لطفا منتظر باشید ...
Management Tools
Windows 2000 Professional has a variety of tools for administrators, including MMC, tools in the Administrative Tools folder, System Tools, Control Panel, scripts, environment variables, Windows Update, and Windows Management Instrumentation.
Microsoft Management Console
Microsoft Management Console (MMC) is a tool you use to create, save, and open collections of administrative tools, called consoles. Consoles contain items such as snap-ins, extension snap-ins, monitor controls, tasks, wizards, and documentation required to manage many of the hardware, software, and networking components of the Windows 2000 Professional–based system. You can add items to an existing MMC console, or you can create new consoles and configure them to administer a specific system component. If you want to do so, you can save and distribute consoles. To start MMC, on the Start menu, click Run, and then type MMC.After you open the default console, you can the add snap-ins you use frequently and save the console. Console files are saved as *.msc files. To start a saved console, type the name of the console on the Run line.The following snap-ins are available by default with Windows 2000 Professional:
- ActiveX® ControlCertificatesComponent ServicesComputer ManagementDevice ManagerDisk DefragmenterDisk ManagementEvent ViewerFax Service ManagementFolderGroup PolicyIndexing ServiceIP security policy management Link to Web Address Local Users and Groups Performance Logs and Alerts Removable Storage and ManagementSecurity Configuration and AnalysisSecurity TemplatesServicesShared FoldersSystem InformationWMI control
For more information about the functions each snap-in provides, see the Windows 2000 Professional MMC Help. To view MMC topics, start Help from MMC. Help for MMC topics is not available by from the Start menu of Windows 2000 Professional.
Administrative Tools
The Administrative Tools folder, in Control Panel, contains shortcuts to tools you can use frequently. With the exception of Data Sources (ODBC) and Telnet Server Administration icons in Administrative Tools, all of the shortcuts start MMC consoles. The following is a list of the available tools.Component Services With the Component Services administrative tool, you can configure and administer Component Object Model (COM) components applications. You can use the Component Services administrative tool to perform administrative tasks such as configuring your system, installing applications, and configuring and monitoring services used by your applications.Computer Management You can use Computer Management to manage local or remote computers using a single, consolidated desktop tool. It combines several Windows 2000 administration tools into a single console tree, which provides easy access to a specific computer's administrative properties and tools. Use Computer Management to do the following:
- Monitor system events such as logon times and application errors. Create and manage shares. View a list of users connected to a local or remote computer. Start and stop system services such as Task Scheduler and Spooler. Set properties for storage devices. View device configurations and add new device drivers. Manage server applications and services such as the Domain Name System (DNS) service or the
Dynamic Host Configuration Protocol (DHCP) service.
NOTEData Sources (ODBC) Data Sources (ODBC) adds, deletes, or sets up data sources with user data source names (DSNs). These data sources are local to a computer and are accessible only by the current user.Event Viewer Using the event logs in Event Viewer, you can gather information about hardware, software, and system problems and monitor Windows 2000 security events. Windows 2000 records events in three kinds of logs:
You must be a member of the Administrators group to take full advantage of Computer Management.
- Application log: Contains events logged by applications or programs. For example, a
database program might record a file error in the application log. The application developer decides which
events to record. System log: Contains events logged by the Windows 2000 system components.
For example, if a driver or other system component fails to load during startup, this is recorded
in the system log. The event types logged by system components are predetermined. Security log: Can record security events such as valid and invalid logon attempts,
as well as events related to resource use, such as creating, opening, or deleting files. An administrator
can specify what events are recorded in the security log. For example, if you have enabled logon auditing,
attempts to log on to the system are recorded in the security log.
Local Security Policy The Security Settings node allows a security administrator to configure security levels assigned to a Group Policy object or local computer policy. You can do this after importing or applying a security template or instead of importing or applying a security template.Performance Performance Logs and Alerts contains features for logging counter and event trace data and for generating performance alerts. With counter logs, you can record data about hardware usage and the activity of system services from local or remote computers. Logging can occur manually on demand, or automatically according to a user-defined schedule. Continuous logging, subject to file-size or duration limits, is also available. You can view logged data by using the System Monitor display, or you can export the data to a spreadsheet program or database to analyze it and generate a report. Trace logs record data when activities, such as a disk input/output error or a page fault occurs. When an event occurs, the provider sends the data to the log service.
NOTEServices By using Services, you can start, stop, pause, or resume services on remote and local computers and configure startup and recovery options. You can also enable or disable services for a particular hardware profile.Telnet Server Administration Telnet provides user support for the Telnet protocol, a remote access protocol you can use to log on to a remote computer, network device, or private TCP/IP network. To display help for Telnet, type Telnet at a command prompt, and then type Help.
The Performance snap-in combines the System Monitor snap-in and the Performance Logs and Alerts snap-in.
Using Administrative Tools to Manage Remote Windows 2000-based Servers
Many of the administration tools included in Windows 2000 are used to manage the operating-system components common to all Windows 2000–based computers—such as installed services, hard disks, or event logs—and are installed by default for all versions of Windows 2000. You can use these tools to manage and configure many commonly used operating-system settings on remote Windows 2000–based computers.To manage remote servers from a computer running Windows 2000 Professional, you can install the Windows 2000 administration tools that are included on the Windows 2000 Server and Microsoft® Windows® 2000 Advanced Server installation CDs. These tools are MMC snap-ins that include Active Directory Users and Computers, Distributed file system, and other snap-ins that are not available in Windows 2000 Professional.To install Windows 2000 administration tools on a local computer
In the i386 folder on the Windows 2000 Server or Windows 2000 Advanced Server installation CD, double-click the AdminPak.msi file.Under Target folder location, type a destination or click Find Target to view locations.Run the Windows 2000 Administration Tools Setup wizard.
Using Terminal Services to Manage Remote Computers
If you can connect to the computer you want to administer—either via a LAN connection or a dial-up connection—you can view the administrator's desktop. Windows 2000 Server and Windows 2000 Advanced Server include Terminal Services, a set of software services that provide remote access to the server desktop from a client computer.Essentially, the server desktop user interface appears in an application window on the client computer; keyboard and mouse clicks are sent to the server and are processed there. By using a Terminal Services client to connect to a Windows 2000–based server (domain controller), you can run any applications—including all administration tools—that reside on the server just as though you were logged on at the server.Windows 2000 Server and Windows 2000 Advanced Server include the ability to install Terminal Services for remote administration only. This special mode allows up to two concurrent Terminal Services client connections to the server and does not require a Terminal Services Licensing server to be installed on the network.On client computers, install the appropriate Terminal Services client software to connect to the server. Terminal Services allows you access to a local desktop session on the server from a window on your client computer. You have access to all of the administrative tools and applications on the server computer, and the tools function the same as if you were sitting at the local computer.To install Terminal Services for remote administration
- In Control Panel, click Add/Remove Programs.In the dialog box, click Add/Remove Windows Components.In the Windows Components wizard, under Components, select the Terminal Services check box, and then click Next. You do not have to enable Terminal Services Licensing when you enable Terminal Services in remote administration mode. A maximum of two concurrent connections are automatically allowed on a server running Terminal Services in remote administration mode.On the Terminal Services Setup page, click Remote Administration Mode, and then click Next.When you are prompted to do so, click Finish.
System Tools
Windows 2000 offers a number of system tools. By using these tools, you can perform many necessary system tasks, such as backing up or defragmenting a hard disk and performing schedules tasks or other functions.To gain access to System Tools, from the Start menu, point to Programs and then Accessories, and then click System Tools. The following tools are available:Backup Use Backup to create a copy of data on the hard disk drive, and then use this copy to restore lost or damaged data. Clicking Backup starts an interface that gives you access to the Windows 2000 Backup and Recovery Tools wizards.Character Map Use Character Map to copy and paste special characters into documents, such as the trademark symbol, special mathematical characters, or a character from the character set of another language.Disk Cleanup This tool helps clear space on the hard disk drive. Disk Cleanup searches the drive, and then shows the temporary files, Internet cache files, and unnecessary program files that you can safely delete. You can direct Disk Cleanup to delete some or all of those files.Disk Defregmenter This tool rearranges files, programs, and unused space on the hard disk so that programs run faster and files open more quickly.
NOTEGetting Started This starts the online version of "Getting Started," which introduces the user to Windows 2000 Professional. Topics include learning how to install Windows 2000, how to use the desktop, and new features. Topics also include how to connect to a network and answers to frequently asked questions.Scheduled Tasks Schedule any script, program, or document to run at a convenient time. Scheduled Tasks starts each time Windows 2000 starts and runs in the background. By using the Scheduled Task wizard, you can schedule a task to run daily, weekly, or monthly, change the schedule for a task, and customize how a task runs at a scheduled time. When you click Scheduled Tasks, a Windows Explorer window opens and gives you access to the wizard and to any saved scheduled tasks.System Information System Information collects and displays the computer's configuration information. It includes a System Summary, Hardware Resources, Components, Software Environment, Internet Explorer 5, and Applications (Microsoft® Office 2000 only).
Disk Defragmenter is also available in the Computer Management snap-in under Storage.
NOTEFor more information about using these tools, see Windows 2000 Professional Help or MMC Help.
System Information is a snap-in that opens in MMC. It displays the same system information that is available through the Computer Management snap-in.
Control Panel
Control Panel is the central location for system configuration changes. To reduce clutter and provide easier access to some options, certain tools are no longer located in Control Panel. Table 7.2 lists the feature or function, how to gain access to it from Control Panel or another location, and where the feature or function is located in earlier versions of Windows.To view a detailed description of each Control Panel item, click Details on the View menu in Control Panel. For additional information about any Control Panel item, see Windows 2000 Help.Table 7.2 Tasks in Control Panel
| Feature or Function | Location in Windows 2000 Professional | Location in Windows 98 | Location in Windows NT 4.0 Workstation |
|---|---|---|---|
| Add/Delete Users | Users and Passwords | Control Panel/Users | In User Manager on the Start/Programs/Administrative Tools menu. |
| Administrative Tools | Programs menu (if enabled) or Control Panel | System ToolsProgramsAccessories | On Start/Programs menu. |
| Console (MS–DOS) | Programs/Accessories/Command Prompt | Programs/MS DOS prompt | Under Console in Control Panel |
| Device configuration | Control Panel/System/Hardware/Device Manager option | Control Panel/System Device Manager tab | Under Devices in Control Panel. |
| Dial-up connections | Control Panel/Network and Dial-up Connections | Control Panel/Modems | Under Modem in Control Panel. |
| Display options: Plus! property page | Control Panel/Display/Effects property page | Control Panel/Display/Plus! | On the Plus! tab under Display in Control Panel. |
| Game Controllers | Control Panel/Game Controllers | Control Panel/Game Controllers | On the Devices tab under Multimedia in Control Panel. |
| Hardware installation | Control Panel/Add/Remove Hardware | Control Panel/Add New Hardware | The Hardware tab of the property page for the device. |
| Modem configuration | Control Panel/Phone and Modem Options | Control Panel/Modems | Under Modems in Control Panel. |
| Multimedia | Control Panel/Sounds and Multimedia | Control Panel/Multimedia | Under Multimedia in Control Panel. |
| Network configuration | Control Panel/Network and Dial-up Connections | Control Panel/Network | Under Network in Control Panel. |
| Network Connections | Control Panel/Network and Dial-up Connections | My Computer and My Network Places | Under Network in Control Panel. |
| ODBC Data Sources | Administrative Tools | Control Panel/32bit ODBC | In Control Panel. |
| Passwords | Control Panel/Users and Passwords | Control Panel/Passwords or Users | In User Manager on the Start/Programs/Administrative Tools menu. |
| PC Card (PCMCIA) | Control Panel/Add/Remove Hardware | Control Panel/System/Device Manager tab | Under PC Card (PCMCIA) in Control Panel. |
| Ports | Control PanelPhone and Modem Options | Control Panel/Modems/Connection tab of device | Under Ports in Control Panel. |
| Scanners and Cameras | Control PanelScanners and Cameras | Not available | Not available. |
| Scheduled Tasks | Control Panel/Scheduled Tasks | My Computer | Services/Schedule. |
| SCSI Adapters | Control Panel/System/Hardware tab/Device Manager option | Control Panel/System/Device Manager tab | Under SCSI Adapters in Control Panel. |
| Services | Control PanelAdministrative Tools | Control PanelServices | Under Services in Control Panel. |
| Sounds | Control PanelSounds and Multimedia | Control PanelSounds | Under Sounds in Control Panel. |
| Tape Devices | System/Hardware property page/Device Manager option | Control Panel/System//Device Manager tab | Under Tape Devices in Control Panel. |
| Telephony | Control PanelPhone and Modem Options | Control PanelTelephony | Under Telephony in Control Panel. |
| UPS | Control PanelPower Options | Control PanelPower Management | Under UPS in Control Panel. |
You can use Group Policy settings to restrict access to Control Panel. Table 7.3 is a list of some of the Group Policy settings that affect Control Panel and a brief description of each policy. For additional information, right-click the policy in MMC, click Properties, and then click the Explain tab; or see "Group Policy Reference" on the Microsoft® Windows® 2000 Resource Kit companion CD.Table 7.3 Group Policy Settings That Affect Control Panel
| Group Policy Setting | Location | Description |
|---|---|---|
| Disable programs on Settings menu | Local Computer PolicyUser ConfigurationAdministrative TemplatesStart Menu & Taskbar. | Prevents any programs on the Start/Settings menu from running. |
| Disable Control Panel | Local Computer PolicyUser ConfigurationAdministrative TemplatesStart Menu & Taskbar. | Disables all Control Panel programs. This policy prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel programs. |
| Show only specified Control Panel applets | User ConfigurationAdministrative TemplatesControl Panel | Hides all Control Panel programs and folders except those specified in this setting. This setting removes all Control Panel programs (such as Network) and folders (such as Fonts) from the Control Panel window and the Start menu. It removes Control Panel programs you have added to your system, as well the Control Panel programs that are included in Windows 2000. The only programs that are displayed in Control Panel are those you specify in this setting. |
| Hide specified Control Panel applets | User ConfigurationAdministrative TemplatesControl Panel | This policy removes Control Panel programs (such as Display) and folders (such as Fonts) from the Control Panel window and the Start menu. It can remove Control Panel programs you have added to your system, as well Control Panel programs that are included in Windows 2000. |
CAUTION
If you enable either Show only specified Control Panel applets or Hide specified Control Panel applets, users still have access to all Control Panel programs from Help.
Scripts
You can use Windows Script Host and Group Policy to manage scripts. Windows 2000 supports the following scripting areas:
- Computer Management Printer Management Page File Service Management Network Configuration Device Management Process Management Thread Management Event Log Management User Management Security File System Application Management
Windows Script Host
Windows Script Host enables you to run scripts directly in Windows 2000 by clicking a script file on the Windows desktop or by typing the name of a script file at the command prompt. Just like Internet Explorer 5, Windows Script Host serves as a controller of ActiveX scripting engines. Unlike Internet Explorer 5, however, Windows Script Host has very low memory requirements and is ideal for both interactive and noninteractive scripting needs such as logon scripting and administrative scripting.Windows Script Host supports scripts written in VBScript or JScript. When a script is run from the Windows desktop or from the command prompt, the script host reads and passes the specified script file contents to the registered script engine. The scripting engine uses file extensions (.vbs for VBScript, .js for JScript) to identify the script instead of using the SCRIPT tag (which is used in HTML). This way, the script writer doesn't have to be familiar with the exact programmatic ID (ProgID) of various script engines. The script host itself maintains a mapping of script extensions to ProgIDs and uses the Windows association model to start the appropriate engine for a given script.There are two versions of the Windows Script Host: a Microsoft® Windows®-based version (Wscript.exe) that provides a Windows-based property sheet for setting script properties and a command prompt-based version (Cscript.exe) that provides command line switches for setting script properties. You can run one of these by typing either Wscript.exe or Cscript.exe at the command prompt.
Using Group Policy to Run Scripts
The Scripts extensions of Group Policy allows you to assign scripts to run when the computer starts or shuts down or when users log on or off their computers.The names of scripts and their command lines (in the form of registry keys and values) are stored in the Registry.pol file, as described earlier in this chapter.The following five script types exist:
Group Policy logon scripts Group Policy logoff scripts Group Policy startup scripts Group Policy shutdown scriptsLegacy logon scripts (those specified on the User object).
Because Windows Script Host supports scripts written in either VBscript or JavaScript, you
can enter a command line entry such as CheckBios.vbs in the logon script path of the user object.
By default, each of these script types runs asynchronously, and the window is hidden.
NOTETable 7.4 describes the Group Policy options that control the behavior of scripts.Table 7.4 Group Policy Options That Control Script Behavior
Consider carefully how to use scripts if you have a mixed
environment that includes Windows NT 4.0, Windows 95, Windows 98, and Windows 2000–based clients.
The Windows 2000–based and the Windows 98–based clients properly run .vbs and .js scripts.
To run .vbs and .js scripts on Windows NT 4.0–based and Windows 95–based clients, you must
embed the scripts in batch (.bat) files. The scripts continue to run in a normal window. A policy exists that
allows for scripts to be run as hidden or minimized. You can also install Windows Script Host on
Windows NT 4.0–based and Windows 95–based clients.
| Group Policy Setting | Location | Description |
|---|---|---|
| Run logon scripts synchronously | Computer ConfigurationAdministrative TemplatesSystemLogon | When this option is enabled, the system waits until the script finishes running before it starts Windows Explorer. An equivalent option for this is available under the User Configuration node. The setting you specify in the Computer Configuration node has precedence over the one set in the User Configuration node. |
| Run startup scripts asynchronously | Computer ConfigurationAdministrative TemplatesSystemLogon | By default, startup scripts run synchronously and hidden, which means the user cannot log on until the scripts complete. In some organizations, you might want the scripts to run asynchronously because they can take a long time to complete. This policy allows the you to change the default behavior. |
| Run startup scripts visible | Computer ConfigurationAdministrative TemplatesSystemLogon | If you enable this option, startup scripts run in a command window. |
| Run shutdown scripts visible | Computer ConfigurationAdministrative TemplatesSystemLogon | If you enable this option, shutdown scripts run in a command window. |
| Maximum wait time for Group Policy scripts | Computer ConfigurationAdministrative TemplatesSystemLogon | This policy setting allows you to change the default script timeout period. (By default, scripts time out after 600 seconds). The range is 0 sconds to 32000 seconds. |
| Run logon scripts synchronously | User ConfigurationAdministrative TemplatesSystemLogon/Logoff | When you enable this option, Windows waits for the scripts to finish running before it starts Windows Explorer. Note that an equivalent option for this is available under the Computer Configuration node. The setting you specify in the Computer Configuration node has precedence over the one set in the User Configuration node. |
| Run legacy logon scripts hidden | User ConfigurationAdministrative TemplatesSystemLogon/Logoff | If you enable this option, legacy logon scripts run in hidden mode. |
| Run logon scripts visible | User ConfigurationAdministrative TemplatesSystemLogon/Logoff | If you enable this option, logon scripts run in a command window. |
| Run logoff scripts visible | User ConfigurationAdministrative TemplatesSystemLogon/Logoff | If you enable this option, logoff scripts run in a command window. |
Scripts that run hidden (and to a lesser degree minimized) can cause an errant script or one that prompts for user input to wait for 600 seconds. This is the default wait time value and can be changed by using Group Policy. During this time, the system appears to stop responding. If this is a script that is running in a minimized window and the user selects the window, the script stops running.
Changing System Environment Variables
Environment variables specify the computer's search path, directory for temporary files, and other similar information.Windows NT 4.0 requires specific information to find programs, to allocate memory space for some programs to run, and to control various programs. You can view this information—called the system and user environment variables—in Control Panel. Under the System icon in Control Panel, click the Advanced tab , and then click Environment Variables. These environment variables are similar to those that you can set in the MS–DOS operating system, such as Path and Temp.User environment variables can be different for each user of a particular computer. They include any environment variables you define or variables that are defined by applications, such as the path where application files are located.System environment variables are defined by Windows 2000 Professional and are the same no matter what user is logged on at the computer. If you are logged on as a member of the Administrators group, you can add new variables or change the values.After you change any environment variables, Windows 2000 Professional saves the new values in the registry so they are available automatically the next time the computer starts.If any conflict exists between environment variables, Windows 2000 Professional resolves the conflict in this way:
- System environment variables are set first.User environment variables are set next and override conflicting system variables.Variables that are defined in autoexec.bat are set last, but they do not override conflicting system or user environment variables.
NOTE
Path settings, unlike other environment variables, are cumulative. The full path that you see when you type path at the command prompt is created by appending the path that is contained in Autoexec.bat to the paths that are defined in the System Properties sheet under System in Control Panel.
Windows Update
You can download system enhancements such as drivers, service packs, and new functions specifically selected to work with your personal computer from the Windows Update Web site. You can gain access to Windows Update by clicking Windows Update on the Start menu. With Windows Update, users can choose to scan their personal computers to receive a list of software applications that are specific to their computer's hardware and software configuration.You can use the Disable and remove links to Windows Update Group Policy setting to prevent connections to the Windows Update Web site. This policy is located in the Group Policy console under User ConfigurationAdministrativeTemplatesStart Menu & Taskbar.For additional information, right-click the policy in MMC, click Properties, and then click the Explain tab; or see "Group Policy Reference" on the Microsoft® Windows® 2000 Resource Kit companion CD.
Windows Management Instrumentation
Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-Based Enterprise Management (WBEM), an initiative to establish standards for gaining access to and sharing management information over an enterprise network. WMI is WBEM-compliant and provides integrated support for the Common Information Model (CIM), the data model that describes the objects that exist in a management environment.WMI includes a CIM-compliant object repository, which is the database of object definitions, and the CIM Object Manager, which handles the collection and manipulation of objects in the repository and gathers information from the WMI providers. WMI providers act as intermediaries between components of the operating system and applications. For example, the registry provider draws information from the registry; the SNMP provider provides data and events from SNMP devices.For more information about WMI, see Windows 2000 Professional Help and the Deployment Planning Guide.
