Why would you want to administer a Windows NT domain from Windows 95? Obviously, NT is the best choice for administering an NT domain. However, NT may not be available on every client machine from which you access administrative functions. For example, you may not have NT on your home PC or on your laptop.
If you're running Win95 on the desktop, Microsoft's Windows NT Server Tools for Windows 95 lets you perform many NT administrative functions. However, you'll find a few things you can't do--and a few things you can do, but shouldn't.
Installing the Tools
To install these tools, find Windows NT Server Tools for Windows 95 (a complete implementation of the 32-bit NT Administrative Tools you're used to) on the NT 4.0 CD in the directory \clients\srvtools\win95. If you don't have a copy of 4.0 handy, you can download the tools from Microsoft's Web site at www.microsoft.com/windows/download/nexus.exe and expand the files to a directory on your system. Double-click Add/Remove Programs from the Control Panel to install the tools. Click the Windows Setup tab, and choose Have Disk at the bottom of the screen. Specify the directory containing the file srvtools.inf, and you'll see an entry for Windows NT Server Tools, as shown in Screen 1. Check the box next to the entry, and click Install to finish the install routine.
The setup routine places the Server Tools programs in the srvtools directory on your system's boot drive. You then need to manually place a reference to this directory in the PATH= statement of your autoexec.bat file; you must add this entry to make the tools fully functional. Why Microsoft didn't program the installation routine to automatically add this entry remains a mystery, but I know from experience that if you forget this parameter, you can't edit security on NT files and print queues.
You're now ready to reboot to activate the tools on your PC. When you click your Start menu and go to Programs, you will see an entry for Windows NT Server Tools and the familiar User Manager, Server Manager, and Event Viewer programs. These programs function exactly as their NT-based counterparts do: You can add, delete, and modify users; manage servers; start and stop service processes, as shown in Screen 2; view event logs; and so on.
In addition, you can modify the NT security permissions for files and print queues, thanks to extensions installed in Windows Explorer during the setup process. To modify permissions for a file, folder, or print queue, simply right-click the item and choose Properties. Click the tab for Security to access options for setting permissions, auditing, and taking ownership of the selected item, as shown in Screen 3.
While using NT Server Tools for Windows 95, you may have to log in or enter your password for verification as you move from server to server. This is strictly a requirement of NT Tools for Win95; it doesn't signify a problem within your domain's security model.
Run SMS Tools from Win95?
The idea may sound preposterous, but you can run part of the NT Systems Management Server (SMS) tools from Win95. (Spyros Sakellariadis explains SMS in a three-part series, "SMS: Inventory Your Desktop Systems;" May, June, and July 1996.) The SMS Network Monitor program is separate from the rest of SMS and doesn't require NT (if you look in the right places in Microsoft's documentation and training manuals, you find that Microsoft designed the Network Monitor application to run on NT or Windows for Workgroups stations). If you already have SMS and don't want to buy a portable network monitoring station, putting the Network Monitor program on a laptop is a good solution. (For information about an alternative NT/95 network monitor, see "First Looks: NetXRay," August 1996.)
First you need to set up the Microsoft Network Monitoring agent on your Win95 workstation. This is the same agent that provides network performance counters to the System Monitor applet. Go into Control Panel again, and choose Network. From the dialog, press Add to add a Service (if you don't see an option to add a service, see whether it is disabled through a setting in the system policy editor). Select Have Disk, and then select the \admin\nettoolsnetmon directory from your Win95 CD. You will see a selection for the Microsoft Network Monitor Agent, as shown in Screen 4. Install it, and reboot. (Running the Network Monitor Agent puts your NIC in promiscuous mode, which will add a degree of overhead to your system: Your NIC will look at every frame that comes across the network, instead of only those destined for the workstation.)
You can now install the Network Monitor program. On your SMS or BackOffice CD, find the setup.exe program for just the Network Monitor program. On the Microsoft Select CDs, this program is in directory \nmext\disk1. Run the setup program, and choose a directory in which to install the programs. The install routine will prompt you to set two passwords in the program: one password just for displaying information and the other for capturing packets.
Once you complete the setup routine, the program will try to install the Network Monitor agent service. The setup routine recognizes that you've already installed the agent and returns with the message, Network Monitor successfully installed.
Now click the Start menu, and go to Programs. You'll see a new group for Network Analysis Tools, including the Network Monitor program. Launch the program, and log in with the password you set to capture packets. Click Start Capture, and watch your Win95 station go to work!
Remote Control with Caveats
Obviously, NT Server Tools for Win95 is well suited for management of your enterprise via a remote-access connection such as Remote Access Service (RAS), Shiva, or 3Com AccessBuilder. Other client/server-based tools, such as Compaq's Insight Manager and Cheyenne's ARCserve Administrator, can also help you administer your domain over remote, dial-up connections.
However, you can't or shouldn't try a few administration tasks within Win95 or with a dial-up RAS connection. First, you can't use Network Monitor if you're dialed up over a RAS connection or a similar type of bridge. With bridged connections, you see only traffic to or from your workstation--you have no access to the rest of your NT network.
Network Monitor does have an option to get packet data from a remote machine that's running the monitoring agent. However, I don't recommend this option because of the obvious bandwidth difference--your CPU will act as if it were trying to pull a watermelon through a garden hose.
Second, don't edit trust relationships in Win95 while you're either in-band or dialed up via RAS. While in-band, you can create trust relationships between domains, but you can't verify them. Make sure you enter your passwords correctly and build the trust relationship in the order Microsoft recommends.
Third, you can't promote Backup Domain Controllers (BDCs) to Primary Domain Controllers (PDCs) while dialed up over RAS. (Ed Tittel and Mary Madden discuss the importance of PDCs and BDCs in "PDCs, BDCs, and Availability," August 1996.) This is not a limitation of Win95 but of RAS-based administration. Because the promotion process must stop and restart the Netlogon service and RAS depends on Netlogon, the system will not let you complete the operation.
One last caveat: Before you set up any system for remote administration, consider the security consequences. (For a discussion of security concerns with remote administration, see the upcoming article by Tom Sheldon, "NT Security Tips," Windows NT Magazine, December 1996.)
You Have an Alternative
If NT is available, use it as your management platform. But when NT isn't readily available, you can turn to Windows NT Server Tools for Windows 95 to help manage your NT domain. (For more information on administering NT domains, see Mark Minasi, "Domains and Workgroups," April, and Ed Tittel and Mary Madden, "Domains, Trust Relationships, and Groups," June 1996.)
3COM * 800-638-3266|
Cheyenne Software * 800-243-9462|
Email: [email protected]
Compaq * 800-345-1518|
Cinco Networks * 770-671-9272 or 800-671-9272|
Email: [email protected]
Shiva * 800-977-4482|
Email: [email protected]
|Windows NT Server Tools for Windows 95|
Microsoft * 206-882-8080|