What does Windows NT 4.0 have to offer you? Is it worth upgrading from Windows 3.51? Those are the questions many Windows NT users will be asking themselves in the next few months, and apart from the Microsoft promotional literature there are few solid answers available. That’s why we undertook a critical comparison of the new version of NT against the older 3.51 version. While it may be inevitable that we all will move to Windows NT 4.0 as support for 3.51 is terminated, the decision of when to move and what effects the change will have on us can alter the timing of the upgrade.

Windows NT 4.0 has been available in beta format for almost a year, with the shipping version finally released in October. The author has worked with beta versions for eight months (completing several book updates for Sams Publishing) and with the shipping version since before its commercial release. During that time, a number of performance tests as well as several observations on the behavior of the new version of NT have been made, and summarized here. In all cases, tests and observations are based on the final shipping version of NT 4.0 Workstation and Server.

Microsoft is proud of their new release of Windows NT, and has a mass of literature showing off the new operating system’s highlights and features. Passing through the cosmetic changes and the press euphoria of the release to the nitty-gritty can be difficult, especially since many kernel parameters are hard to measure and assess independently, so some reliance on Microsoft’s official descriptions and measurements must be used. Wherever possible, though, we’ve tried to examine each aspect of the new operating system independently.

The changes to the operating system can be best summarized as a set of points, which we’ve done in the sidebar “Windows NT 4.0 Overview”. Most of these items are self-explanatory, but several are examined in much greater depth later in this article. We can start by looking at a few of the more important aspects of Windows NT 4.0: its architecture changes and the performance improvements.

Architectural Changes and Performance

Microsoft claims to have redesigned and reengineered their Windows NT operating system architecture for version 4.0. A look at the size of the programs on CD shows that much of the operating system is smaller, and first impressions of the operating system are that it is faster, too.

The core component of the operating system is the Windows NT Executive, which contains the microkernel, hardware abstraction layer (HAL), and most executive services such as virtual memory management, security monitor, and process managers which sit on top of the microkernel. The microkernel itself is responsible for task scheduling and management, and is removed from the hardware and its components including timers, interrupts, and I/O handling through the HAL.

A major change for the Executive with NT 4.0 is the addition of a Win32K Executive as a layer sitting parallel with the microkernel and HAL, directly accessing the hardware. The Win32K Executive houses many of the Windows APIs, including the window manager, Graphics Device Interface (GDI), and device drivers for the GDI. In earlier versions of NT, these APIs sat in the Win32 subsystem.

The microkernel of Windows NT 4.0 has been updated to allow handling of threads much better, as modern processors provide several privilege levels for threads. Code running at one privilege level cannot access memory locations used by code with a higher level. The NT Executive itself runs at the highest privilege level, called “kernel mode”. An Intel CPU, such as the 80486 and Pentium, supports four privilege levels, called ring 0 (highest) through ring 3. Ring 0 is kernel mode. Ring 3 (the lowest setting) is where applications and user-oriented processes are executed. This prevents user applications from accessing data and memory addresses with higher levels, including the Executive, so a crash by an application leaves the Executive code unaffected. (Windows 95 does not implement this architecture, even though it is better designed than Windows 3.11, so an application crash can crash the entire Windows 95 operating system.)

As with previous versions of NT, Windows NT 4 runs each application as a separate process. A dedicated address space is allocated to each process, so errors and crashes in that application should leave the rest of the system untouched. When one application has to interact with another, the Executive ensure there is proper separation between the processes to prevent cascade crashing. Windows NT’s reliability is born out of this design. In several months of working with the new operating system through four beta releases, the author had a single system crash. In all other cases, applications crashed regularly, but the operating system continued to work. With the shipping version, no crashes have been encountered in four weeks of heavy usage and testing.

Memory is handled slightly differently with NT 4.0. The operating system now maps the Win32 API code into the address of every process, so there are no shared memory buffers or server threads involved. The use of this technique means that the GUI shell code has increased in size, through, although this doesn’t seem to have an effect on performance. The removal of shared buffers and server threads reduces an Executive bottleneck as well as improves reliability for each application. With less memory used by each application, the overall system memory usage is reduced for the same application load over NT 3.51.

One aspect of the redesign of the kernel that Microsoft had to pay special attention to is security. The previous releases of NT reached C2 security levels. The redesign doesn’t seem to have compromised that security level at all. The security system implemented for NT 4.0 is very similar to that in 3.51, and since the security system is still a part of the Executive there is likely to be no major change in security handling.

Windows NT 4.0 Performance

If Windows NT 4.0 faster than earlier versions? In a nutshell, yes. The redesign of the operating system and the rewritten code make for a slightly faster operating system across the board, although the sheer overhead of the operating systems and its multiple API layers means that Windows NT 4.0 is not as fast as Windows 95. Most people wouldn’t expect it to be, either, as Windows 95 is much simpler in design and purpose.

By locating the window manager in the kernel, Microsoft removed a big bottleneck that existed with NT 3.51. This was especially a problem when multiple applications had to call the window manager frequently, and caused slowdowns in the operating system. With the relocated window manager, the bottlenecks seem to have been removed.

Visually, Windows NT 4.0 is faster to refresh and redraw the screen, mostly due to the Win32K Executive housing the GDI. Since the GDI can talk directly to the video hardware and runs in the ring 0 protected space of the Executive, it is fast and virtually crash-proof. Applications can talk directly to the GDI, which removes several layers of drivers and switchers that were involved with NT 3.51. The result is faster graphics. A few simple benchmarks show that the NT 4.0 system handles graphics an average of 17% faster than the earlier NT 3.51 did. There is one potential problem with this approach: a faulty or buggy video driver could, in theory, crash the entire operating system (whereas with NT 3.51 is could only crash the Win32 subsystem). Microsoft recognizes this potential problem, hence the certification program for device drivers they have instituted. After all, the reliability of any operating system is largely dependent on the quality of the device drivers it uses.

Network-oriented tasks are faster with NT 4.0, too. The most obvious change is in the File and Print Sharing features, which are almost twice as fast as those in NT 3.51. Part of this speed improvement is the redesigned kernel, and the rest is probably from the streamlined utilities and networking. For network printing tasks, Windows NT 4.0 shows an immediate improvement in queuing and printing over 3.51.

File sharing has improved for NT 4.0 in a number of ways. The inherent improvements of the kernel design and utilities has helped speed transfer, but there is also a potential performance increase that 3.51 could not offer through the new network drivers. NT 4.0 supports several of the newer high-speed networking protocols such as Fast Ethernet and 100VG AnyLAN, both offering up to 100Mbps. When connected to a 100Mbps network, the NT 4.0 drivers can take advantage of the network through a smaller number of frames transmitted, fewer interrupts to the network interface card, and better cache handling.

Network printing has improved primarily because print requests are now rendered on the server instead of through the application. This results in a faster return to the calling application (no more waiting for the print request to be formatted before regaining control of the cursor). Windows NT 4.0 allows all shared printer device drivers to be located on a server instead of spread over all the clients, which minimized upgrade problems to one machine and allows better installation routines. The Print Manager of Windows 3.51 has been replaced by individual printer folders in 4.0, which show the current status of all local and remote printers more accurately.

A quick comparison of the NT 4.0 versus 3.51 versions on the author’s HP-based 100VG AnyLAN network (with maximum measured transmission rates of 90Mbps) shows that the NT 4.0 system can sustain a transfer rate for files double that of 3.51 (peaking at 83Mbps). Also, analysis of the network traffic with a data analyzer shows that the retransmission rates of packets are much fewer with 4.0 than 3.51, obviously due to better optimization of the network drivers. One useful feature of Windows NT 4.0 Server is the ability to have it act as a router, providing interconnection between networks of different protocols.

Running standard benchmarks such as TPC-A and TPC-C shows the performance difference between 3.51 and 4.0 in a database environment. (TPC-A and TPC-C both measure transaction processing times but TPC-C adds multiple transaction types and more complex database operations. The TPC-C benchmark is supposed to represent realistic transaction behavior for most transaction-based applications.) The TPC-C benchmark was measured by the author on a single processor Pentium 150mhz machine with 64MB RAM running Windows NT 4.0 and Microsoft’s SQL Server 6.5. Although time constraints prevented rigorous testing, the Windows NT 4.0 server offered one quarter more transactions per minute than the Windows 3.51 machine. Microsoft has published similar values for a Compaq ProLiant 4500s system with four 133Mhz Pentium processors, 1GB RAM and dozens of disk drives. They measured 2500tpmC (TPC-C transactions per minute) for Windows 3.51 and 3600tpmC for Windows NT 4.0. The Windows NT 4.0 setup resulted in just under 50% more transactions per minute than the older Windows NT version.

The use of multiprocessor machines is an additional facet of Windows NT 4.0 that has been enhanced over the earlier version. Windows NT 4.0 supports full symmetric multiprocessing on systems with up to 32 processors. While this type of configuration is very unlikely on a PC-based system because memory bus saturation occurs very quickly above four processors, for DEC Alpha, MIPS, and PowerPC systems the use of multiple processors is now better handled.

Hardware Requirements

Hardware requirements have changed slightly for NT 4.0. Essentially, the 80386 chip is no longer supported (although few users ran NT 3.51 on 80386s anyway). Microsoft recommends a fast 80486 or Pentium Intel chip, or one of the RISC machines supported. Since the majority of machines running NT are Intel-based, we will concentrate on that platform. The minimum suggested memory for NT 4.0 Workstation is 12MB, and 16MB for NT Server. These should be considered bare minimums, with 32MB better for both platforms. Heavily-used servers will require at least 64MB and preferably more to provide best performance and avoid a lot of swapping. On most Intel platforms, the limiting factor for performance will be the motherboard and memory bus speeds.

NT 4.0 supports Pentium and Pentium Pro processors through optimization for their larger memory pages and pipelines. A new cache algorithm is supposed to reduce the churn in the cache, but our tests could not evaluate this directly. Part of the improvement in caching is, according to Microsoft, due to the use of larger timeslices for applications, resulting in fewer paging operations and cache replacements. As mentioned already, multiprocessor support has been expanded to provide up to 64 CPUs at once.

Earth Calling Mars

Communications and network support has been modified noticeably with the latest release of NT. The improvements in Fast Ethenet and 100VG AnyLAN support have already been mentioned. Support for PPTP (Point to Point Tunneling Protocol) has been added to allow public networks (including the Internet) to act as virtual private networks. PPTP is an encapsulation method for packets that allows other protocols to be encapsulated in TCP/IP datagrams. PPTP also provides much better security that PPP. Using PPTP with the enhanced RAS subsystem allows better remote access to an NT 4.0 server and network.

While on the subject of RAS (Remote Access Service), Windows NT 4.0 has enhanced RAS support considerably. The version of RAS included with NT 4.0 allows full PPP channel aggregation, which means clients dialing into a server can combine multiple data lines for higher throughput (instead of being forced to use a single channel, as with NT 3.51). This allows users on the road with multi-channel capable models (such as ISDN modems) to use two lines instead of one for better throughput. RAS even allows mixed bonding of lines, so two ISDN and two analog lines could be combined for throughput to a single client, for example. While this won’t be used by most people, this feature does allow for much better throughput to clients in some situations such as remote demonstrations.


The biggest improvement in Windows NT 4.0 networking is the inclusion of DCOM (Distributed Common Object Model). DCOM allows developers to use a common component library across a network. This reduces application size and provides better upgrade paths as components change. A DCOM-equipped application communicates with the object library server over a network to obtain the objects it needs.

WINS and DNS as now more tightly integrated. The DNS service provided with NT 4.0 has been completely rewritten, and now includes a GUI-driven front end for administration (a very nice touch over the older method). Integrating WINS and DNS allows clients to use DNS compound names across a WINS network, instead of having to handle two different naming methods.

For NetWare users, NetWare Directory Services has been included in the new NetWare client. This provides for better authentication and printing with DNS. Login script processing has been added to NT 4.0, something that was sorely missed by users of NT 3.51.

Finally on the network front, Windows NT 4.0 allows diskless Windows 95 workstation and clients to be booted straight from the server using Remote Program Load (RIPL). This is a feature that many users have asked for. It allows Windows NT 4.0 networks to catch up a little in the race against UNIX, which has long support diskless booting.

IIS Part of the Package

The bundling of the Internet Information Server (IIS) is an important addition to Windows NT 4.0 Server. Previously, IIS had to be purchased separately, but the newly bundled version has been enhanced and now better integrates with NT’s directory and security structures. IIS offers a number of intranet and Internet utilities such as a Web server, FTP server, and support tools. Although Microsoft claims IIS is the fastest Web server on the market, our testing shows that while the version of IIS included with Server 4.0 is much faster than the older IIS version 1.0 that was an add-on, it does tend to fall behind some commercial Web server applications under load.

The performance of IIS under 4.0 is noticeably faster than under 3.51. In a single-processor test using a Pentium 150mhz CPU and 64MB RAM, IIS transaction handling runs twice as fast under 4.0. This speed increase allows not only more transactions to be handled (and hence more user load) but also a much better performance for the user, especially on intranets.

The version of IIS supplied with NT 4.0 Server includes FrontPage, a WYSIWYG Web page designer that generates HTML code for IIS, as well as a copy of Internet Explorer 2.0 (an update to Explorer 3.0 must be downloaded from the Microsoft Web site; you would have expected Microsoft to bundle it with more recent shipments of NT 4.0, but they don’t). Also available for IIS is the Index Server (which must also be downloaded from the Microsoft Web site). The Index Server indexes text and files to provide better search capabilities.

A full description of IIS is beyond the scope of this article. It is sufficient to point out that the inclusion of IIS with NT 4.0 Server is likely to spur the proliferation of intranet Web sites on most networks, as well as make Internet Web site servers slightly more reasonable financially for smaller companies.

The GUI Issue

A typical user will notice a number of changes to Windows NT 4.0, not the least of which is the new GUI. Traditional items like the Print Manager, as mentioned earlier in the section on Performance, have been replaced with individual folders for each printer. Also, users will find that after a print request they regain control of their applications much faster with 4.0 since the server now handles the print request rendering.

One of the most touted aspects of Windows NT 4.0 is the new GUI, patterned after the GUI used in Windows 95. Most of the Windows 95 elements are there: the task bar at the bottom of the screen, the Start menu and divisions into applications and controlling elements, the desktop layout, and the overall look and feel of the interface. The mouse right and left buttons bring up menus very similar to Windows 95, with the content of the menus depending on where the mouse is positioned.

The Windows 95 GUI was intended to much more user-friendly than the older Program Manager appearance of Windows 3.11 and Windows NT 3.51. Most novice users haven’t found the Windows 95 interface significantly easier or better than the older GUI, but Microsoft seems committed to the new look-and-feel. The adoption of the Windows 95 GUI for Windows NT 4 isn’t based so much on the need to provide a simple interface (few beginners are likely to use Windows NT Workstation or Server instead of Windows 95) as to legitimize the Windows 95 interface design and provide a consistent operating system look and feel for the Microsoft product lines. With the replacement of Windows NT 3.51 the older Program Manager type of GUI is now officially passed, according to Microsoft.

If the new GUI easier to use for Windows NT Workstation and Server? Despite Microsoft’s insistence, most workstation and server users will find the new interface a little more awkward than the older Program Manager system. With the older GUI you could arrange windows in the Program Manager to suit your specific needs, with every application and utility a simple double-click (or for Logitech mouse users, a middle mouse button click) away. No opening new windows, and no hunting for icons. With the Windows 95 GUI, applications have to be launched through the Start button’s labyrinthine hierarchy. On a heavily application-loaded system, the menus that have to be waded through can be four or five levels deep. This makes launching (and even finding) the right icon much more time-consuming and annoying.

Windows NT does allow you to make shortcuts on the desktop for the most important tasks, and most users will find this the best way to handle frequently-used applications. However, the desktop quickly becomes cluttered and difficult to keep organized when many shortcuts are created.

The new Windows 95 interface does have some advantages, of course. It allows better design of nested menus from the Start button than you could manage with Windows NT 3.5 or Windows 3.11. You can sub-menu unimportant or less-often used applications, leaving them out of the way until needed. There’s also the important aspect of having a consistent look-and-feel with Windows 95, especially in mixed environments where some users will have Windows 95 systems and others will have Windows NT. Eliminating most of the visual cues to the Windows NT environment will make moving from Windows 95 to Windows NT easier for users, as well as providing a better application look across the platforms.

The Task Manager has been greatly updated from that of 3.51. It resemble the Task Manager of Windows 95, and can give detailed information about each process on the system. Accurate measurements of the amount of memory and CPU cycles each application is using help users determine when memory or CPU hogging applications are running. Termination of applications through the task manager is almost always successful.


Windows NT adds several new APIs designed to provide better performance. One of the new APIs is aimed at optimizing fibers (non-preemptive threads). By using the fiber API application developers are able to set up specific scheduling models for their application’s components. The use of fibers should also help in the porting of Windows NT developed applications to other platforms.

As you would expect, there is the usual raft of Microsoft APIs, including TAPI (Telephone API) 2.0 which allows better computer-telephone integration (CTI). TAPI allows an NT 4.0 server act as a voice-and-data handler, including applications such as interactive voice response and call handling centers. In addition, TAPI 2.0 provides better integration with existing telephone PBXs and switches.

A new encryption API has been added to Windows NT 4.0. This offers developers the ability to use the API’s encryption methods over non-secure networks such as the Internet, as well as in secure networks. With electronic fund handling and sensitive data transmission increasing in use dramatically, the encryption API will be useful for many application developers who have used third-party commercial solutions to this point.


Is Windows NT 4.0 a significant improvement over 3.51? Undoubtedly, yes. There are enough modifications in the underlying behavior of the kernel, user utilities, and system administration tasks to make the upgrade very tempting. There is no forward compatibility problem with 4.0, and while the change in GUI will throw many die-hard Windows 3.X and Windows NT 3.5X users for a while, the performance improvements, better networking, and extended features make 4.0 a must-have for all users.

Performance improvements are not the driving item for most NT server and workstation users, although they do add up with 4.0. In general, our test systems responded anywhere from 10 to 25% faster in all daily use tests. It was the little performance changes, especially printing and network access, that made the most impression on us initially. Although we have not tried a multiprocessor system, NT Server’s performance boost there is significant according to Microsoft’s numbers, and that will make 4.0 a much better transaction processing or Web site server machine.

The robustness of NT 3.51 and its security features have all been carried over to 4.0, making it a better designed version of the popular 3.51 operating system. There’s very little not to like about NT 4.0. We’re not really big fans of the Windows 95 GUI, but that’s a minor quibble for most people. Underneath the GUI, though, NT 4.0 is a new operating system, and one we highly recommend.


Sidebar: Windows NT 4.0 Overview

What’s new? In a nutshell, these are the changes and additions to NT 4.0 versus the earlier 3.51 release. In some cases, these points are expanded on in the main article.

bullet - redesigned microkernel

bullet - enhanced caching algorithm

bullet - scaleable multiprocessor support to 64 CPUs

bullet - easier installation and configuration

bullet - better network client installation from a server

bullet - integrated directory services

bullet - enhanced network performance

bullet - optimized file and printer sharing

bullet - support for DCOM (Distributed Common Object Model)

bullet - Remote Access Service supports multichannel aggregation

bullet - support for PPTP (Point to Point Tunneling Protocol)

bullet - integration of DNS and WINS

bullet - new NetWare client and services

bullet - integrated network monitor

bullet - Windows 95 GUI

bullet - enhanced task manager

bullet - system policy and user profile editors expanded

bullet - many wizards to provide installation and configuration assistance

bullet - Internet Information Server (IIS) included

bullet - Web page design tools included

bullet - new APIs including fiber API

bullet - maintains C2 security