It's the End of the NT World as We Know ItBy Steven Vaughan-Nichols | Posted 2004-12-30 Email Print
WEBINAR: Event Date: Tues, December 5, 2017 at 1:00 p.m. ET/10:00 a.m. PT
How Real-World Numbers Make the Case for SSDs in the Data Center REGISTER >
It's the end of the NT world as we know it, but with the right moves you can still feel fine.
NT Server 4 doomsday has arrived. On Jan. 1, Microsoft's no-fee support and non-security hot fixes disappear. So what are you going to do now?
Well, you'll need to do something. New security holes continue to be found in NT on a regular basis.
For example, if you replicate data between WINS (Windows Internet Name Service) servers to determine the NetBIOS name server for IP addresses associated with particular network computers, an attacker can take over your NT WINS server.
Microsoft has several work-around solutions to this problem. Some of them, such as blocking TCP port 42 and UDP port 42 at the firewall and simply removing WINS from your servers, defeat the entire purpose of using WINS over an Internet in the first place. The more sensible approach is to use the VPN (virtual private network) protocol, IPSec (IP Security), to filter WINS traffic.
Microsoft also provides a script for setting an IPSec policy to safely use WINS. That's the good news. The bad news is that it relies on W2K's and Server 2003's group policy. It won't work with NT.
Yes, WINS is an archaic system, and for the most part, you canand shoulduse DNS (Domain Name System) instead. Unfortunately, if you run Exchange 2000 or 2003 for your e-mail, you pretty much have to have WINS.
Microsoft will eventually, I'm sure, release a hot-fix for the WINS problem for Windows 2000 and 2003, but for NT maybe they will, maybe they won't.
Yes, Microsoft has recently backed down a bit on NT 4's end of life.
"Some of our large enterprise and public sector customers have told us they need until 2006 to complete the  upgrade," said Peter Houston, senior director of Windows Serviceability at the Redmond, Wash., company. "To ease their migration, we have decided to run the custom support program through Dec. 31, 2006, and charge the same amount as we will in 2005. This will provide customers up to two years' support while migrating."
This fee-based program, however, is not suitable for smaller customers with only a handful, or even a few dozen, NT 4 servers. Of course, Microsoft might issue critical security fixes for NT 4, but that's not what Houston has said.
"Windows NT Server 4.0 was developed before the era of sophisticated Internet-based attacks," he said. "It has reached the point of architectural obsolescence. It would be irresponsible to convey a false sense of security by extending public support for this server product."
So what should you do? I strongly recommend upgrading to Linux or Server 2003. Windows 2000, with its first generation version of AD (Active Directory), is a very painful upgrade path that I could only see if you already have vast AD and NT to W2K migration experience.
Microsoft provides extensive online resources for upgrading to Server 2003 at its Windows Server 2003 Upgrade Assistance Center. This is a great site.
For smaller offices that only need one server, Microsoft's Small Business Server 2003 makes sense.
Linux also makes good sense for SMBs (small to medium-size businesses). It, along with the open-source Windows file server Samba, can run on NT 4-capable hardware, which would die like a dog trying to run W2K, much less Server 2003. Another Samba plus is that you can use it as a PDC (Primary Domain Controller). This enables you to do drop-in replacements for NT domain-based networks without having to worry about upgrading to AD at all. For more details, see "Moving from NT to Samba."
Which Linux? The two major players are Novell with SLES (SUSE Linux Enterprise Server) 9 and Red Hat with RHEL (Red Hat Enterprise Linux) 3. In addition, Novell is on the verge of releasing Novell Open Enterprise Server, which includes both SLES and NetWare 7.
While Red Hat has the most popular business Linux distribution, Novell has a much longer and better history of working with the channel. Thus, Red Hat may be the easier sell, but Novell may provide the best long-term relationship.
In any case, NT 4 Armageddon has arrived. You must have an NT 4 migration path in place or you, your NT servers, and your customers and their servers are asking for trouble in an increasingly insecure network world.