MMC

MMCs can run on Win98 and NT4 upwards. Provides a standardised interface for tools (snap-ins). MMC menu and toolbar provides commands for manipulating parent and child windows. Console, which contains the snap-in provides targetted functionality. An empty MMC contains a console root, which acts as a container for snap-ins. Each console consists of a console tree, console menu, toolbars and a detail pane. Common menu items

• File: create new console, open existing console, add or remove snap-in, save, mru list, exit, and options allow you to set mode
• Action: variable, but includes export, output and configuration items
• View: change console characteristics
• Favorites: to add and organise saved consoles
• Window: open new window, cascade, tile and switch windows
• Help: access to mmc and snap-in help

Two types of snap-in available: standalone and extension. Many snap-ins can act as both standalone or extension snap-ins: eg eventviewer or eventviewer in compmgmt. Consoles can be saved in one of author mode or one of three user modes (can't add snap-in): Full Access (can open new windows); Limited Access, Multiple Windows, Limited Access, Single Window. To override the mode settings for a console, open an MMC first, then open the console, or right-click the console and choose 'Author'. Use runas to run remote consoles with alternative credentials.

Remote Desktop

Default policy for domain controllers removes members of the 'remote desktop users' group from access to remote desktop. Other servers allow this group access by default. Installed by default, enabling two concurrent connections for administration. All the tools required for Terminal Services administration are also installed:

• Terminal Services Configuration (tscc.msc), set connection properties. Includes settings for encryption, logon settings, sessions (disconnect, logoff, reconnect), environment (program and path), network adapter and max connections, client settings (drive, printer mapping, audio, port and audio mappings) ,
• remote control. Also control server settings, temporary folders, active desktop, TS mode, max sessions per user
• Terminal Services Manager (tsadmin.exe) view current sessions and processes, send messages, disconnect, logoff sessions, establish remote control and shadow sessions
• RDC Installation Files: found at %systemroot%\system32\clients\tsclient\win32. MSI package allows installation via Group Policy or SMS.
• Terminal Services Licencing: not required to run in administrative mode

Remote Assistance

As for XP. Requests can be made from Windows Messenger or via Helpctr. 'Offer Remote Assistance' can be enabled via gpedit, administrative templates, system, remote assistance. Helpers must be members of the local administrators group on target machine, and defined as helpers in targets local group policy. RA and RDP depend on Terminal Services, which listens on port 3389. RA supports UPnP to traverse NAT devices. RA will detect the public IP address and port used by a UPnP NAT device and insert this in the RA ticket. Behind a non-UPnP NAT device (Windows 2000 ICS does not support UPnP), the wrong IP and port are placed in the ticket. Messenger requests will succeed if only one participant is behind a non-UPnP NAT. (Instant messenger uses port 1863)

Event Logs

Apart from usual logs (Application, System, Security), if server is a domain contoller, there will also be logs for Active Directory and File Replication Service. Seperate logs also for DNS Server, if running. Use View, Filter to filter events, and View, General to control log size and behaviour when full (overwrite as needed, overwrite older than ndays, never overwrite). Policy available to shutdown the computer if audit information cannot be written to security log.

Performance Monitoring

Performance data collection requires membership of administrators or Performance Log Users groups. Set up a baseline of performance logs, to use for comparison when problems start to occur. Users tab in Task Manager allows you to send messages to users, and to disconnect or logout users (local and remote).

Driveryquery

Options:

• /s system (name of remote system)
• /u domain\user 9username)
• /p password
• /FO [table | list | CSV] (output format)
• /NH (omit header row, applies when csv or table output used)
• /v (provide detailed information)
• /si displays properties of signed drivers

WMI

WMI is Microsoft's implementation of WBEM and provides support for Common Information Model (CIM). The WMI repository is the database of object definitions. WMI providers receive input from applications, services and system components, which it passes to the WMI Object Manager, which in turn enters the information into the repository. Administrators can use methods to manipulate components, set properties and configure event handling. The repository can be accessed by management tools, APIs, scripts or the command line tool, WMIC. Security for WMI is configured through the WMI Control snap-in (wmimgmt.msc). By default, users have read permissions on local computer.