network management administering microsoft server 2003
TRANSCRIPT
Network ManagementAdministering Microsoft Server 2003
Microsoft Management Console (MMC)
• The MMC gives administrators the ability to manage servers both locally and remotely.
• Provides the tools necessary to manage the server including but not limited to • Disk management• Active directory management• Event viewing• etc
MMC Continued
• The MMC comes with preconfigured tools and can be configured to do specific administrative tasks.
• The preconfigured tools (snap-ins) include the active directory tools located in the administrator folder in the start menu.
• When you first startup MMC by itself it contains no tools that can be used.
• Application modules called snap-ins can be loaded into the MMC to customize the functionality of the MMC to conduct specific network administration tasks.
MMC Continued
• To start MMC click on start then in run type MMC.
• A window will appear similar to the one that you see to the right with console1 in the title bar.
• Snap-ins can be added by clicking file and then add/Remove snapins
MMC Continued
• The parts of the MMC are• The scope pane – contains a hierarchical list of the
snap-ins installed in the console. It is sometimes referred to as the console tree because of the tree structure it takes on.
• The details pane – dependent on the the tools selected in the scope pain, this pain will display items that are related to the tools clicked on in the scope pain (may display information or additional tools).
• The menu provides a means to add additional snap-ins to the console as well as the actions menu (actions that are available for the associated snap-in i.e. adding a user)
Snap-Ins
• Again Snap-ins are the tools that can be installed into the Console so that administrative tools can be organized and grouped in a custom fashion.
• Grouping commonly used administrative tools into one console would make common administrative tasks easier to accomplish.
• These tools can be custom designed so that specific tasks can be granted to specific groups of users without providing full administrative rights over the server or network.
• There are two types of snap-ins• Standalone snap-ins• Extension snap-ins
Snap-ins continued
• Stand alone snap ins can be installed by themselves, directly into the console.
• Stand alone snap-ins is a single tool.
• Extension snap-ins, provide additional functionality to stand alone snap-ins.
• Extension snap-ins require stand alone snap ins to already be installed in order to install them.
• Extension snap-ins appear in the scope panel beneath the stand alone snap in.
Snap-ins Continued
• To add a snap-in, click on file then add/remove snap-in.
• You then click on the standalone tab
• Then click on add
• You should have a dialogue similar to the one to the left.
• Select the snap-in you wish to add then click add.
Snap-ins continued
• That’s it. You have now added a stand alone snap-in.
• To install an extension to a snap-in, you must already have the standalone snap-in installed and then you can select the extension tab.
• You can add all extensions to a particular snap-in by making that selection when installing the standalone snap-in.
• Once you have added snap-ins, you can create a customized Taskpad.
Customizing the MMC
• Taskpad is an area in the details pane for a snap-in with links to frequently used functions of the snap-in.
• To create a Taskpad select a snap-in, then select new Taskpad view from the action menu.
• Setting Console options (permisions)
• Setting these options will grant specific permissions for users to use this customized console.
• By default, the console is set to Author Mode.
The different Modes of the MMC
• Author Mode – allows full access to the console.
• User Mode – Full Access • Users can navigate between snap-ins.• Can also navigate between open windows• Can access all portions of the console tree.• Cannot add or remove snap-ins
• User Mode – Limited access, Multiple windows• Users can create a new window and view multiple
windows in the console• Cannot close existing windows.
Modes of the MMC continued
• User Mode: Limited access, Single Window• Most restrictive• Prevents users from opening multiple windows
in the MMC.• Allows them to only view one window in the
MMC
• All customized consoles are saved to a file with a .msc extension.
• Further permissions can be set be setting file permissions to the specified Console.
Remote connections to a Windows server
• Consoles can be customized to remotely access specific machines on the network.
• This can be done one of two ways.• Redirect an existing snap-in to another system.• Create a custom console with snap-ins directed to
other systems.
• Credentials for the target computer must be set properly for this to be accomplished.
• Can use the Run As command on the Console and Run the console with the Proper credentials for the target computer.
Redirecting a snap-in
• Snap-ins that can remotely connect to computers contain a Connect to another computer command in the Action menu.
• Once the name of the computer is entered, the scope pane changes to reflect the computer you are connecting to.
• Not every snap-in has the ability to remotely connect to a computer.
Creating a remote console
• You can create a snap-in that is already redirected to a specific machine.
• You can now create custom consoles for specific machines on the network.
• Creates a way that you can centrally administer multiple machines on a network in one centralized location.
• This includes managing Windows Server 2000, 2003, and windows XP machines on a network.
Remote desktop
• Remember terminal services have two client licenses per server 2003 installation.
• This means that you cannot have more than two concurrent connections using remote desktop to a given machine.
• The largest error with remote console is the terminal services not releasing an active connection even though a user has disconnected.
• At times updates to terminal servers and Remote desktop software may relieve this problem.
Remote desktop
• Remote Desktop capabilities needed to be installed in previous versions of windows.
• It is installed by default in windows server 2003 but is not enabled.
• To enable, go to system then click on the Remote tab to allow remote connections.
• By default, only users of the Local administrators group of the server has access to remotely connect to the server.
Remote Desktop Continued
• You can add other users that have this ability by selecting the button in the Remote Tab.
• This include users in active directory (domain admins)
• You can also configure Terminal Services through a snap-in for MMC.
• This can be done through the RDP-Tcp Proprty located in the details pane.
• When configuring terminal services this way, different tabs are provided in the dialog box.
RDP-Tcp Sanp-In
• Tabs
• General Sets the encryption level and authentication for your remote session
• Logon Settings Specifies the credentials to be used by the Remote Desktop connection rather than those set by the client.
• Sessions Setting that override the client values. When to end the session, Session limits etc.
RDP-Tcp Continued
• Environment Overrides the client and user profile settings for starting a program upon connection to the server.
• Remote control sets if a remote control of a remote desktop connection is possible.
• Client settings Overrides color mappings, etc. of the remote session.
• Network adapter specifies the network interface that may be used on the server for your remote desktop connections.
Installing and configuring Remote desktop connection
• On windows XP, remote desktop is installed by default.
• On other machines, a version of remote desktop can be installed from the server cd or the network (network share.
• There is also a version of Remote Desktop for the mac that is provided with Office 2011.
• It is important that you always ensure that you update the remote desktop connection software. These updates usually coincide with updates that are made to terminal server.
Problems that are associated with Remote Desktop
• Connections through a firewall may be difficult.
• Ports on a firewall have to opened to enable remote connections to the server.
• Proper credentials will be needed in order to remotely connect to a server.
• You cannot exceed the maximum number of concurrent connections.
• Unreachable networks or network problems also cause issues with connecting to servers remotely.
Issues remote desktop continued
• Keep in mind, there are security vulnerabilities that are associated with terminal services.
• Connections from outside of a firewall is not suggested.
• A VPN is suggested to remotely access a network and then use terminal services.
• Keeping terminal services closed to the outside will protect the server from hacking to occur on the terminal services port directly.
Remote Assistant
• Provides administrators a way to take over a users desktop and assist them with applications.
• In order to do this, the administrator must be invited by the user.
• Invitations to use remote assistance can be done through• Windows Messenger• E-mail invite• File (FTP or file transfer by a secondary storage
device)
Remote assistant continued
• Remote control to a computer must also be enabled on the client machine.
• This can be done through the control panel and Using Group policies.
• Through group policies you can also limit the degree of control an expert may have on a client machine.
• In any case it is important to ensure that a Remote assistance session is secure.
Securing Remote Assistance
• Designed to minimize security risks• Invitations from clients needed• There is an Interactive connection• Client always remains in controls of their
machine.• Remote control configurations can limit the level
of control an expert may have over a client machine.
• Blocking firewall ports that are associated with remote assistant (prevents outside connections).
• Each of these steps ensure a secure session between the expert and user.