Choosing In-Band Management Tools

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Windows Server 2003 supports a wide variety of in-band remote management tools that you can use to manage servers. Use in-band tools when your Windows Server 2003–based server is functioning and accessible through your standard network connection.

Tools for remotely managing servers are available from many sources. Some of the tools are specific to a task, while others support a range of tasks. Some provide a command-line environment, while others provide a graphical user interface (GUI) environment. Some tools work best for managing a single computer at a time, while others support sessions with multiple computers.

In addition to the many tools built in to Windows Server 2003, management tools are available from the following sources:

  • Windows Support Tools, located in the Support\Tools folder on the Windows Server 2003 operating system CD, provide command-line tools for specific management tasks in a variety of areas such as performance, security, and deployment. For more information about Windows Support Tools, in Help and Support Center for Windows Server 2003, click Tools, and then click "Windows Support Tools."

  • Resource Kit Tools provide a variety of command-line tools for specific tasks. For more information about Resource Kit Tools, click Tools on Help and Support Center for Windows Server 2003, and then click Windows Resource Kit Tools Help.

  • Third-party tools available from independent software vendors (ISVs) provide a wide variety of specific or general remote management capabilities.

This section describes major characteristics of some common remote management tools for servers. Some of these tools can also be used for performing management tasks through out-of-band connections. For in-depth information about the technical considerations and potential impacts of specific remote management tools, see the Storage Technologies Collection of the Windows Server 2003 Technical Reference (or see the Storage Technologies Collection on the Web at https://www.microsoft.com/reskit). For information about software distribution tools, see "Deploying a Managed Software Environment" in Designing a Managed Environment of this kit.

Table 5.2 summarizes the characteristics of common remote management tools.

Table 5.2   Common Remote Management Tools

Tool Key Characteristics

Telnet

Command line; efficient and versatile; provides interoperability in mixed environments; in general, not secure

Windows Management Instrumentation Command-line (WMIC)

Customized applications and command-line scripts for remote management

Windows Script Host (WSH)

Customized scripts for remote management

Microsoft Management Console (MMC)

Multiple sessions; variety of snap-ins for various administrative tasks

Remote Desktop for Administration

GUI; multiple sessions; high resource usage

Group Policy

Efficient way to manage a variety of settings for groups of servers

Telnet

Telnet is a global, versatile tool that has minimal system resource and network bandwidth requirements and that provides interoperability with other operating systems. With Windows Server 2003 Telnet Server, any client that supports the Telnet protocol can connect to Windows–based systems. For example, a UNIX Telnet client can connect to a Windows–based server.

By using Telnet, you can establish a command console session on a remote computer and use it to run command-line programs and shell commands, interacting with the remote server as though you were logged on locally. Telnet can establish any number of connections and supports interactive scripts.

The Windows Server 2003 32-bit version of Telnet does not support secure logon, while the 64-bit version provides secure logon by using NTLM authentication. Some versions of Telnet provided with terminal concentrators also support secure logon. Telnet does not support encryption.

By using Telnet, you can perform out-of-band management tasks by establishing a network connection to a terminal concentrator that is connected to servers through their serial ports. For more information about terminal concentrators, see "Using Terminal Concentrators for Remote Management" later in this chapter.

Windows Management Instrumentation

Windows Management Instrumentation (WMI) is an infrastructure that enables you to access and modify standards-based information about objects — such as computers, applications, and network components — in your enterprise environment. Using WMI, you can create powerful administration applications to monitor and respond to specific events in your environment. For example, you can create applications to check CPU usage on your Windows Server 2003–based servers and notify you when it exceeds a specified level. Although WMI is a powerful tool for building customized applications, it does require a certain amount of developer time and expertise.

Windows Management Instrumentation Command-line (WMIC) provides a simplified interface to WMI. By using WMIC, you can access WMI-based information using the command line or scripts. You can use WMIC from any computer where WMIC is enabled to manage any remote computer. WMIC does not have to be available on the remote computer.

For technical information about developing applications using WMI and using WMIC, see the WMI SDK link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

Windows Script Host

Windows Script Host (WSH) is a language-independent scripting infrastructure that allows you to write scripts for local or remote management tasks. You can use WSH to write scripts that include WMI, Active Directory® directory service, and other application programming interface (API) calls. WSH typically is used for noninteractive scripts, such as logon and computer automation scripts.

Microsoft Management Console

Microsoft Management Console (MMC) is a framework for hosting tools, also known as snap-ins, that you can use to manage servers locally or remotely. With MMC, you can create consoles that include the tools you use most often.

Each MMC snap-in has unique advantages and disadvantages that make it suitable in some cases and unsuitable in others. For example, some are suitable for slow network connections and some transmit encrypted data. Before you use a snap-in to perform a remote management task, make sure that it is the best remote management tool for the task. For more information about using MMC snap-ins for remote management, see the Storage Technologies Collection of the Windows Server 2003 Technical Reference (or see the Storage Technologies Collection on the Web at https://www.microsoft.com/reskit).

Remote Desktop for Administration

Remote Desktop for Administration is an MMC snap-in that you can use to establish a remote console session on one or more servers and switch between sessions. By using Remote Desktop for Administration, you can log on to a remote server and use the server’s desktop to perform administrative tasks, just as if you were logged on locally. Remote Desktop for Administration supports Kerberos authentication and built-in encryption.

Remote Desktop for Administration is a versatile remote management tool because it supports both GUI and command-line interfaces. Because Remote Desktop for Administration uses Remote Desktop Protocol (RDP), it efficiently transmits the user interface from the server to the client and keyboard sequences and mouse clicks from the client to the server. Nevertheless, this tool requires more memory and network bandwidth resources than many other tools.

Important

  • Remote Desktop for Administration is affected by the Internet Explorer Enhanced Security Configuration, which places your server and Microsoft Internet Explorer in a configuration that decreases the exposure of your server to attacks that can occur through Web content and application scripts. As a result, some Web sites might not display or perform as expected. For more information, see "Setting up Remote Desktop Web Connection" and "Internet Explorer Enhanced Security Configuration" in Help and Support Center for Windows Server 2003.

Windows Server 2003 Administration Tools Pack

The Windows Server 2003 Administration Tools Pack includes several of the most common tools for remotely managing servers from a Microsoft® Windows® XP Professional–based computer with Service Pack 1. Many of the tools are MMC snap-ins. The tools pack is included on the 32-bit version of the Windows Server 2003 operating system CD, and the Windows Installer package — Adminpak.msi — is placed in C:\windows\system32\adminpak during the operating system installation. For 64-bit versions, use Remote Desktop for Administration instead.

For more detailed information about the tools pack, see "Windows Server 2003 Administration Tools Pack Overview" in Help and Support Center for Windows Server 2003. Help topics for the Administration Tools Pack are installed when you install the tools.

Note

  • You cannot install the Windows Server 2003 Administration Tools Pack on a server that is running a member of the Microsoft® Windows® 2000 Server or Windows Server 2003 family operating systems. The administrative tools already exist on all servers running these systems. You can install the tools pack only on a computer that is running Windows XP Professional with Service Pack 1.

Group Policy

In an Active Directory environment, you can use Group Policy to control such things as permissions, application availability, and security for member servers, domain controllers, and any other server running Windows Server 2003 within the scope of management. You can use Group Policy to manage registry-based policy by using Administrative Templates and to assign scripts, such as for startup and shutdown. For more information about Group Policy, see the following: