Use your Pocket PC 2002 device as a mobile administrative workstation

In "Pocket PC 2002," http://www.winnetmag.com, InstantDoc ID 23685, I introduced you to Pocket PC 2002 devices. This month, let's drill down to a capability that network administrators and IT folks will find particularly interesting—using a Pocket PC 2002 (or Handheld PC—H/PC—2000) device as a mobile administrator's workstation. You can use Pocket PC 2002 devices to perform administrative tasks (e.g., changing user passwords, troubleshooting Ethernet problems, taking down a server) from any location that your corporate LAN reaches.

I've been testing three Pocket PC 2002 devices. One is an upgraded Compaq iPAQ H3670, and the other two are new—Toshiba's GENIO (the Japanese version of a device that will sell in the United States under the name e570) and Hewlett-Packard's HP Jornada 565. The network features that I discuss in this column are available on all three devices (although you must separately install the terminal services client on the iPAQ because it has a smaller flash ROM than the newer devices have).

Setting up Pocket PC 2002 devices is straightforward: All the necessary software is integrated on one CD-ROM, which replaces the separate Microsoft and OEM CD-ROMs common to earlier Windows CE­based devices. If you're setting up a brand-new device on a PC that you've never attached a Windows CE device to, you'll want to install the software before you connect the USB-based sync cradle. (Otherwise, Windows will generate an error message as it attempts to detect the cradle.) The quick setup procedure is simply a matter of inserting the CD-ROM and following the onscreen instructions.

Built-in Networking
Pocket PC 2002 devices offer impressive network support. On NE2000-compatible Ethernet cards and 802.11 wireless Ethernet cards, the necessary drivers are built in. Just insert the card, and a pop-up display offers to configure the network driver. You can use a server-assigned IP address (the simplest option), or you can manually enter IP, subnet mask, gateway, and name server addresses. You need to complete this process only once for each network card.

After you install a network card, you immediately have access to the corporate intranet (or the Internet). Both Pocket PC 2002 and H/PC 2000 devices include a version of Microsoft Internet Explorer (IE), so you can, for example, use Windows 2000 Server's Web-based administration features. When you try to access a secured page, the device prompts you to enter the necessary credentials, as Figure 1 shows.

Pocket PC 2002 lets you browse network shares by using File Explorer, which is in the Start menu's Programs folder. After you provide credentials, you'll see a view of files and folders, as Figure 2, page 76, shows, that's similar to what you see on a typical Windows desktop. You can't open a network file directly, but you can create a local copy and use built-in applications such as Microsoft Pocket Word and Microsoft Pocket Excel to edit the file. (Tap and hold the stylus on a filename in File Explorer, and select Copy from the resulting pop-up menu; then, change to a local folder and select Edit, Paste.)

Pocket PC 2002 also offers—at last!—built-in PPTP-based VPN support. Tap Start, Settings and select the Connections tab. Tap the Connections icon to bring up a Connection Settings dialog box. To inform the device about your NIC connection, select The Internet in the My network card connects to field. Now, tap Modify (beneath Work Settings) and select the VPN tab. Tap New to create a new VPN connection—you need only to specify a name for the connection and a host name or IP address for the VPN server. You can now use File Browser or Pocket IE to browse shared network resources. The device automatically establishes a VPN connection, if necessary—at that point, a pop-up message requests your security credentials.

Pocket PC 2002's VPN has one limitation: It's available only when you're using public IP addresses to dial through an Internet connection. The VPN doesn't work if you're trying to tunnel through a private address range. (I use such a VPN to secure my home network's private wireless LAN—WLAN.) Microsoft's approach will work for sites in which the wireless Access Point (AP) resides outside a corporate firewall—a scenario that highlights PPTP's original intent. Microsoft will probably receive criticism for providing only PPTP-based VPN support. Keep in mind that third-party IP Security (IPSec) solutions are available. (For information about these solutions, see "Use a VPN to Secure Your Wireless Network," September 15, 2001, InstantDoc ID 22006.)

Terminal Services Client
One of Pocket PC 2002's most impressive features is a fully operational Windows terminal services client that works like a charm. Just tap the Terminal Services Client icon in Start, Programs. The device prompts you for the server name or IP address, then prompts you to enter your username and password. You now have an honest-to-goodness terminal services session on your Pocket PC display.

One drawback of the terminal services client is that you'll spend a lot of time scrolling on the tiny Pocket PC display. Microsoft has attempted to address that problem with a group of icons (in the lower left corner of the terminal services client display) that let you quickly navigate to a specific portion of the emulated Win2K screen.

To an administrator, this terminal services client is invaluable. Although you can perform most administrative functions through the Web-based UI, terminal services lets you access the server console—you can even perform a shutdown and restart, as Figure 3 shows.

Essential Add-ons and Tips
Before Pocket PC 2002 can be a true administrator's companion, it needs two more tools: Ping and Telnet. Of the two, Ping is especially important because Pocket PC 2002 lacks a command-line interface and hides many network-operation details. (For example, Pocket PC 2002 offers no built-in way to determine what host-based IP address the device uses.) Of course, Telnet is unnecessary on pure Win2K (or Windows NT) LANs because all administrative tools are available in either a Windows or Web-based UI. However, Telnet is common in organizations that run multivendor networks.

Fortunately, you can implement third-party tools to make up for these two deficiencies: Download vxUtil and vxHpc from Cambridge Computer (http://www.cam.com). I've been using both utilities since the Windows CE 2.0 days. VxUtil provides not only Ping, but also Finger, Info, Trace Route, and other common IP utilities. VxHpc is a full-featured terminal package that provides DEC VT-52/VT-100/VT-340/VT-420 emulation over both Async and Telnet connections.

Now for a few tips: First, don't select the new Strong alphanumeric password option (under Start, Settings, Password), then use Microsoft Transcriber—the new handwriting recognizer that works (most of the time) with any combination of print and script—to enter the password. I made this mistake and paid for it. I had no trouble entering the password twice to assign it, but I could never get the password right after that, probably because of my messy handwriting. Eventually, I had to perform a hard reset, which zeros out RAM and restores the device to its out-of-the-box state.

My second tip comes as a result of the trouble I experienced getting a Win2K desktop to recognize my Pocket PC sync cradle. If you have the same problem—even if you've been able to use your desktop with other USB devices—follow the instructions in the Microsoft article "How to Determine Which USB Controller Is Installed" (http://support.microsoft.com/default.aspx?scid=kb;en-us;q242860). After you identify your USB host, check it against the Win2K Hardware Compatibility List (HCL) at http://www.microsoft.com/hcl. For months, I've been using Intel's AnyPoint wireless-network USB adapter with my personal desktop. VIA Technologies' Universal Host Controller works fine with the Intel adapter but won't recognize the Compaq or Toshiba sync cradle. And yet the add-on Belden two-port USB-PCI card that I retrofitted to an older PC works just fine.

Obviously, you'll want to determine which USB cards you have in your organization's PCs—and check compatibility—before you contemplate a mass Pocket PC 2002 deployment. Whether Pocket PC 2002 is ready for such a deployment depends on your situation. Personally, I find the thought of individually configuring every device daunting, but it's clearly possible: When Microsoft launched Pocket PC 2002 in San Francisco last fall, companies such as Bechtel, Temple University Health System, and Office Depot were already rolling it out.