Using the Windows 2000 Adminpak and Support Tools
Included with Windows 2000 Server products is a utility known as “adminpak” which allows you to administer your Windows 2000 network from a Windows 2000 Professional machine that is located on the network (assuming you have permissions in Active Directory to do so; this is not a backdoor for crackers).
So, if this is free (it is not really free – you will need to have a licensed copy of Windows 2000 Server, but you’ve already got that if you’re running a Windows 2000 network), where do you go to get it? Go to the Windows 2000 server CD. First of all, your machine will need to be a member of the domain (or one of the domains in the enterprise if you have more than one domain in your enterprise) to be of any use. Simply go to d:i386adminipak.msi and install it. That’s it, you don’t even have to reboot. What this does is add almost all of the entries in the Administrative Tools menu that would normally be found on your server to your local administrative tools menu. Now you can administer Active Directory, DNS, DHCP, and virtually anything that you could administer if you were logged in locally to the server, with the exception of local security policies on the server (for obvious reasons).
A quick note about the administrative tools menu: this menu should be right on the start menu (Start-> Programs-> Administrative Tools); you should not have to dig down through other menus to get to it. If you do not see it on your start
menu, right-click somewhere on the taskbar and select properties. Next click the advanced tab on the properties window and check the check box ‘display administrative tools’ in the ‘Start Menu Settings’ section of the dialog box. That is it, click ‘OK’ and you are done. The administrative tools menu should now be displayed on your start menu.
Now, along with your normal Administrative Tools menu entries (such as Computer Management, etc…) you will have the Administrative Tools for the domain, such as Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, Certificate Services, and most of the other entries that you have become used to having on your server’s Administrative Tools menu.
One thing to keep in mind (this will seem obvious to you veterans, but some of our newer system administrators may not realize this): Installing these tools does not give you any more permissions or privileges than if you had logged into the server. Your user account will only maintain the privileges that it had prior to installation of the adminpak; these privileges will not be escalated in any way.
This does, however, make many of your more menial tasks much easier by saving you trips to the server room. For instance, you can now make, modify, and destroy (delete) objects, including, but not limited to, user accounts, computer accounts, and even sites in Active Directory. You can reset passwords from your desktop. You can literally handle 95% of your server administration from your desktop, and, as an added bonus, you don’t have to learn anything new. This menu is identical to the one that you would find on your server.
While we are on the topic of tools available on the Windows 2000 Server CD, be sure to have a look in the d:supporttools directory. You will find a setup.exe file that will install support tools on your machine. These tools will be found in Programs-> Windows 2000 Support Tools. These are some really handy tools to help with many of your upgrade and maintenance tasks.
One tool that I was looking at that is really nice for someone to view and modify the entries in an LDAP (Lightweight Directory Access Protocol) record is the Active Directory Administration Tool. This would be a really nice way for someone to see how the syntax of LDAP records. You will want to be very careful about modifying these records; this is one area that you could get yourself into big trouble.
Other tools in the Support Tools are Replication Monitor (which is great for a visual depiction of replication configuration and is useful for troubleshooting replication across sites), Disk Probe, ADSI Edit (another great one for those of you interested in the LDAP protocol), amongst others. There is even a few white papers including one regarding migration strategies and the use of the Support Tools to assist with migration.
In conclusion, there are some very nice and very powerful administrative tools included with Windows 2000 Server that can assist you with many of your daily tasks. It doesn’t cost anything to have a look at them and see if they might be useful to you and your staff. These tools only take a very few minutes to install, so you have no excuse. Check them out, I think you will be pleasantly surprised!
Jay Fougere is the IT manager for the iEntry network. He also writes occasional articles. If you have any IT questions, please direct them to Jay@ientry.com.