All remote functions, with the exception of Windows NT Diagnostics, are initiated from the Remote Tools window. Before any remote functions are performed, the viewing computer must be able to connect to the client computer. After the Start Remote Tools option is selected for a client computer appearing in a collection, an Attempting to Connect with computername message window appears. If the client computer cannot be reached, then the Remote Tools window shows a message stating that the remote control agent could not be found (Figure 6-9).
Figure 6-9. The Remote Tools message status window stating that a connection could not be established with computer DOSWIN.
Resolving this error will be discussed in Chapter 14, "Monitoring and Troubleshooting SMS"
If the connection is successful a Remote Tools _ computername, ipaddress window appears (Figure 6-2). The IP address information only appears if TCP/IP is installed on the client computer.
Choose a remote function, diagnostic, or the Ping Test from the toolbar appearing at the top of the Remote Tools window.
If you choose Remote Control, a window called the Remote Control — computername appears. If permissions from the client computer are required, the administrator sees the message box shown in Figure 6-10.
Figure 6-10. The permissions message box.
The client computer also receives a message box prompt. If the user clicks Yes, remote control is allowed. If the user clicks No, or if no button is clicked, the viewing computer receives a message stating that permissions were not granted.
If a remote control session is successfully established, the client computer's display data appears inside a black and yellow moving border on the viewing computer (see Figure 6-5). Other functions produce the appropriate dialog boxes for executing a program or copying a file, for example. These functions are permissions-based, unless permissions are not required.
It is possible to remotely log on to a Windows NT/2000 client computer, as well as lock and unlock the desktop. This allows you to remotely operate a Windows NT/2000 server that has no user logged on.
This is carried out using buttons on the Remote Control window.
In this exercise, you will use SMS Remote Tools and Windows NT Diagnostics.
In the following steps, you will attempt to remotely control Computer 2. Remember that at the conclusion of Lesson 2, you stopped the SMS Remote Control Agent service. Make sure it is not started. Then complete this procedure from Computer 1, using the SMS Administrator console.
The list of discovered resources in the site appears in the details pane.
A menu appears.
The Remote Tools window appears as the remote control connection is attempted to Computer 2. The Attempting to Connect with COMPUTER2 message box appears indicating the connection to the remote client computer failed.
In the following steps, you will use Windows NT diagnostics to determine if the client computer's Remote Control Client Agent is started. This procedure starts from the All Systems collection in the SMS console tree.
A menu appears.
The Windows NT Diagnostics - \\COMPUTER2 window appears.
What version of Windows NT is running on Computer 2? Are any service packs applied?
In the following steps, you will start the Remote Control Client Agent on Computer 2. Complete this procedure from Computer 2.
You can start the SMS Remote Control Agent service using Server Manager on Computer 1. If you are familiar with this procedure, start the service using Server Manager and skip the next two steps.
Logging on as ADMINISTRATOR is necessary, as users cannot stop and start services.
Log off as ADMINISTRATOR, then log on as USER1 with a password of PASSWORD.
In the following steps, you will remotely control Computer 2. Complete this procedure from Computer 1, using the SMS Administrator console and the All Systems collection.
A new menu appears.
The Remote Tools window appears as a remote session is established to Computer 2. Notice in the right half of the status bar the status of Remote Control Agent found using TCP. The agent is configured to use Windows Sockets over TCP/IP rather than NetBIOS over TCP/IP.
A Remote Control message box appears indicating permission is being requested at the client computer.
The computer may "beep," indicating successful remote control.
In this exercise, you will use the remote functions of SMS 2.0 to solve user support problems.
In this scenario, you will use a remote function to automatically restart Computer 2 after changing a registry setting. As an administrator, you have decided User1 should not be able to shut down the computer without first logging on. You also do not want the last logged-on user name to be displayed, as sometimes you may need to log on remotely to administer the computer. You could change these settings using Remote Control, but do not want the user to see the registry path, so you will change it by opening the registry remotely, and then restarting the computer using SMS.
From Computer 2, click Yes whenever prompted to allow the administrator to perform a remote action. Complete the following steps from Computer 1.
The Select Computer window appears.
After you click Yes on Computer 2, a Remote Reboot message box appears on Computer 1, indicating the client computer has acknowledged the reboot request.
Computer 2 is shut down and restarted automatically. Eventually, the Begin Logon message box appears on Computer 2.
In the following steps, you will watch as Computer 2 is restarted. Then you will verify the `Shutdown' option is not available at logon time. Complete this procedure from Computer 2.
The Logon Information dialog box appears. Notice the user name is blank, and the Shutdown option is not available.
In this scenario, you will use a remote function to force a check disk of the client computer's hard disk. USER1 does not have permission to perform a check disk procedure locally. Through the remote session, you will send the output from CHKDSK.EXE to a text file that will be collected later.
From Computer 2, you should click Yes whenever prompted to allow the administrator to perform a remote action. Complete this procedure from Computer 1.
The Run Program at User's Workstation dialog box appears.
After clicking Yes on Computer 2, the command executes, then generates a log file on Computer 2.
In the following steps, you will use the SMS file transfer utility to transfer the log file generated by CHKDSK.EXE to Computer 1.
The user logged on at Computer 2 should click Yes whenever prompted to allow the administrator to perform a remote action on their client computer. Complete this procedure from Computer 1.
The Remote Tools - File Transfer - COMPUTER2, ipaddress:1761 window appears. Inside the window, local files (Computer 1) appear in the top pane, and the remote computer's (Computer 2) files appear in the bottom pane. The top pane is called the Console pane, and the bottom pane is called the Remote Machine pane.
The file is copied from Computer 2 to Computer 1.
In this scenario, you will use a remote function to establish a chat session with the user, and then complete a client configuration request using remote control. As a user, the logged-on account at the client computer does not have permission to complete the configuration. As a result, the SMS administrator will remotely control the client computer to implement the change.
From Computer 2, click Yes whenever prompted to allow the administrator to perform a remote action. Complete the following two steps from Computer 2.
A Date/Time Properties message box appears indicating that the user cannot change the date and time. These options can only be set by an administrative user.
In the following steps, the SMS administrator will establish a remote chat session with Computer 2 to determine the exact configuration change that must be implemented. Complete this procedure from Computer 1.
After the user at Computer 2 clicks Yes, the remote user's typing area appears in the top of the Remote Tools window. The local user's typing area appears in the bottom pane of the Chat window.
|Computer||Text to type|
|Computer 1:||How can I help you?|
|Computer 2:||I need to verify my time zone is set correctly.|
|Computer 1:||Okay, I need you to allow me to log on remotely to your computer to verify that for you.|
|Computer 2:||That's fine, I'll permit it.|
The Remote Tools window displays a blank screen.
In the following steps, the administrator will establish a remote control session with Computer 2 to change the client computer's time/date settings. Complete these steps from Computer 1.
After clicking Yes at Computer 2, the Remote Control window displays the client computer's desktop.
A Date/Time Properties message box appears indicating the user cannot change the date and time. These options can only be set by an administrator. Even though you are an administrator, Remote Control operates in the context of the logged on user, who is a local user at the remote client computer.
The Windows NT Security dialog box appears.
The Logoff Windows NT dialog box appears.
The local user is logged off, and the Begin Logon dialog box appears.
Normally, an administrator would not allow a user to watch the logon process or view an administrative user account name. However, in this case, assume the client computer was a server in a server room with no one logged on. The same procedure can be used to log on remotely to the server.
The Date/Time Properties dialog box appears. Notice that no error appears, as you are logged on as an administrator of the local computer. Also notice the Current time zone option is listed.
The Remote Tools window displays a blank screen.
The SMS remote functions communicate over NetBIOS using any of the core transport protocols, IPX, or Windows Sockets over TCP/IP. If NetBIOS is used, the remote tools utilities register and use special NetBIOS names to communicate between the viewing computer and the client computer.
The remote tools initialize communication with each other by performing a NetBIOS name look-up to find each client computer. While broadcasts are not efficient from a network perspective, they are used as a standard look-up method for NetBIOS communication using the NetBEUI or NWLink protocols, since they simplify protocol configuration. TCP/IP, on the other hand, was designed to be a robust, configurable protocol in order to scale to large network implementations. Most TCP/IP routers connecting multiple networks are not configured to forward broadcasts, since such a connection would be inefficient for large networks. So, additional configuration is necessary to operate Remote Tools using NetBIOS over TCP/IP in a multi-segment network.
Use Windows Sockets over TCP/IP so that Remote Tools doesn't depend on WINS or LMHOSTS name resolution.
SMS takes advantage of WINS on Windows NT to offer seamless remote access across a WAN without the need to manually edit and maintain LMHOSTS files. When the Remote Tools program is run, it checks with the WINS server to determine the client computer's IP address, then uses this address to establish communications.
If you do not have a WINS server and want to use NetBIOS over TCP/IP, you will need to configure the LMHOSTS file on the viewing computer. Windows NT contains a file called LMHOSTS.SAM located in winnt_root\SYSTEM32\DRIVERS\ETC which, when renamed to LMHOSTS, allows remote NetBIOS names to be resolved. The LMHOSTS file contains NETBIOS names mapped to IP addresses.
Follow these rules when adding or editing entries in the LMHOSTS file:
The following are LMHOSTS entries for a viewing computer to support a single client computer:
<IP address><tab>"<client name> A" (Letter A enables chat)
<IP address><tab>"<client name> C" (Letter C enables remote control)
<IP address><tab>"<client name> E" (Letter E enables file transfer)
The following are examples of three entries to support a client computer named SMS_Client with an IP address of 126.96.36.199:
188.8.131.52 "SMS_Client A"
184.108.40.206 "SMS_Client C"
220.127.116.11 "SMS_Client E"
Oftentimes remote support must extend beyond the reach of the LAN or high-speed WAN. By leveraging the capabilities of Microsoft's Remote Access Services (RAS), you can help users via a modem, X.25, ISDN, or SNA connection to the network. RAS adds an additional layer of configuration to run SMS Remote Tools.
The following are the requirements for monitoring and controlling supported client computers through RAS:
Figure 6-11 shows the configuration necessary for an administrator to provide support via an RAS connection to a client computer. In this case, a Windows NT/2000 computer, with the SMS Administrator console and RAS client software installed, initiates a connection with an RAS server. After a connection has been made, the administrator selects the client computer from a collection in the SMS console tree to provide remote support.
Figure 6-11. Providing remote support by means of an RAS connection.
SMS can also provide support to client computers at another SMS site that is connected using RAS. To do this, a RAS sender must be configured for access to the remote client computer's site. Senders are discussed in Chapter 11, "Site-to-Site Communications" Once a sender is configured between the sites, any Remote Tools utility can be started from the SMS Administrator console. Starting the utility will initiate an automatic RAS connection to the site, and access to the client computer is gained.
If the site address for a client is an RAS address, SMS uses GATEWAY.DLL to make an automatic RAS connection and gain access to the client computer. GATEWAY.DLL initiates the RAS connection to the remote LAN and authenticates the user by communicating with an RAS server that exists on the same LAN as the client computer. When the work is done, the Remote Tools utility terminates and GATEWAY.DLL disconnects the remote LAN, closes the RAS session, and frees up the port and modem.
Remote Tools support (NetBEUI, TCP/IP over NetBIOS or Windows Sockets, and NWLink IPX/SPX) over RAS. Native NetWare client computers are not supported. Modem, ISDN, X.25, and SNA networks are supported. In addition, the Point-to-Point-Tunneling Protocol (PPTP) available in Windows NT version 4.0 and later can be used to establish a RAS connection. PPTP allows Remote Tools to establish a connection to the remote network by using the Internet rather than a long-distance dial-up connection. However, the additional overhead requires higher bandwidth (greater than 28.8 Kb/s) for acceptable performance of Remote Tools.
If the administrator allows adjustments to be made to the Remote Tools Client Agent, the user at the client computer can set remote access settings using the Remote Control application accessed via the Control Panel. If adjustments to the client agent are not made, the agent will use the site default settings (administrator settings). Figure 6-12 shows the steps to follow on a client computer to change remote control settings. Run the Remote Control application (step 1), select either the General tab or the Notification tab (step 2), then clear the `Use administrator settings' checkbox (step 3). If you are modifying settings on the General tab, click the Settings button (step 4). The Notification tab contains checkboxes and radio buttons that control how you are notified of a remote session.
Figure 6-12. Navigating the Remote Control application to reconfigure Remote Tools Client Agent settings.
If the user disables all Remote Tools functions, when the administrator connects to the client computer, the remote tools utilities will not be available. If this becomes a common occurrence in your network, consider enabling the `Clients cannot change Policy and Notification settings' checkbox on the General tab of the Remote Tools Client Agent.
If the `Clients cannot change Policy and Notification settings' checkbox is not selected, the user can change the following site default settings:
In this exercise, you will configure the site-wide Remote Tools setting that allows individual users to set specific configuration values at the client computer.
The list of client agents appears in the details pane.
The Remote Tools Client Agent Properties dialog box displays general settings for the Remote Control Client Agent.
The SMS Administrator console appears.
Notice the date and time stamp of REMCTRL.CFG. When this file is updated to the current date and time, the site server has replicated the updates to the CAP.
Complete this procedure from Computer 2.
The Systems Management Properties dialog box appears.
The Systems Management Properties dialog box displays the sites in which the local client computer is a member. The only site listed should be the S01 site.
The SMS client software is executed and the Remote Tools Client Agent settings are updated.
The Remote Control Properties dialog box appears. Notice that administrator settings are listed. Also notice that in the lower left corner of the dialog box the 'Use administrator settings' checkbox is selected, indicating that settings are specified by the site administrator, but the local user can modify the settings.
To allow the local user to control remote control activity the Remote Control Properties dialog box displays all configuration settings as 'enabled.' Notice under 'Level of remote access allowed' that the default setting is Limited.
The Limited Remote Control Settings dialog box appears, allowing the local user to configure the remote control features to be allowed on the local client computer.
The Remote Control Properties dialog box appears.
Click OK, then close the Control Panel.
Notice that the Remote Control icon is not available.