Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

This article is a summary of a two-part series on Microsoft's Desktop Operating System Strategy published in Directions on Microsoft (December 1994 and January 1995) by Redmond Communications. The article also contains two excerpts on Desktop System Management and Understanding the Registry. Reprint and ordering information follows the excerpts.

To meet the needs of different users, Microsoft has designed two different PC desktop operating systems. Users and MIS managers want to know details about how these operating systems differ and how the differences will affect them in the short and long term. Microsoft's Desktop Operating System Strategy compares Windows 95 to Windows NT Workstation version 3.5 in key functional areas, helping organizations choose the right operating system for their needs.

Windows 95 is designed for office workers and home PC users and runs on PCs with minimal resources, such as a 386 machine with 4 megabytes of RAM. To run applications like spreadsheets and word processors, this system is simple to use and hides underlying complexities when possible.

Windows NT Workstation is a powerful and secure operating system, designed for software developers, scientists, statisticians, and financial professionals. This operating system implements a number of security measures to protect data and also supports high-end hardware systems.

On This Page

Security and Support for High-End Hardware
Application Compatibility, Network Connectivity, and User Interface
Desktop System Management
Understanding The Registry

Security and Support for High-End Hardware

Microsoft's Desktop Operating System Strategy, December 1994, covers desktop system management and the Registry (excerpts follow), security features, and support for RISC and multiprocessor machines. Sidebars on C2-level security, porting 32-bit Windows applications to the RISC platform, and writing Windows NT applications for multiprocessor machines are also included.


Many organizations find the security available with Windows 95 to be more than adequate for their needs. Users can protect data using share-level security for peer-to-peer network configurations, while user-level security is available when server-based networks are used. Encrypted password files allow easy access to share-level network resources at the expense of some network security. It becomes the network security system's job to grant or deny access to resources once the user logs on to the network at boot-up. However, Windows 95 uses the MS-DOS File Allocation Table (FAT) as the local file system, which has no built-in security mechanisms, so local files on FAT-based machines can be copied or altered by others.

With Windows NT Workstation, local files are protected by secure logon, a secure file system, and user rights. Users must have both a valid user name and logon password to access the machine and its resources. Windows NT Workstation protects its resources with user-level security and can specify access permissions all the way to the file level. In addition, Windows NT Workstation can force users to change their passwords periodically and a system administrator can grant or deny a user's ability to load specific files or access other computers. Windows NT Workstation also conforms to stringent C2-level security specifications, providing protection for organizations with exacting security needs.

Support for High-End Hardware

Windows 95 is targeted toward the mainstream user. It supports single processor i386-based machines. It does not support RISC-based systems or multiprocessor systems.

Windows NT has been designed from the ground up to support RISC-based and multiprocessor machines. The operating system was written in the machine-independent language C/C++ so that the code could be recompiled to support different CPU instruction sets. Also, the hardware-dependent code is in a single component, so that only this component must be rewritten to support a different CPU or multiprocessor architecture.

Application Compatibility, Network Connectivity, and User Interface

Microsoft's Desktop Operating System Strategy, January 1995, covers the ability of the two operating systems to run existing applications, their support for PC-based networks, and their different graphical user interfaces, including graphics of the Windows 95 interface and detailed descriptions. It also includes sidebars on NCP and SMB protocols, understanding domains, network transports, and a table giving a side-by-side comparison of Windows 95 to Windows NT Workstation.

Application Compatibility

Both operating systems strive for the highest degree of backward compatibility possible. Windows 95 will run nearly all existing MS-DOS and 16-bit Windows applications, in addition to recent 32-bit applications.

Windows NT Workstation provides less backward compatibility for MS-DOS and Windows 3.x applications than Windows 95. This is partly because some MS-DOS and Windows applications directly access hardware. Windows NT Workstation, because of its stringent security model, will not allow an application to bypass security and directly access hardware components. Windows NT Workstation also supports OS/2 and POSIX applications.

Network Interoperability

Most of the network interoperability differences between the two operating systems are only valid for the short term and will disappear as more 32-bit versions of client software become available. However, one long-term difference is that Windows 95 supports real-mode networking client software developed for MS-DOS and Windows 3.x, offering compatibility with existing networks (such as Novell, Banyan, and DEC), while Windows NT Workstation does not.

Windows NT Workstation and Windows 95 both can use client software to access NetWare servers or Microsoft-based networks. In addition, they can operate as clients on other networks, such as IBM LAN Server, DEC PATHWORKS, LAN Manager for UNIX, and others.

User Interface

User interface differences between Windows 95 and Windows NT Workstation are short-term because the Windows 95 interface is based on early designs for Cairo, the next major release of Windows NT.

Windows 95 was designed to help the novice, so it uses icons, animation, wizards, and other features to simplify basic tasks. Experienced Windows users can use familiar features, such as icons and toolbars, and can customize the main menu to launch frequently-used applications. New features include folders to store files, which let users link to documents that are physically stored at another location on the network, and support of long file names beyond the 8.3 character limit.

The Windows NT Workstation interface is based on the Windows 3.1 interface and probably won't get an updated shell until Cairo ships.

The following sections are excerpted from Directions on Microsoft , December 1994: Microsoft's Desktop Operating System Strategy, Part I.

Desktop System Management

Desktop management was a design priority for both Windows 95 and Windows NT Workstation operating systems. Most of the differences that do exist are short term and will disappear in future versions.

Both systems' management infrastructures are designed around a central database, called the Registry. The Registry stores configuration information about the devices, software, and the user preferences for an individual machine. System management applications and utilities can access Registry information to give administrators a comprehensive view of desktops they manage. (For an in-depth description of the Registry and its contents, see the following section.)

Although there are some differences in the way Windows 95 and Windows NT Workstation handle system administration, most are short-term and can be expected to disappear in future versions.

This section compares Windows 95 and Windows NT Workstation system administration in four specific areas:

Configuring Individual Machines. How easy is it to configure a PC and customize the machine's environment for a particular user?

Configuring Machines for Multiple Users. How can an administrator set up a machine for use by multiple individuals, each with their own user-specific configuration preferences?

Configuring Groups of Machines. How easy is it for an administrator to make and distribute global configuration decisions?

Monitoring the Performance of Individual Machines. How can you keep track of how well a machine is performing?

Supporting Third-Party System Management Tools. How can a third-party's system management application take advantage of configuration information provided by the operating system?

Configuring Individual Machines

Both Windows 95 and Windows NT Workstation give users and administrators the ability to configure a machine according to an individual user's preferences and privileges. This is accomplished by editing computer- and user-specific configuration information in the machine's Registry.

There are two ways to edit Registry contents on a Windows 95 or Windows NT Workstation machine. End users can edit the Registry through the Control Panel. However, the Control Panel only allows users to edit a local machine Registry.

System administrators or power users can edit the Registry using the more sophisticated Registry Editor. The Registry Editor allows the administrator to examine and modify Registry entries both locally or remotely over a network or asynchronous remote access connection. The Registry maintains a copy of the last known "good" configuration that can be used to reinitialize a machine in the event a user or administrator makes a mistake editing system settings.

The Registry Editor can also be used to troubleshoot problems and closely control the end user's environment. It can be used to control desktop settings such as which program groups appear on the user's desktop and whether or not a user can access the Registry Editor itself. The Registry Editor can also be used to control the desktop's networking settings.

Windows 95

The Windows 95 Registry, which evolved from the Windows NT Registry, affords system administrators a somewhat greater degree of control over individual desktop configuration. An administrator can configure a Windows 95 machine to:

  • Restrict access to all but a specified set of programs

  • Disable the MS-DOS prompt

  • Restrict access to Control Panel settings, including those for display, networks, printers, drivers, and security

  • Hide aspects of the Windows 95 user interface such as the "Network Neighborhood"

One of the primary roles of the Windows 95 Registry is to provide information necessary to support Plug and Play features that automatically install and configure new and existing peripheral devices, such as modems, sound boards, and printers. When new devices are installed, the system checks the existing configuration in the Registry to determine the hardware resources (for example, IRQs, I/O addresses, and DMA channels) that are not being used. In this way, the new device can be automatically configured without conflicting with a device already installed in the system.

Note: For a detailed discussion of Plug and Play functionality in Windows 95, see the December 1993 issue of Directions on Microsoft.

Windows NT Workstation

Although similar in functionality, Windows NT Workstation's implementation of the Registry is different than that of Windows 95. Windows NT Workstation has its own specific Registry Editor. Windows NT Workstation's Registry Editor cannot be used to view or modify a Windows 95 Registry. The reverse is also true.

Microsoft's long-term goal is for both Windows 95 and Windows NT Workstation to support the same Registry functionality and use the same interfaces and tools, including the same Registry Editor.

Configuring Machines for Multiple Users

In many organizations, several users may share the same PC or move frequently between different machines.

To accommodate these organizations where several users share the same machine, both Windows 95 and Windows NT Workstation Registries have the ability to store multiple instances of user-specific configuration information, called user preferences. User preferences include items such as favorite screen colors, mouse click speed, and program groups. When the user logs on, the desktop is automatically configured to that user's preferences.

To accommodate organizations where individual users move between different machines, both operating systems also allow user preferences to be stored on a central network server. When the user logs on to the network, this information is downloaded to the local machine's Registry database, and the user's preferences appear on the desktop.

It is important to note that currently a set of user preferences created for a Windows NT Workstation user cannot be applied when that user logs on to a Windows 95 workstation. The same is true for a Windows 95 user logging onto a Windows NT Workstation.

Configuring Groups of Machines

Windows 95's design incorporates a group configuration feature, called System Policies, that is not yet available on Windows NT Workstation.

System Policies are sets of configuration parameters defined by the system administrator. They take precedence over any user- or computer-specific configuration parameters. System Policies can be applied to prevent groups of users from performing some action such as:

  • Sharing files or printers from machine (peer services)

  • Modifying control panel settings

  • Running a program not specifically authorized by the administrator

During the Windows 95 logon sequence, the operating system checks the Registry for the location of a System Policies file. This file is located on a network server so that System Policies can be automatically accessed by every machine that logs on to the network. Windows 95 reads the file and tailors the PC's Windows 95 environment to conform to the stated System Policies.

Windows 95 administrators use the System Policy Editor to create or modify policies. Any change made by an administrator to the System Policy file is automatically applied to Windows 95 workstations the next time users log on. This gives administrators an easy way to establish and modify the standard desktop environments for a group of machines, without having to configure each individual machine separately.

Monitoring the Performance of Individual Machines

Both Windows 95 and Windows NT Workstation include tools to allow a user or administrator to monitor various aspects of a machine's performance. The performance monitoring tools can be used to monitor an individual machine in real time from the desktop itself, or remotely from an administrative workstation. Performance issues identified using these tools can sometimes be resolved by adjusting the errant machine's configuration through the Registry Editor.

For example, a PC helpdesk person attempting to troubleshoot a "slow PC" can use a monitoring tool to remotely examine statistics such as network adapter performance, memory utilization, and disk transfer rates. If, for instance, the administrator discovers that the network adapter card has an unusually high number of dropped frames, she can use the Registry Editor to examine and adjust the network card's configuration.

Both operating systems also include a tool for administrators to monitor a remote desktop's peer service activity. This tool also enables an administrator to disconnect users as desired.

Windows 95

Windows 95's tool for monitoring desktop performance is called the System Monitor. The System Monitor allows a user or administrator to monitor and graph the following aspects of system performance in real-time:

  • 32-bit file system performance, including bytes read/second, and bytes written/second

  • Network protocol performance, including packets lost/second, and packets received or sent/second

  • Operating system kernel performance, including percentage of processor usage, number of threads running, and number of virtual machines running

  • Network redirector performance, including burst packets dropped, bytes in cache, and requests pending

  • Peer services performance, including number of buffers, and bytes read or written/second

  • Memory management performance, including allocated memory, free memory, maximum and minimum cache size, swapfile size, and number of page faults

The System Monitor also allows third-parties to add additional statistics to be monitored.

Windows 95's tool for monitoring peer service activity is called the NetWatcher. The NetWatcher shows all current connections to a machine's peer services, including which users are connected and which files or printers are in use. It can also be used to disconnect users—either closing specific files or terminating a user's connection to the shared resource.

Windows NT Workstation

Windows NT Workstation's tool for monitoring desktop performance is called the Performance Monitor. Its capabilities are considerably more extensive than those provided by Windows 95's System Monitor. The Performance Monitor allows an administrator to monitor more types of performance data, log data for subsequent analysis, and set performance thresholds to trigger automatic alert messages on the administrator's machine.

Examples of the several hundred system statistics that can be tracked by Windows NT Workstation's Performance Monitor include:

  • Performance data, such as percentage of processor time for individual processes or threads running in the system

  • Remote access service statistics, such as bytes transmitted/second and compression ratios

  • Pages/second read from the disk or written to the disk to resolve memory references

  • Number of megabytes of unallocated space on a hard disk

The Performance Monitor also allows third-parties to add additional statistics to be monitored.

An administrator can also instruct the Performance Monitor to write data to a log file. Detailed performance logs help system administrators detect bottlenecks and can also be helpful for capacity planning. The Performance Monitor can also create a log entry or send an alert message to an administrator whenever a specific performance statistic exceeds a stated value.

The Windows NT Workstation operating system also maintains a log of system, security, and application events separate from the Performance Monitor log. Some examples of system event log contents include:

  • Successful and unsuccessful logon attempts, including whenever a local user logs on to the system or whenever a remote user connects to a shared resource

  • User connects/disconnects to the machine via Windows NT Workstation's Remote Access Service

  • Failure to load a system component successfully, such as a network transport

  • Modifications to a user or group account through the User Manager facility

An Event Viewer utility lets an administrator search and filter through a Windows NT Workstation's event log.

Windows NT Workstation's tool for monitoring peer service activity is called the Server Manager. Like Windows 95's NetWatcher, the Server Manager enables an administrator to view connections to a Windows NT Workstation and close files or disconnect users from a shared resource.

Supporting Third-Party System Management Tools

While desktop configuration and monitoring tools such as the Registry Editor and the Performance Monitor are quite powerful, they were never intended to be a complete desktop management solution. Organizations require additional tools to perform tasks like hardware/software inventorying, automated software installation, and capacity planning analysis to manage large numbers of PCs in a cost effective manner.

Both Windows 95 and Windows NT Workstation make third-party system management applications more practical by allowing them to access a desktop's Registry remotely via three industry standard interfaces:

  • Windows 32-bit (Win32) API. Win32 includes APIs for accessing and manipulating Registry contents. These APIs are used by the Registry Editor and other operating system components. They can be invoked across the network using Remote Procedure Calls (RPCs) built into Windows 95 and Windows NT Workstation. RPCs allow applications running on one computer to execute functions or processes on another computer regardless of the underlying network protocol.

  • Simple Network Management Protocol (SNMP). SNMP was originally designed for managing network routers and other LAN devices. It is widely employed in large TCP/IP-based networks. Network Management products such as HP's OpenView and Novell's Network Management System accept data via SNMP.

An SNMP agent on a Windows 95 or Windows NT Workstation desktop accesses the local Registry, converts the information into a special SNMP format called a Management Information Base (MIB). The agent then sends the MIB to the SNMP-based management console.

Since the current industry SNMP standard lacks security safeguards, Microsoft only allows third-party SNMP-based management applications to query the Registry for configuration parameters. Changing parameters via SNMP isn't currently supported.

  • Desktop Management Interface (DMI). DMI is an emerging standard specifically designed for desktop management. The first edition of this specification was recently published by the Desktop Management Task Force (DMTF), an industry organization with more than 300 vendor members. A DMI agent on a Windows 95 or Windows NT Workstation desktop allows DMI-compliant management applications to query and change desktop configuration parameters by making the appropriate calls to invoke the Win32 Registry APIs.

Windows 95

Windows 95 supports the Win32 Registry APIs and SNMP. Since the bulk of the DMI specification wasn't finalized until just a few months ago, it is not certain whether or not DMI will be included in the initial Windows 95 package. It may be delayed until a subsequent update.

Windows NT Workstation

Windows NT Workstation also supports the Win32 Registry APIs and SNMP. Since Windows NT Workstation 3.5 shipped right around the time the DMI specification was being finalized, it was not possible for Microsoft to include DMI support. It is anticipated that Microsoft will offer DMI support in a subsequent version of Windows NT Workstation.

Understanding The Registry

The Registry is the foundation for system administration of both Windows 95 and Windows NT Workstation machines. It is the central repository for all system configuration information about an individual machine, including its devices, the software it is running, and the configuration preferences of the person or persons using it. All operating system components and Win32 applications store and retrieve configuration information from the Registry.

The Registry replaces the myriad of configuration files—including AUTOEXEC.BAT, CONFIG.SYS, WIN.INI, SYSTEM.INI and application-specific .INI files—used to store configuration information on MS-DOS or Windows 3.x systems.

Registry Benefits

By aggregating all of a machine's system configuration parameters into one centrally-located database, the Registry provides the following benefits:

  • A single tool can be used by administrators to view or modify any aspect of a machine's configuration. The Registry Editor, a tool provided with both Windows 95 and Windows NT Workstation operating systems, simplifies the task of diagnosing a problem or locating a configuration setting. The Registry Editor can be run on a desktop locally, or remotely from an administrator's workstation. Remote access can be executed across a network or across an asynchronous telephone line using the remote access software (RAS) included with Windows 95 and Windows NT Workstation.

  • Desktop system elements can share information. For example, each application that uses a modem can retrieve information about the brand and speed of that modem from the Registry. The software can then configure itself accordingly without any user involvement.

  • Third-party management applications can be created to remotely manage groups of desktops. The Registry exposes its contents through a variety of industry standard interfaces, including the Win32 API, SNMP, and DMI. This allows third-party developers to create system management applications that combine information about many machines collected remotely from their Registries.

Registry Contents

Windows 95 and Windows NT Workstation Registries store both computer- and user-specific configuration information. They also contain statistical information about various system components.

Computer-Specific Configuration Information

Computer-specific data describes aspects about a local machine's configuration which remain the same regardless of the user. Examples include:

  • Hardware configuration information for components such as the system bus, the keyboard, the graphics adapter, and the disk drives

  • Operating system configuration information such as details about network protocols and print drivers installed

  • Application configuration information such as associations between applications and particular file extensions (for example, .DOC files are associated with Microsoft Word and .XLS files are associated with Microsoft Excel)

User-Specific Configuration Information

The Registry also stores configuration information specific to each individual user of a local machine. Some examples of user-specific Registry data include:

  • Desktop settings, such as the layout of the operating system shell window panes, personal program groups, wallpaper type, color schemes, screen saver parameters, cursor blink rates, and display resolution

  • Network connections, such as shared printers and disk drives, along with their port and drive letter assignments

  • Application settings, such as menu and toolbar configurations, preferred fonts, and window configuration preferences

Both Windows 95 and Windows NT Workstation allow the user-specific portion of the Registry database to be stored on a central network server and downloaded to the workstation at logon. This makes it possible for "roving users" to get their personal configuration regardless of which workstation they are currently using.

Statistics Counters

The Registry collects statistical information about system software and hardware components, including the file system, operating system kernel, and network adapter card. Third-party applications can use the Registry to store their own application-specific statistics.

Examples of statistical data accessible via the Registry include:

  • Percentage of CPU usage

  • File system bytes read/second

  • Count of packets sent/second by the network adapter device driver

Since statistical data tends to change frequently, it is not stored directly in the disk-based Registry. Instead, the Registry contains pointers to the most up-to-date source of statistical information. The pointer might reference a location in memory where the operating system maintains a counter statistic. Or, the pointer might reference a code module that collects the data on demand.

The summary and excerpts above are from "Directions on Microsoft," an independent publication about Microsoft's technology and strategy. A complete reprint of the two-part series on Microsoft's Desktop Operating System Strategy (December 1994 and January 1995 issues) is available for $99 by phoning (206) 882-3396 or faxing (206) 885-0848. A one-year subscription (10 issues) to "Directions on Microsoft" can be ordered for $595 and a two-year subscription is $995. "Directions on Microsoft" is published by Redmond Communications, Inc.