Most Windows NT administrators are intimately familiar with NT’s administration tool, User Manager For Domains. The tool is fine for the most part, but accessibility can be a major problem. If you’re away from your network and need to make some changes in User Manager For Domains, in most instances you would probably load a copy of it onto a laptop and dial into your server using a remote access server (RAS). But what do you do if you’re on the road and don’t have access to User Manager For Domains or a RAS connection?

Wouldn’t it be nice to be able to manage your server from any workstation using something as simple as a Web browser? Now you can by installing Web Administrator 2.0 for Windows NT. In this article, I’ll show you how to install and configure this practical tool.

No utility is perfect
Although the idea of administering your Windows NT server from a Web browser sounds like a cool idea, don’t think of it as a cure-all replacement for User Manager For Domains and other NT administration utilities. Web Administrator isn’t intended as a replacement for the various administrative tools that are included with Windows NT Server.

Although it allows you to accomplish most of the more common administrative tasks, its capabilities are somewhat limited. Because Web Administrator is a Web-based application, it also tends to run a little more slowly than the standard Administrative tools do. Therefore, Web Administrator works well when you’re on the go, but you probably don’t want to use it as your sole server management tool.

Prerequisites
Before you can use Web Administrator, you’ll need to make sure your server meets several requirements. First, each Windows NT Server that you plan to remotely administer must be running Internet Information Server 4.0. Older copies of Windows NT Server ship with IIS 3.0, so you may have to perform an upgrade if you haven’t already. The best way to upgrade to IIS 4.0 is to use the Windows NT Server 4.0 Option Pack.

The reason that each server must be running IIS 4.0 is that the Web Administration tool uses ISAPI.DLL. Therefore, your Web server must be capable of making API calls into ISAPI.DLL. IIS 3.0 doesn’t include this necessary DLL and therefore can’t be used with Web Administrator. This also means that Netscape Web Server isn’t compatible with the Web Administration tool.

Another common concern is security. Web Administrator is just an application and doesn’t increase or decrease your network’s security by itself. Instead, security is determined by the way that IIS 4.0 is configured and by the configuration of the underlying Windows NT Server Operating System. Therefore, if you’ve taken the time to install all of the latest security patches and to perform a thorough security audit, then there shouldn’t be any concerns with using Web Administrator. At a bare minimum though, I strongly recommend configuring IIS to require NT Challenge Response security and SSL security.

Another prerequisite is that when using Web Administrator, you must be using a Web browser that supports basic authentication or NT Challenge Response. I recommend using the latest version of Internet Explorer on the workstation that you’ll be using to administer the server.

Installing Web Administrator
Unfortunately, Web Administrator isn’t included with Windows NT. Therefore, you’ll have to get the tool from the latest copy of the Windows NT Server Resource Kit. If you don’t have access to the Windows NT Server Resource Kit, download it from Microsoft’s Windows NT Server Downloads Web site.

You can choose to download either an Intel version or an Alpha version. The exact version you want depends on your server’s CPU. Save the NTSwebadmin20_x86.exe file to a temporary directory on your server. It’s only 1.8 MB long, so it shouldn’t take that long to download.

After downloading Web Administrator, run the executable file. The executable program will launch a Setup routine, which asks you where you want to install the Setup files. After you select the location, the Setup program will copy all of the necessary files to the selected directory and then launch the Windows NT Web Administrator Setup wizard. 

The wizard’s first major screen presents you with the license agreement. After accepting the license agreement, the wizard begins copying all of the necessary files and configuring the IIS services. After this process completes, the installation process is finished.

Using Web Administrator
You can access Web Administrator by opening your Web browser and entering the IP address of one of your servers, followed by /ntadmin. When you do, you’ll see the Web Administration Web site appear, as shown in Figure A. The URL that I’m using to access Web Administrator is the server’s IP address followed by /ntadmin.

Figure A
You can access the Web Administrator Web site by entering the server’s IP address followed by /ntadmin.

As you can see in Figure A, the left pane of the Web Administration Web site contains links to several different areas, each related to a specific administration task. Let’s take a look at each of these screens.

The Introduction page
For the most part, Web Administrator’s Introduction screen, shown in Figure A, is pretty basic. However, it does contain a link that you can click to access some general Windows NT Server status information.

The Windows NT Server Status page is very general, as you can see in Figure B. However, it does have its merits. I am particularly fond of this screen because it allows you to see at a glance how your servers are performing. For example, in Figure B, you can see that my test server is experiencing high CPU utilization, low disk space and memory utilization, has only a few connected users, and has an overall utilization level of medium.

Figure B
The Windows NT Server Status page allows you to view your server’s performance at a glance.

Account management
The Account Management page, shown in Figure C, allows you to add, delete, and change individual user accounts and groups. You can also add workstations or domain controllers to the domain.

Figure C
The Account Management page allows you to add and delete users, groups, and computers.

Interacting with user accounts, groups, and computers through Web Administrator is easy. For example, if you click the Users link, you’ll see the screen shown in Figure D. Here you can see the main screen that allows you to work with user accounts. To create a new user account, simply click the Create New button. Likewise, you can delete an account by selecting it and clicking the Delete button.

Figure D
Interacting with user accounts through Web Administrator is easy, but it has its limitations.

You may also access a limited set of an account’s properties by selecting the account and clicking the Properties button. By doing so, you can do things like disable the account or force the user to change his or her password. However, the tool is limited in that you can’t set higher-level properties, such as restricting a user account to logging in only during certain hours. You can, however, reset a user’s password by selecting the user account and clicking the Password button.

The process for adding and removing groups is almost identical to that used for adding and removing users. Adding computers is even easier. It merely requires you to enter the computer name, select whether it’s a workstation, member server, or domain controller, and click the Add button.

Device management
The Device Management page, shown in Figure E, displays all of the devices that are installed on the system. You may remotely stop or start a device by selecting the device and clicking either the Start or Stop button. Likewise, you may change a device’s startup type by simply selecting the device, clicking the Startup button, and then selecting the desired startup type from a list.

Figure E
The Device Management page allows you to start and stop devices and to change their startup type.

Event logs
The Event Logs page is another one of my favorites because it allows you to see exactly what’s going on with your server from a remote location. As you can see in Figure F, there’s really nothing fancy about the Event Logs page. It simply allows you to view the log entries contained in the System, Application, and Security log files.

Figure F
The Event Logs page allows you to view the various event logs.

You can view an individual log entry by selecting the entry and clicking the Details button. There are a couple of things that the normal Event Viewer will allow you to do that you can’t do through the Web Interface. These include saving the log entries to a file and clearing the event logs.

File system management
The File System Management page, shown in Figure G, offers some functionality that you might not expect out of a Web-enabled server management tool. It allows you to configure shared folders and to set NTFS permissions on individual files and folders.

Figure G
The File System Management page allows you to configure shared folders and to set NTFS permissions on individual files and folders.

To configure a server’s shared directories, click the Shared Directories link. When you do, you’ll see a list of the existing share points. Buttons at the side of the screen allow you to view a share’s properties, change its permissions, or delete a share completely.

The Create New button allows you to create a brand-new share point. As you can see in Figure H, this page offers a surprising degree of flexibility, by going so far as to allow you to control which operating systems can access the share.

Figure H
The Create New Share page allows a surprising degree of flexibility.

The File And Folder Access portion of the File System Management page allows you to set NTFS permissions for individual files and folders. As you can see in Figure I, the process simply involves selecting the file or folder, clicking the Permissions button, and selecting the desired permission.

Figure I
You can set NTFS permissions for individual files and folders.

Server maintenance
The Server Maintenance page allows you to perform basic maintenance tasks on the server. As you can see in Figure J, you can send broadcast messages, reboot the server, or run a remote console session (assuming that feature is installed on the server). The Web Admin Preferences section allows you to set the thresholds that determine whether the server is under high, medium, or low utilization on the status screen that I showed you earlier.

Figure J
The Server Maintenance screen allows you to send broadcast messages or reboot the server.

Printer management
The Printer Management page, shown in Figure K, allows you to view all of the printers that are hosted by the server. With the click of a button, you can view the jobs within a print queue, pause and resume printing, or flush a print queue. However, the Printer Management page doesn’t offer the ability to create new print queues.

Figure K
You can manage the server’s print queues through the Web interface.

Service management
The Service Management page, shown in Figure L, is almost identical to the Device Management page. It displays all of the system’s services. You may remotely stop or start a service by selecting the service and clicking either the Start or Stop button. Likewise, you may change a service’s startup type by simply selecting the service, clicking the Startup button, and then selecting the desired startup type from a list.

Figure L
The Service Management page allows you to start and stop services and to change their startup type.

There is one feature that the Service Management page has that the Device Management page doesn’t. As you can see in the figure, two buttons exist that allow you to pause and continue a service. Pause doesn’t unload the service but, as the name suggests, merely pauses it from being used. Clicking Continue resumes the service.

Session management
The Session Management page, shown in Figure M, allows you to see who is connected to the server that you’re monitoring. By clicking the various buttons, you may view more specific information on an individual session, disconnect an individual session, or disconnect all of the sessions.

Figure M
The Session Management page allows you to see who is connected to the server and to disconnect the user if necessary.

Server status
Although you could view general status information from the Introduction page as I mentioned above, the Server Status page allows you to see the server’s status in more detail. The Server Status page has three options: Server Configuration, Performance Statistics, and Server Statistics.

The Server Configuration portion of this page allows you to select individual server components from a list and then click the Get Configuration button to generate a detailed summary of the device’s configuration. For example, in Figure N, you can see the Network configuration.

Figure N
You can view your server’s network configuration in Web Administrator.

The Performance Statistics portion of the Server Status page is like a miniature Performance Monitor. It allows you to view preselected performance monitor counters for a variety of system devices. For example, in Figure O, you can see the counters for the Processor.

Figure O
The Performance Statistics page is like a miniature Performance Monitor.

The Server Statistics page, shown in Figure P, allows you to view basic server statistics, such as the available memory and the size of the server’s page file.

Figure P
The Server Statistics page allows you to view basic server statistics, such as the available memory and the size of the server’s pagefile.

Troubleshooting Web Administrator
Installing and using Web Administrator may be easy enough, but you might have trouble accessing it. The vast majority of access problems come from security-related issues. You can avoid such problems if you remember two simple tips.

First, you must use a compatible Web browser. Your browser must support NT Challenge Response or Basic Authentication security. If your browser doesn’t support these security models, you won’t be able to access Web Administrator.

The other thing to keep in mind is that if you have IIS configured to use NT Challenge Response security (as it is by default), Windows will never prompt you for a user name and password. Instead, the Web server looks at the account that you’re already logged on to your workstation with and determines whether you have access from that user id/password combination. Therefore, if you’re having trouble getting access to Web Administrator, make sure that you’re logged in as a user with Administrative privileges or switch to Basic Authentication, if necessary.

You can control the IIS authentication method by opening the Internet Service Manager and navigating through the console tree to Console Root | Internet Information Server | NTADMIN. Then, right-click on NTADMIN and select the Properties command from the context menu. When you see the site’s properties sheet, select the Directory Security tab and click the Edit button found in the Anonymous Access And Authentication Control section. You’ll now see a screen that allows you to control the allowed types of authentication. Do not allow anonymous access to this Web site.

Conclusion
Web Administrator 2.0 for Windows NT Server 4.0 can be a powerful tool in your administration arsenal. Although it might not do everything that individual NT utilities can do, it centralizes all of your administration duties in one place and makes them accessible from any workstation that has a compatible Web browser. Once you get it installed and learn your way around, you’ll find yourself saving time administering your NT network.