Active Collections are most powerful when you wish to change the way things are organized. All you need to do is change the permissions associated with the Active Collection--Help Desk, in our case--and all at once all users associated with Help Desk have a new set of permissions. If your operation is typical, things change often, and this flexibility is a blessing.

Four built-in reports are provided to allow the user to display groups managed by trusted managers, display license information, generate a TEM management report and generate a report of all user accounts. In addition, TEM writes out the information for you in a text file that can be read by an included Microsoft Access 97 wizard, which manipulates and prints the data for you. We would have liked to have seen stronger reporting options. Specifically, the ability to correlate events to resources over time would make the system administrator job a bit easier.

Trusted Enterprise Manager ships with a variety of CLI-based security tools by Pedestal Software that will keep Unix geeks happy. If you're comfortable using the CLI-based tools, these may come in handy for you. We used all of these tools and even managed to emulate some of the fancy stuff that EA's account replicator does via the saveacl and restacl tools. (The set of tools, which can be very useful for a small NT shop, can also be licensed independently from Pedestal Software at www.pedestalsoftware.com).

TEM runs two NT services under privileged accounts (Administrator or an equivalent account). After assigning some privileges to our administrators, we gave them access to the TEM client. Now, when the TEM client runs, it consults with the TEM services. If it finds that you have proper privileges, it performs the actions on your behalf. The TEM client combined with the two services acts as a proxy, performing the otherwise impossible tasks for you. Since the TEM client plays an essential role for the success of this concept, Master Design & Development offers a combination of ways to easily install and update new TEM clients on client workstations.

Pukka Software Domain Administration Tool v2.20
Pukka's Domain Administration Tool offers you centralized access to functionality in one easy-to-use interface. You can select the servers that you'd like to administer and receive access to all settings pertaining to that server. At a glance, you can find the PDC or BDC, for example. You ask what open files are on this server? The answer is a couple of clicks away.

Launching the tools after the relatively easy and painless installation presents an interface with access to the following tabs: Files, Groups, Network, Quotas, Servers and Users. The idea is that you connect to a server, then use the tabs to view any information regarding that server. We had to manually ask the tool to browse for information whenever we changed tabs or connected to a different server.

The information we gathered was no different from what NT offers natively, but it was all accessible in a centralized fashion. Each tabbed window has its own set of options to govern what you can see and what you can't, allowing you to concentrate on the information you're seeking and not clutter the output.

We began with the Users tab and created several users. Unlike EA or TEM, there's no way to automate this procedure; if you have many users to create, you'll have to proceed one at a time. If you had to create the 3,000 users we used for this review in this fashion, we bet you'd be one unhappy administrator. In addition to creating users, we also duplicated users, a handy option in a corporate setting where you have to create accounts for new hires or interns. You can just create a model account and copy it to the new accounts. Change the password, and you've got yourself a new user.

The most interesting tab was Quota. Now, don't kid yourself; the Quota tab won't enforce quotas for your users. What you would need to do is install a separate Service (known as the Quota Service, available from Pukka's Web site at www.pukka.com) on every server you manage. Once you install the service and run it, you can use the Admin Tools to view the quota settings per individual users. Many corporate settings do not enforce quotas, but only because it's such a hassle. Here, the software's almost worth the tab for this feature alone.

Adkins Resource Hyena v1.76
Simplicity is the name of the game: simple installation, simple interface, simple operations. While Hyena does not offer great new functionality to your NT server, it does group all the functionality in one easy-to-use interface. This would be a big advantage in training and retraining users. Deploying new workstations and servers can be simplified. Hyena can effectively help lower your TCO (total cost of ownership).

Hyena's usage extends over one or more trusted domains, and its functionality can apply to combinations of users, groups and resources across those domains. Using one interface, you can add users, change user properties, rename users, copy users and delete users. If you have lots of time, you can also choose to view all users' details. Don't expect it to be snappy, though: When we viewed the details on the 2,541 users in our Hyena evaluations, patience was definitely a virtue. However, after the waiting, we ended up with a nice list detailing every user we have.

Hyena doesn't limit you to managing user accounts; you can manage shares, services, drivers and events. For example, to manage a new service on three of our clients, we used Hyena to change the start-up mode of the service on all computers at once, and then used Hyena to reboot the machines, sending the appropriate shutdown message to the users. Once the computers came back up, we used Hyena to view the event log of all three computers simultaneously and made sure that all services had started up the way we intended.

Basically, Hyena lets you manage anything for which NT gives you access, including shares, open files, sessions and printers. It opens up to the familiar Explorer interface, with a hierarchical view in the left pane. You can drill down to any object you want in that pane. For example, starting with Resources at the very top, we drilled down to Domain Users. There, we found our account with a list of objects under it, including the groups to which we belonged, the login script, the home directory and the history of password changes. Double-click on one of those objects, and more detailed information will open in the right pane, which has a list view. A user object, for example, would open a list view of the user's name, the Full Name and the description given to the user.

You can view many users at once in that pane. If you feel you're missing some information, chances are it's accessible from the context menu (clicking your right mouse button). The context menu for the user's object, for example, includes functionality to copy user, rename user, delete user, send a message to the user and change user account properties. If you're comfortable with the Explorer interface, you'll feel at home here. We found Hyena's interface to be more intuitive and easier to use than that of the other applications in this review.

One smart feature unique to Hyena is the ability to run third-party tools from within it. Savvy programmers know that this is not a big deal under Windows. However, Hyena allows you to pass information about the objects as parameters that are expanded at run time. There are no separate plug-ins available, but as we found through testing, NT already has many tools that can be leveraged using this feature.

One of our favorite NT utilities is the Event Viewer. Testing so many applications could cause problems on our machine, and the Event Viewer usually points to the problem right away. Using Hyena we selected a server and then ran the following command:

Eventvwr.exe \\%E%

The "%E%" argument expands to become the selected server at the time the command is run. The leading slashes are an Event Viewer requirement and have nothing to do with Hyena.

Ahmad Abualsamid is a software development lead at Epic Systems Corp. He can be reached at sami@cae.wisc.edu.