Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.
VIEW MEMBER FEEDACK TO THIS TIP
Assuming that Exchange is running under Windows Server 2003, there are two different methods you can use to remotely manage your servers -- remote desktop or an HTML-based terminal server session.
For security reasons, both remote management techniques are disabled by default. But, I personally don't believe that remote desktop is that big of a security risk, since anyone who uses it has to know the logon credentials for an account that has permissions to log onto the server console interactively (typically a Domain Admin).
If an unauthorized person has that level of access to your system, then you have bigger problems than remote desktop can introduce. Just make sure you block port number 3389 on your perimeter firewall so that remote desktop cannot be accessed from outside the company.
An HTML based terminal services session is a lot riskier, in my opinion. If you do decide to use an HTML-based terminal session, you should probably configure Internet Information Server (IIS) to restrict which IP addresses can access the remote administration Web site. You should not install Remote Administration through HTML, an OWA server, or any server directly accessible from the Internet.
Setting up Remote Desktop on your server is simple:
- Right click on My Computer and select Properties.
- Choose the Remote tab and then click on the checkbox in the Remote Desktop section (not the Remote Assistance section).
- Click OK and Remote Desktop will be enabled.
- Now, to access the Remote Desktop from a Windows XP machine, go to Start -> All Programs -> Accessories -> Communications -> Remote Desktop Connection.
- When the Remote Desktop console opens, enter the IP address for the server that you want to manage, and you're in business.
Setting up remote administration through HTML (known as the Terminal Services Advanced Client (TSAC) in Windows Server 2000) is a little more involved:
- Navigate to Control Panel -> Add/Remove Programs.
- When the Add/Remove Programs applet starts, click the Add/Remove Windows Components button. This will cause Windows to display a list of Windows components that you can install.
- Select the Application Server option and click the Details button.
- Select the Internet Information Service (IIS) option and then click Details again.
- Now, select World Wide Web Service from the list.
- Click Details one more time.
- At this point, select the Remote Administration (HTML) checkbox and then click OK three times, followed by Next. Windows will now install the necessary files. (You may be prompted to insert your Windows installation CD, so be sure to keep it handy.)
- When installation completes, click Finish.
- Now that you have installed the necessary files, open the Internet Information Services Manager from the Administrative Tools menu, and navigate through the console tree to Internet Information Services -> your server -> Web Sites -> Administration.
- Right click on the Administration Web site and select Properties.
- Make note of the port numbers that are listed on the properties sheet's General tab. By default, the TCP port is 8099 and the SSL port is 8098 -- but you can change these port numbers if you desire greater security.
- Select the Directory Security tab. You can use the Edit button in the IP Address and Domain Name Restrictions section to specify which IP addresses should be allowed to access the Administration Web site.
- Click OK when you are done.
Now let's look at how to manage the server through a Web browser:
- Open Internet Explorer and enter HTTPS:// followed by the server's IP address, a colon, and the port number. For example, https://192.168.0.1:8098.
- You'll be prompted to log onto the server. You must use an account with administrative credentials.
- After logging on, the Administration Web site will be displayed. You can perform a number of administrative tasks without having to use the remote access feature.
If you do need to use remote access, click on the Maintenance link on the blue bar along the top, and then click the Remote Desktop button. Internet Explorer will install the necessary ActiveX component and the remote desktop will be displayed within a browser window.
As you can see, there are some security issues associated with using remote management. Even so, sometimes the benefits outweigh the risks. If you are concerned about security, you could always call a trusted person at the remote facility and have them enable or disable Remote Desktop on an as-needed basis.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
MEMBER FEEDBACK TO THIS TIP
I am pretty sure that you can just install the Microsoft Exchange System Manager on a remote system.
Yes, you can do that, but that really wasn't the point of the article. Exchange System Manager gives you the ability to manage Exchange, but not the server as a whole.
—Brien M. Posey, tip author
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com: