Tips and Tricks
New & Improved
These features require a little work, but are worth it.
This month, I’d like to offer a few tips concerning improved features in key Microsoft products. I’ve written about many of these products—like Software Update Services and Remote Desktop Connection—in past columns, but there are some great additional tricks to exploit the latest versions, tricks indispensable to busy administrators.
Hopefully you’ve had the opportunity to play with Windows Server 2003 for a bit, even if your company isn’t yet implementing it. In Windows 2003, Terminal Services’ Remote Admin mode has been replaced by Remote Desktop, which basically means that Remote Admin mode is always installed (though disabled by default).
There are some cool administrator-friendly changes lurking under the hood—changes IT professionals will really like once they start using them. For starters, Windows 2003 supports the newest version of Remote Desktop Protocol (RDP), which provides useful features like mapping clients’ drives to the server for easier file copying. This functionality, along with the ability to map clients’ printers to the server, makes Remote Administration much easier.
Windows 2003’s Remote Desktop allows three remote administrative connections instead of just two. Well, sort of. Technically, only two virtual desktops are available, but a third administrator can actually connect—remotely, mind you—to the console itself. This is definitely a much-needed improvement, because a lot of administrative problems (like driver error dialog boxes) only pop up on the console, not on the virtual desktops to which remote administration usually connects.
How do you connect to the console? With Windows 2003’s new Remote Desktop console, it’s a simple checkbox selected when setting up the connection. With the Remote Desktop Connection client, the console is launched from the command line with a switch: /console. Windows 2003 locks the actual console when there’s a remote connection to it, just like Windows XP Professional does with its built-in Remote Desktop feature.
I’ve always recommended that Windows 2000 Server shops install Terminal Services in Remote Admin mode on every server. For Windows 2003, I recommend enabling the Remote Desktop feature and ensuring that the correct users are on the access list for remote control (by default, it’s the local Administrators group only). But what about those that already deployed a few dozen servers? Do they have to walk around to each and select checkboxes? Not at all, thanks to Microsoft’s integration of Remote Desktop into Windows Management Instrumentation and the handy new Wmic.exe command-line utility included with Windows 2003. From any Windows 2003 box, simply run:
Wmic /node:"servername" /user:"user@domain" /password: "password"
RDToggle where ServerName="server name" call SetAllowTSConnections
Obviously, “servername” needs to be replaced with the server on which to enable Remote Desktop, and IT must also provide the correct administrative credentials for that server. Big thanks to Jim Bricker at Avanade in Seattle, who pointed me to this useful trick.
In the October
“Tips & Tricks” column, I pointed out that Software Update Service
(SUS) had one primary failing: the inability to deploy service packs along
with other critical and security patches. It seems the problem wasn’t
so much SUS itself as the way service packs were packaged, and Microsoft
has now fixed the problem. By the time this article appears, Microsoft
will have released WinXP SP1 and Win2000 SP4 in a version that SUS will
pick up and deploy. All subsequent service packs for XP, Win2K and upcoming
service packs for Windows 2003 will also be deployable through SUS. That
makes SUS the hands-down winner for free patch management, and for those
that are not already using something like Systems Management Server (SMS),
I can’t recommend SUS highly enough. If SUS is already deployed, an updated
version isn’t even needed to begin deploying service packs; they should
show up the next time you synchronize SUS server with Windows Update.
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.