Remote Administration of Windows Server Systems

Remotely administering your Windows server systems can be incredibly annoying. Dozens of third parties offer tools that let you remotely manage servers and applications, but a clear path rarely emerges from the maze to announce "Do this!" At best, these tools give you the ability to manage a crucial application or two, or the base OS. At worst, you end up running all sorts of applications in a futile attempt to solve your global remote administration problem.

The first step in developing a remote administration strategy is to step back from the problem. Your initial impulse will be to find a comprehensive solution that applies horizontally across your systems environment. But such a solution doesn't exist—accept that fact and examine the problem before you look for the solution. (AT&T Laboratories Cambridge's Virtual Network Computing—VNC—comes close to being a comprehensive remote administration solution. VNC is a cool freeware tool that's worth a look if you're a Windows 2000/Windows NT/UNIX/Linux shop. For more information about VNC, go to http://www.uk.research.att.com/vnc/index.html.)

Begin by compartmentalizing tasks: Decide on the order in which you need to tackle your remote administration tasks, then use that order to plan. A good place to start is to determine whether basic OS tools are sufficient for your remote administration needs or you need a third-party solution.

The Terminal Services Solution
If your network runs on Win2K Server systems, you have a built-in remote management solution that's hard to beat: Terminal Services. Every copy of Win2K Server comes with a two-user Terminal Services license. I use the Terminal Services client to keep an eye on several critical servers in my office that are locked away even from the line IT staff. We're very careful about who has access to the servers that control our VPN and firewall, and although these machines run on Win2K Server, the boxes are headless with access only through Terminal Services.

I incur no real penalty for this headless system; I can easily display a full 1280 x 1024 screen in a window on my 1600 x 1200 desktop monitor. Performance across a 100Mbps Ethernet network is almost as good as it is from the console, and if need be, I can access our network from home or on the road through our VPN and run the Terminal Services client to handle my remote management tasks. I even have servers on the outside of the company firewall that I can use Terminal Services to log on to. These servers have local firewalls that allow connections on the port that RDP uses. By using Client Connection Manager, which automatically installs with the Terminal Services client, I can access all of my Terminal Services­controllable computers from one location. This setup is a huge improvement over checking each server manually. I even use Terminal Services to control test computers in my office. Although I have a keyboard/video/mouse (KVM) switch setup for my test servers, it's easier to connect through Terminal Services when I run a test server on my production network.

Working with NT
If you want to manage NT 4.0 servers remotely, you'll need to buy a third-party remote control software product, unless the server you want to manage is running Windows NT Server 4.0, Terminal Server Edition (WTS). But because WTS is a rare commodity, remote control software will be your primary tool for NT 4.0. Note that given the generally more secure environment we all run in these days, you'll need to find out how big a hole a remote control solution will require you to punch in your firewall, as well as determine which security mechanisms the solution puts in place to control access. When you move outside the OS, you're vulnerable to another avenue of attack.