Choose your solution
Much of the work we do involves interoperability and security, and the sites that call on us usually mix UNIX, VMS, and AS/400 systems with Windows NT. These sites frequently request help in administering NT networks remotely from UNIX or AS/400 systems. The site administrators typically control or manage remote systems with Telnet sessions, applications that run on X terminals, mechanisms such as NIS/NIS+, or tools such as Network Shell. Although NT provides excellent management mechanisms through administration tools and wizards, the Microsoft Management Console (MMC), and the NT domain structure, these approaches work seamlessly only if you have a homogeneous NT network. In addition, most of the Microsoft documentation seems to focus on managing networked PCs.
So what can you do remotely—for example, from a Telnet session—on an NT computer from a UNIX or an AS/400 system if you don't want to load extra software on your UNIX and AS/400 machines? What can you do remotely with a regular TCP/IP connection and normal TCP/IP-based services such as remote procedure call (RPC), Telnet, or the r-command utilities? Can you run any useful commands remotely? Microsoft designed NT to be a single-user multitasking system, so can you perform remotely on NT the kinds of operations that are common on a UNIX or AS/400 machine? The answer to all these questions is anything that you can do remotely on UNIX and OS/400 from a UNIX or an AS/400 system you can also do on NT. Installing third-party software on UNIX or AS/400 systems is not necessary. NT's support for standard protocols lets you accomplish a comprehensive set of administrative tasks on NT systems remotely from other OSs.
In this article, we examine the types of NT tasks that you can administer remotely from non-Windows systems using a variety of methods, none of which require you to install software on your non-Windows systems. We describe how to use Telnet Server on NT and Net commands, the Remote Shell service from the Web Administrator for NT Server 4.0, and the third-party Network Shell tool.
Remote Administration Through Telnet
The first step in remotely managing an NT computer through Telnet is to install the Telnet daemon (Telnet Server) on an NT server. UNIX and AS/400 systems typically contain the Telnet client. You can install the version of Telnet Server that the Microsoft Windows NT Server 4.0 Resource Kit includes or the version that the Windows NT Services for UNIX Add-On Pack includes. Third-party Telnet daemons (e.g., InterAccess TelnetD 4.0 for Windows NT from Pragma Systems, http://www.pragmasys.com; SLnet 2.5 from Seattle Lab, http://www1.seattlelab.com/ slnet; and Ataman TCP Remote Logon Services from Ataman Software, http://www.ataman.com/ products.html#atrls) provide additional functionality, including better logging facilities and a more complete implementation of the Telnet protocol.
Let's begin by looking at what you can do with Telnet Server, and at the advantages and disadvantages of using Telnet to remotely administer NT. The ability to start and stop commands from a Telnet client on a UNIX or an AS/400 computer is helpful when you have a few NT servers in a predominantly UNIX environment. This solution precludes the necessity to install software on UNIX or AS/400 computers. Unfortunately, however, because you're using Telnet, you must accept the security vulnerabilities associated with Telnet (e.g., anyone with a protocol analyzer on your network can capture the usernames and passwords that transmit in the Telnet session).
The documentation that comes with the resource kit clearly describes the straightforward Telnet Server installation process. To install Telnet Server, log on to the NT server with administrator or server operator privileges, and select the Services tab in the Control Panel Network applet. Add a new service, but instead of selecting from the list of default services, click Have Disk. By default, NT will assign drive letter A to the disk. However, if you've installed the resource kit on another drive (e.g., the F drive), enter
F:\ntreskit\telnet
at the prompt. Alternatively, you can copy the following files from the resource kit and keep them on a 3.5" disk: rsmsvc.exe, telnetd.exe, oemsetup.inf, and rsmlogin.cmd. Whether you choose to assign a drive or copy the files to a 3.5" disk, after you enter the path containing the files and click OK, you'll see the Select OEM Option dialog box, which Screen 1 shows.
If you do not see both Remote Session Manager and Telnetd Service Beta (Inbound Telnet) in the dialog box, you need an updated version of the oemsetup.inf file. You can download an updated file from ftp://ftp.microsoft.com/ bussys/winnt/winnt-public/ reskit/nt40/
telnetd.
Click OK to install Remote Session Manager, then click OK to install the Telnetd service. Reboot after installing the Telnetd service.
If you want your Telnet users to run a login script, consider modifying the rsmlogin.cmd procedure. The rsmlogin.cmd file is the default global login script and has the following relevant commands:
cd %homedrive%%homepath% /d
if exist %homepath%\rsmlogin.cmd call %homepath%\rsmlogin.cmd
If you're used to UNIX or AS/400 systems, notice the /d flag in the cd command. The /d flag lets you change the drive as well as the directory; %homedrive% and %homepath% are the drive and directory path, respectively. Also note that NT supports filenames with embedded spaces. For example, you can type
cd E:\Program Files /d
to change the drive and directory path to E:\Program Files from a different drive and directory.
When you enable command extensions, you can (among other things) run scripts with For loops and enable conditional processing. To see a complete list of the commands you can run on Telnet sessions, type
Help
after you're logged on to the NT system through the Telnet session. Although the MS-DOS command language in NT is not as rich as the various shells in UNIX environments, after you enable the command extensions, the old batch command language does have some real power. By default, NT enables command extensions and sets the extensions via the EnableExtensions (type REG_DWORD, value 1) Registry entry in HKEY_CURRENT_
USER\ Software\Microsoft\ Command Processor.
You can remotely enable and disable command extensions by using cmd /x and cmd /y, respectively. You can run any of the commands as if you are at the MS-DOS command prompt. For example, you can check the services running on an NT computer and start or stop any of them from a Telnet client running on a UNIX computer. You can also run commands such as Chkdsk and Tree. Figure 1 shows a Telnet session in which the administrator starts various NT services on an NT server from a UNIX computer.