Windows users get directory help

IT executives recently saw Microsoft Corp. budge slightly on the issue of supporting access to Active Directory features from legacy Windows clients.

Microsoft says it will offer patches to Windows 95, 98 and NT 4.0 Workstations that will allow limited access to Active Directory. But the patches will not include support for Kerberos, the critical network authentication upgrade in Windows 2000. The legacy clients will use NT LAN Manager for network access, which is regarded as inferior to Kerberos. The patches also won’t support Windows 2000’s Group Policies, Intellimirror or advanced virtual private network protocols.

According to one analyst, the patches are a small step in the right direction for large IT shops contemplating an upgrade to Windows 2000, which is due to ship on Feb. 17.

“The [upgrade] requirement involved a change out on the desktop to exploit Active Directory, and that is an expensive undertaking,” said Dwight Davis, an analyst with Summit Strategies in Kirkland, Wash.

Microsoft is attempting to soften that blow, but it is offering only a partial solution. Company officials say it will be the only interim step before users need to upgrade to Windows 2000 Professional.

The patches include support for Active Directory Services Interfaces, which will allow applications running on legacy desktops to make calls into the directory. The patches also will let users log on to the nearest Active Directory domain controller and to change their passwords via any domain controller.

“Users also will be able to search for people and printers stored in the directory,” said Shanen Boettcher, product manager for Windows 2000. “That is where you’ll see the greatest impact.”

The patches for Windows 95 and 98 will ship with Windows 2000. The patch for NT 4.0 Workstations will ship in about five months with the next Windows NT service pack.

Microsoft Canada Co., in Mississauga, Ont., is at (800) 563-9048.