Manage directories from one console

You need all the features of Windows 2000's (Win2K's) directory services, but the OS won't be available for 6 months. In the meantime, you can manage your Windows NT environment with Entevo's DirectManage.

DirectManage is a software suite you can use to create and manage your NT systems in a directory services structure through an easy-to-use GUI interface. The program has two principal components: DirectAdmin, which is a directory management tool based on Microsoft's Active Directory Service Interface (ADSI) specification, and DirectScript COM Objects, which are scriptable Component Object Model (COM) objects that let you edit and view information about the resources in the directory services structure.

DirectAdmin lets you view and manage resources on your NT network. This program has an easy-to-use NT Explorerlike interface, which Screen 1 shows. In the left pane, under the heading NT Directory Services, is a treeview listing of all the machines DirectManage manages. You can expand and collapse the tree's portions.

You can use DirectAdmin to manage one or more domains in your organization. The product defines a domain as the parent container for users, groups, and computers. When you click a domain entry in DirectAdmin's treeview, a list of objects defined within the domain appears in the right pane. You can drag objects, such as users, from one domain to another with DirectAdmin. This function creates a new user in the new domain, but it doesn't transfer permissions. You must move permissions manually. You select Properties on the DirectAdmin menu to list and change information, such as the name of the domain and Primary Domain Controller (PDC), and delegation information. Delegation information includes a list of tasks, who can perform those tasks, and who can manage the object.

Delegation lets users other than administrators perform administrative functions, such as adding and deleting users within a domain. When you use delegation, users, groups, computers, files, and folders become securable objects. A securable object is an object that DirectAdmin maintains and that you can use the software to assign trustees and permissions to. You can assign four delegation permissions to trustees (trustees are key users with the ability to manage objects). The delegation permissions are Edit Properties (which lets the trustee change the properties of an object), Give Permissions (which lets the trustee assign permissions to others), Delete (which lets the trustee delete the object), and Full Control (which lets the trustee perform all delegation actions). You can also assign key delegation tasks to specific users. Tasks fall into six categories: account management (creating and maintaining users, groups, and computer accounts), password management (maintaining users' passwords and the system's password policies), privilege management (assigning tasks to other users), audit management (managing the domain's audit settings), group management (managing group membership), and resource migration (moving users, groups, and computer accounts across domains). Assigning users or groups task capabilities associated with an object provides greater flexibility than granting permissions to key securable objects.

DirectScript COM Objects is a collection of Microsoft COM objects. Application developers can use these objects in programming environments that support COM objects. You can obtain a list of properties of any of the objects DirectAdmin manages and edit them with DirectScript. DirectScript COM Objects comply with ADSI.

DirectAdmin lets you manage security and audit settings on all your files and folders from one location. Unfortunately, you must switch to Explorer to set security permissions. This limitation negates DirectAdmin's benefits for me.

Compared with other NT management tools, such as User Manager for Domains, DirectAdmin offers little additional functionality. However, DirectAdmin lets you use one interface. In addition, trustees can perform object administration tasks.

DirectManage's price depends on the number of users you manage. Volume discounts are available, and Entevo charges an annual maintenance fee of 20 percent of your total license fee. Compared with other products, this price structure is reasonable. You can download a trial version of DirectManage at the company's Web site.

DirectManage
Contact: Entevo * 703-524-1900
Web: http://www.entevo.com
Price: $19 per user
System Requirements: Windows NT Server or Workstation 4.0 with Service Pack 3, 16MB of RAM, 29MB of hard disk space