Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

WS2003 includes a
number of administrative tools for performing day-to-day
administration tasks on domain controllers and member servers. These
tools are accessed from the Start menu and are mostly MMC consoles
with a few wizards tossed in for good measure. However, the tools
displayed in this menu are only those needed to administer the
different WS2003 components installed on your server. For example, if
you have not installed Certificate Services on your machine, the
Certification Authority console is absent from the menu. Furthermore,
most administrators prefer to manage their servers from a remote
location such as their office instead of going to the server room
every time they need to perform a task.

Administrative Tools Pack

To install the full slate of WS2003 administrative
tools on your server or to install these tools on a different machine
used for performing remote administration, install the WS2003
Administrative Tools Pack using the procedures outlined in the

Tasks section for this topic. This pack is
implemented as the Windows Installer file

adminpak.msi and is found on your WS2003 product
CD. You can install this pack on:

• Any member of the WS2003 family

• Windows XP Professional machines with Service Pack 1 installed

Using an XP/WS2003 machine with these tools installed, you can
administer multiple WS2003 machines from a single location. If you
have many tasks to perform on a single WS2003 machine, it may be
simpler to use Remote Desktop instead.

To perform administrative tasks on a domain controller using the WS2003 Administration Tools Pack installed on an XP or WS2003 machine, you must first join the machine to the domain. Also, if you plan to administer downlevel W2K domain controllers using these tools, you must either install W2K Service Pack 3 on these domain controllers or edit the registry to disable LDAP signing; see Knowledge Base article 325465 for more information.

Computer Management

Computer Management
(

compmgmt.msc )
is a key administrative tool that contains a number of snap-ins
organized into three categories:

System Tools

Event Viewer, Shared Folders, Local Users and Groups, Performance
Logs and Alerts, and Device Manager snap-ins

Storage

Removable Storage, Disk Management, and Disk Defragmenter snap-ins

Services and Applications

Telephony, Services, WMI Control, and Indexing Service snap-ins

Computer Management may contain additional snap-ins such as Internet
Information Services if such optional components are installed

Convenience Consoles

Three convenience consoles are included
in the Administrative Tools menu when
you install

adminpak.msi on a machine. Like
Computer Management, these convenience consoles contain multiple
snap-ins. They can also be started from the command line using their

.msc filenames. Table 4-2
provides details about the convenience consoles.

Manage Your Server

Another key administrative tool is
Manage Your Server, which lets you add
different roles to your server and manage these roles
by performing basic tasks using wizards and consoles. By default,
WS2003 installs with no roles defined, and you can add any of the
following roles with this tool:

File Server

Print Server

Application Server (IIS, ASP.NET)

Mail Server (POP3, SMTP)

Terminal Server

Remote Access/VPN Server

Domain Controller (Active Directory)

DNS Server

DHCP Server

Streaming Media Server

WINS Server

Here are a couple of examples of adding roles:

• Adding the File Server role lets you share folders using the Share a
  Folder Wizard and manage your file server using the File Server
  Management console (

  filesrv.msc ), which contains
  the Shared Folders, Disk Defragmenter, and Disk Management snap-ins.

• Adding the Application Server role lets you use your server as a web
  server to host ASP.NET applications on the Internet. You can manage
  this role using the Application Server console
  (

  appsrv.msc ), which contains the .NET
  Configuration 1.1, Internet Information Services (IIS) Manager, and
  Component Services snap-ins.

Administering Downlevel W2K Servers

The Administration Tools Packs for W2K
Server and WS2003 have significant compatibility issues:

• The W2K Server version of

  adminpak.msi can be
  installed only on W2K machines. Similarly, the WS2003 version can be
  installed only on XP or WS2003 machines.

• Some W2K Server administrative tools are unable to display or
  configure certain settings of WS2003 machines, and vice versa for
  WS2003 admin tools.

The simplest solution (though not an elegant one) is for
administrators to use two desktop machines to administer a mixed
W2K/2003-based network: a W2K Professional machine with the W2K
Server version of

adminpak.msi installed on it
and an XP machine with the WS2003 version installed. For IIS
administrators, there is an additional problem: the WS2003 version of

adminpak.msi doesn't include
the Internet Service Manager console. Applying Service Pack 2 for XP
and reinstalling

adminpak.msi should correct
this problem.

If you insist on having only one desktop for managing your whole
network, it should probably be an XP system with the WS2003 version
of

adminpak.msi installed. In addition, make
sure that Service Pack 3 for W2K is installed on all your W2K servers
so you can use the new version of the Active Directory console to
manage your downlevel domain controllers.