Subscribe to Windows IT Pro

 

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

April 22, 2002 12:00 AM

Must-Have Remote Administration Tools

Don Jones
Windows IT Pro
InstantDoc ID #24536
Rating: (0)
Manage your enterprise from the comfort of . . . anywhere

Windows' native management tools have improved over the years, letting administrators control most network services from their workstation. Even administrators who work with Windows NT, which lacks Windows 2000's all-in-one Microsoft Management Console (MMC), can manage remote DNS, DHCP, WINS, and other services from their desktops. Yet despite Microsoft's improvements, you might still need to perform some tasks (e.g., hotfix installation, server restarts, file management) from the server console.

That's where remote control tools come in. Remote control tools are invaluable for managing the servers in your company's branch offices and for responding to late-night server problems from the comfort of your home office. In today's atmosphere of heightened security, remote control tools can also let your servers stay safely locked in a data center while you perform maintenance and management tasks from your desk.

Remote Control vs. Remote Administration
Remote control tools fall into the larger category of remote administration tools. Remote administration tools, as the name implies, let you perform administrative tasks on remote servers. For example, you can use the Microsoft Windows NT Server 4.0 Resource Kit's Shutdown utility (shutdown.exe) to shut down and restart network servers and the rkill.exe utility to terminate processes that are running on a remote server. Remote control tools give you control of a server's desktop across the network to let you perform remote administration tasks. Instead of running commands on your workstation that affect the server, you run commands on the server itself, even though you might be miles away from the server's keyboard and monitor.

Several useful remote control tools—many of which are free or inexpensive—are available that let you perform common or crucial server-administration tasks without leaving your seat. I divide these tools into two subcategories:

  • graphical remote control tools, such as Win2K Server Terminal Services and Virtual Network Computing (VNC), which bring a remote server's desktop to your local computer
  • command-line remote control tools, such as Remote Command, Telnet, Remote Shell, and Remote Console, which let you execute text-based commands on a remote server

Terminal Services
Win2K Server included Microsoft's first built-in remote control technology, Terminal Services. Previously, Terminal Services was available only in a special edition of NT called NT Server 4.0, Terminal Server Edition (WTS). Although Microsoft intended Terminal Services primarily as an application server technology (like the Citrix WinFrame product from which it's descended), Terminal Services also offers a remote administration mode that lets up to two administrators simultaneously control a server's console across a network connection.

Win2K Server doesn't install Terminal Services by default, although you can install and use the service in remote administration mode as part of your basic product license. (Windows .NET Server—formerly code-named Whistler—makes remote administration mode a default installation component.) Since Win2K's introduction, I've recommended that administrators install Terminal Services in remote administration mode on every Win2K Server machine they deploy unless they're using VNC, which I discuss later. Installing Terminal Services is easy. Just open the Control Panel Add/Remove Programs applet, then click Add/Remove Windows Components. Select the Terminal Services check box, then click Next. When the Windows Components Wizard asks which Terminal Services mode you want to use, select the Remote administration mode option.

After you've used Terminal Services, it's hard not to love it. The Terminal Services client lets you launch multiple windows to remotely administer several servers at once. You can run the Terminal Services client software on most versions of Windows, including NT 3.51 and Windows 95. Third-party vendors (e.g., Citrix) provide client software for non-Windows platforms. You can also run the client full screen, which makes your desktop computer seem to be the server's console. For more information about Terminal Services, see "Related Reading."

Virtual Network Computing
VNC is one of the quiet hits of the systems administrator world: Either you know about it and love it, or you've never heard of it and don't know what all the fuss is about. In a nutshell, VNC is a cross-platform remote administration tool that brings a server's desktop display to your workstation, no matter which OS the server is running. Figure 1 shows VNC connected to a remote Win2K Server machine.

AT&T Laboratories Cambridge cre-ated VNC, and the tool is free under GNU General Public License. (For information about the GNU General Public License, go to http://www.gnu.org/copyleft/gpl.html.) You can download VNC from http://www.uk.research.att.com/vnc/index.html. Documentation, source code, and other information are also available at that site. When you download and unzip the distribution file, you'll find subfolders for

  • the VNC viewer—one executable that's less than 175KB in size
  • the VNC server—a complete setup package

Launching the viewer is easy: Just double-click it and type the name of the server to which you want to connect. If the remote server is already running the VNC server software, you'll be remotely controlling it in a couple of seconds.

Installing the VNC server is only slightly more complicated. Double-click setup.exe and follow the installation wizard's prompts to install both the server and the viewer. At this point, you can use the server only in interactive mode, which means you have to launch it manually. Having to manually launch the tool isn't desirable for remote server administration: You really want the VNC server to run automatically. Fortunately, clicking an icon in VNC's Start Menu folder installs VNC for Windows (WinVNC) as a service configured to run under the Win2K or NT 4.0 LocalSystem account and start automatically when the server starts. (Automatic starting is a function of the OS and doesn't work on every system; for example, the functionality isn't available on Macintosh.) Restart your server or, if you're using the service for the first time, start the service manually; VNC will prompt you to set its session password and other configuration settings, as Figure 2, page 30, shows.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Don Jones
    10 years ago
    Oct 30, 2002

    RDP certainly carries lower overhead than SMS's remote control feature. With RDP showing up in the Windows client OS (Windows XP and later), I wouldn't be surprised if SMS doesn't eventually include that feature. The big difference between Application and Remote Administration mode for Terminal Services is, as you point out, licenses. In Windows .NET Server (Win.NET Server), you always get Remote Administration mode and its two connections, whether or not you choose to use it. Most shops find that two connections is more than adequate for administration, but if you need more and have the licenses, you can certainly use Application mode. Application mode requires the deployment of a Terminal Server Licensing server to manage those license keys Microsoft sends you, so it's a bit of extra work to get going.

  • Charles R. Shivnarain
    10 years ago
    Oct 30, 2002

    Don Jones's "Must-Have Remote Administration Tools" is an excellent read. I work for the US Air Force, and we use Terminal Services to a great extent for remote administration for our servers across the European Theater. One thing that the author did not point out clearly, if at all, was the use of the Application Server mode versus the Remote Administration mode. The latter gives you only two sessions, whereas the former gives you many more. (I can't recall the exact limit, but we use 20.) Of course, you must provide information to get the correct licensing after you have selected the box under Add/
    Remove Windows Components, Terminal Services Licensing. You then have to click Administrative Tools, Terminal Services Licensing to fill in the rest of the information. Microsoft will email you the key you need to activate the license. We also use Microsoft Systems Management Server (SMS), which provides remote control of the NT boxes. We run an NT 4.0 domain with Win2K servers. RDP is a better alternative than SMS because RDP requires less overhead.

  • Don Jones
    10 years ago
    Oct 30, 2002

    Regarding your comment about VNC security, I always recommend that machines running remote control software--even Terminal Services--be protected by a firewall that will let only authorized traffic access the machines. I've known many companies to deploy internal firewalls to protect their servers from internal users, ensuring that only file-sharing, printing, or other ports are allowed through, and VNC presents no exception to such precautions. Although VNC carries a higher performance hit than solutions such as the built-in Terminal Services, I've found it to be much better than third-party solutions such as Symantec's pcAnywhere. Nothing's perfect, of course. As you do, I use VNC frequently because it's definitely worth at least what you pay for it!

  • Bjorn Larsson
    10 years ago
    Oct 30, 2002

    David Chernicoff's Forefront: "Remote Administration of Windows Server Systems" (May 2002, InstantDoc ID 24548) and Don Jones's "Must-Have Remote Administration Tools" (May 2002, InstantDoc ID 24536) both mention using Virtual Network Computing (VNC) but fail to discuss some important concerns regarding its use:


    • VNC security--Out of the box, VNC is not secure because it allows connections from any IP address. By editing the AuthHosts registry entry, you can restrict access by IP address. I'd further recommend running RRAS on the VNC server and restricting access to VPN ports only, thereby ensuring that all communication to and from the system is encrypted.

    • Performance--VNC can have a significant effect on processor performance. Just open a command prompt and watch. Or, move the mouse in circles and see the process not only spike but stay elevated. Processor performance might not be a concern in some environments, but it certainly is in others.

    • Updating screen info--Depending on the interface, VNC occasionally has problems knowing which components to refresh.



      • I use VNC frequently, especially in cross-platform environments (e.g., to manage Windows 2000 or Windows NT systems from Linux-based workstations), but understanding the trade-offs is important.

  • Mark
    10 years ago
    Oct 25, 2002

    Hi Guys , what are you thinking about Netmeeting as Remote Control ?
    rgds

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

White Papers

Get your Windows 7 deployment off to the right start by implementing PC lockdown. A locked-down environment is easier and cheaper to support since users are less likely to make unnecessary changes to the core system configuration - read more here!

Essential Guides

Is your iSCSI "lossy"? The reality is that most off-the-shelf Ethernet hardware deployed for iSCSI can lose packets, resulting in slow performance or application downtime. Learn how to assess your current iSCSI infrastructure and engineer an advanced iSCSI SAN infrastructure.

Web Seminars

What's the best way to keep your network safe from malware? In this web seminar, security expert Greg Shields suggests an alternative method to the traditional blacklisting approach that is common with anti-virus and anti-malware solutions.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

Cloud IT Pro DevProConnections Left-Brain Mobile Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.