|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Remote AdministrationWanted to find out what people are doing in the way of remote administration. There are several ways to do this. My preferred way is to install the Adminpak and the 'Exchange stuff' on an Admin workstation and use an 'Admin account' (can mean several things....member of the Domain Admins or a delegated account) only when doing that type of work. And when not doing that I would use my 'normal user account' to do the day-to-day stuff. Other possibilities are to use RDP or to use some version of VNC. Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 workstations. Would really like the input of anyone and everyone. And maybe from an MVP or two? Now, what I am not trying to do is to start any wars (similar to 'Root Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just would like to hear how people are doing this! Also, Exchange 2003 would be in the mix. Having a web page to handle most of this is not an option right now (I do not know how to do that yet....but that will change). I do have an .hta that I created for the user account object creation. -- Cary W. Shultz Roanoke, VA 24012 Generally the "best practice" is to only log on with your plain jane user
account and launch administrative msc's with runas using a domain admin member account. Quite effective once you take the time to set up the shortcuts. Many seem to compromise and just use a second account (like adminX) assigned to individual administrators (accountability) and login to the admin workstation. Logging into the server console only as a last resort. -- Show quoteHide quote/kj "Cary Shultz" <cwshu***@mvps.org> wrote in message news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... > Good evening! > > Wanted to find out what people are doing in the way of remote > administration. There are several ways to do this. My preferred way is > to install the Adminpak and the 'Exchange stuff' on an Admin workstation > and use an 'Admin account' (can mean several things....member of the > Domain Admins or a delegated account) only when doing that type of work. > And when not doing that I would use my 'normal user account' to do the > day-to-day stuff. > > Other possibilities are to use RDP or to use some version of VNC. > Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 > workstations. Would really like the input of anyone and everyone. And > maybe from an MVP or two? > > Now, what I am not trying to do is to start any wars (similar to 'Root > Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just > would like to hear how people are doing this! > > Also, Exchange 2003 would be in the mix. Having a web page to handle most > of this is not an option right now (I do not know how to do that > yet....but that will change). I do have an .hta that I created for the > user account object creation. > > -- > Cary W. Shultz > Roanoke, VA 24012 > I do think RDP is the easiest way. Only one port is needed to open for RDP
method, especailly if you go through a firewall. Adminpack needs to open several ports. The method could be considered if you're using VPN. Please correct me if anything wrong. Ray Show quoteHide quote "Cary Shultz" <cwshu***@mvps.org> wrote in message news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... > Good evening! > > Wanted to find out what people are doing in the way of remote > administration. There are several ways to do this. My preferred way is > to install the Adminpak and the 'Exchange stuff' on an Admin workstation > and use an 'Admin account' (can mean several things....member of the > Domain Admins or a delegated account) only when doing that type of work. > And when not doing that I would use my 'normal user account' to do the > day-to-day stuff. > > Other possibilities are to use RDP or to use some version of VNC. > Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 > workstations. Would really like the input of anyone and everyone. And > maybe from an MVP or two? > > Now, what I am not trying to do is to start any wars (similar to 'Root > Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just > would like to hear how people are doing this! > > Also, Exchange 2003 would be in the mix. Having a web page to handle most > of this is not an option right now (I do not know how to do that > yet....but that will change). I do have an .hta that I created for the > user account object creation. > > -- > Cary W. Shultz > Roanoke, VA 24012 > Opps!
Sorry. I re-read my post and do not want to be unclear. By "remote Administration" I do not mean that I am sitting at home or on vacation (Cancun, anyone?) and get a phone call from someone in the office letting me know that I need to do something! I mean that I am on-site but not going into the server room to sit down directly in front of a Domain Controller and do this stuff. -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "Cary Shultz" <cwshu***@mvps.org> wrote in message news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... > Good evening! > > Wanted to find out what people are doing in the way of remote > administration. There are several ways to do this. My preferred way is > to install the Adminpak and the 'Exchange stuff' on an Admin workstation > and use an 'Admin account' (can mean several things....member of the > Domain Admins or a delegated account) only when doing that type of work. > And when not doing that I would use my 'normal user account' to do the > day-to-day stuff. > > Other possibilities are to use RDP or to use some version of VNC. > Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 > workstations. Would really like the input of anyone and everyone. And > maybe from an MVP or two? > > Now, what I am not trying to do is to start any wars (similar to 'Root > Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just > would like to hear how people are doing this! > > Also, Exchange 2003 would be in the mix. Having a web page to handle most > of this is not an option right now (I do not know how to do that > yet....but that will change). I do have an .hta that I created for the > user account object creation. > > -- > Cary W. Shultz > Roanoke, VA 24012 > Good, 'cause my reply would have been N/A otherwise.
If I were admining the same environement all the time I'd invest the time in the runas shortcuts. If I'm in and out, not managing from the same admin workstation, or doing very infrequent admin tasks, then I'd use an adminX account. I'd only logon to the server directly if there were no other way to perform the task. RDP sessions are not of any signficiant difference than logging in at the console under normal operations. RDP to an XP Admin workstation is another matter. -- Show quoteHide quote/kj "Cary Shultz" <cwshu***@mvps.org> wrote in message news:utguTY2LGHA.2036@TK2MSFTNGP14.phx.gbl... > Opps! > > Sorry. I re-read my post and do not want to be unclear. > > By "remote Administration" I do not mean that I am sitting at home or on > vacation (Cancun, anyone?) and get a phone call from someone in the office > letting me know that I need to do something! > > I mean that I am on-site but not going into the server room to sit down > directly in front of a Domain Controller and do this stuff. > > -- > Cary W. Shultz > Roanoke, VA 24012 > > "Cary Shultz" <cwshu***@mvps.org> wrote in message > news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... >> Good evening! >> >> Wanted to find out what people are doing in the way of remote >> administration. There are several ways to do this. My preferred way is >> to install the Adminpak and the 'Exchange stuff' on an Admin workstation >> and use an 'Admin account' (can mean several things....member of the >> Domain Admins or a delegated account) only when doing that type of work. >> And when not doing that I would use my 'normal user account' to do the >> day-to-day stuff. >> >> Other possibilities are to use RDP or to use some version of VNC. >> Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 >> workstations. Would really like the input of anyone and everyone. And >> maybe from an MVP or two? >> >> Now, what I am not trying to do is to start any wars (similar to 'Root >> Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just >> would like to hear how people are doing this! >> >> Also, Exchange 2003 would be in the mix. Having a web page to handle >> most of this is not an option right now (I do not know how to do that >> yet....but that will change). I do have an .hta that I created for the >> user account object creation. >> >> -- >> Cary W. Shultz >> Roanoke, VA 24012 >> > > Then, it depends on what you focus on.
1. If you deploy your same service on different server, for example, dfs or DNS, Adminpack would be better, that means you don't have to switch among servers. 2.If you wanna manage one server that is running many service, RDP is better. RDP is almost same as sitting in front of the remote computer. Ray Show quoteHide quote "Cary Shultz" <cwshu***@mvps.org> wrote in message news:utguTY2LGHA.2036@TK2MSFTNGP14.phx.gbl... > Opps! > > Sorry. I re-read my post and do not want to be unclear. > > By "remote Administration" I do not mean that I am sitting at home or on > vacation (Cancun, anyone?) and get a phone call from someone in the office > letting me know that I need to do something! > > I mean that I am on-site but not going into the server room to sit down > directly in front of a Domain Controller and do this stuff. > > -- > Cary W. Shultz > Roanoke, VA 24012 > > "Cary Shultz" <cwshu***@mvps.org> wrote in message > news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... >> Good evening! >> >> Wanted to find out what people are doing in the way of remote >> administration. There are several ways to do this. My preferred way is >> to install the Adminpak and the 'Exchange stuff' on an Admin workstation >> and use an 'Admin account' (can mean several things....member of the >> Domain Admins or a delegated account) only when doing that type of work. >> And when not doing that I would use my 'normal user account' to do the >> day-to-day stuff. >> >> Other possibilities are to use RDP or to use some version of VNC. >> Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 >> workstations. Would really like the input of anyone and everyone. And >> maybe from an MVP or two? >> >> Now, what I am not trying to do is to start any wars (similar to 'Root >> Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just >> would like to hear how people are doing this! >> >> Also, Exchange 2003 would be in the mix. Having a web page to handle >> most of this is not an option right now (I do not know how to do that >> yet....but that will change). I do have an .hta that I created for the >> user account object creation. >> >> -- >> Cary W. Shultz >> Roanoke, VA 24012 >> > > We always use RDP sessions. All of our servers are set up with TS in
Administrator mode (except for the Citrix servers that are set up in Application mode. Our administrators' desktops have a set of icons for connecting to any of the servers. Considering that there are a total of 3 people who would do this, having 2 free connections is more than adequate. I've never understood the attraction of installing multiple consoles when I can do about 99% of what I need using a single RDP session to the server..... Plus RDP is built in to WP Pro.... -- Show quoteHide quoteRegards, Hank Arnold "Cary Shultz" <cwshu***@mvps.org> wrote in message news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... > Good evening! > > Wanted to find out what people are doing in the way of remote > administration. I use both runas and rdp. When managing SQL or dealing with NTFS I have to
rdp to a TS client. If I'm dealing with Users, Sites and Services, etc... I use MMC and runas with a snapin that has most all of the possible snapins. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Cary Shultz" <cwshu***@mvps.org> wrote in message news:OeYmvx1LGHA.2628@TK2MSFTNGP15.phx.gbl... > Good evening! > > Wanted to find out what people are doing in the way of remote > administration. There are several ways to do this. My preferred way is > to install the Adminpak and the 'Exchange stuff' on an Admin workstation > and use an 'Admin account' (can mean several things....member of the > Domain Admins or a delegated account) only when doing that type of work. > And when not doing that I would use my 'normal user account' to do the > day-to-day stuff. > > Other possibilities are to use RDP or to use some version of VNC. > Environments would be Windows Server 2003 SP1 with WINXP Pro SP2 > workstations. Would really like the input of anyone and everyone. And > maybe from an MVP or two? > > Now, what I am not trying to do is to start any wars (similar to 'Root > Hints vs. Forwarders' or to 'mydomain.com vs. mydomain.local'). Just > would like to hear how people are doing this! > > Also, Exchange 2003 would be in the mix. Having a web page to handle most > of this is not an option right now (I do not know how to do that > yet....but that will change). I do have an .hta that I created for the > user account object creation. > > -- > Cary W. Shultz > Roanoke, VA 24012 > It's a little different for me, as I work for an outsourcing and solutions
provider. If I need to do something on a customers server I have to RDP onto one of our Management Terminal Servers (part of our security model). Once on this box I tend to do everything I want with DSA, ESM, ADFIND, LDP, ADSIEDIT, DSSITE, Enterprise Administrator, Hyena, COMPMGMT and good old notepad and vbscript. We enable RDP on all NT 5.x systems by default - this is a must! We also have SMS or LANDesk in place as well as ILO and, on occasion, pcAnywhere. SMS, RDP and ILO are enough to fix any server if you want to. Standard admin stuff, etc. with the above GUI. I must confess that I am turning more and more to CMD and script. But I think I'm just getting ready for Monad... -- Paul Williams Microsoft MVP - Windows Server - Directory Services http://www.msresource.net | http://forums.msresource.net 
Other interesting topics
server in wrong site
Automatically disable expired user accounts Adding Windows Server 2003 R2 machine to existing W2k3AD How to exclude ADAM user from AD domain lockout policy?? How to restore Domain Controllers that have been down for a long t restore a windows 2000 domain controller GPO not working. CSVDE export fields ordering nt4 domain to W2k3 AD Simple Questions... |
|||||||||||||||||||||||
