Web-based User Administration for Windows Server 2003

Posted on 2005-04-26
Medium Priority
Last Modified: 2010-04-18

My company is running a website for a third party which makes use of NT authentication to manage user access.  We'd like the client to be responsible for administering the users of the site but they're not able to connect using Remote Desktop Connection through their firewall.  Can aonyone recommend a good tool for providing web-based administration of a Windows 2003 server?  Obviously it'd need to be secure and allow for the creation/management of users.

Thanks in advance for your help.
Question by:continuity
  • 5
  • 3
LVL 14

Expert Comment

ID: 13865440
have you looked at frontpage server extensions?  this lets you do user management using either local server or domain accounts.

Author Comment

ID: 13865857
No, I've not looked at frontpage extensions.  Do you know where I could get more information about using them, and specifically the user management aspects?

LVL 14

Expert Comment

ID: 13865974
This is just an introduction to get you started, http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us/admindoc/owsa01.mspx
it's a bit vague on the detail part though so I'll see if I can find you something better tomorrow.

Can you just quickly answer these for me too?
Is your website IIS?
Are you wanting user management specifically for the website?
Do the users need to be domain users / local users / sql users / doesn't matter as long as they can get in?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 13866411
1. Yes, the website is IIS.  

2. Yes, we want user management specifically for the website.  Basically we've got a whole load of documents on the site and we want to make sure we control access to those files.  The easiest way of doing that seems to be using NT authentication for users, provided we can resolve the user management issue.

3. Ideally local users, but it doesn't matter so long as we meet the criteria above.  i.e. we can control access to the files stored on the site.

Thanks for your help.
LVL 14

Expert Comment

ID: 13872044
How much usage (users / traffic) does this site get?
LVL 14

Accepted Solution

alimu earned 500 total points
ID: 13882356
-you install frontpage extensions from add/remove windows components under Application Server --> IIS
 -The best way to learn how to use it is probably to install the software and try it out.
after installing, open up IIS manager, create yourself a new dummy website running on different port to your live system (eg: 81 or 82).  Make sure integrated and/or basic authentication is turned on so you can authenticate if you need to.
-Go to web extensions and enable Frontpage Server Extensions.
-Find the "Microsoft Sharepoint Administration" website that should be in your list of available sites, right-click and "browse". (it's not sharepoint, they just share the same management interfaces).
-Extend your dummy web (created before).

There are help pages for the "microsoft sharepoint administration" site, and for the individual extended sites and their associated functionality.
give it a go and get back to me to clarify any questions about it, roles and user administration will probably be the main thing you'll need to look at judging from what you've said so far.  Please note this doesn't include Active Directory management - account creation is limited to the local server BUT pre-existing domain users and groups can be used.
You should probably also look at setting this up over https so it's a little more secure.

Going with Frontpage will let the external group be relatively autonomous without having a direct line into your AD.  You'll still have some basic user admin to do in your domain but it's pretty quick to setup.

Having people external to your organisation managing Active Directory is usually done via some form of secure connection - either RAS, VPN, Secure Citrix, *possibly* something like NetIQ's DRA tool run over https (I've never seen anyone open this up to external networks though), I'm sure there are others products around...  
What I'm saying is that I'm giving you a very simplistic solution to the problem and the various methods above would be the "secure" / "semi-safe" ways of doing this.  You need to consider what you're exposing your server and internal systems to when you allow management of major infrastructure (like AD) over the web.  

Author Comment

ID: 13884634
That's exactly what I needed, thanks very much.
LVL 14

Expert Comment

ID: 13891340
No problem.  
- do a security audit / penetration test if you can when you're done and make sure you're organisations data is protected as much as possible. https may be a small improvement if it's viable.
- make sure you've got really good backups of the system (when we started out with this, one of our web admins used to kill extensions on a regular basis by, um, "seeing what it could do" - thankfully we had backups and i'd done my share of playing before I let the developers at the system so I knew our config back to front).
- schedule the server extensions to run health checks.  This'll keep all your ntfs permissions clean and fix up any extensions files that go walkabout.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question