Subscribe to Windows IT Pro
March 23, 2000 08:35 AM

Web Administrator 2.0

L. J. Locher
Windows IT Pro
InstantDoc ID #8431
Rating: (0)
Remotely administer your servers

When you're away from your servers and workstations, Web Administrator 2.0 for Microsoft Windows NT Server 4.0 lets you perform limited administrative tasks. Web Administrator is a tool that lets you use HTML Internet browsers running on Windows, Macintosh, or UNIX to remotely administer NT servers. You can download Web Administrator from the Microsoft Web site at http://www.microsoft.com/ ntserver/nts/downloads/management/ ntswebadmin/default.asp. I find Web Administrator very easy to use.

To install Web Administrator on your NT server, the server needs to be running NT Server 4.0 with Service Pack 3 (SP3) or later and Microsoft Internet Information Server (IIS) 4.0. You can install Web Administrator on PDCs and BDCs. When you install the Web Administrator software on the server, the server publishes Web pages that include the necessary forms for administering that particular server. The program installs the Web Administrator files into the server's %inetsrv_root%\wwwroot\ntadmin directory. The installation is simple, uses intuitive wizards, and takes less than a minute to perform. Before you begin to use Web Administrator, you need to decide how you want to set its security, which you configure through the IIS Microsoft Management Console (MMC) snap-in.

Setting Up Security
To configure security for Web Administrator, launch Internet Service Manager (ISM). Select Start, Programs, Windows NT 4.0 Option Pack, Microsoft Internet Information Server, Internet Service Manager. Expand the Internet Information Server container from the scope pane. Next, select the name of the server that you want to configure Web Administrator security for and expand the container. Now you can begin to secure Web Administrator.

To grant or deny Web Administrator access to specific computers, you specify an entire domain, individual IP addresses, or network IDs and subnet masks for groups of computers. You specify these attributes by expanding the Default Web Site container, right-clicking NTADMIN, and selecting Properties from the pop-up menu. From the Properties dialog box, select the Directory Security tab. Then, from the IP Address and Domain Name Restrictions section, select Edit, as you see in Screen 1.

If you want to use Web Administrator from any computer in your organization, select the Granted Access option, which grants access to all computers. If you need to restrict access to the tool from certain computers, select Add, then select the Single Computer button in the Deny Access On dialog box to specify which computers to deny access from. You can use this option to deny access to IP addresses that might let intruders access your Web server. You can also select the Group of Computers button and type the appropriate information in the text box to deny access to a group of computers based on network ID or subnet mask. Selecting the Domain button lets you deny access based on domain name. If you plan to use Web Administrator on only a few computers, you need to choose the Denied Access option to deny access to all users. Then specify which computers to allow access from.

You gain access to Web Administrator through any HTML Web browser that supports either NT Challenge/Response authentication or Basic authentication. The Web browser you use determines in part the method of authentication you use. Microsoft Internet Explorer (IE) supports both NT Challenge/Response and Basic authentication. To use the NT Challenge/Response method, you need to install IE's virtual machine option.

NT Challenge/Response authentication is the most secure authentication method because the server uses cryptography instead of transmitting passwords over the wire. Your Web browser proves its knowledge of your password through a cryptographic exchange with your Web server. You don't receive a prompt for account information unless the authentication exchange fails to authenticate you. If the exchange fails, the browser will continuously prompt you with a dialog box until you enter valid account information. The browser uses the NT Challenge/Response method of transmission to process account information.

Basic authentication, which is the method that Web browsers most commonly support, encodes username and password data transmissions. With Basic authentication, you receive a dialog box prompting you to enter a username and password. Then authentication checks the account information against the NT security database to ensure that you have entered a valid NT account. If the account information you supply is valid, you receive a connection to Web Administrator. The downside of Basic authentication is that anyone with a protocol analyzer can decode the encoded data because this method transmits the information in an unencrypted format.

If you need to use Basic authentication because the Web browser you're using doesn't support NT Challenge/Response authentication, you can use an alternative approach that lets you employ Basic authentication without compromising account security. You can use the Web server's Secure Sockets Layer (SSL) client certificate authentication feature to encrypt password information and session data. Microsoft recommends that you use SSL even if you use NT Challenge/Response authentication because SSL will encrypt all session data. The SSL client certificate authentication method uses digital certificates to authenticate users without requiring them to provide account information each time they access the Web service. You can purchase certificates from a Certificate Authority (CA). For more information about digital certificates and how to configure them, see "Related Articles in Previous Issues."

Select the server's authentication method by expanding the Default Web Site container, right-clicking NTADMIN, and selecting Properties from the pop-up menu. On the Properties dialog box, select Edit from the Anonymous Access and Authentication Control section. The Authentication Methods dialog box gives you three options: Allow Anonymous Access, Basic Authentication, and Windows NT Challenge/Response. To keep Web Administrator secure, don't select Allow Anonymous Access.

Take into consideration the Web browser your organization uses, the authentication method that this Web browser provides, and the type of security your organization needs, then select the authentication method that is best for your organization. If you're using a Web browser other than IE, you might want to consider switching to IE if your organization requires a high level of security on your Web server. At press time, IE is the only Web browser that supports NT Challenge/Response authentication. For more information about authentication security, see "Related Articles in Previous Issues."

Available Features
After you've configured security for Web Administrator on your server, you can use an HTML Web browser and the address http://servername/ntadmin/ default.asp or http://ipaddress/ntadmin/default.asp to remotely perform a variety of tasks. You must log on as a member of the Administrators group for the server you need to administer. (Remember to log off before you walk away from the computer during a session.) You can select from 10 administrative options in the main Web Administrator window, which Screen 2 shows. Selecting an item to administer from the left pane displays related submenus in the right pane.

Introduction. The Introduction option explains how to use the list of items in the left pane for administration and offers one management option. From the right pane, you can select General Windows NT Server status information to view a brief summary of the server's status information, which Screen 3 shows.

Accounts. The Accounts management option lets you create and delete groups in the domain; add a workstation or BDC to the domain; add and remove user accounts from groups; and add, change, disable, and delete user accounts within the domain. To administer accounts from Web Administrator, select Accounts and the applicable submenu item.

By default, the Web Administrator user-accounts list box displays only the first 1024 user accounts. If your organization has more than 1024 user accounts, you'll receive a message saying that the system is unable to list all the user accounts. Microsoft set the default maximum at 1024 because of the time necessary to transmit user accounts across the network to the client browser. You can adjust a Registry value to override this default and list more user accounts. To find the MaxUsersToDisplay value, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Inetsrv_NTAdmin Registry key. You can add new accounts whether or not the list contains the maximum 1024 accounts.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Alejandro Flores
    11 years ago
    Jul 05, 2001

    My question is: there is a tool like Web Administrator 2.0 in NT for Windows 2000?, If already where can I download? or how can I configure it in iis 5.0?

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.