We All Just Get Along? Running Windows 7 in Mixed Environments
As great as Windows 7 is (and I think it’s pretty great), it should come as no surprise that many organizations are running or will run Windows 7 in a mixed environment. Because of this, Windows 7 is going to have to play nice with a variety of other environments, drivers, APIs and so on, from predecessors including various versions of Windows XP and Windows Vista to Linux, Unix and even the Mac OS X. With so many disparate operating systems, the issue of interoperability becomes extremely important, and you may be wondering what features Windows 7 has in order to support interoperability. So let’s dig in and take a look.
Interoperability with Unix and Related Operating Systems
Like earlier releases of Windows, Client for Network File Systems (NFS) and Subsystem for Unix-based Applications (SUA) remain the primary components provided for interoperability with non-Windows operating systems. They allow both small and large enterprises to integrate their Windows systems with Unix-based systems. Client for NFS enables Windows computers to gain access to files on Unix-based computers. SUA provides a subsystem for compiling and running custom Unix-based applications and scripts on Windows computers. Also available are administration tools for managing Services for NFS on local and remote computers. As with Windows Vista, any or all of these features can be turned on or off using the Windows Features dialog box.
Once you’ve enabled Client for NFS and the related administrative tools, you can configure a computer to connect to Unix NFS shares that allow anonymous access. If you don’t allow anonymous access, you must configure the computer to get Unix identity information from an existing User Name Mapping (UNM) server or configure one if it is not already available. At an elevated command prompt, enter nfsadmin client to determine what options Client for NFS is configured to use. Use the mount command, the NET USE command or the Map Network Drive feature to map a drive to a remote NFS share.
In Windows, security identifiers (SIDs) identify objects in the file system and elsewhere. In Unix, user identifiers (UIDs) and group identifiers (GIDs) identify objects in the file system and elsewhere. Whenever you work with Services for Unix, UNM is used for authentication. UNM authenticates incoming access requests and determines the effective UID and GID. To correlate Windows and Unix identities, UNM uses the Windows Security Accounts Manager (SAM) or Active Directory to identify Windows users and Unix password and group files or NIS domains to identify Unix users and groups.
There are two approaches to name mapping: simple and advanced. Simple Name Mapping automatically creates name maps for all users and groups who have the same name in your Windows and Unix environments. You can create simple name maps between Windows and Unix using the MapAdmin command with the AddDomainMap parameter. Before you use this command, copy the Unix password and group files to your computer, merge them and then filter out duplicates and any system accounts. You also can create simple name maps using Unix options in the GUI on the UNM server.
In contrast, you create advanced name maps by manually mapping Windows users and groups with their Unix counterparts. While it sounds complex, Unix options in the GUI on the UNM server make this process fairly easy and straightforward. First, you turn off Simple Name Mapping, and then you use the Advanced Maps options to manually map Windows users and groups to Unix users and groups.
For Windows 7, Microsoft made several enhancements to Client for NFS and SUA. Most of these enhancements are bug fixes that provide a better integration solution with fewer problems. Because Windows 7 is best used with Windows Server 2008 R2, it is important to know how R2 supports Services for NFS. In R2, Services for NFS supports net groups so you can create network-wide named groups of hosts and RPCSEC_GSS for enhanced security with Remote Procedure Calls. Generic Security Service Application Programming Interface (GSS-API) allows Services for NFS to use Kerberos version 5 for authentication and integrity checking.
NFS Authentication can be configured to use Kerberos v5 authentication (KRB5) or Kerberos v5 integrity checking and authentication (KRB5i). It is important to note that if you use NFS versions 2 or 3 and KRB5i, you will be unable to mount shares over the User Datagram Protocol (UDP). To use KRB5i integrity checking, you must configure the NFS client and server to use the TCP protocol. With KRB5, you can configure the client and server to use either TCP or UDP.
As far as Mac OS X goes, like Windows Server 2008, Windows Server 2008 R2 does not include Services for Macintosh. That’s not necessarily a bad thing, as Mac OS X is built on Unix and includes an NFS client. You can use the NFS client to connect to NFS shares.
Interoperability with Earlier Windows Versions
Many applications will run natively in Windows 7. For applications designed for earlier releases of Windows, you have the option of configuring compatibility settings to get these older applications to run without problems. For example, 32-bit editions of Windows 7 run 16-bit and MS-DOS applications using a virtual machine that mimics the 386-enhanced mode used by Windows 3.0 and Windows 3.1. Each of these older programs runs as a thread within a single virtual machine but can be configured to run in a separate memory space. For these and other programs, you often can use the Compatibility Wizard to resolve many types of compatibility issues.
If applications don’t run or you want to create a sandbox environment prior to transitioning to Windows 7, not to worry. You can use Windows XP Mode to create a Virtual PC environment that runs a full copy of Windows XP, allowing you to run applications designed for Windows XP just as if you were on a computer running Windows XP natively.
Windows XP Mode provides an additional layer of compatibility for Windows 7. This gives you more time to move to Windows 7, and it also saves any retraining that might be required to run new versions of applications in Windows 7. Windows XP Mode is designed for small and large enterprises and requires a running instance of the Professional, Enterprise or Ultimate editions of Windows 7.
Once installed, Windows XP Mode is easy to set up. During setup, a tutorial runs to help users understand how to work with Windows XP Mode. When you run Windows XP Mode the first time, a full desktop will open and you can use it to install applications. Installed applications will automatically appear on the Windows 7 Start Menu. Thereafter, users can start applications in Windows XP Mode simply by clicking the application shortcut on the Start Menu. As an example, if your Web applications have compatibility problems with Internet Explorer (IE) 7 or IE8, you can install IE6 in Windows XP Mode as a workaround. Users can then start IE6 from the Windows 7 Start Menu to seamlessly access IE6 in Windows XP Mode.
Windows XP Mode requires hardware virtualization support in the CPU, such as Intel virtualization or AMD virtualization. Virtualization support must be enabled in firmware. Although Windows XP Mode provides a fully functional Windows XP environment, it is not meant for graphics-intensive applications. As with any virtualized PC environment, you should protect the virtual OS by installing anti-virus and anti-malware programs in Windows XP mode. These anti-virus and anti-malware programs are separate from those running in the native Windows 7 environments.
Fore more on Windows XP Mode, check out these pages:
That, in a nutshell, is how you can run Windows 7 in mixed environments. As you’ve learned about in this article, Client for NFS and SUA allow for interoperability with Unix-based computers; Windows XP Mode provides an additional layer of application compatibility that you can take advantage of whenever your computers are running Professional or higher editions of Windows 7. I hope you find this article to be useful, and you’ll look for my new books from Microsoft Press, “Windows PowerShell 2.0 Administrator’s Pocket Consultant,” “Windows 7 Administrator’s Pocket Consultant” and “Windows Server 2008 Administrator’s Pocket Consultant, Second Edition” (all published in 2009).
William Stanek (williamstanek.com) is a leading authority for Microsoft Windows and Windows Server technologies and the award-winning author of more than 100 books. He is an expert on and writes about Active Directory, Group Policy, Windows, Windows Server, Exchange Server, SQL Server, IIS, PowerShell and Web technologies. Follow him on Twitter at https://twitter.com/WilliamStanek.