With TEM, you can assign individual user IDs or local groups to administer the users in global groups. For example, your sales department wants control over its user IDs and does not wa nt the finance department to have access. The finance department wants the same thing, and both want the central helpdesk to reset passwords on demand without any additional rights. This is not possible with native NT security, but TEM makes it a reality with its distributed user administration.

The beta expands this capability with 20 discrete administrative rights, so you can further divide your administration. These rights increase the product's complexity over earlier versions. You can combine these rights in any sequence and also grant administrators the power to delegate their rights to other users.

A local administrator does not want to spend time figuring out the meaning of every right. Fortunately, MDD has introduced Active Collections (amalgamations of rights) to this beta version. We received disks with 10 sample collections--including ones that match the five auth ority levels in earlier TEM versions.

Diamonds in the Rough TEM also offers some unexpected jewels. The 2.0 beta provides the same speed advantages as the 1.6 version. Changes in NT's User Manager in large domains can take minutes at LAN speeds and are unbearable at WAN or RAS speeds. At LAN speeds in our 10,000-user domain, User Manager averaged just under two minutes to start up and just under two minutes to refresh following user modification. TEM averaged less than 20 seconds to start up and refresh averaged less than 10 seconds.

Another feature in TEM 2.0 is the ability to rename groups. Next time your company reorganizes, you will not have to decide between using current groups that no longer reflect the organization, or creating groups and recreating permissions in your resource domains. You can simply rename the existing groups and keep the same Security ID (SID)--and therefore the same permissions--throughout your enterprise. Without this tool, renaming groups entailed copying the group membership to a new group with the new name.

MDD has also added the ability to report on the cache database. The beta we received could only export the cache to a comma-delimited file, but MDD promises several canned reports in the shipping product.

TEM 2.0 also introduces an interface that moves from a User Manager look and feel toward an Internet Explorer one, but many of the promised bells and whistles were not present in the beta.

Jim Weider is a network software engineer working with a major energy corporation on the West Coast. He can be reached at weider@biosys.net.