Windows in the Enterprise

This document relates in particular to the school where I work, but would generally apply to any business that runs Windows in conjunction with Windows Server.

I am writing this document because of a concern I have with some free (see for the meaning of "free" as I use i here) and no-charge software. On reflection, the problems occur with pay-for software too.

I have been using various distributions Linux for years, and generally Linux software is well behaved in that there are accepted standards for where the software itself and its data are stored. Mostly, a program's files are stored someplace in /usr (which may be shared with other systems and so necessarily be mounted read-only), and it's data files are stored under /var and user's individual data ion their home directories.

My guess is that many authors of free software either learned their programming on Windows 9x/ME and don't realised that Windows NT and its successors are different. Or, they normally use their computers with a administrator account.

The principal difference that is relevant here is that individuals' data can be protected from others users of the computer. I can create my own documents, photo libraries and so on, and my wife and kids (who do not know my password) cannot access them. Unless they boot a Linux live CD, but that's another story for another day.

It goes further than that though. Enterprises, and some smaller businesses, use Windows Server, Active Directory and Group Policy to administer their computers.

Using these tools, they can have all their computers using one of a small set of Standard System Images. Here is a brief summary of what happens at the school where I work.

  1. A "Master" computer is set up with all the latest Windows (and other) fixes and with the standard software preinstalled.
  2. A preparation tool , sysprep, is run. This prepares the system for cloning, and is likely what your local PC shop does. If they want to install Windows quickly and easily.
  3. We take a copy of the partition(s) containing our standard Windows image. In our case, we use a network-bootable Linux system to do this, and we store the partition's data in a file on a server.
  4. Each user PC is booted from the LAN, and this image is unrolled onto its hard disk. This process takes 12 minutes or so for a single PC, and depends on LAN speed and disk speed on the server. For more PCs, it takes longer due to network congestion.
  5. Each PC is booted. It's in the same state as any other PC with freshly-installed Windows and has to go through the same kind of configuration. In our case, the only item of information not fully automated is the PC's name, and that depend son its physical location.

The software on any PC can be reinstalled at any time. No user data is permanently stored on any of the PCs.

Active Directory is a repository of information about all the computers and users. Group Policy is a framework for defining an enterprise's rules about which users can use which computers, what software they can use and what configuration settings they can use. Users can be very tightly managed indeed. Businesses don't want their users making ad hoc changes to their computers or installing their choices of software. Often, such choices might be unlicensed (and so illegal), sometimes they carry viruses. And, if a PC breaks and it has non-standard software, replacing it is difficult.

At school, replacing a PC is a matter of carrying in a replacement, reattaching cables and taking the old one away. If the new PC requires an infusion of new software, it needs to be booted off the LAN, and an appropriate choice made from the menu. A teacher can do that. Whether it needs new software or not, it has to be named when it first boots. A teacher (or even the janitor) can do that.

One of the features of Windows that facilitates this is the ability to store users' home directories on a server. Actually, this has existed since (at least) as far back as Windows 95 and OS/2, it's just that some software developers don't understand its importance.
These days, "home directories" are called "profiles," and store not only the users' data that they know about, but also application data and settings such as Internet Explorer's cache and cookies.

Since users' profiles are stored on the server, they can move from one computer to another -- perhaps indifferent locations --, and as they do, they always have the latest copy of their profile.

Do this:
Click Start, Run...
Enter "cmd" in the box.
You should get a window with something like this in it:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\summer>

Enter this command:
dir /a

Amongst other things, you will see directories with names such as "Application Data" and "PrintHood."

Enter this command, and view its output:

You will see environment variables pointing to various directories. TMP and TEMP point to locations where programs might store temporary data such as the files their installer unpacks from the distributed package.

ALLUSERSPROFILE points to the directory under which shortcuts for Desktop and Menu items should be stored for shared use.

APPDATA points to the location where application data such as individual settings should be stored. Explore it to see how it's laid out. If your company is called GreatSoftware, perhaps you should be storing this information under %APPDATA%\GreatSoftware\

At our school, chess is encouraged, and my failed efforts to find usable, free chess software sparked my decision to write this article. I'm sure that writers of chess software are neither better nor worse than writers of other Windows software in this regard.

Here are some of the problems I have encountered:
1 Programs can't find their settings. (users cannot change contents of \program files, and if they did, the settings would not be shared and they would be lost with the next software install).

2 Menu/Desktop shortcuts installed in the administrator's profile, instead of All Users.
3 Programs (crafty comes to mind) can't find their data files. Winboard's analysis mode doesn't work.

Here is some software that has failed the test:
SCID (Shane's Chess Information Database)

More information: