Photo of stones in a bowl
Common Solutions Group: Common Solutions Group:

Issues and Questions

Technical Issues/Questions:

Kerberos interoperability, architecture of the domain controllers, basic security differences between UNIX and NT, e.g. impersonation instead of process based, except of course for service or the new MSI.

server integration issues

client-side support, support in apps, in http

migration tools for going from UNIX KDC to NT KDC

any chance of NT KDC as replica of non-NT KDC?

v4 compatibility

shadow realm vs. single realm

Directory services, subdomains..

including entry naming and how to lay out the tree

at the PDC there was mention of someone providing a domain controller running on UNIX. Who is doing this? What flavors of UNIX? When?

benchmarks to add a few thousand users to an NT ADS via LDAP?

limits on group nesting

issues for existing X.500 server or LDAP infrastructure

DHCP Service

details on the default address assignment when no DHCP server is detected.

Do they suggest a DHCP server to use if we don't use the MS DHCP server? (They tell us that we can use BIND 8.x instead of their nameservers, so...) If not, what services apart from raw answering of queries should it support? In particular, what needs to be supported if we want to run a non-ms DHCP server with the MS DNS servers?

DNS Service - They say we can use bind 8.x and still accomplish things. However:

If we use bind, how do we get the data we must add to the configuration files if we don't support dynamic updates? Specifically, I want to know what we need to add to the zone files to support all of those funny names based on SIDs, GUIDs..

any plans to support DNSSEC, as well as TSIG, for DNS security?


Which NT5 beta will support the latest IPSec RFCs? How well will it interoperate with non-IPSec hosts?

SNMP - multi-agent support via AgentX?

NT as Router/firewall

NT servers can now be routers. How do we suppress this ability on our campus, including dorm machines which we don't own or control?

Can you do Traffic or Service monitoring or filtering on the local machine? NT-Server only?

Time syncronization where do they get the time? NTP? Something else? How secure is it? Can we replace this with NTP?

Windows Terminal Server (Hydra): scaling, security, licensing, UNIX client availability?

transaction server

Web Application development; If you aren't *quite* ready to abandon Macs and/or Unix desktops, what technology makes the most sense? java applets, native java with push, activex controls, dhtml, ...

securing a domain controller so that it functions but offers no other services and minimal entry points?

File and print services

authentication (cross platform)

client-server integration (cross-platform)


AD and Kerberos


PGP support in addition to S/MIME?

ZAW (Zero Admin Windows), MSI (Microsoft Installer), and SMS (Systems Management Server)

how do we deploy a 100 new machines at a time with preinstalled software configurations?

can we do multi-tiered software configuration control (site, dept, group, user)

installation, update, inventory..

NT logo requirements, MSI: our developers need to make sure that they write applications that will be easy to support. ZAW, MSI and the logo program claim to help. How did Microsoft reach these conclusions. Do the requirements meet our needs if we are not exclusively using Microsoft networking solutions? (e.g. Netware or the NT AFS client).

Can we talk about the case *against* Directory Enabled Networks?

What is MS doing about QoS, e.g. tracking port-agile delay-sensitive apps, and their RSVP plans.

IPv6 is going to happen because MS corporate customers want to run it behind their firewalls/NAT boxes. Can you say "NAT doesn't like IPSEC"? Which one is going to give?

Why Linux will survive NT

What? You can't do TCP wrappers on NT??