Many products offer a variety of useful remote control tools

Many modern competitive Windows NT Server applications, such as Microsoft Internet Information Server (IIS) and Microsoft SQL Server, include standard remote-administration tools. From an administrative support standpoint, if you use these tools, you might never need to revisit a server after you set up your system. But many tasks, such as installing a printer or changing driver settings, require you to locally log on to the server console. Some applications simply don't provide remote-administration capabilities, and you must log on to the server locally to install any program that lacks an unattended (or silent) install option. In some cases, the client console is more difficult to use than the server console or has a user interface (UI) that is less rich than the server's interface. Or you might need to remotely log on to a dedicated or colocated server at a Web hosting service. In all these circumstances, you can use remote control software to control the server from a client just as if you were logged on to the server locally. Remote control software links client and server: From the client, you see a window containing the server's UI, and you can send commands and keystroke combinations directly to the server.

The Players
I compared 10 remote control solutions from an NT Server 4.0 remote-administration perspective. I tested product features that relate to server administration and management, although most of the products' designs and marketing clearly concentrate on remote support (i.e., Help desk functionality) and training.

At first, I thought that NT Server 4.0, Terminal Server Edition (WTS) would be a strong alternative to these products, but WTS runs on a separate kernel with a separate set of service packs and patches and is overall an expensive way to run a system. WTS also has no potential as a Help desk solution. Windows 2000 Server Terminal Services might offer more remote control functionality than WTS, at least when the client and server are on the same domain. All versions of Windows 2000 Server (Win2K Server) come with at least a two-user (administration-mode only) license for Terminal Services. Although Terminal Services lessens the need to use third-party remote control products for administrative purposes, it can't replace these products' Help desk functionality because the server part of Terminal Services runs only on Win2K Server, not on Windows 2000 Professional (Win2K Pro).

An important market for these products is remote administration of dedicated and colocated servers at Web hosting services. Such a server's console is usually inconvenient to access locally, and remote control is the typical solution. I surveyed six participants from Windows 2000 Magazine's recent review of NT Web hosting services (see "NT Web Hosting Services," September 1999) and asked these companies how they enable remote administrative access to dedicated and colocated servers. Four of the services use Symantec's pcAnywhere (although two of these four let customers run a different program if they choose), one service makes no recommendation (customers decide which product to use), and one service uses a home-built administration console. (When I administered dedicated servers at a large national hosting service, I used Remotely Possible, which is now Computer Associates'—CA's—ControlIT.) When you remotely administer a dedicated Web server, you probably connect over the Internet, which can open a hole in your firewall. Most of the products in this review support direct-modem or ISDN connections, which might be more secure alternatives. Some of the products, including LapLink.com's LapLink 2000, support direct cable connections (e.g., USB), although such connections probably aren't practical solutions for a server. Several products support only TCP/IP as a network protocol, but some products also support IPX and NetBIOS.

All the programs (except Famatech's Remote Administrator—RAdmin—1.11) have text chat and file transfer modes. The text chat function, which isn't particularly useful in remote server administration, is a good example of a feature that targets Help desk functionality. (Many of the products also have a voice chat function, which generally isn't useful even for Help desks—few people have a networked computer but not a telephone.) But file transfer is a useful remote-administration tool, even when you can copy files across the network using Windows Explorer. All the file transfer programs I tested had a classic two-pane design (with the client and server systems set up for easy copying), which I find more convenient than Windows Explorer (in which you have to find the systems by searching through Network Neighborhood). File transfer also lets you use remote control to transfer a file even when a drive or folder isn't explicitly shared on the network. And if the server is at an ISP, you need file transfer because you don't log on to the domain and thus can't copy files over the LAN.

Most of the products also support remote printing, which lets you define a client-side printer as the target printer for programs running on the server. This service lets you print a file locally without having to transfer it first. If you don't have a client-side application that can read or print your data, this convenient service can be a necessity.

Two of the products (i.e., CrossTec's NetOp 6.0, and NetSupport Manager 5.0) even let you control your system through a Web browser. (Although pcAnywhere has an ActiveX control version, the version resides in pcAnywhere's Unsupported directory, and the product doesn't install this version by default or mention it in the documentation.) The products use a special browser plugin or ActiveX control. With the latter, you can administer the server from any client that runs Microsoft Internet Explorer (IE) 3.0 or later and that has network access to the server.

Some administrative tasks, such as clearing out temporary directories, are repetitive. Many of the reviewed products have scripting languages that let you automate such tasks. If you want to get fancy, you can define one command to connect to the server, log on, perform the task, log off, and disconnect. You can set a task in combination with NT's or the product's scheduler to occur at a convenient time—for example, in the middle of the night when the server's load is lightest.

You can run all the products as NT services and let the service answer connections even when no users are logged on. This option is essential for remote administration. Many of the products don't enable NT service by default, so you must be sure that you properly configure the server. Some of the products also require a separate setting that tells the server to accept connections; unfortunately, only a few of the products let you configure this setting during installation.

The products I reviewed have different ways of handling special keystroke combinations, such as Ctrl+Esc and Alt+Tab. (I liked ControlIT's method, which creates a special menu option for selecting these keystrokes.) Some products translate the keystrokes into strange equivalents (such as Alt+Right Arrow for Alt+Tab) or send all such keystrokes to the remote (server) application, making them less convenient for local (client) use.

Two vendors were unable to participate in this review. New versions of Compaq's Carbon Copy 32 (http://www.compaq.com) and Binary Research International's RemotelyAnywhere (http://www.binaryresearch.net) were in the development stage and not yet available for testing. If you need to make a purchase decision, you might want to check with these vendors to see whether their products are available.

The Process
To test these products, I used a dual-processor Compaq system with 192MB of RAM running NT Server 4.0 with Service Pack 5 (SP5). My client was a Micron P166 system with 96MB of RAM running NT Workstation 4.0 with SP5. The systems connected over 10Mbps Ethernet.

No standard terminology for remote control operation systems exists among the vendors. Windows 2000 Magazine refers to the remote control server as the server and the controlling client system as the client, but don't be surprised to see other terms (e.g., host instead of server, viewer instead of client) in product documentation.

In testing the products, I found that setting the server's screen resolution to be lower than the client's resolution let me view a full server screen inside a client window. Many of the products let you scale the image's resolution to the window's size, but this scaling looked odd. Keeping resolution and color depth low also can improve performance. Although I didn't test performance specifically, I perceived that some products were particularly fast or slow, and I mention these perceptions in the reviews.

The Verdict
I tested many good products for this review. To compare product features, see Table 1 online on Windows 2000 Magazine's Web site at http://www.win2000mag.com/articles, InstantDoc ID 8463. Although some products, such as Artisoft's CoSession 2000, had obvious problems, I can't single out one product as being clearly better than the others. Even RAdmin, which has limited capabilities, might be adequate for your purposes—and at $25 for a two-PC license, you have plenty of reason to try it. As I mentioned, all the products are also designed for training and Help desk functions. More significant, some of the products might integrate into another part of your network infrastructure, such as management software (e.g., if you're a CA Unicenter shop, you'd probably be better off with ControlIT).

Whichever remote control product you use, remember to be strict about security. These products expose powerful functionality that can give an intruder free and easy reign over your network.

ControlIT 5.0 Advanced Edition
ControlIT is probably the most complex product in this review because it includes a complete management system. ControlIT also integrates into CA's Unicenter TNG network management system.

ControlIT's server-side installation process was unusually involved, requiring many important decisions up front. You need to think about how you intend to use ControlIT before you deploy it: Do you want to remotely control a specific server, or do you want to set up a management system that can track remote control use across many systems? Depending on the answer, you can install either a Stand-Alone Remote Control Environment or a Managed Remote Control Environment. I chose the managed option, which installs on the server a management-information database and database-management software components. In such an environment, clients take configuration clues from the management software. I then had to explicitly enable the installation of Manager Components (i.e., Server, Database, and Administrative Consoles). By default, ControlIT selected the Agent Viewer (client-side software) and Agent Host (client). In the Advanced setup, you can choose to install the Unicenter TNG Framework, which plugs ControlIT into CA's larger Unicenter management framework. Even if you don't have Unicenter or a managed network, the ControlIT Manager Components will manage your ControlIT usage.

As part of the management software and database installation, I chose Microsoft Data Access Components (MDAC) 2.1 to be the data-access mechanism. MDAC lets ControlIT store management data (e.g., information about servers and users you permit to manage servers) in a JET database or on a SQL server. (You can use the MDAC Dbinit program to later change from one database back end to another.) Installing MDAC added a reboot in the middle of the installation. After the reboot, I had to restart the ControlIT installation and repeat the management and remote control software installation steps. This process seemed unnecessary and confusing.

The client-side installation process was similar to but much simpler than the server-side installation. I had far fewer decisions to make and didn't need to reboot.

With most remote control products, after you finish installation you can go directly to the client and start controlling your server. Not so with ControlIT. ControlIT's Discovery program had to query the local subnet for systems running ControlIT and populate the database with that information. Then I had to go into the Management Console, populate the user list with entries from the NT user database, and assign to appropriate users the right to remotely administer specific systems. The requirement to explicitly assign rights might be a good idea from a security standpoint, but I found this step inconvenient and confusing.

In many ways, ControlIT is a sophisticated and mature product, so I was disappointed with the insufficient documentation. Simpler products can get away with minimal documentation, but ControlIT needs more. Because of the weak documentation and Help (very little of which is context-sensitive), I needed assistance resolving most of the problems I had with the product. For example, I wanted to test the Replay feature, which records and plays back actions in a remote control session, but the record capability was blocked out of my preferences, both locally and at the Management Console, and the option to change this preference was disabled. Eventually, I determined that I needed to create and populate a user group, assign custom Computer Settings to the group, and select the Record sessions check box from those settings, as Screen 1 shows.

Although the poor documentation caused problems, this episode taught me just how powerful ControlIT's management is. You can give users or groups complete freedom, or you can dictate their settings. And ControlIT can synchronize its user and group database with NT's User Manager, so you don't have to maintain two sets of data.

I liked ControlIT's method of mapping special keystroke combinations. The software provides a menu option for selecting these keystrokes, which really simplified the process. Alas, ControlIT's full-screen mode isn't well thought out. This mode displays only the remote system, and I had a distressingly difficult time discovering how to return to non-full-screen mode. (A flash appears periodically in the upper-left corner of the screen; you must right-click this corner and select the Switch to Windows Screen menu option.) Neither Help nor the manual explains the process.

If you have many servers to administer, you need a product with strong management features. ControlIT clearly meets this need. And if you use the full Unicenter package, you can access remote control from other system features. For example, while managing the software inventory, you can identify a server and directly take remote control. Such integration is an advantage that is unique to ControlIT.

ControlIT 5.0 Advanced Edition
Contact: Computer Associates * 631-342-5224 or 800-225-5224
Web: http://www.ca.com
Price: Starts at $199 for two-PC support
DECISION SUMMARY:
Pros: Provides strong management functions; integrates into Computer Associates' Unicenter TNG management software
Cons: Complicated; difficult to manage and configure; insufficient documentation

CoSession 2000
Unlike ControlIT's software, CoSession 2000's server- and client-side software is entirely symmetrical. Installing CoSession 2000 was straightforward and uneventful. The product installed as an NT service but was initially set to manual startup. To automate the service, you can either go to Advanced Options, System Settings and select the Start CoSession on Computer Restart (as an NT Service) check box, or you can set the CoSession 2000 service to Automatic in the NT Control Panel Services applet.

CoSession 2000 won't accept connections until you enable security. A word of advice: Read the documentation before you try to enable security. In the security settings, you must create a user and assign rights to that user to make the product accessible. I noticed a minor bug in the code: The Dial-Back tab under the Dial-Back Settings sheet includes an area-code field that contains junk characters. If you visit the Dial-Back tab, you can't exit until you enable dial-back, clear the area-code field (or enter a valid area code), and disable dial-back. This kind of sloppy bug doesn't instill confidence in a product. But CoSession 2000 has a more serious problem. After you log off from a session, you have only two choices: You can either close the session or reboot the server. If you close the session, you can't reconnect until someone reopens the session locally at the server or until you reboot the server. In other words, to readminister the server without physically visiting the console, you have to reboot after every session—a strange and unreasonable requirement.

Regular use of CoSession 2000 is more tolerable than using the security settings or the logoff procedure. Experienced Windows users can figure out how to use the remote control. The product includes chat and file transfer features as well as a good variety of connection options (including IPX, NetBIOS, and any Telephony API—TAPI—device). Unlike the other reviewed products, the client's remote control window has a fixed resolution, so you can't resize the window. This restriction can make remote control difficult for clients with especially high or low resolutions.

If not for the notable problems I've mentioned, CoSession 2000 would stand out for its inclusion of the RecoverIT utility, which lets you save and restore system files (e.g., the Registry, boot.ini, autoexec.nt). RecoverIT is truly integrated with CoSession 2000. You control RecoverIT and remote-administration functions for the server from the main client window. Click the RecoverIT button to access the RecoverIT options, which Screen 2 shows. The Backup tab lets you create and name a configuration backup (RecoverIT also notes the backup date and time). The Configure tab lets you specify the files to back up, including autoexec.nt, boot.ini, config.nt, system.ini, win.ini, and the Registry. You can add other files, although the tab lacks a browse button. The Restore tab lists backups by name and date; you can select and restore a backup from this list. The Manage tab lets you delete or rename backups. The Advanced tab lets you schedule backups to occur at system boot or other specific times.

Many widely available tools (including Regback and Regrest in the Microsoft Windows NT Server 4.0 Resource Kit) let you back up system configurations, but RecoverIT lets you select and recover a backup directly from a client. To test the backup and restore, I made an initial server backup (which is a standard part of the CoSession 2000 installation process) and used RecoverIT to add notepad.exe to the backup as an extra configuration file. Next, I installed ActiveState's ActivePerl server scripting software on the server and associated the .pl extension with ActivePerl. I then deleted notepad.exe. From the client, I connected to the server and used RecoverIT to restore the original server configuration. After rebooting, I confirmed that notepad.exe was back on the server and that no association with the .pl extension existed. RecoverIT doesn't maintain the entire system configuration (for example, the files for ActivePerl were still on the server, as was the Start menu reference to ActivePerl), so you do need to know what you're doing if you want to restore a system exactly.

Combining a tool such as RecoverIT with a remote-administration tool is a good idea. If Artisoft cleans up the difficulties with CoSession 2000, it will be a top-notch tool.

CoSession 2000
Contact: Artisoft * 520-670-7100 or 800-846-9726
Web: http://www.artisoft.com
Price: Starts at $119 for two-PC support
DECISION SUMMARY:
Pros: Provides powerful RecoverIT function, which easily saves and restores server configurations
Cons: Requires a reboot after each remote session; contains several minor bugs

LapLink 2000
You might remember LapLink.com as Traveling Software, the best known company in the market for transferring files over serial and parallel cables. We have networks these days, but LapLink 2000 still ships with cables. I also received a USB cable for which LapLink.com typically charges $39.99. LapLink 2000 still has a great file transfer program (although it doesn't stand out from the pack anymore), and the company now offers a very good remote control product.

The installation screen gives options to Install LapLink 2000, Install LapLink FTP, Create Setup Disks, and View The Documentation (which reads Portable Document Format—PDF—files from the CD-ROM). During setup, I needed to enter a computer name; the field defaulted to the username under which I had logged on rather than to the NT computer name, which would have been more appropriate. The software asks during setup whether you want to set up remote printing, which LapLink refers to as print redirection.

After installation, you can make your system a LinkToNet computer, which lets other users dial in and use your computer as a gateway to the Internet through the system's LAN connection. Although this function isn't relevant to NT Server administration, it is a unique feature.

LapLink 2000 installs as an NT service by default (the program also installs a LinkToNet NT service, even when you aren't using the LinkToNet feature). But the service doesn't permit logons until you select the relevant check box in the Program Options dialog. (This procedure seems to be standard among the software I reviewed.)

By default, LapLink 2000's contextual Help comes up when you invoke many program functions. I liked this behavior at first, but it soon became distinctly annoying. Clearing the Quick Steps check box on the Help menu disables this too-helpful feature.

LapLink 2000 ships with a Quick Start Guide. A PDF User's Guide is on disk and is available separately in hard copy ($14.99). The User's Guide is pretty good; most of the reviewed products' manuals (including LapLink 2000's Quick Start Guide) either skim over a few introductory topics or simply parrot the program features. LapLink 2000's PDF User's Guide offers some functional how-to guidance.

LapLink 2000 lets you encrypt and in most cases compress data transmissions. Encryption creates a noticeable performance hit, however, and of the programs I reviewed, LapLink wasn't the fastest to begin with (although it certainly was fast enough for my needs). Compression is probably more useful on cable connections than on networks. Other standard features, such as text and voice chat, worked fine, and remote printing was a breeze. When you are defining connections to servers, you have many options for defining default characteristics of those connections, such as whether file transfer is available and what the default directory will be.

As for security, you can define a directory or address book of usernames and passwords that you permit to control the system. I like this option, but LapLink 2000 also provides an option to let anyone control the system—an exceedingly bad idea under all imaginable circumstances. And the product permits only 10-character passwords—a pointless restriction against good habits. In general, LapLink's security features are adequate, but the password restriction and the ability to open the system to anyone are problems waiting to happen. The former makes password tracking more difficult for users, and the latter is too dangerous to ever be a viable option.

Other features include LapLink Scheduler, which lets you schedule programs to run at specific dates and times but is less powerful than the scheduler that comes with IE 5.0. LapLink 2000's Xchange Agents (a fancy name for synchronization definitions) let you define folders on the client and server (or multiple folders on one machine) that you want to synchronize, and LapLink makes the copies and notifies you of any conflicts.

LapLink 2000 lets you publish your server name—usually an email address or something similarly recognizable and unique—on a public Internet server (e.g., ils.laplink.com), as Screen 3 shows, so that users can find the server name in that site's directory. At first this option seems risky, but in the context of remote server administration, the option lets you administer your server over any Internet connection. When you enable this option, you must rely on both NT and LapLink security to lock out unwanted visitors, and because the server is accessible over the Internet, you probably need a firewall. You can perform administration over the Internet with any of the products in this review, but only LapLink 2000, Netopia's Timbuktu Pro 32, and pcAnywhere support a public directory.

LapLink.com still has its heart in the cable-connection world and needs to take a more careful approach to security. Despite that, the company has created a good general remote control program with unique features.

LapLink 2000
Contact: LapLink.com * 425-483-8088 or 800-343-8080
Web: http://www.laplink.com
Price: $169.95 for one user license (permits use on up to three PCs)
DECISION SUMMARY:
Pros: Includes cables; supports directory services; remote printing is quick and easy; documentation is helpful and detailed
Cons: Has some inadequate security and configuration features; seems slower than other products

NetOp 6.0
NetOp 6.0 isn't the most feature-packed program in this review, but it's very good at what it does. The product's most interesting features seem geared toward Help desk usage, but NetOp also does a good job with server administration.

Installation was uneventful, and NetOp let me choose to create 3.5" installation disks. When you enter the program and choose a transport protocol, your choices include both Internet and TCP/IP. The Internet setting has a selected Optimize for the Internet check box. (CrossTec said this setting optimizes the software for performance on the Internet, but I couldn't detect a difference after accepting the option.) If your network is complicated enough to warrant custom communications profiles, you can create them by making changes to TCP ports and the local subnet. For example, if you use one or more proxy servers on your network, you can specify them in the Connection Properties sheet and potentially improve performance. You also need to use the server's Connection Properties to tell NetOp to answer calls.

In the client's Connection Properties, you can set a similar variety of options (e.g., change the number of colors; enable or disable wallpaper, active desktop, and animations). One option lets you easily set the product to run as an NT service. The Options sheet lets you make other changes, such as whether the server will reboot after a client disconnects. (Many of the other products also include this option.)

The manual isn't skimpy and had everything I looked for. The online Help system is also very good.

NetOp has a scripting facility that lets you automate certain operations, such as file transfers. The product provides an ActiveX control that you can script in Visual Basic (VB), VBScript, or one of several other programming languages. The Help system includes a six-line VBScript sample to dial up the server, synchronize a directory on the server with a directory on the client, and disconnect. You can easily modify this script to perform many other useful tasks, and you can schedule the script in the Windows Task Scheduler to run during off-peak hours.

For Help desk usage, NetOp has an interesting Help Request feature that lets you set up different users as contact points for specific problems, then use NetOp to obtain support by sending a Help request to the designated user. (You can access Help Request through the Program Options sheet, which Screen 4 shows.) CrossTec also sells the NetOp Gateway, which provides one dial-in/dial-out point that clients can use to access appropriate systems to control. This ability is as useful for remote administration as it is for remote support. The gateway includes a security system, although CrossTec also sells the NetOp Access Security Server, which provides a private security system for NetOp users and systems. The NetOp Log Server, a separate product, provides a central location on the network for logging all NetOp product usage.

NetOp is a good product with many strengths, especially in scripting. If you have sophisticated scripting, security, or logging needs, you can do well with this product.

NetOp 6.0
Contact: CrossTec * 561-391-6560 or 800-675-0729
Web: http://www.crossteccorp.com
Price: Starts at $165 for two-PC support
DECISION SUMMARY:
Pros: Includes ActiveX control, which lets you externally script remote control; provides good documentation and online Help; offers sophisticated scripting capabilities
Cons: Security and centralized management features sell separately; lacks many standard functions

NetSupport Manager 5.0
The most powerful programs are often the most confusing, as NetSupport Manager illustrates. Although probably the most powerful product I reviewed, this program insisted on functioning in an obscure way. Much the same way that the X graphical system reverses the use of the terms client and server, NetSupport Manager calls the server the client and the client the control system. These terms are ambiguous at best and counterintuitive at worst.

Installation was unremarkable. At the end of the server-side setup, NetSupport Manager asked whether I wanted to run Configurator, which lets you set server options and test network connections. Configurator's Transport tab lets you use TCP/IP, IPX/SPX, or NetBIOS to configure connections. Because I had enabled only TCP/IP on my system, Configurator enabled only TCP/IP configuration. (Many of the other products also enabled configuration for uninstalled protocols, presumably because the products' management tools couldn't dynamically detect which protocols I'd installed on my system.)

Configurator has many options (the dialog box I saw had more than a dozen tabs) but was easy to use. As with other products, you can use NT security or NetSupport Manager's private security. In addition to letting you specify passwords for client access, Configurator lets you specify security keys, which in essence are supplemental passwords. You can remotely control the server only when the client and server's security keys match. You can tell NetSupport Manager to use the serial number as a security key, or you can choose a longer key. The program stores the keys in an undesignated location. I'm not sure exactly how much more secure this process makes the system, but the process does increase the likelihood that a breach of physical security would be necessary to threaten the security of the remote control system. Finally, Configurator can disable several features, such as remote rebooting, Registry access, and file transfer. Viewers can also gain dial-in server access through NetSupport Manager (many other products make this an added-cost product). On Configurator's Dial-In Bridge tab, you can define which protocols are accessible and how (or whether) the product will support dial-back.

Client-side configuration was simpler than server-side setup. The network protocol information was similar to the server's protocol information, and I could browse for servers (which the software calls hosts in this option). I found my server, created an entry for it, and clicked on the entry, which put me in the remote control interface.

The NetSupport Manager printed documentation is 235 pages, but it consists mostly of rote descriptions that aren't very helpful in explaining product features. The documentation includes a table of contents but no index—a big problem in a manual of this size. Furthermore, the grammar is pretty bad at times, although the manual usually gets the point across.

The program is simple and clean, and it worked well. The full-screen mode operates differently from the other products' full-screen modes, which center the remote screen and add a blank border to fill out the client's resolution if it's lower than the server's resolution. NetSupport Manager justifies the remote system's window at the top left of the display and leaves the client system's display visible below that window. So although local keystrokes go to the server system, you can still see parts of the local client system. Some users might prefer this design, but I found it distracting.

NetSupport Manager offers a scripting facility that stands out from the competition's. You can use the scripting facility's scheduler, Scripting Agent, to schedule scripts to run at specific times and on a recurring basis (e.g., to periodically connect to your servers and analyze them for free disk space). The language is VBScript (or a close variant), with special functions and data structures relevant to NetSupport Manager's operation. For example, a GetConnectedClients function returns a list of clients connected to the system. You can create a script to find and delete temporary files on those clients or check whether certain files are up-to-date. The scripting language is far more complex than the other reviewed products' languages, which resemble batch languages and are probably far easier for a nonprogrammer to pick up. But compared with the other products, Scripting Agent is capable of more complex task sequences.

NetSupport Manager also provides a simple ActiveX control version of the client-side software (Stac Software's ReachOut Enterprise 9 is the only other product that offers this feature). The server can act as a simple Web server, and NetSupport provides an example browser interface, which Screen 5 shows, through which you can control the server. Most of the fancy controls (e.g., scaling the image to the client's resolution) that are available in the standard client program are unavailable in the ActiveX version. (ReachOut's browser software has more functionality and is available as a Netscape plugin.) However, the ActiveX option is still worth having, if only so that you can use any client PC on the network (even PCs that don't have installed client-side NetSupport Manager software) to control your system. This option doesn't work when you take advantage of the security key feature, however.

NetSupport Manager includes a primitive hardware and software inventory feature. The product automatically populates the inventory with system hardware and software information that it obtains from each client's Properties sheet. But the inventory lists only names, many of which are useless. For example, according to the inventory, I had VGX, IE_EXTRA, fontcore, and AddressBook software packages on my client, but I'm not sure to what software these entries referred. The information that the inventory supplied about my video adapter was simply a stream of hexadecimal values. If you're concerned about inventory, you need a real management package.

NetSupport Manager is the first program I've seen that has a UI that is partially accessible even before you log on to NT. A minimized taskbar icon on the logon screen lets you access several basic operations. NetSupport claims that these operations can support users who experience problems before logging on, but none of the options seemed functional to me. I didn't think that this type of operation was possible, and I found it more scary than useful.

Despite these questionable features, NetSupport Manager is one of the most powerful remote control packages I've seen. This product is a good choice, especially if you need a powerful scripting language.

NetSupport Manager 5.0
Contact: NetSupport * 770-205-4456 or 888-665-0808
Web: http://www.netsupport-inc.com
Price: Starts at $189 for two-PC support
DECISION SUMMARY:
Pros: Provides powerful configuration and centralized management; ships with built-in dial-in bridge; provides browser access; includes an excellent scripting facility; includes client-side ActiveX control
Cons: Uses confusing terminology; documentation is poorly written

pcAnywhere 9.0
pcAnywhere is the most popular product in the remote control market, if my informal survey of Web hosting services is any indicator. Purely from a feature standpoint, the software can do a lot, although I ran into problems (one of them significant). At press time, Symantec had released pcAnywhere 9.2, but the new version wasn't available in time for my review.

The main installation menu has options to install old versions, generate 3.5" installation disks, view the manuals, and install Adobe Acrobat readers and Symantec demonstration software. The Install Current Software menu lets you install pcAnywhere, a Check Point Software Technologies VPN client for NT or Windows 9x, and the Yahoo! Pager, which is Symantec's response to other products' text and voice chat. The standard pcAnywhere product includes a Norton AntiVirus scanner for file transfers.

To install a server, you choose the Advanced option in the installation program and select the Host option. You can also choose to install the Host Administrator, which is a Microsoft Management Console (MMC) snap-in that lets you use MMC-based administration tools to administer pcAnywhere. After setup, pcAnywhere automatically brought up LiveUpdate, which is Symantec's process for automatically updating its products through the Internet or a dial-up connection. LiveUpdate found two updates for pcAnywhere (one to version 9.0.1 from version 9.0.0, the other a special security update that LiveUpdate described as "minor") and updates to the Norton AntiVirus engine and virus definition files. LiveUpdate is a unique feature for this product category. pcAnywhere supports connections over all popular network protocols, ISDN and conventional phone lines, direct cable (a parallel cable came in the box), and even infrared.

As did several other reviewed products, pcAnywhere installed the NT service by default but enabled only manual service startup. Unlike the other products, I needed to select not one but two check boxes (i.e., Run as a service and Launch with Windows) to enable the service to load and answer requests from clients.

pcAnywhere required me to complete more configuration steps than did any other product. I was disappointed that Symantec didn't consolidate all the options into the Host Administrator. The Connection icons' properties for both hosting and controlling were complex, and I still had to navigate the Application Options, Network Options, and Logging Options dialog boxes.

Host Administrator's initial configuration let me browse the local domain to see what systems were available and verify that the pcAnywhere management agent was running, as Screen 6 shows. Unfortunately, Host Administrator locked up my server each time I tried to verify a system. After consulting with Symantec and experimenting with the software, I found that Host Administrator worked correctly only when I used the /onecpu option in the boot.ini file to disable the second processor in my dual-processor Compaq. I'm sure this isn't a general problem with multiprocessor systems, because pcAnywhere is so popular that the bug would be famous. Even if the problem is specific in some way to my configuration, I can state from personal experience that such problems are rare on my system, which strongly suggests that Symantec is responsible.

The Administrator's Guide (included in PDF on the CD-ROM) describes the administrative capabilities of pcAnywhere and Host Administrator in great detail. The rest of the documentation, including the hard-copy User's Guide, was well written and organized. The User's Guide doesn't just parrot menu options but clearly explains their functions and includes special mention of NT where appropriate.

The program has a good-looking scripting language with a learn mode for recording scripts. I prefer remote control-product scripting languages that choose ease of use over power, and I thought that pcAnywhere took the right approach. The language doesn't require structure (although you can add structure to it) and lets you easily write simple command sequences.

pcAnywhere can log a variety of events to the NT event log or to a central pcAnywhere server. SNMP logging is also available, or you can combine these options. As with other reviewed products, you can record and play back sessions. You can configure pcAnywhere either to authenticate users or to use NT user and group authentication. If you lose a connection, the server can optionally enter a waiting-for-reconnection state to which only the disconnected caller (or a caller with supervisor rights) can reconnect. You can set this state to be active for a specific number of minutes.

Like NetSupport Manager, pcAnywhere supports system lookups in Lightweight Directory Access Protocol (LDAP) directories. A special Help menu supports product configuration for Novell NetWare 5.0 and Netscape Directory Server. The product integrates with network management tools such as Tivoli TME, CA Unicenter, and Microsoft Systems Management Server (SMS). You can also set up a system to be a dial-in or dial-out gateway, so that the system can share connections into or out of the network. (NetSupport Manager's similar feature functions only as a dial-in gateway.)

This program is the clear market leader and a good product. But pcAnywhere isn't necessarily superior to the other products I review here, and whether it's right for you depends on your needs. For example, your hosting service might require you to use pcAnywhere, or you might prefer to deal with a large, well-known company such as Symantec.

pcAnywhere 9.0
Contact: Symantec * 408-253-9600 or 800-441-7234
Web: http://www.symantec.com
Price: $169.95 for two-PC support
DECISION SUMMARY:
Pros: Provides a wealth of features, including central management and good scripting; uses LiveUpdate to provide easy access to fixes
Cons: Host Administrator locked up; complicated, unconsolidated configuration steps

Proxy 3.0
Funk Software sells a family of management software products, of which Proxy 3.0 is one. As a standalone remote control program, Proxy doesn't stand out, but it is a competent product that is probably adequate for most administrators.

Installation on both server and client (Funk Software calls the client the master and the server the host) is simple. From the client, you can poll the local subnet for server systems. Proxy uses the results to place system names in an address book, simplifying future connections. On the server side, a separate program called the Proxy Host Control Panel lets you perform some server configuration, set clients' rights to change settings on the server, and abort sessions.

Proxy comes with separate printed manuals for the client and server. NT doesn't get a lot of treatment in the manuals because using the product is simpler in NT than in other OSs. NT users will find the documentation adequate but less than comprehensive. Fortunately, Proxy's Help system is good, or I might never have figured out some features, such as how to send a Ctrl+Alt+Del to the server (Ctrl+Alt+Backspace—I definitely prefer ControlIT's method of listing such keystroke combinations in a menu).

Remote printing with Proxy was simple and worked well. You can connect over TCP/IP, IPX/SPX, or a direct modem if you explicitly install it (the software doesn't provide a NetBIOS connection). The Proxy client window is simple, with only a few icons and menu options. The client window lets you change font characteristics and a few other options, such as whether the program will poll the network when you open the Connect dialog box.

One interesting and unique option lets you select a rectangular portion of the server's screen and send it to the client's clipboard. Most other products can share only whatever happens to be on the clipboard. Unfortunately, Proxy's function can send only graphic images, not text or other rich data.

Proxy comes with more security options than most of the other products. Many of these options are more relevant to client control than to server control. For example, the option to let a local user at the server deny a connection, which Screen 7 shows, isn't relevant to remote server administration, in which the administrator is both the remote control user and the local user. I didn't see an option to restrict access to certain network addresses.

Proxy is on the expensive side for low-volume licenses, but the cost per system drops dramatically for high-volume licenses. If you plan to use Proxy on numerous systems, you might need to consider buying the Proxy Remote Control Gateway, which adds record and playback options (which are standard in some other products, such as ControlIT and NetOp) and centralized management capabilities (which also are standard in ControlIT).

Proxy 3.0
Contact: Funk Software * 617-497-6339 or 800-828-4146
Web: http://www.funk.com
Price: Starts at $175 for two-PC support
DECISION SUMMARY:
Pros: Includes a good central management program; provides strong security configuration
Cons: Has a somewhat nonintuitive user interface; doesn't provide many standard useful features

Remote Administrator 1.11
RAdmin stands out from the pack of remote control products because of its simplicity and low price. In this case, however, simplicity might be a euphemism for lacking in features. Nevertheless, the program can do the job, and at $25 per copy, the price makes the program tempting.

Installation uses the Install Shield routine, but RAdmin has the sense to let you run the product as an NT service by default. I'd like other vendors to take this lesson from Famatech. Unfortunately, RAdmin is available only from the Internet as a 685KB download with paid registration. Support is available only through the Web site and email. Documentation exists only on the Web site and consists solely of a three-page FAQ and a six-page Documentation file.

Famatech claims that RAdmin is "150 times (!!!) faster" than the competition, which sounds like hyperbole, although the product did seem snappy. But RAdmin is missing some features, making it difficult to use on larger networks. This bare-bones remote control program doesn't have a chat feature, a file transfer mode, or even a Help file. RAdmin requires you to know the IP addresses of the systems you're administering and works only with TCP/IP. (All other reviewed products offer you system names at least, and most offer additional protocols.) And RAdmin can't display screens running in full-screen text mode.

The UI, which Screen 8 shows, is also the simplest of all the programs I reviewed. The window has no special buttons or menus. To access the few available functions (e.g., to send a Ctrl+Alt+Del to the server, to obtain information about traffic utilization or connection properties), you must access the system menu from the top-left corner of the main RAdmin window or right-click the title bar. A separate option lets you choose to use Data Encryption Standard (DES) to encrypt communications.

In some cases, RAdmin might be useful despite its limitations. The light load that the program imposes can be desirable for a taxed server, and the program has all the necessary functions for remote administration of a Web server (assuming that the server also runs FTP so you can transfer files). RAdmin includes a Telnet mode (full-screen text mode session only) that is very fast indeed. And you can impose an IP filter on the server so that the server will grant control to only certain IP addresses. The complete absence of management features makes RAdmin useless for Help desk functions, but the product can be a cheap and easy way to remotely administer a server.

Remote Administrator 1.11
Contact: Famatech * sales@famatech.com
Web: http://www.famatech.com
Price: $25 for two-PC support
DECISION SUMMARY:
Pros: Inexpensive; easy to use; fast
Cons: Lacks features available in other reviewed products; has inadequate documentation

ReachOut Enterprise 9 (beta)
By the time you read this article, ReachOut Enterprise 9 should be available. The version I tested was a beta. (I also tested ReachOut Enterprise 8.42, but that version will be unavailable after ReachOut Enterprise 9 ships.) I liked a lot of what I saw, but the beta version had no documentation, and much of the Help system was incomplete. I also ran into features that didn't work.

ReachOut Enterprise 9 is an interesting product and shows significant improvements over ReachOut Enterprise 8, with which I've had many problems. The new version supports Windows 2000 (Win2K—as do many other products here) and has a command-line interface and a new UI that makes ReachOut Enterprise 9 consistent with Stac's other management products.

To connect from the client, I first needed to create a new connection over one of the available transports (e.g., network, modem). When I selected the Show available ReachOut computers check box, the software listed the available ReachOut servers on the network. After I created the connection, I right-clicked the Connection icon and selected Properties, which brought up a dialog box reminiscent of the Windows Dialup Networking dialog box. From the dialog box, I specified the username and password for the connection. Unlike the other products in this review, ReachOut effectively presses Ctrl+Alt+Del keys for you so that when you try to establish a connection to a server that isn't logged on, you find yourself back at the username/password/domain prompt.

The most significant improvement in ReachOut Enterprise 9 is a new centralized management program called eXpressAdmin. Like ControlIT's Management Console, eXpressAdmin maintains a database of settings that you can dictate to clients. You can also use eXpressAdmin to create a group of settings that ReachOut's setup program will then apply to a new client installation, as Screen 9 shows. One setting creates an automated unattended installation, so with a little work you can effectively push customized product installations to client PCs. The management program mainly configures ReachOut security settings, such as whether users can use dial-back or change their own settings and whether the server must reboot after a session. Configuration settings also let you define which protocols (e.g., IP, IPX) are available on the client and disable wallpaper and animations.

The client-side UI is comparatively simple and has all the essentials, such as clipboard sharing. In addition to the usual remote control and file transfer functions, ReachOut includes a copy of McAfee VirusScan for checking file transfers. ReachOut supports special key combinations, such as Alt+Tab, but maps them to strange alternatives. For example, Alt+Right Arrow, rather than Alt+Tab, browses forward through a list of applications running on the server; Alt+Left Arrow moves backward through the list. I hope that the ReachOut Enterprise 9 documentation and Help files mention these keystroke alternatives; I couldn't find them in the ReachOut Enterprise 8.42 documentation.

ReachOut's scripting language is well designed—simple and batchlike. This language probably isn't useful for writing large and complicated programs, but I've used it successfully for short, simple scripts.

ReachOut provides Passport, an ActiveX control and Netscape plug-in version for the client, as well as special Web-server software. Although not as rich as the regular nonbrowser ReachOut client, Passport is much richer than NetSupport Manager's browser client. Passport requires a separate installation program that is in a separate subdirectory of the installation disk. The Netscape plugin is a strange option. Because plugins don't load dynamically from the server, they don't have the ActiveX advantage that lets you control a server from any IE browser without installing special software. If you have to install the plugin, why not just install the ReachOut client? I can't think of a good reason to use the plugin instead of the client.

ReachOut's security integrates with NT's security, so you don't need to maintain two user databases. The software's program group contains a link to NT User Manager or User Manager for Domains. In User Manager, a ReachOut button on each user's User Manager Properties interface opens a Properties sheet for that user's security settings. The program's security settings also let you specify whether ReachOut must authenticate a user against the client or against a specified domain.

I can't make a firm recommendation for ReachOut based on the beta version. The beta has problems, but ReachOut also has some powerful features, such as eXpressAdmin and Passport.

ReachOut Enterprise 9 (beta)
Contact: Stac Software * 858-794-3741 or 800-522-7822
Web: http://www.stac.com
Price: Starts at $170 for two-PC support
DECISION SUMMARY:
Pros: Provides browser-based access; includes centralized management program; provides client-side ActiveX control
Cons: Beta was incomplete and unreliable

Timbuktu Pro 32
Timbuktu has been around for many years and has evolved into one of the more complex and enterprise-specific products in the market. (At press time, Netopia had released Timbuktu Pro 2000, but this version wasn't available in time for me to test for this review.) The software is very manageable and does a lot of the big jobs well, but it fails on many little tasks. The first bad sign was that the installation program's button to view the release notes failed to open the file. As with the other problems I encountered with Timbuktu, this problem wasn't tough to work around, but numerous small problems can be as annoying and time-consuming as a few big problems.

Netopia distributes Timbuktu primarily through its Web site. I used Netopia's Timbuktu Pro Enterprise Resource Center Web site, which is usually available only to Enterprise customers (i.e., customers with 100 or more seats). At this site, you can find a variety of installers for different program versions and platforms. You can also find software to interface Timbuktu to third-party management programs, such as SMS or Tivoli TME. Timbuktu can also interface to Remedy's trouble ticketing system. Smaller installations will have fewer options and more difficulty accessing updates and third-party connectivity.

The software ships with two PDF manuals: the 6-page Timbuktu Pro 32 At a Glance and the 84-page Getting Started With Timbuktu Pro 32. Both are very good, and the smaller manual covers all the program's major functions. The Help system is extensive and completely Web-based but rarely context-sensitive. Sometimes I could access Help by pressing F1, sometimes not. When F1 did work, it usually took me to the Help system's home page—a common failing of Web-based Help and one that makes programs difficult to learn.

The client-side software is extremely simple—so simple that it lacks many features. Common functions, such as clipboard transfers and local control of special key combinations (e.g., Alt+Tab), are absent. (By default, Timbuktu sends most special key combinations to the server, which in turn makes using the client more difficult.) And the only way you can work with Timbuktu at all is with a TCP/IP connection: The product doesn't support IPX/SPX, NetBIOS, or any other protocol.

Timbuktu's default server-side security settings don't permit remote control. From the client, you can only bring up a FlashNote window to send a message and files to the server or use the Notify feature to bring up a simple dialog box containing a message on the server. You can request remote control, but a local user at the server must use the dialog box to acknowledge and permit requests, or you must first log on to the server locally and change Timbuktu's security settings to permit remote control.

Timbuktu offers four methods for accessing server systems: address books (you can maintain several), a list of recent connections, a list of TCP/IP connections, and a list of entries from an LDAP server. I didn't test the LDAP feature, but for LDAP-enabled networks, it might offer a manageability advantage. Timbuktu also supports public LDAP and Microsoft Internet Locator Service (ILS) networks. An option to log events to the NT event log is another management advantage.

The address book has some strange problems. The Help described an Add New Address button, which doesn't exist. To create a new address book entry, I had to click the Copy to Address Book button to copy an existing entry, then edit the information. Or, you must manually create a connection to the server's address, view the connection entry on the program's Recent Connections tab, and add that entry to the address book. You can also get entries from the LDAP directory, if you have one. Unlike the other products, Timbuktu doesn't have a facility for populating the address book by scanning the local network, making address book population even more indirect and cumbersome. I easily overcame this problem by typing in IP addresses, but I wanted Netopia to fix the problem in the first place.

Timbuktu has a small advantage in helping the user to locate server systems: You can use Network Neighborhood or Windows Explorer to view a list of servers, then right-click a server name to access a Timbuktu Pro pop-up menu, as Screen 10 shows. From this menu, you can send a file, take direct control of the server, or carry out a few other common functions. This functionality makes Timbuktu Pro more convenient than other products for users who prefer to work with standard Windows facilities.

Timbuktu does have one cool UI feature: By default, the software enables autoscroll, which scrolls the contents of the remote control window when you move the mouse. For example, the remote control window didn't display the entire server screen, so I moved the mouse below the bottom of the window to scroll down the window. This option is easy to disable, but I quickly saw its value.

Timbuktu has some strengths, but many of the software's shortcomings bothered me. If you already work with one of the third-party products (e.g., Remedy) with which Timbuktu integrates, you might consider Timbuktu, but otherwise you can do better with another product.

Timbuktu Pro 32
Contact: Netopia * 510-814-5000 or 800-485-5741
Web: http://www.netopia.com
Price: Starts at $129.95 for two-PC support
DECISION SUMMARY:
Pros: Provides Lightweight Directory Access Protocol support; integrates with Netopia's management software
Cons: Has an inadequate Help system; address book implementation is awkward; offers fewer update and connectivity options for small installations (fewer than 100 seats)