Must-Have Remote Administration Tools

RDP certainly carries lower overhead than SMS's remote control feature. With RDP showing up in the Windows client OS (Windows XP and later), I wouldn't be surprised if SMS doesn't eventually include that feature. The big difference between Application and Remote Administration mode for Terminal Services is, as you point out, licenses. In Windows .NET Server (Win.NET Server), you always get Remote Administration mode and its two connections, whether or not you choose to use it. Most shops find that two connections is more than adequate for administration, but if you need more and have the licenses, you can certainly use Application mode. Application mode requires the deployment of a Terminal Server Licensing server to manage those license keys Microsoft sends you, so it's a bit of extra work to get going.

Don Jones's "Must-Have Remote Administration Tools" is an excellent read. I work for the US Air Force, and we use Terminal Services to a great extent for remote administration for our servers across the European Theater. One thing that the author did not point out clearly, if at all, was the use of the Application Server mode versus the Remote Administration mode. The latter gives you only two sessions, whereas the former gives you many more. (I can't recall the exact limit, but we use 20.) Of course, you must provide information to get the correct licensing after you have selected the box under Add/
Remove Windows Components, Terminal Services Licensing. You then have to click Administrative Tools, Terminal Services Licensing to fill in the rest of the information. Microsoft will email you the key you need to activate the license. We also use Microsoft Systems Management Server (SMS), which provides remote control of the NT boxes. We run an NT 4.0 domain with Win2K servers. RDP is a better alternative than SMS because RDP requires less overhead.

Regarding your comment about VNC security, I always recommend that machines running remote control software--even Terminal Services--be protected by a firewall that will let only authorized traffic access the machines. I've known many companies to deploy internal firewalls to protect their servers from internal users, ensuring that only file-sharing, printing, or other ports are allowed through, and VNC presents no exception to such precautions. Although VNC carries a higher performance hit than solutions such as the built-in Terminal Services, I've found it to be much better than third-party solutions such as Symantec's pcAnywhere. Nothing's perfect, of course. As you do, I use VNC frequently because it's definitely worth at least what you pay for it!

David Chernicoff's Forefront: "Remote Administration of Windows Server Systems" (May 2002, InstantDoc ID 24548) and Don Jones's "Must-Have Remote Administration Tools" (May 2002, InstantDoc ID 24536) both mention using Virtual Network Computing (VNC) but fail to discuss some important concerns regarding its use:

• VNC security--Out of the box, VNC is not secure because it allows connections from any IP address. By editing the AuthHosts registry entry, you can restrict access by IP address. I'd further recommend running RRAS on the VNC server and restricting access to VPN ports only, thereby ensuring that all communication to and from the system is encrypted.


• Performance--VNC can have a significant effect on processor performance. Just open a command prompt and watch. Or, move the mouse in circles and see the process not only spike but stay elevated. Processor performance might not be a concern in some environments, but it certainly is in others.


• Updating screen info--Depending on the interface, VNC occasionally has problems knowing which components to refresh.




I use VNC frequently, especially in cross-platform environments (e.g., to manage Windows 2000 or Windows NT systems from Linux-based workstations), but understanding the trade-offs is important.

Hi Guys , what are you thinking about Netmeeting as Remote Control ?
rgds