Enterprise Software

10 tips for remotely administering workstations


Relying on various technologies to remotely administer workstations can save you a significant amount of time and money. Here are some pointers to help you get the most out of remote administration tools and tactics.

Note: This information is also available as a PDF download.

#1: Know thy hardware

You may feel as though you have ingrained knowledge about your inventory of workstations -- but do you really know it? Having critical information available is imperative to being able to remotely administer the workstation through the life of a system. Consider the following factors:

  • Is USB 2.0 available on all systems?
  • Is there a DVD or CD drive? Can it write?
  • What boot sequence have you configured -- and how do you change it?
  • What kind of connectivity back to your main back office is available?

Knowing the answers to these types of questions will make a big difference in many of the situations you'll need to address in a remote administration role for workstations.

#2: Identify client firewalls and configurations

If you have client firewalls in place, be sure you know what can and can't be done. Determine where and by whom any tasks can be performed (and how to disable that). A good example would be trying to get a critical file or update to an application from an auto update mechanism or some other nonstandard source. While this "one-off" mechanism may sound simple enough, will all systems be able to access the update as expected?

#3: Know thy network

Many large enterprises put rules in place for remote locations that do everything from limiting traffic amounts for each site to restricting what traffic can occur from the remote site to restricting MAC addresses that can connect on the remote site. For the plethora of tasks that are involved with remote administration of workstations, be sure to build your strategy around network traffic patterns that are permitted. Also know the procedure or parameters to get the permitted traffic changed if possible.

#4: Memorize command-line tools to save time

For those of you who are dealing with low bandwidth connections, having your common administrative tasks memorized from a command line can save everyone's time. For Windows XP systems, consider memorizing the following commands:

  • Compmgmt.msc -- Computer Management MMC snap-in, a good hub of all types of information, including the Event Log, Device Manager, and Services.
  • Ipconfig -- The TCP/IP configuration utility. Some common parameters include /release, /renew, /flushdns, and /registerdns.
  • Shutdown.exe -- A tool to remotely reboot or shut down a system. With appropriate permissions, a system can be rebooted remotely as well.
  • Net Use -- Can be used to map a drive, simply authenticate, or stop a mapping.

#5: Make everything as centralized and singular as possible

When possible, have every element of your workstation infrastructure collected in one place and one instance. The last thing you want to have to worry about is a large number of little file servers scattered around your enterprise. So for file storage, having remote users use the central resource is critical. That way, your backups and consistent security access policies are the same for your remote users as for your central users. Your IT costs will be lower and you'll ensure that administration and access are controlled in one manner regardless of location.

A notable exception may be a large remote site with a number of users who may end up flooding the remote connection between the sites with consistent traffic. If you have a remote office that has, say, 40 people in it, a local file server may be appropriate, with backups occurring over the network, time and traffic permitting. By contrast, consider the example of a store, where you may have fewer than 10 users and only a few computers. In this situation, you want to do everything possible to keep the IT footprint low.

#6: Have Internet distribution mechanisms

For remote locations, consider going directly to the Internet instead of using the VPN or wide area connection. For instance, say you need to deploy a large service pack for the client operating system. If you are looking at a 300MB download for a handful of clients, deployment would not be possible on most remote connections. Certain client administration tools can manage distribution of packages over the Internet to help remote locations and laptop users while away from the central network. For example, when remote workstations (including laptops) are to receive their management packs through the Internet, iPass may provide the quickest download.

#7: Line up alternate connectivity options

We all find ourselves using a tool in a primary fashion and being able to address 95% of our issues through that tool. For Windows XP, that would generally be Remote Desktop. But in the rare situation where you can't use Remote Desktop to get to a client system, what do you do? Have alternate tools lined up to provide you access to your systems, as needed. Here are some examples:

  • DameWare --Offers push install and remove when done using Windows credentials over TCP/IP connection.
  • VNC -- Good old trusty remote client, service driven. Maybe use for alternate connectivity and starting the VNC service as needed.
  • LogMeIn.com --Great offerings in Internet-to-client connectivity; works through most proxy configurations.

#8: Ensure OS platform consistency

To effectively administer workstations remotely without your IT costs spiraling out of control, having a single platform is an absolute requirement. It is worth the pain of being late in implementing a platform to maintain your consistency for remote administration and support. (Between the lines, that means wait on Vista.) If a second platform is introduced, the landscape changes for the workstation administration team. Everything has to be done once for each platform. Along these lines, having a standard workstation hardware inventory also contributes to a more efficient IT organization.

#9: Control scope

Okay, this is not really an administration technique, but for remote workstations, you have to manage what you agree to do as an administrator. Let's say you have a number of remote offices for a small number of users whom you provide with standard equipment. This equipment inventory includes workstations or laptops, a laser printer shared for all local systems, and network connectivity for everything available at the central site. Inevitably, one day you get a question along the lines of, "Can we get this other printer that scans and faxes?" from the remote site.

This is a critical issue because the site is taking the scope out of what's normal -- and the support end will suffer because you, as an administrator, are responsible for drivers on this new device. You'll also be stepping away from a consistent computing platform. Having scan and fax capabilities isn't a bad thing -- but the business needs to understand that asking for functionality outside of what's normal costs money -- and the costs become much more than just a $199 multi-function unit.

#10: Don't provide lesser support for remote users

Don't let the remote users suffer. The dynamic for remote workstations is different from a centrally located user. There may not be another system to walk over to and use, there may not be someone readily available to perform a quick task for them, and there may be customers waiting. Users in locations without a local IT staff are really on there own in a lot of ways, and you don't want them to feel that way about the technology. Providing good service from the administration side is important to the success of an IT organization.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

16 comments
Dereckonline
Dereckonline

I use the following: Citrix for production VNC for fattys RDP for thin clients Logmein Rescue for anyone outside network

rykerabel
rykerabel

wrong title, should have been "10 tips for remotely administering windows" where are the OSX, Linux, Solarus, BSD solutions?

TechMonkey_z
TechMonkey_z

One of the best tools I've used for remote admin. We're currently using version 2.2 and it allows for remote control, remote command line, file transfers, remote shutdown/restart and more. The Radmin 3 client is awesome as well. For remote support I'd steer clear from remote desktop connection simply because the user can't see what you're doing and you cant' see what the user is doing which is important when troubleshooting procedural types of issues. If anything, using windows XP remote assistance is better for remote support rather than remote desktop.

chav3z
chav3z

I use a combo of Device Management from ipass.com which works great over the internet and ultravnc which allows secure remote control over the internet also. I hate to pay monthly for a tool that I can get for free.

Billy Newsome
Billy Newsome

I'm preparing to enter a new area of my career; help desk technicain, and although I've never had the need to rely on these skills to this point, I do now. The above article covers some of the information I will need to become familiar with ASAP. My new company works primarily in Cobol and C# (all new to me), so I will rely on articles like this one even more than ever. By the way, my strenghts lye in the area of Graphic Design and Printing. Thank you for this information and please don't stop sharing these interesting and necessary tips.

gwright
gwright

I use Remote Support and Remote Access from WebEx to get all of my remote work done without having to worry about any of these issues.

dmelo
dmelo

It's a little young but this piece of software lets you build the tree view of the remote desktops mmc snap in. It supports tabbed interfaces for mixed protocols, RDP, VNC, VMRC, RAS, Telnet, SSH, ICA Citrix. Take a look http://www.codeplex.com/Terminals

b4real
b4real

ipass is a great one and I am with you that if we can get the tool for free, take it!

f.chapman
f.chapman

I can't believe the article makes no mention of Remote Desktops (notice the pluralisation)The Remote Desktops MMC Snap-In is from Windows Server 2003 Administrative Tools (Adminpak.msi). It includes the ability to build a hierarchical tree of remote machines. You have a tree view on the left and the console session on the right just like a classic explorer folders/files view. This allows you to group remote machines together. It has other advantages as well, for instance, if you connect to a 2003 server you have the choice of connecting to session 0 or to a new console session. Read more here: http://support.microsoft.com/kb/309375

Timbo Zimbabwe
Timbo Zimbabwe

"The above article covers some of the information I will need to become familiar with ASAP." Not really. No offense, but this article has done nothing but point out the obvious.

amabilis
amabilis

I'm servicing a few branch offices and from my experience MS has all the tools available an admin needs. I'm beeing a fan of the commandline today and I would like to share some tipps for other admins here: If you need to enbale remote-desktop on a certain machine, you can do this by using this command: reg add "\\remote-ip\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f (use 1 instead of 0 to undo) If you just want to work on a remote machine without disturbing the user and your task can be done on the command-line: PSEXEC \\Remote-IP cmd.exe It's a tool from Sysinternals, they are Microsoft today. You can download the whole suite from Technet. It's also possible to copy other programs to the clients for executing there with this one. And just in case you need to configure something where you have to log in to the gui as the user himself, but the user is not allowed to log in remotely, use this one: NET LOCALGROUP ?Remote Desktop Users? ?DOMAIN\Username? /ADD (use /DEL to undo) Unfortunatly this is depending on the language of the client... To be secure, don't forget to undo these changes. Cheers, Oliver

jmcgarvey
jmcgarvey

This article is more strategy oriented than tool oriented. I use WebEx as my fallback, but for true remote management of any number of systems, you need a more robust setup.

skicat
skicat

Cannot forget the cost of remotely servicing users. WebEx is not free and not cheap.

Editor's Picks