by September 17, 2003 0 comments

If you wanted to remotely administer a Windows NT-based system, network or domain, you had various forms of Microsoft Management Console (MMC), which made their appearance with Windows NT 4. The latest version of MMC that ships with Windows 2003 is much more powerful. The MMC platform itself is quite extensive, in that you can easily create and install “extensions” for features not directly present. For instance, if you want your custom ERP solution to be manageable by MMC, you can create an extension for it in VC++ and install it into your console. 

However, using the MMC itself is quite resource-intensive, as it requires a lot of memory. Also, to use the MMC for administration on a non-NT platform (like Win98) you have to install additional tools (or “management packs”). This is not very helpful, if for example you are at a remote customer’s site and need to quickly update your Active Directory with their information.

So, what is the solution? The Win 2003 Server family has a web-based administrative interface (called “Remote Administration (HTML)”) that is quite comprehensive and lets you do common tasks easily and intuitively. However, the existence of this feature is well hidden and that is the reason for this hands-on.

We used a fresh installation of Win 2003 Advanced Server without any service packs. The box was configured previously through the Active Directory set up to act as a mixed-mode domain controller. You do need to install the following components, and luckily, all of them including the Server Administration, can be installed in the same step:

  • Active Directory (of course, this will also need a DNS server)
  • IIS 6.0
  • Active Server Pages (ASP) support
  • Certificate Server (if you want to use the interface in secure mode)

It is recommended however that Active Directory be installed before running the set up for Remote Administration (HTML).

Steps for Installation
Open Control Panel > Add/Remove Programs > Add/Remove Windows Components. Here, open “Application Server” and click the Details button. Now, open “Internet Information Services (IIS)” and click Details once again. In the next dialog, open “World Wide Web Service” and its Details button. In this last dialog box, you need to select two components for installation: “Remote Administration (HTML)” which is what we want, and “Active Server Pages” which is required by the Server Administration to work. Click OK all the way back to the first dialog and click FINISH to install the components. If your installation source is on a CDROM, don’t forget to insert it when prompted.

A Little Configuration
The documentation mentions that the Remote Administration (HTML) runs on https://locahost:8098. Also, the website created for this is configured to run only in secure mode (port 8098), and not in the unsecure mode (port 8099).

Unfortunately, we were not able to access it in secure mode, and therefore found a tweak that allowed us to run it in the unsecure mode. Here’s how. 

Open Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager. Expand the local computer’s tree and the “Web Sites” tree under it. The “Administration” website belongs to the Remote Administration (HTML). Right click > Properties > Directory Security. In the “Secure Communications” section, click the Edit button. On the dialog that appears, click OFF the “Require secure channel (SSL)” option. Click OK all the way back.

Using the Web Interface
Now, go to any computer on your network and fire up your Internet Explorer 6.0. If the Win 2003 server is running with a public IP, you can access it from any node on the Internet. If your DNS is set up properly, you should be able to connect via the machine’s name (like http://win2k3box.pcqlabs.pcq: 8099). Otherwise, you connect to it using its IP address, which in our case was http://192.168.45. 23:8099.

The browser will prompt you for your domain-level password. Only members of the “Administrators” and “Domain Administrators” groups can login. So, login as the Administrator user with the corresponding password. If you are prompted for a “Realm” or “Domain” (on non-Win 2003 machines), enter the appropriate domain name (“pcqlabs” in our case). If using pre-Win 2003 OSs, the domains should not have a “.” in them. To find out what this value is for your domain, on the Win 2003 box, open “Active Directory Domains and Trusts” console. Right click on the displayed domain controller (your local machine) and select Properties. The value is what is displayed in the grayed out “Domain name (pre-Windows 2000)” box on the General tab.

The interface itself is quite intuitive and lets you easily perform various tasks. On the maintenance page, it has useful links to various logs and lets you shut down the server, set up alert e-mail and even launch a Remote Desktop window (you need to be in 1024×768 or higher resolution to view the Remote Desktop). 

Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.