Applications Server
 

Administering Active Directory Domain Services : Working with Active Directory Snap-ins (part 2) - Saving and Distributing a Custom Console

11/8/2011 3:59:23 PM

7. Saving and Distributing a Custom Console

If you plan to distribute a console, it is recommended that you save the console in user mode. To change a console’s mode, choose Options on the File menu. By default, new consoles are saved in author mode, which enables adding and removing snap-ins, viewing all portions of the console tree, and saving customizations. User mode, by contrast, restricts the functionality of the console so that it cannot be changed. Three types of user modes are described in Table 1. User Mode – Full Access is commonly selected for a console provided to skilled administrators with diverse job tasks requiring broad use of the console snap-ins. User Mode – Limited Access (multiple window and single window) is a locked-down mode and is, therefore, selected for a console provided to administrators with a more narrow set of job tasks.

Table 1. MMC Console Modes
MODEUSE WHEN
AuthorYou want to continue customizing the console.
User Mode – Full AccessYou want users of the console to be able to navigate between and use all snap-ins. Users cannot add or remove snap-ins or change the properties of snap-ins or the console.
User Mode – Limited Access, multiple windowYou want users to navigate to and use only the snap-ins that you have made visible in the console tree, and you want to preconfigure multiple windows that focus on specific snap-ins. Users cannot open new windows.
User Mode – Limited Access, single windowYou want users to navigate to and use only the snap-ins that you have made visible in the console tree within a single window.

After a console is no longer saved in author mode, you—the original author—can make changes to the console by right-clicking the saved console and clicking Author.

Consoles are saved with the .msc file extension. The default location to which consoles are saved is the Administrative Tools folder, but not the folder in Control Panel. Rather, they are saved in the Start menu folder of your user profile: %userprofile%\AppData\Roaming\Microsoft\Windows\StartMenu.

This location is problematic, because it is secured with permissions so that only your user account has access to the console. The best practice is to log on to your computer with an account that is not privileged and then run administrative tools, such as your custom console with alternate credentials that have sufficient privileges to perform administrative tasks. Because two accounts will be involved, saving the console to the Start menu subfolder of one account’s user profile means additional navigation, at a minimum, and access-denied errors in a worst-case scenario.

Save your consoles to a location that can be accessed by both your user and your administrative credentials. It is recommended that you save consoles to a shared folder on the network so that you can access your tools when you are logged on to other computers. Optionally, the folder can be made accessible by other administrators to create a centralized store of customized consoles. You can also save consoles to a portable device such as a USB drive, or you can even send a console as an email attachment.

It is important to remember that consoles are basically a set of instructions that are interpreted by Mmc.exe—instructions that specify which snap-ins to add and which computers to manage with those snap-ins. Consoles do not contain the snap-ins themselves. Therefore, a console will not function properly if the snap-ins it contains have not been installed; be sure you have installed appropriate snap-ins from the RSAT on systems on which you will use the console.

7.1. Practice Creating and Managing a Custom MMC
7.1.1. Practice Creating and Managing a Custom MMC

In this practice, you create a custom MMC. You add, remove, and reorder snap-ins, and then prepare the console for distribution to other administrators.

EXERCISE 1 Create a Custom MMC

In this exercise, you create a custom MMC with the Active Directory Users And Computers, Active Directory Schema, and Computer Management snap-ins. These tools are useful for administering Active Directory and domain controllers.

  1. Log on to SERVER01 as Administrator.

  2. Click the Start button and, in the Start Search box, type mmc.exe and press Enter.

    An empty MMC appears. By default, the new console window is not maximized within the MMC. Maximize it to take advantage of the application’s full size.

  3. On the File menu, click Add/Remove Snap-in.

    The Add Or Remove Snap-ins dialog box, shown in Figure 3, appears.

    Figure 3. The Add Or Remove Snap-ins dialog box

    If you do not see the snap-ins listed that you want, be sure you’ve installed the RSAT.

  4. In the Add Or Remove Snap-ins dialog box, select Active Directory Users And Computers from the Available Snap-ins list.

  5. Click Add to add the snap-in to the Selected Snap-ins list.

    Notice that the Active Directory Schema snap-in is not available to add. The Active Directory Schema snap-in is installed with the Active Directory Domain Services role with the RSAT, but it is not registered, so it does not appear.

  6. Click OK to close the Add Or Remove Snap-ins dialog box.

  7. Click the Start button. In the Start Search box, type cmd.exe.

  8. Open Command Prompt using the Run As Administrator option, and then type regsvr32.exe schmmgmt.dll.

    This command registers the dynamic link library (DLL) for the Active Directory Schema snap-in. This is necessary to do one time on a system before you can add the snap-in to a console.

  9. A prompt appears that indicates successful registration. Click OK.

  10. Return to your custom MMC and repeat steps 2–6 to add the Active Directory Schema snap-in.

  11. On the File menu, click Add/Remove Snap-in.

  12. In the Add Or Remove Snap-ins dialog box, select Computer Management from the Available Snap-ins list.

  13. Click Add to add the snap-in to the Selected Snap-ins list.

    When a snap-in supports remote administration, you are prompted to select the computer you wish to manage, as shown in Figure 4.

    Figure 4. Selecting the computer to be managed by a snap-in

    • To manage the computer on which the console is running, select Local Computer. This does not refer solely to the computer on which you are creating the console. If you launch the console from another computer, the console will manage that computer.

    • To specify a single computer that the snap-in should manage, select Another Computer. Then enter the computer’s name or click Browse to select the computer.

  14. Click Another Computer and type SERVER01 as the computer name.

  15. Click Finish.

  16. Click OK to close the Add Or Remove Snap-ins dialog box.

  17. On the File menu, click Save. Save the console to your desktop with the name MyConsole.msc.

  18. Close the console.

EXERCISE 2 Add a Snap-in to an MMC

In this exercise, you add Event Viewer to the console you created in Exercise 1. Event Viewer is useful for monitoring activity on domain controllers.

  1. Open MyConsole.msc.

    If you did not save the console to your desktop in Exercise 1, and instead saved the console to the default location, you will find it in the Start\All Programs\Administrative Tools folder.

  2. On the File menu, click Add/Remove Snap-in.

  3. In the Add Or Remove Snap-ins dialog box, select Event Viewer from the Available Snap-ins list.

  4. Click Add to add the snap-in to the Selected Snap-ins list.

    You are prompted to select a computer to manage.

  5. Click Another Computer and type SERVER01 as the computer name.

  6. Click OK.

  7. Click OK to close the Add Or Remove Snap-ins dialog box.

  8. Save and close the console.

EXERCISE 3 Manage the Snap-ins of an MMC

In this exercise, you change the order of snap-ins and delete a snap-in. You also learn about extension snap-ins.

  1. Open MyConsole.msc.

  2. On the File menu, click Add/Remove Snap-in.

  3. In the list of Selected snap-ins, select Event Viewer.

  4. Click Move Up.

  5. Select Active Directory Schema.

  6. Click Remove.

  7. In the list of Selected snap-ins, select Computer Management.

  8. Click Edit Extensions.

    Extensions are snap-ins that exist within another snap-in to provide additional functionality. The Computer Management snap-in has many familiar snap-ins as extensions, each of which you can enable or disable.

  9. Click Enable Only Selected Extensions.

  10. Deselect Event Viewer. You have already added Event Viewer as a stand-alone snap-in for the console.

  11. Click OK to close the Extensions For Computer Management dialog box.

  12. Click OK to close the Add Or Remove Snap-in dialog box.

  13. Save and close the console.

EXERCISE 4 Prepare a Console for Distribution to Users

In this exercise, you save your console in user mode so that users cannot add, remove, or modify snap-ins. Keep in mind that MMC users are typically administrators themselves.

  1. Open MyConsole.msc.

  2. On the File menu, click Options.

  3. In the Console Mode drop-down list, select User Mode – Full Access.

  4. Click OK.

  5. Save and close the console.

  6. Open the console by double-clicking it.

  7. Click the File menu. Note that there is no Add/Remove Snap-in command.

  8. Close the console.

  9. Right-click the console and click Author.

  10. Click the File menu. In author mode, the Add/Remove Snap-in command appears.

  11. Close the console.

 
Others
 
- Administering Active Directory Domain Services : Working with Active Directory Snap-ins (part 1)
- Microsoft Dynamic CRM 2011 : Canceling and Reopening a Service Request Case
- Microsoft Dynamic CRM 2011 : Resolving a Service Request Case
- Systems Management Server 2003 : Server Modifications After Installation
- Systems Management Server 2003 : Modifying the Installation
- Creating a SharePoint Form with InfoPath Designer : Create a Form Library from InfoPath & Design a SharePoint Form Using the SharePoint Form Library Template
- Creating a SharePoint Form with InfoPath Designer : Publish Your Form & Use Your Form in SharePoint
- Microsoft Dynamics AX 2009 : Code Access Security
- Microsoft Dynamics AX 2009 : Classes and Interfaces
- Determining Exchange Server 2007 Placement
- Understanding AD Design Concepts for Exchange Server 2007
- Configuration Manager 2007 Overview : What is New in ConfigMgr 2007
- Configuration Manager 2007 Overview : Key Concepts
- Active Directory Domain Services on Server Core (part 2)
- Active Directory Domain Services on Server Core (part 1)
- Microsoft Dynamics GP 2010 : Improving information returned with SmartList Search
- Microsoft Dynamics GP 2010 : Getting warnings with SmartList Alerts
- Upgrading and Configuring SharePoint 2010 : Visual upgrade
- Upgrading and Configuring SharePoint 2010 : Upgrading with minimal downtime
- Microsoft Dynamics CRM 201 : Managing Service Request Activities
 
 
Most View
 
- Windows 7 : Encrypting File System (part 1) - How to Encrypt a Folder with EFS, How to Create and Back Up EFS Certificates
- Microsoft Project 2010 : Project on the Internet (part 4) - Integrating Project and Outlook - Sending Project Information to Others
- Microsoft Exchange Server 2013 : Role assignment (part 3) - Database scoping, Special roles
- Exchange Server 2013 : Exchange Clients - Performing a Client Inventory
- Sharepoint 2013 : Installing and Configuring Windows Azure Workflow Server (part 3) - Testing and Verifying the Workflow Installation
- Microsoft Excel 2010 : Working with Graphics - Inserting a Diagram,Inserting an Object
- Windows 7 : Using System Protection (part 3) - Using previous versions
- Microsoft Project 2010 : Project on the Internet (part 3) - Integrating Project and Outlook - Importing Tasks from Outlook, Copying Tasks from an Email
- Sharepoint 2013 : Managing and Configuring My Sites (part 2) - Configuring My Sites - Enabling the Activity Feed Job
- Diagnosing SQL Server 2012 Using Extended Events : Viewing Data Captured by Extended Events (part 2) - Viewing Saved Data, Viewing In-Memory Targets
 
 
Top 10
 
- Securing an Exchange Server 2007 Environment : Securing Outlook Web Access
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 2) - Filtering Junk Mail
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 2) - Filtering Junk Mail
- Securing an Exchange Server 2007 Environment : Protecting Against Spam (part 1) - Protecting Against Web Beaconing
- Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 2) - Encrypting Communications Between Outlook and Exchange , Blocking Attachments
- Securing an Exchange Server 2007 Environment : Securing Outlook 2007 (part 1) - Outlook Anywhere
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 3) - Keeping Up with Security Patches and Updates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 2) - Utilizing Security Templates
- Securing an Exchange Server 2007 Environment : Securing Your Windows Environment (part 1) - Windows Server 2003 Security Improvements , Windows Vista Security Improvements
- Securing an Exchange Server 2007 Environment : Client-Level Secured Messaging - Exchange Server 2007 Client-Level Security Enhancements