Remote Administration Overview

When it comes to administering servers and desktops in secure organizations or large organizations, administrators would typically be found performing remote administration. This basically means that administrators would be using the Microsoft Management Console snap-ins or support tools remotely, to administer servers. For instance, through the Microsoft Management Console snap-ins, you have the option of connecting to remote systems. In fact, most administrative tasks which you can perform locally, you can perform remotely.

With the introduction of Windows Server 2003, came increased support for remote administration. This entailed support to use the Microsoft Management Console snap-ins, Remote Desktop For Administration, Remote Assistance, and Web Interface for Remote Administration to perform remote administration. The tools which are most likely used for system administration are the graphical user interface (GUI) based tools. These tools include the Connect To Another Computer option which allows you to specify which computer you want to connect to.

The main GUI based tools used to administer systems remotely are listed here:

  • Microsoft Management Console snap-ins

  • Remote Administration (HTML) tool

  • Remote Desktop For Administration

  • Remote Assistance

  • Administration Tools Pack

Remote Administration through Microsoft Management Console snap-insRemote Administration

The Microsoft Management Console (MMC) is the administrative framework for most of the graphical user interface (GUI) based tools which can be used to manage computers both locally and remotely. The MMC makes it possible for administrators to specify which snap-ins should be added to a MMC console. Third-party administrative tools that supply snap-ins can also be added to MMC consoles. After you have added your snap-ins, you can define different administrative views in the console by adding windows for each snap-in. You can also configure a MMC console so that no other individuals can modify the console. This is done by saving the console in one of the available modes.

The mode which you choose for saving the MMC console affects a number of important aspects of the MMC console:

  • The snap-ins that you can add to the MMC console.

  • The windows that you can create.

  • The nodes that are displayed in the MMC console tree.

The modes you can select between when saving a MMC console are listed here:

  • Full mode; provides full access to the MMC. All areas of the console can be changed. Full mode allows you to add and remove snap-ins as well.

  • User mode (full access); provides full access to the windowing commands but excludes the capability of adding and removing snap-ins.

  • User mode (limited access – multiple windows); provides access to those elements of the specific MMC which existed when saved. Only new windows can be created, and previous windows cannot be closed.

  • User mode (limited access – single windows); provides a view to only the console as it existed when saved. No new windows can be created.

To remotely administer a computer through a MMC console, you must have the necessary administrative rights to access and manage the specific remote computer.

How to create a customized MMC console

  1. Click Start, click Run, enter mmc and then click OK

  2. A blank MMC console which has no snap-ins opens.

  3. From the File menu, click Add/Remove Snap-In.

  4. The Add/Remove Snap-In dialog box opens.

  5. You can leave the default setting of Console Root in the Snap-Ins Added To box unchanged. Click Add

  6. Select the snap-in you want to add to the MMC by double-clicking it.

  7. To close the Add/Remove Snap-In dialog box, click OK

  8. The snap-in you added is displayed at the Console Root.

How to create a customized remote MMC console

  1. Click Start click Run, enter mmc and then click OK

  2. Click the Select Add/Remove Snap-In command from the File menu

  3. Click Add in the Add/Remove Snap-In dialog box.

  4. Select the snap-in that you want to add, and then click Add

  5. Select the Another Computer in the In the This Snap-In Will Always Manage area.

  6. Click Browse to select the computer for the snap-in when the Select Computer dialog box opens.

  7. Click OK.

How to add the Remote Desktops snap-in to a MMC console

  1. Open a blank console

  2. From the File menu, select Click Add/Remove Snap-in.

  3. In the Add/Remove Snap-In dialog box, click the Add button.

  4. Select Remote Desktops and then click Add.

  5. Click Close and then click OK in the Add/Remove Snap-In dialog box.

  6. If you want to be able to open the Remote Desktops console can now opened from the Administrative Tools Menu, click the File menu item and then select the Save command.

  7. In the File Name box, provide a name for the MMC.

  8. Click Save.

How to remotely administer a system using the Computer Management console

You can use the Computer Management console to perform management tasks on remote systems. Computer Management is available on both client and server computers.

The Computer Management console contains the following primary nodes:

  • The System Tools node contains the Event Viewer, Performance Logs And Alerts, and Device Manager snap-ins.

  • The Storage node contains the Removable Storage and Disk Management snap-ins which are used to manage storage devices and local disks.

  • The Service and Applications node snap-ins is used to perform server-end administration tasks.

To remotely administer a system using the Computer Management console

  1. Click Start, right-click My Computer, and then select Manage from the shortcut menu.

  2. Right-click Computer Management in the console tree, and select Connect To Another Computer from the shortcut menu.

  3. Provide the IP address of the remote computer in the Another computer box.

  4. Alternatively, click Browse to locate the remote computer on the network.

  5. Click OK to connect to and administer the remote computer.

Remote Administration through the Remote Administration (HTML) tool

You can use the Remote Administration (HTML) tool if you want to manage your servers using a Web browser. If the Remote Administration (HTML) tool is installed, you can connect to an IIS 6.0 Web server through the Remote Administration Web site.

A few requirements have to be met though before you can use the Remote Administration (HTML) tool to manage a server over the Internet:

  • If you are not running the Windows Server 2003 Web Edition, you have to install the Remote Administration (HTML) tool on the server.

  • The server must have a valid external IP address.

  • Port 8098 should be used for communication.

How to install the Remote Administration (HTML) tool

  1. Open Control Panel.

  2. Double-click Add Or Remove Programs.

  3. Click Add/Remove Windows Components.

  4. The Windows Components Wizard initiates

  5. Select Application Server and then click the Details button.

  6. Select Internet Information Services (IIS) and then click Details.

  7. Select World Wide Web Service and then click Details.

  8. Enable the Remote Administration (HTML) checkbox. Click OK.

  9. Click Next in the Windows Components Wizard to install the Remote Administration (HTML) tool.

  10. Click Finish.

  11. Ta access and administer a server over the Internet, open Internet Explorer.

  12. Browse to https://server name:8098

  13. Once the connection to the server is created, you can use the Web interface to remotely administer the server

Remote Administration through Remote Desktop For Administration

The emote Desktop For Administration mode of Terminal Services enables you to remotely manage a Windows Server 2003 server. Remote Desktop for Administration is installed by default when you install the operating system but it is not enabled by default. You have to enable Remote Desktop for Administration at each connection end prior to using it.

The Remote Desktop Connection (RDC) utility is the client-end software used to access a server in the context of Remote Desktop For Administration. You can configure remote desktop connections to Windows servers and workstations. In Windows 2000 Server, you have to install and configure Terminal Services in remote access mode to set up remote desktop connections. Remote Desktop Connection is by default installed with Windows XP and Windows Server 2003. You can however install Remote Desktop Connection on previous Windows Operating Systems (OSs) such as Windows 2000, Windows NT, Windows ME, Windows 98, and Windows 95. The RDC utility is backward compatible, and can therefore interact with Terminal Services in Windows XP, Windows 2000 and Windows NT 4 Terminal Server Edition.

How to enable Remote Desktop for Administration

  1. Open Control Panel

  2. Double-click System.

  3. Click the Remote tab.

  4. Select the Allow users to connect remotely to this computer checkbox.

  5. To enable additional users to connect remotely to the computer, click the Select Remote Users button.

  6. Provide the names of the users who are allowed to connect to the computer.

  7. Click OK.

How to grant users rights to create remote connections to remotely administer servers

  1. Open the Computer Management console.

  2. In the console tree, expand the Systems Tools node, Local Users and Groups node, and then expand the Groups node.

  3. Right-click Remote Desktop Users, and then select Add to Group from the shortcut menu.

  4. Click the Add button

  5. Select the user who should be added to the Remote Desktop Users group.

  6. Click OK.

How to remotely administer a server using Remote Desktop for Administration

  1. Click Start, All Programs, Accessories, Communications, and then click Remote Desktop Connection.

  2. The Computer box displays the name of the computer that was last connected to.

  3. Select the computer which you want to connect to in Computer drop down box.

  4. Click Connect.

How to optimize remote connections

  1. Click Start, All Programs, Accessories, Communications, and then click Remote Desktop Connection.

  2. In the Remote Desktop Connection dialog box, click the Options button.

  3. Click the Experience tab.

  4. Select the Custom option from the Choose your connection speed to optimize performance box.

  5. Clear the Themes checkbox.

  6. Ensure that the Reconnect if connection is dropped checkbox is enabled.

  7. Click OK.

Remote Administration through Remote Assistance

Remote Assistance makes use of the TCP/IP protocol to establish a connection between two computers so that a user at one computer can request assistance from a user located at another computer.

Remote Assistance uses Terminal Services and the RDP protocol to enable administrators to monitor and control desktops of remote computers, send and receive files from a remote computer and to communicate with a user located at the remote computer.

To establish connections to a remote computer, a local area network (LAN) connection or Internet connection can be used. Solicited remote access occurs when a user creates a Remote Assistance invitation and then sends the invitation to the remote assistant. With Unsolicited remote access, remote assistance is offered without the person offering remote assistance receiving a Remote Assistance invitation. Windows Messenger or an e-mail client can be used to send a Remote Assistance invitation to request remote assistance. Remote Assistance is automatically installed when Windows Server 2003 is installed. For a computer to receive remote assistance, the computer must be running Windows XP or Windows Server 2003, with the Remote Assistance feature enabled.

You can use Group Policy to configure settings for Remote Assistance. The Solicited Remote Assistance policy and Offer Remote Assistance policy can be used to configure Remote Assistance through Group Policy:

  • Enable and disable Remote Assistance.

  • Enable users to send Remote Assistance invitations

  • Enable s user to allow remote control to another individual.

How to send a Remote Assistance invitation (e-mail)

  1. Click Start, and then open Help and Support Center

  2. Click Remote Assistance.

  3. Click Invite someone to help you.

  4. Enter the name of the expert in the Type your assistant's first name text box, and then click Continue.

  5. On the following screen, specify the expiration time and date for the invitation.

  6. Leave the Require the recipient to use a password option enabled.

  7. Provide a password in the Type password and Confirm password text boxes.

  8. Once the password is verified, the Create Email Invitation button is enabled.

  9. Click the Create Email Invitation button to send the invitation.

How to send a Remote Assistance invitation (Windows Messenger)

  1. Click Start, click Help and Support Center

  2. Click the Invite a friend to connect to your computer with Remote Assistance option.

  3. Click the Invite someone to help you option.

  4. In the Use Windows Messenger section on the following screen, click the Sign In button.

  5. Provide a valid email address and password to log on to Windows Messenger.

  6. Click OK.

  7. The Windows Messenger dialog box opens.

  8. Select Tools, Ask for Remote Assistance, and then select the email address of the individual from which you want to request assistance.

  9. A message to request remote assistance is transmitted to the individual.

  10. When the individual accepts the remote assistance request, the user is informed through a message.

  11. The Remote Assistance console is displayed on the computer of the expert.

  12. A message indicating that an answer is pending is displayed.

  13. The user can click Yes to enable the expert to view the desktop of the computer.

How to provide unsolicited remote assistance

  1. Open the Help and Support Center

  2. Click Tools to view computer information located under Pick a task.

  3. Click Offer Remote Assistance.

  4. The Offer Remote Assistance screen opens.

  5. Provide the IP address of the computer that you want to provide Remote Assistance to.

  6. Click Connect.

  7. A message indicating that remote assistance has been offered is shown on the computer of the novice.

How to manage Remote Assistance invitations

  1. Open Help and Support Center.

  2. Click Remote Assistance

  3. Click View Invitation Status.

  4. The information displayed on each Remote Assistance invitation is displayed. The information shown includes the name of the person that the invitation was sent to, the date and time that the invitation expires, and the status of the invitation.

  5. Choose the invitation and click the Details, Expire, Resend, or Delete button.