By the use of Terminal Services, which is an element of Microsoft 2000 package, one may be able manage servers as if they were actually inside the Server Room.
Microsoft Windows 2000 Server
I have been in the web development field now for a few years. If any of you have ever worked as a consultant, you have probably experienced the same dilemmas as I. One that occurs at almost every business that I consult with, is that of server management.
You see, since I am not an actual employee, the network administrators want to keep me the consultant as far away from the server room (and any sensitive data) as possible. However, as a result I am dependent on them to administer any changes that must be done on the server that can not be done from MMC (Microsoft Management Console), a web based interface such as the HTML admin tool for IIS, or anything else that would require physical access to the system.
With the release of Windows 2000, Microsoft have released a new and easier to use remote management system known as Terminal Services. It is included with the Windows 2000 Server family, and among other things, a Remote Administration Mode configuration provides a way to graphically manage servers as if you were right there.
This provides a way for me to complete the tasks that I need to do on the servers that are running my applications, without needing physical access to the server room. Also, my Windows 2000 CAL is all I need to run this remotely. Yeah, you heard me right; you can run this on your client machines without the need for any additional licensing. As of the writing of this article, Terminal Services for Windows 2000 has clients for Windows 95, 98, NT, 2000, and CE (2.11).
Now if you are reading this and saying “I do not deal with consultants where I work at”, I am sure you could still benefit from a way to remotely manage your servers all from one place. Best of all, it does not require any additional hardware or software resources (other then about 2meg of server memory), so you should not see any decrease in performance if you install it. If anything you will see an increase in performance (from you that is, since you won’t be walking down to the server room multiple times a day).
You can install if during or after installation of the operating system by going into Add/Remove Windows Components.
You do not need to enable the “Terminal Services Licensing” option, for remote administration. If you do not want all your workstations to have the ability to install the client, select Terminal Services, Details, and make sure the “Client Creator Files” check box is not checked. Click the next button, and now comes the tricky part. Are you ready, ok here we go…. for remote administration of this server, you must check “Remote Administration”.
Wow, that was tuff. Ok, take a rest and we will continue on. Reboot the server (when appropriate), and that is it for the server install. You can also change the encryption level used for communication between the client and server by going into the “Terminal Services Configuration utility”, found under “Administrative Tools” and then going into the properties of the RDP 5.0 protocol.
Configuring the Client
This is not rocket science either. The easiest way is to just share out the “%systemroot%\system32\clients\tsclient” directory on the server where TS was installed. The client will run on a machine with as little as 8Megs of RAM, and does not need to be rebooted when a new install is performed. Once you have done this, you can run it by going into “Start/Programs/Terminal Services Client”.
There are two options you have. The client connection manager will allow you to store the connection settings so you just need to click the Icon to connect, or you can go into the Terminal Services Client utility, and you will be prompted for the information each time.
Now, as long as you have the proper authentication credentials on the server, you are now ready to do some remote administration.
The only issue that could use some improvement is that each workstation that you want to access the server from must have the client application installed on it. This sort of reminds me of the old days when I used to work as a system administrator for one of my previous employer’s software package. They had a system that was widely used in hospitals throughout the nation for quality management and improvement.
It was a great system, but whenever I would deploy a new hospital, all the workstations had to have the client installed and configured, and the appropriate DSN to connect to the database server. This would take an entire day just to set up the workstations. Anyway, back to the real subject…. It is too bad there is not a web client for Terminal Services Remote Administration. If there was, I could access my servers over the Internet, LAN, WAN, etc.. Oh, wait a minute, as a matter of fact there is one.
Terminal Services Advanced Client is an ActiveX Control that can be used to manage servers within Internet Explorer. Not only can I manage my servers, but I can also take advantage of the custom set of API’s to write my own custom web based applications for interaction with the server. So, now when I am at home in bed catching my ZZZ’s, and my pager notifies me that my web server has reported an error in the log (but of course MY server NEVER goes down), I can troubleshoot this problem from home. No longer do I have to go down to the office and see what the problem is because it can all be done from my own machine over the web.
According to Microsoft, here are just a few ways you can benefit by using this type of client.
The TSAC provides the following benefits:
Users do not have to manually download and install the client.
Administrators can send a URL to users, rather than the entire application.
Administrators can quickly change a Web page to point users to a new or updated application on the same or different server.
Users or administrators can roam to a different desktop and quickly access an application or desktop by simply knowing a URL.
If the TSAC is ever updated, users will automatically pick up the new version when they navigate to the Web page.
The TSAC provides significant benefits to the following groups:
Users who need to access terminal server hosted applications from ‘unmanaged’ devices.
Administrators seeking simple ways to distribute Win32-based, line-of-business applications.
Systems Administrators who manage Windows 2000 servers using the Terminal Services Remote Administration feature.
Independent software vendors (ISVs) wishing to integrate their Win32-based applications into the new Web-based programming model.
Application service providers (ASPs) looking for a simple way of accessing applications over the Web.
Not only can I manage my server over the web or Intranet, but also I can configure an MMC console with all the needed snap-ins necessary to manage my SQL Server, Site Server, and anything else. Then once I gain access to this server, I can run the MMC console just as if I was in the server room. As with any other amin procedure, be sure to implement proper security measures and anything else that could put your server at risk.
It will also be included on the Windows 2000 Service Pack 1 (SP1) CD in the i386\valueadd\tsac directory. To order the CD, check the Windows 2000 Downloads page. It is important you know that the TSAC is not included in the download of Windows 2000 Service Pack 1, and must be downloaded separately if you do not order the SP1 CD-ROM.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.