Managing Windows Server 2003 Remotely


Windows Server 2003's built-in feature set allows it to be easily managed remotely. This capability eases administration time, expenses, and energy by allowing administrators to manage systems from remote locations rather than having to be physically at the system.

Many tools are available to remotely manage a system. They include, but aren't limited to, the following:

  • Microsoft Management Console (MMC) The MMC not only provides a unified interface for most, if not all, graphical interface utilities, but it also can be used to connect and manage remote systems. For example, administrators can use the Event Viewer to examine event logs on the local machine as well as a remote system.

  • Remote Desktop for Administration This tool empowers administrators to log on to a remote system as if they were logging on to the system locally. The desktop and all functions are at the administrators' disposal.

  • Scripting with Windows Scripting Host (WSH) Scripting on Windows Server 2003 can permit administrators to automate tasks locally or remotely. These scripts can be written using common scripting languages.

  • Command-line utilities Many command-line utilities are capable of managing systems remotely.

Administrative Tools

Many of the administrative tools that are familiar from previous versions of Windows are present in Windows Server 2003. Keeping much of the toolset the same reduces the learning curve associated with learning new utilities.

Windows Server 2003 also includes some new administrative tools and some familiar tools that were provided in earlier Support Tools and Resource Kit versions all built into the operating system. These tools, which help with system management, include the following:

  • PowerCfg.exe This tool enables administrators to configure the power settings such as ACPI/hibernate state settings.

  • WHOAMI.EXE WHOAMI is a classic logon script tool that returns a domain name, computer name, username, group names, logon identifier, and privileges for the user who is currently logged on.

  • WHERE.EXE This tool locates and displays all the files that match the given parameter. The WHERE tool displays the current directory if no parameters are given.

  • FORFILES.EXE FORFILES can be used to enhance batch file control by selecting a file or group of files and executing a command on the file.

  • FREEDISK.EXE This utility displays the amount of free space on a disk. This information can be very useful for checking space before launching scripts.

  • GETTYPE.EXE This tool determines the Windows SKU type and sets the system environment variable %ERRORLEVEL% to the value associated with the specified Windows operating system.

  • INUSE.EXE INUSE is used to replace files on the next reboot.

  • SETX.EXE This tool sets environment variables.

  • TIMEOUT.EXE This tool allows an idle or timeout period, and it can be used in scripts.

  • CHOICE.EXE CHOICE enhances batch file control by allowing a choice to be made from a menu item.

  • TAKEOWN.EXE This tool sets ownership ACL on files.

Note

Visual Basic script tools can now be digitally signed to foster safer administration and management. Organizations that want to enhance security by preventing just any VB script from being run on a system can digitally sign the script. When a script is executed, a policy can be set to validate that the script has been signed by the organization and is valid for use.


Remote Desktop for Administration

Remote Desktop for Administration, formerly known as Terminal Services Remote Administration mode, allows administrators to log on to a Windows Server 2003 system remotely as if they were logging on locally. This facilitates the remote administration of the entire server and reduces the amount of local administration required.

An administrator logging in to a server through Remote Administration mode can view a graphical interface just as she would if she were logging in at the local server. Therefore, administrators can use all the available tools and access all aspects of the server from a Terminal Services client session.

Note

The Remote Desktop snap-in can be used to connect to multiple Terminal Services servers or computers with the Remote Desktop for Administration enabled.


Remote Desktop for Administration is disabled by default, but it can be enabled by doing the following:

1.

Double-click the System applet located in the Control Panel.

2.

Select the Remote tab, as illustrated in Figure 22.8.

Figure 22.8. The Remote tab used to configure Remote Desktop for Administration.


3.

Select Allow Users to Connect Remotely to This Computer under the Remote Desktop area.

4.

Administrators can now connect remotely to the server. You can optionally add other users by clicking the Select Remote Users button to display the Remote Desktop Users window.

5.

Click Add to display the Select Users window.

6.

Add the appropriate users to log on to the server.

Note

It is highly recommended that only administrators allowed to access the server.

7.

Click OK three times to exit.

Using the Remote Control Add-on for Active Directory Users and Computers

A significant add-on to Windows 2003 for network administrators is the Remote Control Add-on for Active Directory Users and Computers. This tool provides an administrator with the ability to right-click on a computer account in the Active Directory MMC and choose to remotely administer the system. The tool effectively launches a Terminal Services/Remote Desktop connection to the system.

The Remote Control Add-on for Active Directory Users and Computers is freely downloadable to all network administrators that have legal licenses to Windows 2003. The add-on is available at http://www.microsoft.com/windowsserver2003/downloads/featurepacks/default.mspx.

Using Telnet for Remote Access Management

Another remote access management mechanism is Telnet. Telnet is a gateway type of service through which an administrator or client can connect and log on to a server running the Telnet Server service. Although this is a viable service for administering the system, other remote management mechanisms such as Remote Desktop for Administration allow for greater flexibility and control.

Caution

Telnet sends usernames and passwords across the network in plain text.


WinRM for Remote Management

Windows Remote Management (WinRM) is new to Windows 2003 R2. It is the Microsoft implementation of WS-Management. WS-Management is a protocol that allows for hardware and software from diverse vendors to communicate. What differentiates WinRM from previous implementations is that it is SOAP-based and doesn't use DCOM for remote connections. This makes this implementation of the WS-Management protocol very firewall friendly and scalable in a mixed operating system environment. Data is stored in an extensible XML format, not in objects, so it can be accessed by many common system and network management platforms. It can also be accessed by the new WinRM API, WMI scripting, or through a COM application. WinRM is available via the command line as well as through the Winrm.cmd tool. This can be integrated to batch files or integrated into Visual Basic scripts and applications through Winrm.vbs. More information on the command-line tool and its syntax can be found at the dedicated WinRM web page on Microsoft TechNet.

Note

WinRM requires Windows Server 2003 R2 and is not installed by default. You may explicitly add this feature through the Add/Remove Windows Components tool in the Control Panel.





Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net