”
The next trojan or virus could use them. It was really very amusing to watch many of the servers at [large
software company in Redmond] succumb to Nimda. It’s not so much the fact that the software is on the servers,
it’s that they are not even being used, but are still an entry point for infection.
“Hell, Linux also installs media playing apps on a server”.
It’s possible to install one of the desktop oriented distros and set it up for use as a server–very easy and
conventient I suppose, and I think that issue is what a lot of thoughtless, knee-jerk responses are written to.
Usually, you can use the package manager to remove the extraneous programs after the install. This can’t be done
under Windows Server very easily.
” ‘I’ve not yet seen a Gnome-Server-Only or KDE-Server-Only package.’
Didn’t look very hard, did you? I’d lay mo…”
So the author of the commnet is demonstrating he doesn’t know either? I’ve seen setup screens that ask what kind
of setup it will be for early on in the install, personal, workstation, or server, but not specifically what type
of Gnome/KDE install will be included.
“With regards to installing WMP, IE and OE etc on the server, having these “tester” apps on the server can help
diagnose network faults or test config changes.”
Provdied the system operator is told nasty things will happen to his/her fingers if surfing and/or music/video
playback ocurrs. That’s not Microsoft’s problem, though.
“… can all be locked down via settings in the apps and more importantly via group policy.”
Yes, but they should be secured for the Server Version from the start, in the same way that Themes is turned off
in Server 2003.
“The last Gnu/Linux server install I performed (White Box Enterprise Linux 3) gave me four options – Personal
Desktop, Workstation, Server, and Custom. Selecting the Server option does not install any kind of GUI, the
Gnome/KDE environments, nor any media players.”
Yeah, there we go. That’s what I was looking for.
“number of reboots … This is a problem thats plagued m$ for years and should have been addressed a long time
ago, but its microsoft so you learn to build your network around such weaknesses.”
Not weaknesses, unless you count greed as a weakness. MS had to try very hard to integrate many features tightly
into the OS so that they could tell the judge that if it wasn’t there, Windows would break. Windows Xp embedded
kind of blows that out of the water though. Best thing to do for Windows 2000 server is to set a black background, Kill Explorer.exe, and start a command prompt.
Oh, yeah. Please, no more damn posts about “Linux just being a kernel”. No sh*t. Post something constructive.