Different interfaces for different roles
The Web Interface allows multiple Web sites to be installed with individual, customizable configurations. The following configuration templates are available out-of-the box:
- Site for Administrators Supports a broad range of tasks, including the management of all directory objects and computer resources.
- Site for Help Desk Handles typical tasks performed by Help Desk operators, such as enabling or disabling accounts, resetting passwords, and modifying certain properties of users and groups.
- Site for Self-Administration Provides User Profile Editor, allowing end users to manage personal or emergency data through a simple-to-use Web interface.
Each Web site configuration template provides an individual set of commands installed by default. The Web site can be customized by adding or removing commands, and by modifying Web pages (forms) associated with commands.
Although the Web Interface dynamically adapts to roles assigned to users, the ability to tailor separate Web sites to individual roles gives increased flexibility to the customer. It helps streamline the workflow of directory administrators and help-desk personnel. Static configuration of interface elements ensures that Web Interface users have access to the specific commands and pages needed to perform their duties.
Role-based management of computer resources
Active Roles provides the ability to delegate administration of computer resources, such as services and printers. Delegated administrators can use the Active Roles Web Interface to manage computer resources with a single, consolidated tool. Active Roles, along with the Web Interface, enables the delegation of administrative tasks on the following computer resources:
- Services Start or stop a service, view or modify properties of a service.
- Network File Shares Create a file share, view or modify properties of a file share, stop sharing a folder.
- Logical Printers Pause, resume or cancel printing, list documents being printed, view or modify properties of a printer.
- Documents being printed (print jobs) Pause, resume, cancel or restart printing of a document, view or modify properties of a document being printed.
- Local groups Create or delete a group, add or remove members from a group, rename a group, view or modify properties of a group.
- Local users Create or delete a local user account, set a password for a local user account, rename a local user account, view or modify properties of a local user account.
- Devices View or modify properties of a logical device, start or stop a logical device.
Active Roles provides a comprehensive set of Access Templates that are available out of the box for delegating computer management tasks. By applying Access Templates of the “Computer Resources” category to a computer account, the rights of delegated administrators can be specified on the corresponding computer’s resources.
Delegated administrators should use the Web Interface rather than the Active Roles console (MMC Interface) to manage computer resources. Although the console provides certain tools for computer resources management, the console user needs the native administrator rights on the computer in order to use those tools. The rights specified through “Computer Resources” Access Templates have no effect in the tools provided by the console for computer resources management.
In the Active Roles console you can choose view mode—Basic, Advanced, or Raw. Changing view mode makes it possible to filter out advanced objects and containers from the display.
Basic mode displays Active Directory objects and Managed Units, and filters out objects and containers related to the Active Roles configuration. Basic mode should normally be used by delegated administrators and help-desk operators.
Advanced mode displays all objects and containers except those reserved for Active Roles internal use. Advanced mode is designed for administrators who are responsible for configuring the system and managing Active Roles proprietary objects.
Raw mode displays all objects and containers defined in the Active Roles namespace. This mode is primarily designed for troubleshooting.
With Raw mode, the console displays all data it receives from the Administration Service. With Basic or Advanced mode, some data is filtered out. For example, the Configuration folder is not shown in the console tree with Basic mode. Another example is the Configuration Container folder used to display the Active Directory configuration naming context, which is displayed with Raw mode only. In addition, there are some commands and property pages that are only displayed when the console is in Raw mode.
In short, when you choose Raw mode, the snap-in displays everything it is able to display. Otherwise, some items are hidden. Note that changing view mode does not modify any items. Rather, this only shows or hides particular items from the display.
To change view mode, click Mode on the View menu. In the View Mode dialog box, click Basic Mode, Advanced Mode, or Raw Mode.
The Active Roles console provides for visual indication of the objects to which Access Templates or Policy Objects are linked. The console marks those objects by adding an arrow icon at the lower-left corner of the icon that represents the object in the console tree or details pane. As a result, the icon looks similar to the following image: .
To enable this feature, click Mark Controlled Objects on the View menu, and select check boxes to specify the category of object to be marked.