Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

We'll walk through the process of creating,
customizing, and working with custom consoles.

Create a Console

Let's create a custom console

that can be
used to simultaneously manage resources on two computers running
WS2003: the local computer and a remote computer. Begin by logging on
as Administrator and open a blank MMC console using one of the
following methods:

• Start Run mmc
  OK.

• Type mmc at the command line.

• Open the

  System32 folder and double-click on the
  

  mmc.exe file.

Now add a Computer Management snap-in for managing the local computer:

Console Add/Remove Snap-in Add

This opens the Add/Remove Standalone Snap-in dialog box, which lists
the various standalone snap-ins available for installation on the
system. You can add as many of these snap-ins to a console as you
like, and you can add multiple instances of any snap-in to manage
different computers or simply to give different views of the same
snap-in. In the Add/Remove Standalone Snap-in dialog box, select the
Computer Management snap-in and click Add. This opens a dialog box
prompting you to specify the computer that the snap-in will manage.
If you select "Another computer,"
you have to browse Active Directory to locate the remote computer you
want to manage. In our example, we want to install two instances of
the Computer Management snap-in into our console: one to manage the
local computer and the other to manage a remote computer. After
selecting "Local computer," accept
the remaining prompts to install the snap-in for managing the local
computer. Then, to add a snap-in for managing the remote computer,
simply repeat the previous steps, except that instead of selecting
"Local computer," select
"Another computer" and browse
Active Directory to locate the remote computer you want to manage.

You now have your finished console, but before you do any work with
it, you should save it, so perform the following steps:

Console Save Manage Two Computers Save

This saves the console as an

.msc file, which
stands for management saved console. By default, this file is saved
in the personal Administrative Tools program group of the local user
profile for the currently logged-on user. If you are logged on as
Administrator, by default the saved file is located in the folder:

\Documents and Settings\Administrator\Start Menu\Programs\ Administrative Tools

If you close your console, you should be able to reopen it by
selecting:

Start Programs Administrative Tools Manage Two Computers

The administrative tools created when WS2003 is installed (or when
optional components are added later) are located in the folder

\Documents

and

Settings\All

Users\Start

Menu\Programs\Administrative

Tools . Administrative Tools in the Control Panel
is a shortcut to this folder, which explains why, when you create
your own custom console, it is not found in Administrative Tools in
the Control Panel.

Customize a Console

Now that we've created a new
console for
managing the local and a remote computer, let's see
what can be done to customize this console. Customizing a console is
the process of personalizing and configuring it to make using it
quick and simple.

Use the View Menu

You can use the View menu to:

• Change the default view of how objects in
  the details pane are displayed. You probably want to use View
  Detail so that any columns of status information present
  in the console are displayed.

• Hide or remove various elements of the MMC window using View
  Customize. For example, with some administrative tools,
  such as the Services console, there is only one node in the console
  tree, so hiding the console tree might be a good idea.

One of the customization options under View Customize is to remove the View menu itself! If you later decide that you want to bring it back, use Customize View under the System menu. (The System menu is accessed using the gadget at the top lefthand corner of a window.)

If you have selected Detail view, you can rearrange
columns by dragging and can sort rows by clicking on column headers
in the details pane (this doesn't work for all
snap-ins). Some snap-ins also provide a Filter item on the View menu,
which can be used to filter what is displayed in the details pane.

Customize the Console Tree

A Folder is a standalone snap-in that simply
provides a container for other snap-ins; it doesn't
have any inherent administrative functionality. You can add folders
to the console tree to group together snap-ins according to computer,
site, network, domain, department, and so on. For example, if we plan
on adding more Computer Management snap-ins for managing additional
remote computers, we might add a Folder snap-in for grouping together
the remote computers we are managing, and rename this Folder snap-in
Remote Computers. Continuing our previous example, do the following:

Console Add/Remove Snap-in Add Folder Add Close OK right-click on New Folder Rename Remote Computers

The problem is that we now have our new container in the same level
of the console tree as our two Computer Management snap-ins. We need
to move the snap-in for the remote computer into the

Remote
Computers folder. Unfortunately, Microsoft made this
process more complicated than it should be. In fact, there is no way
to move snap-ins around the console tree once they have been added to
the tree! Our only recourse is to remove the existing snap-in for the
remote computer and add it again, this time making sure that we add
it to the

Remote Computers folder instead of to

Console Root :

Console Add/Remove Snap-in select Computer Management (remote computer) Remove select Remote Computers folder from Snap-ins added to folder listbox Add select Computer Management Add Another computer Browse select remote computer OK Finish Close OK

This now gives us what we want and tells us the clear moral of the
story regarding customizing the console tree: plan what you want to
do before you start! It's even a good idea to write
out a custom MMC console on paper before you actually start building
it. You can obviously use this process to build incredibly complex
consoles (if you have nothing better to do).

Adding Favorites

A quick way of switching to
specific
places on a complex console tree is to add favorites to your console.
Once you have selected the particular node in the console tree you
want to bookmark, use Favorites Add to Favorites from the
toolbar to create a favorite to that node. Unfortunately, favorites
map only to nodes in the console tree, not to specific objects in the
details pane for that node. You can even group favorites in different
folders if you have a lot of them. Once you have created your
favorites, you can access them in two different ways:

Use Favorites on the toolbar

This method expands the console tree until the bookmarked node is
selected, displaying its associated objects in the details pane.

Use the Favorites tab in the lefthand pane

Selecting this tab hides the console tree entirely and displays the
list of favorites as hyperlinks. Clicking on a link will display the
associated objects for that favorite in the details pane.

Create New Child Windows

You can create new child windows
within the MMC main window and root these windows at any node within
the console tree. For example, to create a new child window whose
root node is System Tools under Computer Management (Local), do this:

Right-click on System Tools under Computer Management (Local) New Window from Here

You can tile or cascade multiple child windows. More importantly, you
can use this procedure to create custom consoles for junior
administrators by closing the original child window, thus restricting
their access to peripheral portions of the console tree. In the
previous example, closing the original child Window leaves a console
whose root node is System Tools for the local computer.

Add Taskpad Views and Tasks

The real customization power
of the
MMC is found in taskpad views. A taskpad view is a page in the
details pane of a console to which you can add shortcuts to
performing specific tasks, such as running wizards, opening
properties sheets, selecting menus, opening web pages, and running
command-line utilities and scripts. Taskpad views can make life
easier for junior administrators by providing a single location from
which various administrative tasks can be performed. Taskpad views
can also make complex administration tasks easier by providing a
single location from which the properties sheets and menus from many
different snap-ins can be accessed.

Let's walk through the process by creating a taskpad
view. You first need to decide which node in the console tree your
taskpad view will be attached to, and you should think about the
various tasks you want to incorporate into that view. Then
right-click on the selected node to start the New Taskpad View
Wizard, which leads you through the following steps:

Taskpad Display

Select how the taskpad view will be displayed, including how (or
whether) the objects in the details pane will be displayed and
whether normal or pop-up text is used to caption shortcuts.

Taskpad Target

Select whether the taskpad view will apply only to the current node
in the console tree or to all nodes of the same type as the selected
one, and specify whether the taskpad view will become the default
display in the details pane for all nodes of the selected type.

Name and Description

Specify a name for the taskpad view and a brief description.

Once the New Taskpad View Wizard is finished, you can then run the
New Task Wizard and add tasks to your taskpad. The New Task Wizard
starts automatically when the New Taskpad View Wizard ends.
Let's walk through the process of adding new tasks
to the taskpad view using the New Task Wizard:

Command type

Specify the kind of task you want to perform, which includes:

Menu command

Run a command from a menu. Specify any menu command available for any
node in the console tree or from objects in the list in the details
pane.

Shell command

Run a script, start a program, or open a web page. Specify the path
and file for the command or script you want to run, a list of
parameters, the directory to start in, and the type of window the
command or script will run in. You can select any program files to
run here (*.

exe , *.

com ,
*.

bat , *.

cmd ,
*.

pif ) or specify a URL.

Navigation

Select a view to display from your list of favorites. This also
causes the selected node to receive the focus in the left pane of the
console.

Name and Description/Task icon

Once you have specified the details of the task, identify the
shortcut that launches the task by assigning it a name, a short
description, and an icon. You can then launch the task by clicking
its shortcut in the taskpad view.

Once you have created your taskpad view, you can modify it by
selecting Action Edit Taskpad View. This allows you to
change the display options of the taskpad view, launch the New Task
Wizard to create new tasks, or modify, remove, and rearrange existing
tasks in the taskpad view. You can also delete your taskpad view to
return to the normal details pane view.

You can switch between a taskpad view and the normal details pane by
using the tabs at the bottom of the right panethey are easy to
miss. You can also create as many taskpad views as you like for a
given node in the console tree and use these tabs to switch easily
between them. However, keep the name of a taskpad view short so that
the space used by these tabs will be minimized; if these tabs go to
the edge of the console window, there is no gadget to scroll through
them.

Set Console Options

Once you have created and
customized a
console, you should specify a console name, associated icon, and the
mode in which the console will be opened. These options are specified
using Console Options, and the most important of these is
specifying the console mode, of which there are four possibilities:

Author mode

Users have full rights to customize the console as they desire,
including adding or removing snap-ins, creating new child windows,
creating taskpad views, and accessing all portions of the console
tree. Author mode is typically used only for creating and customizing
new consoles. Once they are configured appropriately, they should be
assigned one of the user modes to prevent them from being modified by
users. Consoles opened in author mode have a second menu bar with the
options Console, Window, and Helpconsoles opened in user mode
don't have this menu.

User modefull access

Users have full access to the console tree but can't
add or remove snap-ins or change console properties.

User modelimited access, multiple window

Users have access only to the visible portion of the console tree.
Users can open new windows but can't close existing
ones. Users can't add or remove snap-ins or change
console properties.

User modelimited access, single window

Users have access only to the visible portion of the console tree.
Users can't open new windows or close existing ones.
Users can't add or remove snap-ins or change console
properties.

In addition, when any of the user modes is selected, you can also
toggle whether users can customize the console view or use context
menus (right-click) in taskpads in the console.

If a console has been set to one of the user modes, it will have no
Console menu when it is opened the next time. If you later want to
make changes to your console, you need to open it in author mode.
Since there is no Console menu, you can't do this
using Console Options; you need another way of opening the
console in author mode. You have several choices:

• If the console is an existing administrative tool:

  Right-click on Start button Open All Users
  Programs Administrative Tools right-click on
  selected shortcut Author

• If the console is a custom console saved in the
  user's profile:

  Right-click on Start button Open Programs
  Administrative Tools right-click on selected
  shortcut Author

• You can also perform these steps on the actual
  

  .msc file for the console if you can find it in
  Windows Explorer.

• You can also open any console in author mode from the command line by
  using the /a switch:

  mmc path\console_name .msc /a

If you are logged in as an ordinary user and need to perform some
quick administrative task using a console, you can run the console
using your Administrator credentials as follows:

• Right-click on console shortcut Run as specify
  credentials.

• Use the runas command from the command line.

Save Consoles

If a console is in author
mode, you are
prompted to save any changes you have made when you try to close it.
If it is in one of the three user modes, whether the changes you have
made are saved or not depends on the setting:

Console Options Do not save changes to this console

If the checkbox is checked, changes made by users will not be saved
when they close the console. Remember, this setting can be configured
only when the console is in author mode!

Distribute Consoles

You can distribute custom
consoles
that you've created to other administrators by:

• Saving or copying them to a network share with appropriate
  permissions set to preclude access by anyone except administrators.
  You may also want to publish the location of the
  

  .msc file in Active Directory so they can search
  for it using the Search Assistant.

• Right-clicking on the

  .msc file in My Computer
  or Windows Explorer and using the Send To option to email the file to
  other administrators or to copy it to a floppy disk to hand around.

• Any other creative way you can think of.

Run Consoles from the Command Line

You can run a console from
the command line as long as you know
the directory where the

.msc file is stored (see
Table 4-30). To run a console, specify its name,
omitting the

.msc externsion. Open a command
prompt and type either:

mmc path\console_file

or:

path\console_file

unless you are in the current directory where the

.msc file is stored, in which case you can type
either:

mmc console_file

or just:

console_file

There are some optional switches you can append to these commands:

/a

Opens a saved console in author mode so you can modify the console.

/computer=computer_name

Opens the console and connects to the specified computer. This switch
is supported by Computer Management
(

compmgmt.msc ) and related consoles.

/server=domain_controller_name

Opens the console and connects to the specified domain controller.
This switch is supported by Active Directory Users and Computers
(

dsa.msc ).

/domain=domain_name

Opens the console and connects to a domain controller in the
specified domain. This switch is supported by Active Directory Users
and Computers (

dsa.msc ).

MMC Keyboard Accelerators

Finally, for the mouse-weary, there is an extensive set of
keyboard shortcuts you can use to work with the main window, console
tree, and active child window in the console. These are summarized in
Tables 4-31 to 4-33.

See Also

Administrative Tools