Microsoft Systems Management Server 2.0 Training Kit
Before SMS Remote Tools are used, the Remote Tools Client Agent must be installed on computer resources in the site.
After this lesson, you will be able to
- Enable and configure SMS Remote Tools.
- Explain the importance of protocol matching for remote functions.
Overview
SMS Remote Tools are designed so that the administrator can give users complete control over who has access to their client computer and when access is possible. Or, SMS Remote Tools allow the administrator to dictate client computer settings and disable reconfiguration by the local user.
Remote Tools settings are grouped into two areas: policy settings and hardware dependent settings. These settings are effective on a site-wide basis.
NOTE
Windows NT Diagnostics are not controlled by the Remote Tools policy settings.
Steps to Using Remote Tools
There are six requirements for monitoring and controlling a client computer using the Remote Tools program:
- The computer resource must be installed as an SMS client computer.
- The Remote Tools Client Agent advanced settings must be configured.
- The client agent must be enabled.
- The Remote Tools Client Agent must be installed and started.
- The level of remote access must be configured.
- The computer running the Remote Tools program and the client computer running the Remote Tools Client Agent must use a common protocol.
Only client computers install and run the client agents. If a computer resource is not discovered, the user at the computer resource can run the SMSMAN.EXE program from a logon server to be discovered and assigned as a client computer in the site. Remember, you must configure resource boundaries and a client installation method in order for this process to work. See chapters 2 and 3 for more details.
Before this client agent is installed on client computers, the setting under the Advanced tab must be checked and adjusted if necessary. If the administrator enables this client agent and then adjusts the settings on the Advanced tab, the changes will not be applied to installed Remote Control Client Agents. Figure 6-7 shows the location of the Advanced tab in the SMS Administrator console. The settings under this tab will be discussed later in this lesson.
Figure 6-7. Navigating to the Advanced tab of the Remote Tools Client Agent.
The administrator enables this client agent from the General tab in the properties of this client agent. Find your way to the properties of the Remote Tools Client Agent by following steps 1 to 3 shown in Figure 6-7. Figure 6-8 shows the General tab.
The other setting under the General tab will be discussed later in this lesson.
Figure 6-8. How to enable the Remote Tools Client Agent.
Windows 16-bit, Windows 95/98, and Windows NT/2000 operating systems install different Remote Tools Client Agents to support remote functions. These agents are specifically designed to accommodate the various operating systems' characteristics.
Either the administrator or the user sets the access options for remote functions. Appropriate permissions should be granted to the viewer. This is set differently for the supported client operating systems.
Both computers must use the same transport protocol (NetBEUI, TCP/IP, or IPX). Remote sessions are supported over NetBIOS for all protocols or Windows Sockets for TCP/IP and IPX.
SMS remotely monitors and controls client computers that are connected to the network locally or on a wide area network. It also performs remote functions when a viewer connects to the client computer's local LAN using RAS.
Configuring the Remote Tools Client Agent
The administrator accesses five tabs in the properties of the Remote Tools Client Agent to configure the agent's behavior.
The General Tab
Settings under this tab allow you to enable Remote Tools. Remote Tools are enabled by default during an Express setup and disabled by default during a Custom setup. This tab also offers the option of requiring client computers to use these settings, rather than allowing users to reconfigure them. This option is not selected by default.
IMPORTANT
Make sure you configure settings on the Advanced tab before installing the Remote Tools Client Agent.
The Security Tab
Settings under this tab allow you to specify which users or user groups can perform remote functions on Windows NT/2000 client computers. This is known as the "permitted viewers" list.
The Policy Tab
Settings under this tab allow you to specify the initial level of remote access—full, limited, or none. Full allows all remote functions and diagnostics to be run. Limited allows you to select individual functions to be run. For example, you can permit remote control but not reboot. None means that the Remote Tools Client Agent can be installed but no feature will be enabled. This is useful if you wish to configure the client computer, but plan to enable remote functions at a later time.
From this tab you also specify whether permission is required from the client computer before a remote function is initiated. If the Remote Tools Client Agent is configured to ask for permission, a user at the client computer sees a message box asking for access. If you must control unattended client computers in a site, do not configure the client agent to request permission.
The Notification Tab
Settings under this tab allow you to specify audible or visual access indicators on the client computer when you attempt to use any utilities in the Remote Tools program. A sound driver must be configured on the client computer for audible notification to function. The Windows 16-bit Remote Tools Client Agent does not support audible notification. Further, the Ping Test utility does not generate a notification sound nor a message box on the client computer when it is run.
NOTE
You may change policy and notification settings from the client computer from the `Clients cannot change Policy or Notification settings' checkbox located under the General tab.
The Advanced Tab
Settings under this tab allow you to adjust the performance of remote functions. Make sure to configure advanced settings before the Remote Tools Client Agent is installed. See the previous section, "Steps to Using Remote Tools" for more information. The following performance settings are configured from the Advanced tab:
- Default compression algorithm
- Default remote access protocol
- Accelerated screen transfer on Windows NT
This controls the type of compression used for remote monitor output during a remote control session.
Selecting the Low (RLE) option configures the Remote Tools Client Agent to use the older run length encoding compression algorithm that provides 40 percent compression of remote control screen data. This is the default setting and should be used for slower client computers.
Selecting the High (LZ) option configures the Remote Tools Client Agent to use the Lempel-Ziv compression algorithm that provides 90 percent compression of remote control screen data. LZ compression requires greater processing power on the client computer, so it should only be used if the client computers in the site run 100-MHz Pentium processors or greater.
Selecting the `Automatically select compression level' option configures the Remote Control Client Agent to choose the compression algorithm based on the processor speed on the client computer.
This setting specifies the first protocol to use between the computer running the Remote Tools program and the Remote Control Client Agent. The Remote Tools program will attempt to connect to the client computer using all enabled protocols, but it will try the default remote access protocol first. By setting the default remote access protocol to the most commonly used default protocol on client computers, a remote session is established more quickly between the computers.
Select this option for better performance on Windows NT/2000 client computers.
Under normal conditions, the Remote Tools Client Agent has to periodically copy the entire client computer display into memory and check to see if changes have occurred. It transmits the change to the viewing computer (the computer running the Remote Tools program).
An optional display driver, IDISNTKM.DLL, may be used to improve the performance both at the client computer and at the viewing computer. This display driver is installed as a "wrapper" around the client computer's existing display driver.
During normal operations, IDISNTKM receives video requests and passes them to the normal display driver. During remote control sessions, Idisntkm keeps track of changes that are made to the display, then signals the Remote Tools Client Agent accordingly.
Check the `Install accelerated screen transfer on Windows NT clients' checkbox to install IDISNTKM.DLL. The list of video drivers shows those drivers compatible with the IDISNTKM driver. Add (or remove) video drivers that support (or do not support) the IDISNTKM driver.
Configuring Protocols on Client Computers
The Remote Tools feature requires that the viewing computer and the client computer use the same protocol. Because the viewing computer can start remote sessions using a variety of protocols, make sure that any protocol that will be run on client computers is also loaded on the viewing computer. For example, if TCP/IP runs on some client computers and other client computers only run NETBEUI, make sure to load both protocols on the viewing computer.
The SMS Administrator Console Searches the First Eight Loaded Protocols
When the Remote Tools program in the SMS Administrator console connects to a client computer, it searches through the first eight loaded protocols to find a common protocol for connecting to the Remote Tools Client Agent.
If NetBIOS rather than Windows Sockets is used to establish a remote session, the LANA number for any of the NetBIOS-based transport protocols can be changed. A RAS connection, for example, might be at LANA 8. To find client computers over this LANA number, the administrator would have to modify an existing protocol entry or add a new one to establish a remote session. A time-out value can also be set for each protocol, which might be useful in the event of a slow RAS link.
Remote Control Client Agent Uses the First Loaded Protocol
The client agent does not search for a protocol, but uses the first protocol that was loaded. If the client computer has more than one protocol loaded, you can designate which protocol it will use to establish a remote session. This is necessary, for example, if the client computer has NetBEUI and TCP/IP (NetBEUI loaded first) and the viewing computer has TCP/IP. In this case, the viewing computer can only use TCP/IP, but the client agent uses NetBEUI, which will prevent communications from being established.
To designate TCP/IP as the remote control protocol, the client computer runs the Remote Control Settings tool (RCCLIOPT.EXE), located on the SMS 2.0 installation CD-ROM. This tool and other support tools are discussed in Chapter 14, "Monitoring and Troubleshooting SMS"
Client computers in a WAN environment are supported over TCP/IP or IPX.
Exercise 35: Configuring Site-Wide Remote Tools Settings
In this exercise, you will configure the site-wide settings for the Remote Tools component of SMS 2.0. Do not close the SMS Administrator console after opening it in this exercise, as you will need it to be open in order to complete the remaining exercises in this chapter.
- Click the Start button, then point to Programs.
- Point to Systems Management Server, then click SMS Administrator console.
- In the SMS console tree, select the Site Settings node and then select the Client Agents node.
- In the details pane, select Remote Tools Client Agent. Then from the Action menu, click Properties.
- Select 'Enable remote tools on clients,' then select the 'Clients cannot change Policy or Notification settings' checkbox.
- Click the Policy tab.
- Under 'Level of remote access allowed,' verify that 'Full' is selected.
- Under 'Access permission,' verify that `Display a message to ask for permission' is selected.
- Click the Advanced tab.
- The Remote Tools Client Agent Properties dialog box displays advanced settings for the remote tools client agent.
- Under 'Default compression for remote control,' verify that `Automatically select' is listed.
- Select 'Install accelerated screen transfer on Windows NT clients,' then click OK.
A menu of choices appears.
The SMS Administrator console appears.
The list of client agents appear in the details pane.
The Remote Tools Client Agent Properties dialog box displays general settings for the Remote Control Client Agent. Notice the message that the advanced tab settings must be configured before enabling the agent. This does not mean you cannot select the checkbox, but you should configure the advanced settings before the client computer installs the remote tools client agent.
The Remote Tools Client Agent Properties dialog box displays policy settings for the Remote Control Client Agent.
The SMS Administrator console appears.
In the following steps, you will verify the Remote Tools Client Agent configuration has been updated for the site.
- View the contents of D:\CAP_S01\CLICOMP.BOX.
- View the date and time stamp of CLINTX86.OFR.
- Close the D:\CAP_S01\CLICOMP.BOX window.
Notice the date and time stamp of REMCTRL.CFG. If you don't see the date and time stamp, from the View menu, choose Details. When this file is updated to the current date and time, the site server has replicated the updates to the client access point (CAP).
When this file is updated to the current date and time, the site server has replicated the updates to the CAP and the client computer can install the Remote Tools Client Agent.
Exercise 36: Installing the Remote Tools Client Agent
In this exercise, you will install the remote control component for the Windows NT client computer. Complete this procedure from Computer 2.
- Log on to Computer 2 as USER1 with a password of PASSWORD.
- In the Control Panel, double-click the Systems Management icon.
- Click the Sites tab.
- Click Update Configuration, and then click OK.
- What directory was added as a result of installing the Software Metering Client Agent?
- Log on as ADMINISTRATOR with no password.
The Systems Management Properties dialog box appears.
The Systems Management Properties dialog box displays the sites of which the local client computer is a member. The only site listed should be S01.
This will start the site update process, and the Remote Tools Client Agent will be installed.
Answer
NOTE
If you created a password for your Windows NT administrator account, you will need to use that password.
- Click OK.
- Double-click the Services icon, then stop the SMS Remote Control Agent service.
- Select Yes.
- Close Services, then close the Control Panel.
- Log off as ADMINISTRATOR, then log on as USER1 with a password of PASSWORD. Make sure not to shut down Computer 2, as this will restart the SMS Remote Control Agent service.
In the Control Panel, double-click the Remote Control icon.
The Remote Control Properties dialog box appears. Notice Administrator settings is listed. Also notice `Full' is designated as the level of control allowed. In the lower left corner of the dialog box, Use administrator settings is listed to indicate these settings are set by the administrator. Also notice that all settings are unavailable, which means the user must use the settings configured by the administrator. Changes cannot be made to these settings because when you configured the global settings for the Remote Tools Client Agent, you selected the `Client cannot change Policy or Notification settings' checkbox.
The Control Panel appears.
An Alert dialog box appears asking if you are sure you want to stop service.
The procedure performed in steps 8 to 9 stop the client agent in preparation for Exercise 37.
Категории