- Using Remote Desktop for Administration
- Taking Advantage of Windows Server 2003 Administration Tools
- Using Out-Of-Band Remote Administration Tools for Emergency Administration
- Using and Configuring Remote Assistance
- Securing and Monitoring Remote Administration
- Delegating Remote Administration
- Administering IIS in Windows Server 2003 Remotely
Taking Advantage of Windows Server 2003 Administration Tools
Another method for remote administration of servers from a client desktop computer is available by installing the Windows Server 2003 Administration Tools Pack on a workstation running Windows XP Professional Workstation. The primary target of administration for the Administration Tools Pack is the remote management of Active Directory. The Windows Server 2003 Administration Tools Pack includes Microsoft Management Console (MMC) snap-ins, Active Directory administrative tools, and other tools that are used to manage computers running Windows Server 2003.
Installing the Admin Pack
The Windows Server 2003 Administration Tools Pack is included in the i386 folder on the Windows Server 2003 installation media. Once installed, you can run administrative tasks remotely on Active Directory using the Active Directory tools that are automatically installed on domain controllers. The tools only install on a computer running Microsoft XP Professional with Service Pack 1 applied to the operating system.
Installing the administrative tools requires local administrative access on the workstation. Running the tools requires the following:
Administrative privileges in Active Directory.
Network access to a domain controller in a Windows Server 2003 domain.
Domain membership of the Windows XP Professional workstation in the Windows Server 2003 domain.
To install Windows Server 2003 Administrative Tools on a local Microsoft XP workstation, follow these steps:
Insert the Windows Server 2003 CD-ROM and browse to the i386 folder.
Click Next, and then click Finish.
Not Mutually Compatible
The Administration Tools Pack for Windows Server 2003 and Windows 2000 are not mutually compatible. To administer Windows 2000 domains, use the Windows 2000 Tools. To administer Windows Server 2003 domains, use the Windows Server 2003 tools.
Although the Windows Server 2003 Administration Tools Pack can be used to manage 64-bit Windows Server 2003 servers, it cannot be installed on a computer running a 64-bit version of the operating system.
When installing the Windows Server 2003 Administration Tools on a Windows XP workstation, it is a best practice to also install the Windows Server 2003 help files. On a Windows XP workstation, by default, there is only the Windows XP help. If the workstation is intended to be an administrator's remote console, the Windows Server 2003 help files should be locally available.
Again, installing the Windows Server 2003 help files can only be installed on Windows Server 2003 servers and Windows XP Professional SP1 workstations.
The Windows Server 2003 help files can be installed on an XP workstation from either the installation media or over the wire from a Windows Server 2003 server. To install the help files from the install media, perform the following steps on the workstation:
Click Start, and then click Help and Support.
In Help and Support Center, click the Options button.
Under Options, click Install and Share Windows Help.
Choose Install Help Content from a CD or Disk Image.
Browse to the CD, and click the Find button.
Click the Install button.
Using Convenience Consoles
To ease delegation of administrative functions, the Windows Server 2003 Administration Tools Pack includes Convenience Consoles that group specific tools into functional groups. The administrative tools in the Tools Pack can be roughly classified into four categories:
Directory Services Administration
Basically, the Convenience Consoles are customized MMCs that contain tools and MMC snap-ins that fall into related groups. The MMCs are included in the installation and appear in the Administrative Tools program group of the XP Workstation. The consoles can be published to administrative workstations for administrators who have been delegated permissions in the given category. There are three Convenience Consoles included in the Tools Pack:
Active Directory Management. This console includes Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and DNS. The file associated with this console is ADMgmt.msc.
Public Key Management. This console includes Certification Authorities, Certificate Templates, Certificates for Current User, and Certificates for Local Computer. The file associated with this console is PKMgmt.msc
IP Address Management. This console contains the DHCP, DNS, and WINS management tools. The file associated with this console is IPAddrMgmt.msc.
Customizing Administration Consoles
The convenience provided in the administration consoles might be a good start for some IT organizations wanting to delegate administrative tasks. Most companies, though, will want further customization to the consoles, or will want to create completely new consoles to meet the delegation needs of the organization.
For example, the Active Directory Management Convenience console can be customized to include the Group Policy Management Console (GPMC) and remove the DNS snap-in. Organizations might create a Storage Management console that includes Windows Clustering, Network Load Balancing Clusters, and Remote Storage snap-ins.
If a custom console is created in an effort to delegate administration, the console should be configured so that it cannot be modified once it has been deployed to delegated administrators. To lock down the properties of a custom console, perform the following steps:
Click Start, click Run, type mmc path\filename.msc /a, and then click OK.
On the File menu, click Options.
In Console mode, choose User ModeLimited Access, Single Window.
Select the Do Not Save Changes to This Console check box, as shown in Figure 8.3, and click OK.
When the custom console is closed, choose Yes to save changes.
Figure 8.3 Locking down a custom console.