Tips and Tricks

New & Improved

These features require a little work, but are worth it.

This month, I’d like to offer a few tips concerning improved features in key Microsoft products. I’ve written about many of these products—like Software Update Services and Remote Desktop Connection—in past columns, but there are some great additional tricks to exploit the latest versions, tricks indispensable to busy administrators.

Hopefully you’ve had the opportunity to play with Windows Server 2003 for a bit, even if your company isn’t yet implementing it. In Windows 2003, Terminal Services’ Remote Admin mode has been replaced by Remote Desktop, which basically means that Remote Admin mode is always installed (though disabled by default).

There are some cool administrator-friendly changes lurking under the hood—changes IT professionals will really like once they start using them. For starters, Windows 2003 supports the newest version of Remote Desktop Protocol (RDP), which provides useful features like mapping clients’ drives to the server for easier file copying. This functionality, along with the ability to map clients’ printers to the server, makes Remote Administration much easier.

Windows 2003’s Remote Desktop allows three remote administrative connections instead of just two. Well, sort of. Technically, only two virtual desktops are available, but a third administrator can actually connect—remotely, mind you—to the console itself. This is definitely a much-needed improvement, because a lot of administrative problems (like driver error dialog boxes) only pop up on the console, not on the virtual desktops to which remote administration usually connects.

How do you connect to the console? With Windows 2003’s new Remote Desktop console, it’s a simple checkbox selected when setting up the connection. With the Remote Desktop Connection client, the console is launched from the command line with a switch: /console. Windows 2003 locks the actual console when there’s a remote connection to it, just like Windows XP Professional does with its built-in Remote Desktop feature.

I’ve always recommended that Windows 2000 Server shops install Terminal Services in Remote Admin mode on every server. For Windows 2003, I recommend enabling the Remote Desktop feature and ensuring that the correct users are on the access list for remote control (by default, it’s the local Administrators group only). But what about those that already deployed a few dozen servers? Do they have to walk around to each and select checkboxes? Not at all, thanks to Microsoft’s integration of Remote Desktop into Windows Management Instrumentation and the handy new Wmic.exe command-line utility included with Windows 2003. From any Windows 2003 box, simply run:

Wmic /node:"servername" /user:"user@domain" /password: "password"

RDToggle where ServerName="server name" call SetAllowTSConnections 1

Obviously, “servername” needs to be replaced with the server on which to enable Remote Desktop, and IT must also provide the correct administrative credentials for that server. Big thanks to Jim Bricker at Avanade in Seattle, who pointed me to this useful trick.

In the October “Tips & Tricks” column, I pointed out that Software Update Service (SUS) had one primary failing: the inability to deploy service packs along with other critical and security patches. It seems the problem wasn’t so much SUS itself as the way service packs were packaged, and Microsoft has now fixed the problem. By the time this article appears, Microsoft will have released WinXP SP1 and Win2000 SP4 in a version that SUS will pick up and deploy. All subsequent service packs for XP, Win2K and upcoming service packs for Windows 2003 will also be deployable through SUS. That makes SUS the hands-down winner for free patch management, and for those that are not already using something like Systems Management Server (SMS), I can’t recommend SUS highly enough. If SUS is already deployed, an updated version isn’t even needed to begin deploying service packs; they should show up the next time you synchronize SUS server with Windows Update.

About the Author

With more than fifteen years of IT experience, Don Jones is one of the world’s leading experts on the Microsoft business technology platform. He’s the author of more than 35 books, including Windows PowerShell: TFM, Windows Administrator’s Scripting Toolkit, VBScript WMI and ADSI Unleashed, PHP-Nuke Garage, Special Edition Using Commerce Server 2002, Definitive Guide to SQL Server Performance Optimization, and many more. Don is a top-rated and in-demand speaker and serves on the advisory board for TechMentor. He is an accomplished IT journalist with features and monthly columns in Microsoft TechNet Magazine, Redmond Magazine, and on Web sites such as TechTarget and MCPMag.com. Don is also a multiple-year recipient of Microsoft’s prestigious Most Valuable Professional (MVP) Award, and is the Editor-in-Chief for Realtime Publishers.

comments powered by Disqus

Reader Comments:

Sat, Feb 7, 2004 Anonymous Anonymous

/console Nuff said

Wed, Jan 14, 2004 CW UK

hi!
Is Terminal services logon not interactive? if so does this create a vulnerability to brute force dictionary attacks on the admin account ?
Would recommend IPSEC negociation connection for access RDP or a hardware solution for remote console (separate LAN).

Cheers
Wooodfinec@hotmail.com

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.