Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
iPhone 5 rumor rollup for the week ending Feb. 10
Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid
Apple passes HP as largest tech company
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Much of Western U.S. is a 3G wasteland, says FCC
How the Phoenix Suns basketball team takes on social media attacks
Microsoft details Windows 8 for ARM devices
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Macs take on the enterprise
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
/

Reviews /

Easy domain administration

Today's breaking news
Send to a friendFeedback

Enterprise Administrator tops the list of tools for managing distributed NT domains

By Jeff Bankston
Network World, 5/18/98

One of the key administrative issues with Windows NT Server is domain management. With its multiple levels of domains, NT Server requires you to make a range of planning and management decisions on a daily basis. This makes centralized administration complex for geographically decentralized organizations.

One solution is to assign limited administrative permissions to select end users, giving them the ability to perform tasks normally relegated to domain administrators. Microsoft offers no native tools for assigning such permissions, but we found products from three companies that do offer these tools.

Mission Critical Software, Inc.'s Enterprise Administrator (EA) tops the list, winning our World Class award on the strength of its effectiveness, documentation and superb technical support. Master Design & Development, Inc.'s Trusted Enterprise Manager (TEM) and FastLane Technologies, Inc.'s Virtual Administration Tool (VA Tool) for Windows NT performed very well, but came up short in one or two areas. TEM's installation was troublesome and VA Tool requires Microsoft's Internet Information Server (IIS) to perform remote administrative tasks.

All of the products run as an NT service on a domain's primary domain controller, though EA can also run on the backup domain controller or on an NT Workstation. Each product's service integrates with the NT domain structure without interfering with the domain itself, and each uses very little server memory or disk space.

Domain management and administration

EA uses a hierarchy of marshal-deputy-user to assign permissions based upon the user's level of administrative needs. You first designate a territory, which is a collection of network resources to be administered, appoint a marshal to manage it, then grant the marshal the necessary powers. Marshals (there can be more than one) can create deputies within their territories to handle subordinate tasks. EA also lets you create virtual domains in which NT resources are pooled together based upon your needs. Its administration interface is slick and simple to use.

While EA allows you to designate two levels of virtual administrators, the other programs only support one.

TEM uses a distributed method of user and resource administration similar to that of the other products. It caches the domain groups and access control lists so that user validation and authorization is performed faster, which is important when large domains can include 10,000 users. We were pleased to see how easy it was to assign virtual administrators and permissions for specific needs of the domain. Instead of using marshals, TEM uses the cached database for security validation. One central program is used to configure the TEM service itself.

As with EA, one administrative program is used to configure TEM. TEM also lets you quickly reset passwords for users who forget them. Just like EA, TEM can grant virtual administrators permission to modify granular functions such as Logon and Set Account Properties.

FastLane's VA Tool also lets you collect network objects, or resources, into virtual domains. You first identify domains for VA Tool to control, add them to the program's list of domains and then create a virtual domain. You then assign VA Tool administrators to the program's newly created virtual domains.

The VA Tool Manager has three menu tabs - Windows NT domains under VA Tool's control, virtual domains created within each NT domain and virtual administrators that manage these domains. Unfortunately, VA Tool administration is based upon Microsoft's IIS and Active Server, using Visual Basic scripts to run the client tools remotely and to handle daily tasks. Without IIS, VA Tool can be administered only at the server console on which it was installed - a significant drawback. By contrast, EA and TEM both use remote procedure calls to work across the network regardless of your physical location.

Installation and documentation

Two of the products were easy to install. TEM, however, was confusing to configure initially. Installing the TEM service and administration program requires two fields of critical information - the domain name and the server where TEM is to be installed - but it's not clear where or in what order you must enter them. We found it easy to create muddled service names, which we then had to fix manually later.

Enterprise Administrator's documentation was much better than the other two products, with highly detailed explanations of features, functions and tools. While today the documentation is one massive manual, Mission Critical says future revisions of the product will use smaller manuals separated by major topic. The online help files for EA were highly effective. TEM's documentation was also good, in a smaller three-volume set spanning setup, client and administrative tasks. Though we received the production code for VA Tool, its manuals were in draft form. Still, the instructions were adequate.

All three products do their jobs well, but EA bests the others thanks to more versatility in its command set, menu options, advanced functions and better documentation. If Virtual Administrator's remote administration used network system calls instead of reyling on a Web server, it would be a more capable contender.

RELATED LINKS

Product info:

Enterprise Administrator

Trusted Enterprise Manager

Virtual Administration Tool

Bankston is a network design and integration specialist, and vice president of operations for BCI Associates in Panama City, Fla., a front-line systems integration hardware, software, and compatibility testing facility. He has designed LAN, WAN and MAN systems for 16 years. He can be reached at jeff@mail. bciassoc.com or (850) 874-2467.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.