Extend responsibility for your system to trusted users

If you manage a large Windows NT environment, you need a complete staff of technicians whose sole responsibility is to administer your NT user accounts. Wouldn't it be fantastic if you could delegate limited NT administrator authority to users or groups of users so they could administer their user communities? Now, with Master Design & Development's Trusted Enterprise Manager (TEM), you can.

TEM is an add-on security product for NT systems that lets you create trusted managers. These managers use the authority you grant them to manage specific attributes of user accounts and global groups within their control. TEM can significantly offload the amount of user administration your central MIS staff must perform.

TEM does not alter your native NT security structure in any way. This characteristic leads to the question: How can you give an ordinary user the ability to administer other groups and users on the system without giving them NT administrator authority? TEM's secret lies in its client/server approach to managing your user environment. When a trusted manager implements a change, the product routes the change to a special TEM service that runs with NT administrator authority. The TEM service verifies that the manager has the authority to make the change and then issues stock NT API calls to implement it.

Installing and using TEM is a snap. It comes on CD-ROM, so installation takes only a few minutes. (TEM took 10 minutes to install on my home-built Micronics-based dual-Pentium II NT 4.0 Server.) Although you are not required to install TEM on your domain's Primary Domain Controller (PDC), you should install it there for maximum performance. After running the setup program, you must answer a few basic questions, such as who you are and what components to install. Depending on the components you install, several other groups of questions will appear for you to answer.

TEM uses two different programs to administer your user environment: TEM Admin (TEMADMIN.EXE) and TEM Client (TEM.EXE). TEM Admin lets you create trusted managers and assign managed users and global groups to each manager, as shown in Screen 1. TEM Client lets trusted managers administer their user environments.

After launching TEM Client, the program opens a window that provides detailed account information about your users and groups. A toolbar across the top of the window lets you access common TEM functions. For instance, you can delete users' accounts or reset their accounts in case of lockout (assuming you have been given the authority). You can also change their logon and profile information, the hours they can log on to the server, or their primary group.

TEM offers a wide range of reports to help you manage your environment. You can generate reports by user properties, group membership, and administrator assignments. You can print reports, or you can generate the reports in comma-separated or Microsoft Access formats for import into other applications to further manipulate the data.

I found only one drawback with TEM: its pricing structure. The software price depends on the number of users you're going to manage. This pricing structure makes the software of dubious value for smaller NT environments (managing a small NT database is not all that time consuming), but the product is worth the money if you operate in an enterprise environment (the high price tag is offset by even higher user administration costs). A free trial version of the software is available from the company's Web site, so you can try it to see whether it will save you time and money in your environment.

Trusted Enterprise Manager
Contact: Master Design & Development 925-946-2111
Web: http://www.mddinc.com
Price: $700 (50-user license)
System Requirements: Windows NT 3.51 or 4.0, 1.2MB of RAM per 1000 managed accounts