1 / 18

Microsoft Management Console MMC

In a Windows Server 2003 environment, administrator will normally be ... To set up a Terminal server, one Windows 2003 server in network must be configured as a ...

Kelvin_Ajay
Download Presentation

Microsoft Management Console MMC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Management Console (MMC) • In a Windows Server 2003 environment, administrator will normally be responsible for more than one server • A useful tool for administrators to manage Windows computers anywhere on the network (remote server and clients) is Microsoft Management Console(MMC) • MMC provides a customizable management framework for hosting multiple management tools (snap-ins) • MMC with one or more snap-ins is called console • Can add and remove management tools as necessary and save as a custom MMC console file with .msc extension • By default, consoles are saved in the Administrative Tools folder in the user’s profiles and appear as shortcuts in the Start menu’s Administrative Tools program group

  2. Microsoft Management Console (MMC) • Most of the shortcuts in the Administrative Tools program group are preconfigured MMC consoles • The executable file for MMC is Mmc.exe • Run this file from the Run dialog box or command prompt • Empty console appears, select Add/Remove snap-in from the File menu • Select and add as many stand-alone snap-ins to a console and save it as a custom console with .msc file extension • Can access a remote computer through selecting Connect to Another Computer from Action menu in the MMC snap-in • Also, by using Add/Remove snap in from File menu, selecting what computer you want to manage from the list of snap-ins and then clicking Add button

  3. Terminal Services • Terminal Services is a Window-based application service that enables clients to access a server remotely to execute, process and store data on the server • The Terminal Server client software is installed on the client, the client receives the Windows Server 2003 GUI from the Terminal Server, users enter keystrokes, and mouse clicks, the commands are sent to the Terminal Server for execution, and the server then refreshes the local terminal screen. Two Terminal Service-based tools: • Remote Desktop for Administration allows an administrator to connect to any computer on the network in order to run and manage administrative services • Remote Assistance is used to allow a trusted party – an expert to remotely access your system to view and interact

  4. Benefits of Terminal Services • Support for thin clients – required fewer system resources, RAM, minimum operating system, etc. • Centralized access to applications • Administrator can control client access • Reduce network and workstation maintenance • Reduce network traffic for remote access users • Down-level operating systems clients can connect to TS • Remote Administration of Windows Server 2003 • Easier way to upgrade software on a remote server • Installed automatically as a part of Windows Server 2003 • Disabled by default, Once enabled, only Administrators group can connect by default, Additional users can be granted access

  5. Installing Terminal Services • To set up a Terminal server, one Windows 2003 server in network must be configured as a Terminal Services licensing server to host terminal services clients • Install Terminal Services on a member server rather than on a Domain Controller • Log on as an Administrator to Installed Terminal Services, Start Control Panel  Add or Remove Programs  Add/Remove Windows Components to initiate the Windows Components Wizard • Scroll down Components list and select the Terminal Server and Terminal Server Licensing check boxes • Use the Windows Components Wizard to install Terminal Services as directed

  6. Installing Remote Desktop for Administration • Two components of Terminal services to be configured: • Remote Desktop for Administration - to access remote server computer on the network for administrative purposes, without the application-sharing capabilities • Remote Desktop Connection – the client software running on client computer to connect to a Terminal Server • Log on as an Administrator to enable or disable Remote Desktop for Administration, which is installed automatically as a part of Windows Server 2003, and disabled by default • Start  Control Panel  System  Remote tab or • Start right-click My computer Properties System Properties dialog box Remote tab • In the Remote Desktop section, select the Allow Users to connect remotely to this computer check box • Remote Desktop for Administration – allows only two concurrent connections

  7. Installing Remote Desktop Connection • Remote Desktop Connectionthe client software running on client computer to connect to a Terminal Server • By default it is installed on Windows Server 2003 and XP • For all other operating systems – install manually • The Remote Desktop Connection client software is stored in %systemroot%\system32\clients\tsclients\win32 folder • Share this folder on the network for distribution purposes • Connect to the share from the client computer and run Setup.exe file – InstallShield Wizard • Or configure Group Policy to distribute the Remote Desktop Connection .msi package • Only Administrators or Remote Desktop User group can successfully connect to the server using Remote Desktop for Administration

  8. Terminal Services User Account Settings • Applications must be installed in a mode for multiple users compatible with Terminal Server (install mode), may need to reinstall some applications • Terminal services uses TCP and UDP port number 3389 for all of its client/server communications by default • Application layer protocol called Remote Desktop Protocol (RDP) handles communication between the Terminal Server and the client • On the client computer Start  All Programs  Accessories  Communications  Remote Desktop Connection • Explore Terminal Services user account settings using Active Directory Users and Computers • Start  Administrative Tools  Active Directory Users and Computers  Users • Explore the settings on the four Terminal Services tabs: Terminal Services Profile, Remote control, Sessions, and Environment

  9. Remote Assistance • Enables a user to request help from help desk support person or network technician to remotely access his or her computer to either just view or to both view and interact with the their system by giving permission • To receive remote assistance, a client must issue an invitation and send it to a particular expert • Enable Remote Assistance through System Properties from Control Panel and select the Remote tab • Select the Turn on Remote Assistance and Allow Invitations to be Sent From This Computer check box • Click Advanced button to let the expert take control of the computer or simply view activities on the computer • Specify the time for the invitation for remote assistance

  10. Service packs and hotfixes • Service pack – A tested package containing collection of patches and other updates (includes old and new patches) • Microsoft service pack releases are cumulative – available • CD-ROM – installation files and program – Update.exe • Express download- checks computer and downloads only required files, reduce size of download, requires Internet access • Network download – downloads entire service pack files (single executable) on a network server and then distributes to clients, large size download (100 MB or more), no internet access required • Hotfix - A software update that addresses one specific issue • Service packs and Hotfixes – release to address specific security issues such as new viruses or other threats • Always test all updates before deploying over the network

  11. Software Update Policies • Remain aware of new update releases • Determine which computers need to be updated • Test update releases on multiple system configurations • Deploy update releases on large fleets of computers – must be automated – less time consuming, efforts and expenses • Uninstalling Service Packs – always save backup copies of operating system files before applying a new service pack • Microsoft Baseline Security Analyzer (MBSA) – is a graphical informational tool, which checks and displays security lapses on computers but can not fix it • MBSA is not included with Windows Server 2003, but can be downloaded from Microsoft Web site – free of charge

  12. Microsoft Baseline Security Analyzer • Checks for required service packs and security updates, if not found, complies a list of required updates to be installed • Checks whether Guest account is activated • Checks whether more than two accounts have Administrator privileges • Checks whether the computer is configured for Autologon • Checks for passwords – simple, complex, blank or expired • Checks for NTFS filing system on all drives • Checks IIS and Microsoft SQL Server for security weakness • Checks and displays list of shares, Operating system version number, and whether auditing is enabled

  13. Software Update Services (SUS) • Ability to automatically download, control and deploy updates, service packs and patches to clients operating system using internal server • Administrators can check and approve each package before it is made available to clients • By storing the content locally on internal server, clients can download, without going on internet to Microsoft site • A new group policy feature included with SUS allow the administrator to define the configuration of the Automatic Updates feature on client computers

  14. Software Update Services (SUS) • Software Updates consist of two components • Client side service - which retrieves updates from SUS server and installs them • Client side service - known as Automatic Updates • Server side service – which is a central point for distributing updates to clients • Automatic Updates service – can work with Windows 2000 with (SP2), XP with (SP1) – can not work with 98, or NT • After installation of Automatic Updates on client computer, by default, it retrieves the updates from Microsoft Windows Updates server on Internet, however, you can redirect your clients to internal SUS server • http://windowsupdate.microsoft.com/ • Clients must have Automatic Updates software installed to interact with SUS server

  15. Deploying Software Update Services (SUS) • Four Basic steps for deploying SUS • Install an SUS server – configure Administrator and client access to the SUS service, must install IIS before SUS • Synchronize the server – the process by which the SUS server downloads updates from the Microsoft’s Windows Update site through Internet and stores them on local drive • Approve updates – Administrator checks and approves • Configure Automatic Update clients – Configure GPO • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components • Install IIS following instructions • Run the SUS10SP1.exe file to start installation of SUS • Follow directions to run Microsoft Software Update Services Setup Wizard • Complete installation as directed

  16. Administering Software Site Licensing • The End-User License Agreement (EULA) is a binding contract to use Microsoft software • Client Access Licenses (CALs) – need to access server • Per Server licensing mode - a single CAL is required for each concurrent connection to the specific server • You apply CALs to the servers • When maximum # of concurrent connections to a server has been reached, no additional user can access the server • Use Per Server mode when there are few servers and they require limited access • The # of CALs needed is determined by the # of concurrent connections

  17. Administering Software Site Licensing • Per Device or User Licensing mode– a CAL is required for each client connection, but it does not matter which server the client connect to • If you buy 500 CALs, you can have up to 500 concurrent users or devices connected to any of your servers • The total number of CALs equals the # of devices or # of users, or a mixture of both, that access servers • Use Per Device or User mode when there are many servers and they require frequent and widespread access • The # of CALs needed is determined by the # of users or # of devices, or both, that require access to the servers

  18. Administering Site Licensing • To help keep track of licensing, you have Licensing Tools • Licensing in Control Panel – The Choose Licensing Mode tool found in Control Panel manages licensing requirement for a single computer • The Site Licensing Server - In order for the Licensing Tool in Administrative Tools program to function and to view and manage licensing for the entire site, the License Logging service must be enabled on one server on the site • The server on which the License Logging service is running is known as the site licensing server, which keep tracks of all licenses on the site (single physical location) • The site licensing server is typically the first domain controller created in a site

More Related