Working with Server Manager for Windows NT

Windows 2000 may be the new kid on the block, but chances are you still have some Windows NT 4.0 servers. In this Daily Drill Down, Troy Thompson shows you one of the most important administration utilities for Windows NT 4.0—Server Manager.

Even though Windows 2000 has been around for almost a year now, chances are you still have Windows NT 4.0 servers on your network. In this Daily Drill Down, we’ll look at Microsoft’s Server Manager and how to use it to manage your domain. It’s essential that you understand this tool when administering a domain.

The role of Server Manager
Server Manager lets you manage individual workstations or manage the domain. On a workstation level, it allows you to view connected users, shares, and open resources, as you can see in Figure A. It also lets you manage directory replication, services, and shared directories, and send messages to connected users.

Figure A
You can view several properties with Server Manager.

On the domain level, you can promote a backup domain controller (BDC) to become the primary domain controller (PDC), synchronize servers with the PDC, and add or remove computers from the domain.

Some of the things that you can do through Server Manager can also be done using the Services and Server tools in Control Panel, but these tools affect only the local computer. Only Server Manager can manage both local and remote computers.

Opening Server Manager
You must be logged on to a user account that is a member of the Administrators, Domain Admins, or Server Operators group for that domain. Members of the Account Operators group can also use Server Manager, but their usage will be restricted to adding computers to the domain. There are some additional functions that only a member of the Administrators or Domain Admins group can perform. Also, the account used to run Server Manager must have the Access This Computer From Network right, which is found in User Manager.

To open Server Manager, go to Start | Control Panel | Administrative Tools | Server Manager. When Server Manager opens, it usually displays your logon domain. The body of the window lists the computers in that domain.

You can also start Server Manager from the command prompt by typing srvmgr domainname /l for a low-speed connection or srvmgr domainname /h for a high-speed connection.

Display types
From the View menu shown in Figure B, you can narrow the scope of the computers that appear in the window. To display only servers, choose Servers, for example. The Server Manager window shows those computers that are members of the domain in addition to those computers that are listed by the Computer Browser service as active in the domain.

Figure B
You can narrow the scope of computers displayed by Server Manager.

Choosing a different domain
Server Manager lets you change the domain displayed. From the Computer menu, choose Select Domain and enter the name of a domain or choose one from the listed domains. If the domain, workgroup, or computer you’ve specified communicates with your computer over a low-speed connection, click Low Speed Connection. Server Manager saves the Low Speed Connection setting for the last 20 domains specified.

Refreshing the list
Server Manager creates the computer list displayed in its main window each time you use the tool. After Server Manager performs a function, it refreshes this list, or you can refresh it manually from the View menu. If you’ve selected Low Speed Connection, however, the automatic refresh won’t occur because of the time it takes to perform a refresh.

Viewing computer information
Double-click a computer name in the Server Manager window, and you will see the following information about that computer:
  • Resources In Use: Displays status information for Connected Users, Computer, Opens, Time, Idle, and Guest.
  • User Sessions: To view the users connected to a shared resource, select a name in Share Name. You can disconnect users from the computer’s resources from here, but be sure to warn them beforehand so that no work is lost. If you administer another computer remotely, your user account will be listed as a connected user for the IPC$ share and cannot be disconnected.
  • Shared Resources: The Sharename list box shows the shared resources available on the computer, the users, and the path.

Server Manager allows you to set up an export server to export specified files and directories to other computers. Only servers running Windows NT Server, not Windows NT Workstation, can be set up as a replication export computer. Before a computer can participate in replication, you must create a special user account and then, for each computer in a domain that will participate in replication, configure its Directory Replicator service to log on using that special account.

Import Replication allows you to import subdirectories from a domain or export server. Any computer running Windows NT can be set up as a replication import computer.

The logon script path
A logon script is a file that runs each time a user logs on. It will run only for those users who have it specified in their account. The logon script path is a local path to the directory where logon scripts are stored.

The logon script path for Windows NT Workstation cannot be changed from the default of %systemroot%\system32\repl\import\scripts.

Master copies of every logon script should be stored under the replication export directory of a domain controller, either the primary or backup domain controller. Copies of these master logon scripts should be replicated to the other servers of the domain. For domain controllers, the path to imported logon scripts must be entered in the Logon Script Path text box of the Directory Replication dialog box.

To configure the logon script path for a server, double-click the computer name from the Server Manager window and choose Replication from the Properties page. In the Logon Script Path text box, type a local path. Usually it will be C:\winnt\system32\repl\import\scripts. This is a required field and cannot be left blank. When you’ve finished, click OK.

Administrative alerts
You can specify users and computers that will be notified in the event of an administrative alert. Administrative alerts are generated by the system, and they relate to server and resource use. The alerts concern security and access problems, user session problems, printer problems, and server shutdown because of power loss when the UPS service is available.

To add a user or computer to the Administrative Alert list, double-click the computer name from the Server Manager window and choose Alerts from the Properties page. Enter the username or computer name in the New Computer Or Username text box and click Add. You can also remove a user by selecting the user and clicking Remove. You must stop and restart the Server and Alerter services for these changes to take effect.

Shared directories
Using Server Manager, you can view currently shared directories or share a new directory. Double-click the computer name in the Server Manager window and choose Shared Directories to show the list of currently shared directories. To share a directory, click New Share and type in a share name, path, and comment. By default, a new shared directory provides Full Control to Everyone.

You can also define the maximum number of users who can connect to the shared directory by clicking either Maximum Allowed or Allow. If you select Allow, enter a maximum number in the Users text box.

To stop sharing a directory, select a share name from the list and choose Stop Sharing. Doing this will not remove the directory itself, just the share. Generally you should not remove a share that was created by the system (such as A$, B$, C$, ADMIN$, IPC$, NETLOGON, PRINT$, or REPL$).

To manage the permission level granted to groups and user accounts, click Permissions, select Settings in the Access Through Share Permissions dialog box, and click OK. It’s usually better to assign permissions to groups than to individual user accounts. If you set permissions on a share that is on an NTFS volume, the NTFS permissions will also be in effect. For NTFS volumes, it’s usually better to restrict access by managing the permissions set on directories and files, rather than the permissions set on shares.

Starting and stopping services
Server Manager allows you to start, stop, pause, or continue a service on any computer in the list. To view the services on a computer, select the computer name from the Server Manager window and choose Services from the Computer menu. You will see the Services dialog box listing the services running on the computer.

Select the service that you wish to start, stop, pause, or continue. If you pause the Server service, users other than those in the server’s Administrators and Server Operators groups cannot make new connections.

It’s a good practice to pause the Server service and send a message to all connected users before you stop that service. Stopping the Server service will disconnect all remotely connected users. Once the Server service is stopped, it must be restarted locally.

Sending messages to connected users
To send a message to connected users, select a computer from the list in the Server Manager window. Choose Send Message from the Computer menu and type the message in the Message text box. Click OK to send the message. This is basically a Net Send form of communication and will not work if the Messenger service is not running.

Promoting a backup domain controller to primary domain controller
At times it may be necessary to shut down your primary domain controller (PDC). If you’re going to leave the PDC down for a long time, you may want to promote one of your backup domain controllers (BDC) to a PDC. To promote a BDC to PDC, select a suitable BDC from the list of computers in the Server Manager window. From the Computer menu, choose Promote To Primary Domain Controller. If the PDC is still online, it is demoted to BDC status.

Demoting a primary domain controller to backup domain controller
When you promote a server to be the PDC, you do not have to take any special action to demote the PDC; the system will do this automatically. If a server is promoted to PDC while the existing PDC is offline, and if the former PDC later returns to service, you must demote it.

To demote this PDC to BDC, select the former PDC from the list of computers in the Server Manager window. The Computer menu option Promote To Primary Domain Controller changes to Demote To Backup Domain Controller. Click Demote To Backup Domain Controller.

Synchronizing a backup domain controller with the primary domain controller
Synchronization of domain controllers is usually done automatically by the system. It’s possible, however, that the domain directory database on a computer running Windows NT Server can become unsynchronized or that the BDC is unable to establish network connections because of a password failure. When this happens, you can use the manual method to correct the problem.

To manually synchronize a BDC with the PDC, choose the server from the list in the Server Manager window. On the Computer menu, click Synchronize With Primary Domain Controller.

Synchronizing all backup domain controllers of the domain
Once again, this process is usually performed automatically by the system. Sometimes, if you add a new account using User Manager for Domains and then try to log on immediately using that account, it fails. Manually synchronizing the domain can fix this problem.

To do so, choose the PDC from the list in the Server Manager window. Choose Synchronize Entire Domain from the Computer menu. The domain directory database is replicated from the PDC to all BDCs in the domain. You will receive a message indicating that this could take a while.

Adding a computer to the domain
Workstations and servers can be added to the domain during installation or from the Network applet in Control Panel after installation. Domain controllers must be added to the domain during installation.

To add a computer to a domain, from the Computer menu, click Add To Domain. Select Windows NT Workstation, Server, Windows NT Primary, or Backup from the Add Computer To Domain dialog box. Type the computer name in the Computer Name text box, click Add, and click Close.

Once the computer has been added, the user of that computer needs to join the domain. The icon beside the computer you added will remain unavailable until this happens.

Removing a computer from the domain
Removing a computer from the domain is simple. Select the computer from the list in the Server Manager window and choose Remove From Domain from the Computer menu. It’s impossible to remove the PDC from the domain.

Changing a computer name
To change a computer name using Server Manager, choose Add from the Computer menu and enter the new computer name in the Add Computer To Domain dialog box. Have the user of the computer change their computer name in the Network tool of Control Panel to the name you just set up.

In the Server Manager window, select the old computer name from the list and click Remove From Domain on the Computer menu. Have the user reboot their computer for the changes to take effect.

Server Manager is an essential tool for network administrators. It is possible to perform many of the functions using separate tools, but these tools affect only the local computer. You can perform all of the techniques discussed in this Daily Drill Down from the command prompt, but Server Manager combines them all into one graphical utility.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks

Free Newsletters, In your Inbox