administering microsoft windows server 2003 chapter 2
TRANSCRIPT
Administering Microsoft Windows Server 2003
Chapter 2
Objectives for this chapter
Manage servers remotely Manage a server by using Remote Assistance Manage a server by using Terminal Services Remote
administration mode Manage a server by using available support tools
Troubleshoot Terminal Services Diagnose and resolve issues related to Terminal
Services security Diagnose and resolve issues related to client access to
Terminal Services
The Microsoft Management Console
MMC consoles will run on Windows Server 2003, Windows 2000, Windows NT 4, Windows XP, and Windows 98.
What Is MMC?
Snap-insSnap-ins
MMC hosts tools, called snap-ins, that perform administrative functionsMMC hosts tools, called snap-ins, that perform administrative functions
Tip:
By creating a custom MMC, you do not have to switch between different programs or individual consoles.
Stand-Alone Snap-Ins
Stand-alone snap-ins are provided by the developer of an application.
The Computer Management snap-in, for example, is a collection of individual snap-ins useful to a unit.
Extension Snap-Ins
Extension snap-ins, or extensions, are designed to work with one or more stand-alone snap-ins, based on the functionality of the stand-alone.
When you add an extension, Windows Server 2003 places the extension into the appropriate location within the stand-alone snap-in.
Author Mode
Adding or removing snap-ins Creating windows Creating taskpad views and tasks Viewing portions of the console tree Changing the options on the console Saving the console
User Mode
Full Access: Allows users to navigate between snap-ins, open windows,
and access all portions of the console tree.
Limited Access, Multiple Windows: Prevents users from opening new windows or accessing a
portion of the console tree, but allows them to view multiple windows in the console.
Limited Access, Single Window: Prevents users from opening new windows or accessing a
portion of the console tree, and allows them to view only one window in the console.
Practice:
Building and Saving Consoles An Event Viewer Console
Page 2-7
Managing Computers Remotely with the MMC
Setting Up the Snap-In for Remote Use
Another Way
By using Computer Management Snap-In
Tip:
You can use Run As, or secondary logon, to launch a console with credentials other than those with which you are currently logged on.
Practice
Adding a Remote Computer for Management Connecting Remotely with the MMC
Page 2-10
Managing Servers with Remote Desktop for Administration
Terminal Services is now an integral, default component of the Windows Server 2003 family, and Remote Desktop has been improved and positioned as an out-of-the-box capability, so that with one click, a Windows Server 2003 computer will allow two concurrent connections for remote administration.
Enabling and Configuring Remote Desktop for Administration
The Terminal Services service enables Remote Desktop, Remote Assistance, and Terminal Server for application sharing.
Note
Because Terminal Services and its dependent Remote Desktop capability are default components of Windows Server 2003, every server has the capability to provide remote connections to its console.
Also Note the table on page 2-13
Remote Desktop Connection
Remote Desktop or Terminal Server modes. There is no functional difference from the client perspective between the two server configurations.
For other platforms, Remote Desktop Connection can be installed from the Windows Server 2003 CD or from the client installation folder (%Systemroot%\System32\Clients \Tsclient\Win32) on any Windows Server 2003 computer.
Configuring the Remote Desktop Client
Note the table on pages 2-14 to 2-15
Terminal Services Troubleshooting
Network failures Credentials Policy Too many concurrent connections
Practice:
Installing Terminal Services and Running Remote Administration Page 2-16
Configuring the Server for Remote Desktop Connect to the Server with the Remote Desktop Client
Exam Tip
Watch for group membership if access is denied when establishing a Remote Desktop for Administration connection. In earlier versions of Terminal Server, you had to be a member of the Administrators group to connect to the server, although special permissions could be established manually. Having only two remote connections to the Terminal Server is a fixed limit, and cannot be increased.
Using Remote Assistance
To use Remote Assistance you must use either: MSN Messenger or A Messaging Application Programming Interface
(MAPI)-compliant e-mail client
Using Remote Assistance
You must enable the Offer Remote Assistance Local Group Policy setting on the target (user’s) local computer: 1. On the user’s computer, click Start, Run, and then type
gpedit.msc. The local Group Policy editor appears, enabling you to adjust policies that affect the local machine.
2. Under the Computer Configuration node, expand Administrative Templates, then System, and then click Remote Assistance.
3. Double-click Offer Remote Assistance and then select Enabled. 4. Next, click Show, then specify the individual users that will be
allowed to offer assistance by assigning helpers within the context of this policy. These “helper” additions to the list should be in the form of domain\username, and must be a member of the local administrators group on the local computer.
Initializing Remote Assistance
1. Open the Help And Support Center, click Tools, and then click Help And Support Center Tools. Next click Offer Remote Assistance.
2. In the dialog box, type the name or IP address of the target computer, and then click Connect.
3. The user accepts, and Remote Assistance can proceed.
Exam Tip
Watch for questions that use Windows 2000 ICS ICS for remote assistance from a big, corporate help desk to a small satellite office. Because Windows 2000 ICS does not Windows 2000 ICS does not support UPnPsupport UPnP, Remote Assistance problems will abound.
Limitations:
If you are using a hardware-based firewall in a home environment, the same restrictions apply: you must open port 3389port 3389 to use Remote Assistance.
Note: Note: The Instant Messenger Service itself relies upon port 1863port 1863 being open.
Practice:
Using Remote Assistance through Windows Messenger Page 2-24
Case Scenario Exercise
Page 2-25
Exam Highlights:
Key Points Page 2-27
Key Terms Page 2-28