Tài liệu Module 2: Strategies for Administering a Windows 2000 Network pptx

?Creating a Customized MMC Console ?Distributing a Customized MMC Console Windows 2000 provides you with preconfigured MMC consoles that contain the components you need to perform admini

Lab A: Customizing MMC Consoles 14

Using Secondary Logon for

Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

? ? 1999 Microsoft Corporation All rights reserved

Microsoft, Active Directory, PowerPoint, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Project Lead and Instructional Designer: Mark Johnson Instructional Designers :Aneetinder Chowdhry (NIIT Inc.), Kathryn Yusi (Independent Contractor)

Lead Program Manager: Ryan Calafato Program Manager: Joern Wettern (Wettern Network Solutions) Graphic Artist: Julie Stone (Independent Contractor)

Editing Manager: Tina Tsiakalis Substantive Editor: Kelly Baker (Write Stuff) Copy Editor: Wendy Cleary (S&T OnSite) Online Program Manager: Nikki McCormick Online Support: Arlo Emerson (MacTemps) Compact Disc Testing: Data Dimensions, Inc

Production Support: Arlene Rubin (S&T OnSite) Manufacturing Manager: Bo Galford

Manufacturing Support: Mimi Dukes (S&T OnSite) Lead Product Manager, Development Services: Elaine Nuerenberg Lead Product Manager: Sandy Alto

Group Product Manager: Robert Stewart

Introduction

This module provides students with the knowledge and skills to efficiently perform network administration of Microsoft® Windows® 2000, both locally and remotely Students will learn how to create customized tools to match specific administrative responsibilities They will also learn the different methods and strategies to use when performing administrative tasks

In the two hands-on labs in this module, students will have a chance to create and customize tools and perform administrative tasks both locally and remotely

In the first lab, students will create and customize MMC consoles and taskpads, some of which they will use from their partners’ computers In the second lab, students will set up Terminal Services and use it to perform administrative tasks

on their partners’ computers They will also run applications by using secondary logon

Materials and Preparation

This section provides you with the materials and preparation needed to teach this module

Materials

To teach this module, you need the following materials:

?? Microsoft PowerPoint® file 1558a_02.ppt

Preparation

To prepare for this module, you should:

?? Read all the materials for this module

?? Complete the labs

?? Study the review questions and prepare alternative answers to discuss

?? Anticipate questions that students may ask Write out the questions and provide the answers

?? Read the Using Secondary Logon (Run As) in Windows 2000 technical

walkthrough on the Student Materials compact disc

Presentation:

60 Minutes

Labs:

90 Minutes

Instructor Setup for the Labs

Perform the following setup on your instructor computers for the labs

Lab A: Customizing MMC Consoles

No setup required for the instructor computer

Lab B: Administering a Windows 2000 Network

??To prepare for the lab

1 Ensure that students can access the shared folder \\london\Setup\Winsrc and that this folder contains the contents of the i386 folder from the

Windows 2000 Advanced Server CD-ROM This folder should have been created during classroom setup

2 Ensure that students can access the shared folder \\london\TSClient and that this folder contains the Terminal Services client installation files This folder should have been created during classroom setup

Module Strategy

Use the following strategy to present this module:

?? Windows 2000 Administrative Strategies

In this topic, you will introduce the characteristics of Windows 2000 administration and the different Windows 2000 administrative tools and methods that students can implement to perform administration Emphasize

to students that they can customize administrative tools to match the administrative tasks that specific administrators perform

?? Customizing MMC Consoles

In this topic, you will explain how to customize consoles in Microsoft Management Console (MMC) First, present what an MMC cons ole is, including the explanation that a console is an msc file that holds snap-ins Emphasize that there are preconfigured and customized consoles Next, tell students how to create a customized console; demonstrate the process Finally, present the proc edure for distributing customized MMC consoles If students ask about Windows Installer or Group Policy, refer them to

module 6, “Using Group Policy to Manage Software,” in course 1558A,

Advanced Administration for Microsoft Windows 2000

?? Installing Windows 2000 Snap-Ins

In this topic, you will explain how to install all Windows 2000 snap-ins on a computer running Windows 2000 Professional Tell students that the Windows 2000 Administrative Tools package includes the complete set of snap-ins Mention where they can obtain the Adminpak.msi Windows Installer package for the installation

?? Setting Up Taskpads

In this topic, you will explain how to set up customized taskpads First explain what a taskpad is, emphasizing that it is a simplified interface that novice administrators and users can use Open the User Admin taskpad to present the different parts of a taskpad Next, explain how to create a taskpad; demonstrate doing so Finally, present how to create a task in

a taskpad Emphasize that a task is a shortcut to a command in the MMC console Demonstrate how to create a task associated with the console tree and one associated with the details pane

?? Lab A: Customizing MMC Consoles Prepare students for the lab in which they will create customized MMC consoles and taskpads and also install Windows 2000 Administration Tools Make sure that students run the command file for the lab, and tell them that they will work with their partners’ computers After students have completed the lab, ask them whether they have any questions concerning the lab

?? Using Secondary Logon for Administration

In this topic, you will explain how to use secondary logon to perform administrative tasks First, explain what secondary logon is Emphasize that

a user can start a second logon without logging off from the first logon session, and emphasize the advantages of using a secondary logon when performing administrative tasks Then, present the different Run as methods

to use to start an application

?? Using Terminal Services for Administration

In this topic, you will introduce how to use Terminal Services to perform administrative tasks on remote computers First, explain what Terminal Services is and why it is advantageous for remote administration

Emphasize that you can perform all administrative tasks on a server from a remote computer, including software installation Then present what to configure in Terminal Services so that it is optimized for remote administration Emphasize what you need to configure to enhance performance and security

?? Lab B: Administering a Windows 2000 Network

Prepare students for the lab in which they will perform administrative tasks

by using a secondary logon and Terminal Services Make sure that students run the command file for the lab, and tell them they will work with their partners’ computers After students have completed the lab, ask them whether they have any questions concerning the lab

?? Best Practices Present best practices for using Windows 2000 to administer a network

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

The labs in this module are also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Classroom Setup Guide for course 1558A, Advanced Administration

for Microsoft Windows 2000

?? Run C:\MOC\Win1558A\Labfiles\Lab02\Setup\Lab0201.cmd

?? Create the OUs manually Addthe Don Hall and Jae Pak user objects, and the Computer1, Computer2, Computer3, and Computer4 computer objects

Setup Requirement 3

The labs in this module require the Log on locally right on domain controllers

to be assigned to the Everyone group To prepare student computers to meet this requirement, perform one of the following actions:

?? Run C:\MOC\Win1558A\Labfiles\Lab02\Setup\Lab0202.cmd

?? Create the console file manually and place it in C:\MOC\Win1558A\Labfiles\Lab02\Tools

Important

Setup Requirement 5

The labs in this module require a regular user account for the student

To prepare student computers to meet this requirement, perform the following action:

?? Create the user account manually

Lab Results

Performing the labs in this module introduces the following configuration change:

?? Students install and then remove Terminal Services

You can run C:\MOC\Win1558A\Labfiles\Lab02\Setup\Lab02Rm.cmd to remove most configuration changes introduced during the labs in the module Make sure that students uninstall Terminal Services at the end of Lab B Remove the Log on locally right from the Everyone group manually

Important

?Using Secondary Logon for Administration

?Using Terminal Services for Administration

?Best Practices

After a network is set up and configured, you need to ensure that administrative tasks are efficiently carried out Microsoft® Windows® 2000 provides

administrators with the appropriate tools to perform the tasks that you delegate

to them, and allows you to administer centrally from one computer without having to log on to each local computer that you administer Consequently, not only are you able to ensure that administrative tasks are efficiently completed and that your network runs smoothly, but the administrative process is simplified

At the end of this module, you will be able to:

?? Identify the characteristics of Windows 2000 administration and the different administrative tools and methods in Windows 2000

?? Customize consoles in Microsoft Management Console (MMC)

?? Install Windows 2000 snap-ins on a computer running Windows 2000 Professional

?? Set up customized taskpads

?? Use secondary logon to perform administrative tasks

?? Use Terminal Services to perform administrative tasks on remote computers

?? Apply best practices for using administrative tools and performing network administration tasks

Do not go into detail on this

topic, because the content

will be covered in

following topics

Windows 2000 Administrative Strategies

?Customize Tools to Match Administrators’

Responsibilities

?Administer Locally

or Remotely

?Delegate Administration

Windows 2000 Provides a Variety of Tools and Methods for Administration

Windows 2000 Provides a Variety of Tools and Methods for Administration

Windows 2000 provides the tools and means to administer your network, whether it is a single domain, a domain tree, or a forest With Windows 2000 you can:

?? Administer computers and their services by using the computer (locally) or

remotely Remote administration is when you are using one computer and

then connect to another computer to administer the local computer Remote administration allows you to administer from any computer centrally, rather than administering at each computer This allows you to place network servers in a secured location

?? Delegate administrative responsibilities to other administrators You can delegate responsibility for entire sections of your network, such as an entire domain, or for one organizational unit (OU) in the domain You can delegate all of the administrative tasks for a domain or OU, or you can delegate specific tasks (for example, resetting passwords) This is possible because the structure of the Active Directory™ directory service allows you to assign permissions and grant user rights in very specific ways You must always ensure that the administrator has the permission required

to perform the tasks

?? Customize administrative tools so that administrators always have the appropriate tools for the administrative tasks for which they are responsible

If a user is responsible for changing only selected attributes of user accounts, that user does not have to use a tool that is more complex than is required to complete the task

Slide Objective

To introduce Windows 2000

administration and the

different methods that you

can use to administer

a network

Lead-in

Windows 2000 prov ides the

tools and methods that

facilitate administration, both

locally and remotely, as well

as the ability to provide the

appropriate tools to those

administrators and users to

whom you delegate

mention the tools and

methods that Windows 2000

provides to help in the

administration of a network

Key Points

You can sit at one

computer and administer

another computer

When you delegate

administrative

responsibilities to

administrators and users,

Windows 2000 provides the

means for you to create the

appropriate tools for these

administrators and users

Windows 2000 provides you with a great deal of flexibility when setting up the way that your network is administered The tools and methods that

Windows 2000 provides are:

?? Customized MMC consoles You can create customized consoles that

correspond directly to specific administrative responsibilities

?? Windows 2000 Administration Tools You can install the Administration

Tools package, which is a complete set of all snap-ins, on client computers

so that you have the snap-ins necessary to perform remote administration

?? Taskpads You can create and customize tools with easy-to-use interfaces

for users with limited administrative responsibilities

?? Secondary Logon When logged on with a non-administrative user account,

you can start an additional logon session by using your administrative user account

?? Terminal Services You can run interactive sessions on a remote server that

is running Windows 2000 Server so that you can administer that server

? Customizing MMC Consoles

?What Is an MMC Console?

?Creating a Customized MMC Console

?Distributing a Customized MMC Console

Windows 2000 provides you with preconfigured MMC consoles that contain the components you need to perform administrative tasks Each preconfigured console includes a snap-in and its associated extensions Windows 2000 also provides you with the ability to create customized MMC consoles that fit your administrative responsibilities or the responsibilities of other administrators

administrators have the

administrative tools that they

What Is an MMC Console?

An MMC Console:

?Is an msc File That Holds Snap-Ins

?Can Be Preconfigured or Customized

?Is an Administrative Tool That Corresponds to Specific Responsibilities

compmgmt - [Computer Management (Local)\System Tools\Event Viewer]

Computer Management (Local) System Tools

Performance Logs and Alerts Local Users and Groups System Information Services Shared Folders Device Manager Storage Server Applications and Services

Event Viewer

Name Application Log Directory Service DNS Server File Replication Service Security Log System Log

Log Log Log Log Log Log

Application Error Custom Log Error Custom Log Error Custom Log Error Security Audit Re System Error Rec

administrative tasks Console files have an msc file name extension

Windows 2000 provides preconfigured MMC consoles that you can access

from the Start menu, under Administrative Tools Most of these snap-ins are

located in systemroot\System32 You can also create customized consoles that

match specific administrative responsibilities

A snap-in can have extensions Extensions are snap-ins that are attached to a

parent snap-in and that provide additional administrative functionality Some snap-ins can function as both a stand-alone snap-in and as an extension snap-in For example, Event Viewer can function as a stand-alone snap-in or as an extension in Computer Management

MMC consoles have several common interface elements The following list provides some of these elements:

?? Console tree and details pane Each MMC console has these two panes The

console tree on the left provides the snap-in and its extensions, which are organized in a tree The details pane on the right lists the content of the selected item in the console tree

?? Action and View menus Each MMC console has these two menus The

options on these menus vary depending on the selected item in either the console tree or the details pane The options on both menus affect the tasks

that you can perform with the console Options on the Action menu typically refer to the selected items in the console Options on the View

menu typically provide display options

Slide Objective

To explain the basic

concepts of MMC consoles

Lead-in

MMC consoles contain the

snap-ins that you use to

perform most of your

administrative tasks

Define snap-ins and

extensions

Mention to students that in

customized consoles they

can have multiple versions

of the same snap-in (such

Management and show

students the different parts

snap-in Do not show a

customized console yet

Creating a Customized MMC Console

Tasks for Customizing an MMC Console Tasks for Customizing an MMC Console

Configure the MMC console mode

Configure the MMC console mode

Configure the MMC console view Save the MMC console

Save the MMC console

To Prevent a Console from Being Changed, Do Not Assign the NTFS Write Permission to the msi File

Customizing an MMC console allows you create consoles that fit the responsibilities of administrators This means that after you delegate administrative control, you can ensure that administrators have only the administrative tools that they require to perform their jobs You can also customize a console to fit your own needs For example, you can create a console that contains all of the snap-ins that you typically use to perform one task or a set of related tasks, such all tasks for administering an OU

To customize an MMC console, perform the following tasks:

1 Open MMC by typing mmc in the Run box

2 Add the snap-ins that you require and their extensions You can choose to add only some of the extensions for a snap-in You add snap-ins and

extensions in the Add/Remove Snap-ins dialog box

3 Configure the mode for the MMC console You configure the mode on

the Console tab of the Option dialog box You can select one of the

following modes:

?? Author mode Use this mode if you want other administrators to be able

to easily modify the console as their administrative responsibilities change

?? User mode Use this mode when you want to limit the ability of other

administrators to modify the console You can determine the amount of the console tree to which the user can gain access and, therefore, the tasks that the user can perform User mode does not prevent a user from changing consoles, but rather from accidentally changing consoles

To prevent MMC from prompting users to save the console after each

use, click the Do not save changes to this console option on the Console tab of the Option dialog box

allows you to adapt the tools

that you and others use to

console Add the Computer

Management snap-in and

the Event Viewer snap-in

Explain that you can point

the snap-ins to the local

computer or to another

computer In addition, point

out that Event Viewer can

customized consoles by not

assigning the NTFS Write

permission to the msc file

Regardless of whether you save an MMC console in Author or User mode, you can still modify it by opening it in Author mode To open a

console in Author mode, right-click the console, and then click Author The

only way to prevent changes to customized consoles is to not assign the

NTFS file system Write permission to the msc file

4 Configure the MMC console view You can control the parts of the console

to which the user can gain access by removing the console tree and toolbars

You can configure these on the View menu of the console

5 Save the MMC console

If you configure a customized MMC console in user mode, ensure that you also have a version that you saved in Author mode so that you can easily make modifications if required

Important

Tip

Distributing Customized MMC Consoles

E-Mail

Group Policy

Can Prevent Changes

Can Prevent Changes Shared

?? Placing the console file in a shared folder on a network server The advantage of this method is that the console is accessible from any computer

in the network In addition, you can use NTFS file system permissions to prevent administrators from changing the console file

?? Packaging the console for distribution so that you can distribute it by using Group Policy This method guarantees that an administrator always has access to the customized console, but it does not prevent the administrator from changing the file after receipt

For an administrator to use an MMC console successfully that you have distributed, the following conditions must be met:

?? The administrator must have at least the Read permission for the console file

?? All snap-ins that the console references must be installed on the computers

on which the administrator uses the console

For more information about distributing software by using Group Policy, see module 6, “Using Group Policy to Manage Software,” in course 1558A,

Advanced Administration for Microsoft Windows 2000

Slide Objective

To illustrate the procedure

for distributing customized

MMC consoles

Lead-in

After you have created

customized MMC consoles

for other administrators, you

can choose one of several

methods to distribute

these consoles

If students ask about

Windows Installer or Group

Policy, refer them to

module 6, “Using Group

Policy to Manage Software,”

in course 1558A, Advanced

Administration for Microsoft

Windows 2000

Key Points

If you place the console file

in a shared folder, it is

accessible from any

computer in the network

To use a console, an

administrator must have the

Read permission for the

console file, and the

appropriate snap-ins must

be installed on the computer

that the administrator uses

Note

Installing Windows 2000 Snap-Ins

Snap-Ins:

?Are Contained in Windows 2000 Administrative Tools

?Are Required for Remote Administration from a Client Computer Running Windows 2000 Professional

Windows 2000 Professional

Windows 2000 Professional

Windows 2000 Administration Tools (Adminpak.msi)

Windows 2000 Administration Tools (Adminpak.msi)

Install

Install

Install Administer Administer

Windows 2000 Administration Tools is a complete set of all of the Windows 2000 snap-ins that are a part of Windows 2000 Server You must install these snap-ins to perform network administration remotely from a client computer running Windows 2000 Professional Windows 2000 Professional has only the snap-ins required to perform routine administrativ e tasks on the client computer

Even if an administrator has an MMC console to use on a client computer, the console is useless without the required snap-ins installed on this computer To install Windows 2000 Administration Tools, you use the Windows 2000 Administration Tools Setup wizard

To install Windows 2000 Administration Tools, perform the following:

1 In Control Panel, click Add/Remove Programs, and then click Add

The Windows 2000 Administration Tools Setup wizard guides you through the process of selecting the installation mode

2 You must provide the location of the Adminpak.msi file You can get this file:

?? From a computer running Windows 2000 Server in

systemroot\System32

?? On the Windows 2000 Server compact disc

Slide Objective

To explain the requirements

for installing snap-ins on

client computers running

Windows 2000 Professional

Lead-in

After you have customized

and distributed MMC

consoles, you need to

ensure that the computers

on which you or other

administrators use these

consoles have the required

snap-ins

Delivery Tip

Open Add/Remove

Programs in Control Panel

Show students where they

would install Windows 2000

does not have the

required snap-ins for

contains the complete set of

Windows 2000 Server

snap-ins and is contained in the

Windows Installer package,

Adminpak.msi If students

do not know what a

Windows Installer package

is, provide a brief definition

? Setting Up Taskpads

?What Is a Taskpad?

?Creating a Taskpad

?Creating Tasks in a Taskpad

A taskpad is an administrative tool that you set up for novice administrators and users whose primary job responsibility is not network administration After you delegate administrative tasks, set up a taskpad that provides the ability

to perform the specific tasks for which a novice administrator or user

is responsible

To set up taskpads, you must create a customized MMC console, create a taskpad in the console, and then define the specific tasks that the user can perform

Slide Objective

To introduce taskpads and

how they are created

Lead-in

Creating taskpads is

another means of providing

the appropriate

administrative tools for

novice administrators and

users to whom you have

delegated administrative

responsibilities

? A taskpad hides the complexity of MMC

?Has an Easy to Use Interface

A taskpad is an administrative tool that you create for users whose primary responsibility is not network administration, or for novice administrators A taskpad is a simplified interface that contains one or more tasks Each task is a shortcut to a specific administrative task or command in an MMC snap-in The advantages of creating a taskpad are:

?? You can specifically define the task to correspond to the one administrative task for which a user is responsible

?? It hides the complexity of MMC Because the taskpad provides a shortcut to each task, users do not have to navigate through an MMC cons ole to perform one or two tasks

The taskpad interface is simplified and easy to use It can contain several elements The following list provides some of these elements:

?? A button for each shortcut to a task All taskpads contain at least one button

?? A list of items that appear in the details pane of the MMC console from which the taskpad was created Users perform the task on these items A taskpad may or may not contain this list

?? The Change button This button is optional and allows the user to select

different items in the console tree to administer

To use a taskpad successfully, a user must have the appropriate permissions to perform the task for which the taskpad is designed

Slide Objective

To describe a taskpad

Lead-in

Create taskpads for novice

administrators and users

whose primary responsibility

is not administration

Delivery Tip

Open the User Admin

taskpad that is the user

Admin.msc file on the

Trainer Materials compact

disc Show students what a

completed taskpad looks

like Point out the task

buttons, the list of items,

and the Change button

Explain the purpose of each

of these items Then create

a user account

Create a user account by

using Active Directory Users

and Computers to provide a

comparison

Key Point

Each task is a shortcut to a

specific administrative task

Creating a Taskpad

Create and Configure a Taskpad Create and Configure a Taskpad

Create a customized MMC console

Create a customized MMC console

Create a taskpad

Create a taskpad

Configure a task in the taskpad

Configure a task in the taskpad

Customize the taskpad view

Creating a taskpad is a further customization of an MMC console To create a taskpad, perform the following steps:

1 Create an MMC console and add the required snap-in

2 Create a taskpad by using the Taskpad Creation wizard To open the Taskpad Creation wizard, right-click the item in the console tree to which

the task applies, and then click New Taskpad

The wizard guides you through the process of defining a taskpad’s appearance, name, description, and the item in the console tree to which it applies The following table provides a description of the important options

in the wizard

Option Description Taskpad Type How the items are displayed in the taskpad

Single Item: The taskpad displays task icons and the list items

that appear in the details pane of the MMC console This allows you to select an item on which to perform a task For example, select a user account when resetting a password

Stand-alone: The taskpad displays task icons only A task can

only apply to a selected item in the console tree For example, you can create a user account in a specific OU, but not select a user account on which to perform a task

Add a Change Button

Add a Change button to permit the user to use this taskpad on

other items in the console tree

3 Configure a task by using the Task Creation wizard The next topic provides more information on this process

4 Customize the taskpad by removing the console tree and changing the

console to User mode To remove the console tree, on the View menu, make sure that Console Tree is cleared

Slide Objective

To describe the procedure

for creating and configuring

taskpad, but do not present

all of the details on step 3

Explain to students that you

will present the details in the

next topic

Key Points

To create a taskpad you

use two wizards They are

the Taskpad Creation

wizard and the Task

Creation wizard

In the Taskpad Creation

wizard, you determine the

appearance, name, and

descriptions of the taskpad

Creating Tasks in a Taskpad

Each Task Is a Shortcut to a Command in the MMC Console

Associate with an item in the details pane

Associate with an item in the details pane

Associate with an item in the console tree

Associate with an item in the console tree

Disable Account New -> User

Launch a shortcut menu command

Launch a shortcut menu command

nwtraders.msft Accounting Builtin Computers Domain Controllers Sales

To set up a task that corresponds to a shortcut menu command, you use the Task Creation wizard to launch and select either of the following options:

?? Console tree This option allows you to select an item in the console tree

and then a command that a user can perform on that item

For example, you can select an OU in the console tree and then select a command available for OUs, such as creating new user accounts The user

of the taskpad can then create user accounts only in that OU

?? List in details pane This option allows you to select an item that appears in

the details pane, and then select a command that the user can perform on the item

For example, you can select a user account in an OU and then select a command available for that object type (such as resetting passwords) The user of the taskpad can then reset passwords for any user account that he or she selects in the details pane for that OU

This option is not available if you selected the stand-alone option in the Taskpad Creation wizard when creating the taskpad

You can also set up a task that runs an application from the command prompt (for example, batch files and scripts) A user can then run an application

by clicking a task icon rather than typing a command at the command line You must provide the command and any arguments that are required

Slide Objective

To show the procedure for

creating tasks in a taskpad

Lead-in

A taskpad is not complete

until you have created at

least one task for it This

additional task to the

taskpad that you created in

the last section

Show students how to

create a shortcut associated

with an item in the console

tree and how to create a

shortcut associated with an

item in the details pane

Illustrate the fact that the

tasks correspond to

commands on shortcut

menus in a snap-in by

right-clicking the item in the

console tree for which you

created a task in the Task

Creation wizard Perform

the same procedure for the

task that you created for an

item in the details pane

Key Point

A task in a taskpad is a

shortcut to a command on

the MMC console The

same command is available

if you right-click an item in

the console tree or in the

details pane

Note

Lab A: Customizing MMC Consoles

Objectives

After completing this lab, you will be able to:

?? Customize consoles in the Microsoft Management Console (MMC)

?? Set up customized taskpads

Prerequisites

Before working on this lab, you must have:

?? Knowledge of the capabilities of snap-ins included with Windows® 2000, such as Active Directory Users and Computers and Computer Management

?? Conceptual knowledge of MMC, including snap-ins and taskpads

Lab Setup

To complete this lab, you need the following:

?? A computer running Microsoft® Windows® 2000 Server configured as a domain controller in a child domain of nwtraders.msft

?? To obtain your partner’s computer name

?? To log on as Administrator@domain.nwtraders.msft (where domain is your

domain name) with a password of password, and run

C:\MOC\Win1558A\Labfiles\Lab02\Setup\Lab0201.cmd This file:

?? Creates the C:\MOC\Win1558A\Labfiles\Lab02\Tools folder and shares this folder as Tools

?? Creates a Package Handling organizational unit (OU) and a Human Resources OU

?? Creates user and computer objects in the Package Handling and Human Resources OUs

Estimated time to complete this lab: 60 minutes

Explain the lab objectives

Make sure that students run

the command file for the lab,

and tell them that they will

work with their partners’

computers

?? Reviewing event logs on all domain controllers in your domain

?? Creating shared folders on all domain controllers in your domain

?? Defragmenting disks on the computer on which they work

?? Administering user accounts

You want to enable these administrators to perform all of these tasks without switching between administrative tools You also want to ensure that the administrators do not see commands and options that are not related to these tasks In this exercise, you will add snap-ins that allows administrators to perform these administrative tasks to an MMC console

Your Tasks

Your tasks are to create a customized console and add snap-ins to it, save the customized console in Author mode, remove the Group Policy extension from the console, save the console in User mode in a shared folder to prepare it for distribution to other administrators, and use the console from a shared folder

??To create a customized console and add snap-ins to it

1 Log on as Administrator@domain.nwtraders.msft (where domain is your

domain name) with a password of password

2 Click the Start button, and then click Run

3 In the Open box, type mmc and then click OK

MMC starts and displays an empty console

Maximize the Console1 and Console Root windows to simplify working with the console

4 On the Console menu, click Add/Remove Snap-in

5 In the Add/Remove Snap-in dialog box, click Add

6 In the Add Standalone Snap-in dialog box, select Event Viewer, and then click Add

MMC displays the Select Computer dialog box, allowing you to specify

the computer on which you want to view events You will add an instance of Event Viewer that points to your computer

7 In the Select Computer dialog box, click Another computer, and in the

box, type the name of your computer

Before continuing, you need to specify that the snap-in will always point to your computer, and not to the local computer where you start the console

8 Check the Allow the selected computer to be changed when launching from the command line check box, and then click Finish

Tip

9 In the Add Standalone Snap-in dialog box, add the following snap-ins:

?? Event Viewer for your partner’s computer

?? Shared Folders for your computer

?? Shared Folders for your partner’s computer

?? Disk Defragmenter

?? Active Directory Users and Computers

Notice that MMC did not display the Select Computer dialog box when

you added Disk Defragmenter This is because you can run Disk Defragmenter only on your local computer

Why did MMC not display the Select Computer dialog box when you

added the Active Directory Users and Computers snap-in?

Administrative tasks in Active Directory Users and Computers apply to the entire domain and not to a specific computer

_ _

10 In the Add Standalone Snap-in dialog box, click Close, and in the Add/Remove Snap-in dialog box, click OK

Notice that the entries for Event Viewer and Shared Folders in the console tree indicate which computer you can administer with them

To see the entire folder name, drag the border between the console panes to the right

??To save the customized console in Author mode

1 On the Console menu, click Save As

Notice that by default Windows 2000 saves customized consoles in the My Documents folder, which is part of your user profile You will instead save the console that you created in a shared folder so that other administrators can access it

2 Save the console in C:\MOC\Win1558A\Labfiles\Lab02\Tools as

DomainAdmin - Author Mode

??To remove the Group Policy extension from the Domain Administration console

1 In the console tree, expand Active Directory Users and Computers, click your domain, and then click Properties

right-Notice that the Properties dialog box for domain contains a Group

Policy tab

2 Click Cancel

3 On the Console menu, click Add/Remove Snap-in

4 In the Add/Remove Snap-in dialog box, click the Extensions tab

Tip

5 On the Extensions tab, in the Snap-ins that can be extended box, select Active Directory Users and Computers

Notice that by default all extensions are included

6 Clear the Add all extensions check box

7 In the Available extensions box, clear Group Policy

8 Click OK

9 In DomainAdmin - Author Mode , in the console tree, under Active Directory Users and Computers, right-click your domain, and then click Properties

Notice that the Properties dialog box for domain contains no Group

Policy tab

10 Click Cancel

11 On the Console menu, click Save

??To save the console in User mode in a shared folder to prepare it for distribution to other administrators

1 On the Console menu, click Options

2 In the Options dialog box, click the Console tab

3 In the Console mode box, select User mode –limited access, single window

4 Click Do not save changes to this console, and then click OK

Preventing the saving of changes ensures that users will not be prompted to save changes after navigating the console in User mode It will not prevent you from saving changes to the console while editing the console

5 Save the console in C:\MOC\Win1558A\Labfiles\Lab02\Tools as

??To use the console from a shared folder

1 Click the Start button, and then click Run

2 In the Run dialog box, type \\server\Tools (where server is your partner’s

computer name)

3 In the Tools on server window, double-click DomainAdmin

In addition to having other administrators access a saved console from a shared location, what other methods can you use to make these consoles available? Which method is preferable?

You can distribute a shared console as an e-mail attachment, on floppy disk, or by using Group Policy The preferred method depends on the circumstances, but often using Group Policy is most advantageous, as it makes the console accessible to the administrator regardless of which computer he or she is using

_ _

4 Using your partner’s console, perform the following tasks:

?? Review items in your computer’s event log

?? Review items in your partner’s computer’s event log

?? View the shared folders on your computer and your partner’s computer

?? Create a user account in the Package Handling OU in your domain

5 Attempt to add a snap-in to the console

Can you add a snap-in to the console? Why or why not?

You cannot change snap-ins or make other changes because the console was saved in User mode

_ _

6 Close DomainAdmin and the Tools on server window

administrative assistant also needs to reset passwords when users forget them This administrative assistant does not have the option to create or delete user accounts, because user account administration is not part of the assistant’s job function

Your Tasks

Your tasks are to create a taskpad for administering user accounts, create tasks

in the taskpad, customize the taskpad to remove access to commands, and use the taskpad to administer user accounts

??To create a taskpad for administering user accounts

1 Start MMC, and add the Active Directory Users and Computers snap-in to the console

2 In the console tree, expand Active Directory Users and Computers, expand your domain, and then click Users

3 Right-click Users, and then click New Taskpad

4 In the Taskpad Creation wizard, read the description of the wizard and then

click Next

The Taskpad Creation wizard displays the Taskpad Type page A single

item taskpad allows you to select items to which the tasks apply A alone taskpad allows you to perform only tasks that apply to items that the administrator who creates the taskpad has chosen

stand-5 On the Taskpad Type page, review the types of available taskpads Make sure that Single item is selected, and then click Next

The wizard displays the Item Selection page, allowing you to choose the

item for which the administrative assistant can perform tasks by using the taskpad, such as a user account

6 To create a taskpad that will be used to administer objects in the Human

Resources OU, on the Item Selection page, click Human Resources, and then click Next

The wizard displays the Taskpad Display page You can choose the layout

of the items in the taskpad that appear in the corresponding snap-in Because you build this taskpad based on Active Directory Users and Computers, the list will display user accounts with several columns of attributes A

horizontal list can display more columns

7 Review the available display options Make sure that Horizontal list is selected, and then click Next

The wizard displays the Add a Change Button page The Change button

allows you to change the focus of the task (for example, from one OU to a different OU) An administrator using this taskpad should not be able to administer any Active Directory objects outside the Human Resources OU,

so they should not be able to change to a different item

8 Clear the Show Change button check box, and then click Next

The wizard displays the Taskpad Title page Notice that you can create a

title based on the name of the snap-in and its location in the console tree, you can create a custom title, or you choose not to have a title

9 Click Custom Title, in the Custom Title box, type Human Resources User Account Administration, and then click Next

10 On the Name, Description, and Short Description page type the information in the following table, and then click Next

Description Taskpad for user administration Short description User Administration

11 On the Completing the Taskpad Creation Wizard page, confirm that Start the Task Creation wizard to add tasks to the taskpad is selected, and then click Finish

The Taskpad Creation wizard closes, and the Task Creation wizard starts

??To create tasks in the taskpad

1 In the Task Creation wizard, click Next

The wizard displays the Command Type page You can select a command

that appears on a shortcut menu in the corresponding snap-in, or an external command

2 Make sure that Launch a shortcut menu command is selected, and then click Next

The wizard displays the Shortcut Menu Command page Notice that you

can choose a command that appears on the shortcut menu for an item that appears in the console tree or a command that appears on the shortcut menu

of an item displayed in the details pane For this task, you will add the

Properties command, which allows the administrative assistant to edit user account properties The Properties command appears on the shortcut menu

of an item in the details pane in Active Directory Users and Computers

3 Click List in details pane

4 In the Source box, click a user account

You select a user account so that the wizard displays the commands that are available on the shortcut menu of a user account When creating the task, you can select any user account Once you perform the task, it will apply to the user account that you have selected at that point

5 In the Available commands box, click Properties, and then click Next

6 On the Name and Short Description page, in the Task name box, type User Properties, keep the default short description, and then click Next

7 On the Task symbol page, click an icon that you feel represents viewing the properties of a user account, and then click Next

8 On the Completing the Task Creation Wizard page, click Run this wizard again to add another task , and then click Finish

9 In the Task Creation wizard, repeat Steps 1-8 to create another task that will allow you to reset the password of a user account in the Human Resources

OU Refer to the table below for required information

command Shortcut Menu Command Click List in details pane, in the

Source box, click a user account, and then, in the Available commands box, click Reset Password

Name and Short Description Choose descriptive text

Task symbol Choose an icon that you feel signifies

resetting a password

Completing the Task Creation Wizard

Confirm that the Run this wizard again

to add another task box is cleared

Windows 2000 creates the taskpad and places it into the details pane

10 On the Console menu, click Save As , and then save the console file in

the C:\MOC\Win1558A\Labfiles\Lab02\Tools folder with the name HR User Administration

??To customize the taskpad to remove access to commands

1 In the console tree, click the taskpad that you created

It is important that you remove the toolbars in the following step in the

order indicated If you remove the Standard Menus, the View button will no longer be available If this happens, access the View menu by right-clicking the

taskpad in the console tree

2 On the View menu, point to Toolbars, and then click Standard Buttons to

deselect it

3 Repeat Step 2 to remove Snap-in Buttons and Snap-in Menus

4 On the View menu, click Console Tree to deselect it

5 Repeat Step 2 to remove Standard Menus

6 On the Console menu, click Options

7 In the Options dialog box, on the User tab, confirm that Show taskpad views by default is selected and that Always open console files in author mode is cleared

8 On the Console tab, in the box for the console title, confirm that HR User

Administration appears

9 Click Change Icon

10 In the Change Icon dialog box, click the icon at the bottom of the list, and then click OK

Windows Explorer will display the console using the icon that you chose This will help you distinguish the console that you created from

preconfigured consoles

Note