Just Browsing with Win 2003 HTML Remote Administration

By Drew Bird | Aug 23, 2004 | Print this Page
http://www.enterprisenetworkingplanet.com/netos/article.php/3398571/Just-Browsing-with-Win-2003-HTML-Remote-Administration.htm

There are many ways to remotely administer a Windows Server 2003 system, but none seem to get less coverage in Microsoft documentation than the Windows Server 2003 HTML Remote Administration Tools.

Although the HTML Remote Administration Tools are not as powerful as other remote management utilities provided for Windows Server 2003, they do include certain, key capabilities, such as editing user properties, configuring Web and FTP server parameters, viewing log files, and shutting down the server. The Web interface is particularly easy to use, and provides a simple and familiar interface for basic tasks. This can be particularly useful if you are delegating certain administrative tasks to less technically savvy users.

Installing the HTML Remote Administration Tools

The HTML Remote Administration Tools are not installed by default, and so must be installed via Control Panel » Add/Remove Programs. However, the installation program for the tool is well hidden. The actual services and files required during the installation will depend on whether you already have Internet Information Services (IIS) (define) loaded on the server. For the purposes of this explanation, we'll assume that it is not.

To install the HTML Remote Administration Tools, start Control Panel and click the Add/Remove Programs, icon. Then choose the Add/Remove Windows Components option. This will cause the Windows Components Wizard to appear. Double-click the Application Server program group, and then, from the Application Server dialog box, double-click the Internet Information Services (IIS) icon. The IIS dialog box will then appear. Now, double-click the Word Wide Web Service icon (which is at the bottom of the list). The World Wide Web Service dialog box will appear. Finally, select the option box next to the entry for Remote Administration (HTML). If you don't already have the World Wide Web service installed on the system, this option is automatically checked for you, as the service is required in order for the HTML Remote Administration Tools to work.

When you click OK, you are taken back through each of the component wizard dialog boxes that you went through on the way down. You may notice that some other options are now also automatically selected. These are the options that are needed to run the tools. When you get back to the Windows Components Wizard dialog box, you can click Next , to proceed with the installation. If you have not already done so, you will most likely be asked to insert the Windows Server 2003 CD. Once the installation is complete, click Finish in the Add Windows Components Wizard, and the HTML Remote Administration Tools are now installed and ready to use.

The installation routine adds two new shortcuts to the Administrative Tools menu. One for IIS, and another called Web Interface for Remote Administration. This is basically just a shortcut to the HTML Remote Administration Tools on the local system.

Using the HTML Remote Administration Tools

Starting the HTML Remote Administration Tools interface from a remote system is as simple as providing the IP address or hostname of the target server, though you must remember to provide the correct port number. Not doing so will result in the default IIS Web site home page being displayed. In its default configuration, you can access the Administration Web page with a non-secure connection on port 8099, though this is an option that should be disabled immediately, as it would allow passwords to be transmitted between browser and server in plain text. For a secure (SSL) (define) connection, use the HTTPS prefix to the URL, and port 8098. Thus, the secure URL for a server with an IP address of 192.168.1.1 would be https://192.168.1.1:8098 .

On the topic of user ID's and privileges, something worthy of mention is that IIS uses its own authentication mechanisms by default. If you want to authenticate against Active Directory (define), which is highly likely, you'll need to enable Integrated Windows Authentication. This can be done through the Directory Security tab of the Administration Website properties, in the IIS Manager MMC.

Continued on page 2: Finding Your Way Around-->

Continued From Page 1

When you first connect to the server, you'll see the screen show in Figure 1. This Welcome screen provides links to a number of the more commonly performed administrative tasks. You can configure the Web site to either show this Welcome page by default, or the Status page, which provides information on the current state of the server such as pending information alerts or warnings.

Figure 1. The Welcome Screen
(Click for a larger image)
In addition to the Welcome and Status pages, there are five other administration pages; Sites, Web Server, Network, Users, Maintenance, and a Help page. The Sites page allows you to perform basic administration tasks for Web pages on the server, while the Web Server and Network pages allow you to configure selected settings for those features. The Users page provides two links through which you can launch the user and group management features of the Administration Web site. One slightly confusing thing here is that even on a domain controller, the user management shortcuts are labeled as Local Users and Local Groups. If you are using the Administration Web page on a member server, then the shortcuts do link to the local user and group databases. However, on a domain controller, you are able to manage user and group accounts for Active Directory.

Figure 2. The Maintenance Tab
(Click for a larger image)
The final tab, Maintenance, which is shown in Figure 2, is by far the most useful. As well as providing shortcuts to log files held on the server, the page also provides options for shutting down the server, and other less common tasks like configuring the date and time.

Also on the Maintenance screen is a shortcut for a Web based Remote Desktop feature. This uses a Microsoft provided ActiveX (define) control that allows complete access to the Server Desktop. In reality, this one single feature, shown in Figure 3, renders all of the other features in the HTML Remote Administration Tools obsolete, but it negates the benefit of having a basic set of tools easily available through a simple to use interface. Note, however, that you must have enabled Remote Desktop access (Start, Control Panel, System, Remote, Allow users to connect to this computer remotely) for this feature to work.

Figure 3. The Web based Remote Desktop
(Click for a larger image)
If, after using the HTML Remote Administration Tools, you do not want them permanently enabled, the Administration Web site can be stopped (like any other Web site) through the IIS Manager MMC. A number of basic settings for the site can also be edited through this interface, such as the connection port numbers, location for log files, and authentication methods. These settings can also be edited through the HTML Remote Administration Tools, so it becomes a case of which tool you are more comfortable using.

A Word About Security

With any kind of remote administration tool, security should be a major concern. There are some basic precautions you can take to secure the HTML Remote Administration tools such only allowing secure (HTTPS) connections to the administration Web site. You can also specify an IP address from which all remote administration requests should originate. This can be configured from within the HTML Remote Administration Tools, or through the IIS Manager MMC. It almost goes without saying that allowing access to any remote administration tool through a firewall connected to the Internet is not ideal. If you do have the need to create remote administration capabilities from the Internet, it is worth considering a more robust solution such as Terminal Services. You should also consider additional security measures such as advanced authentication and encryption.