If you cut your teeth on Windows NT 4.0 networks, you’re familiar with the myriad utilities that you run daily to do your job. None of them have a consistent look and feel, and little of what they do—and why they do it—is logical. Fortunately, Microsoft has changed all that with the introduction of Microsoft Management Console (MMC). In this Daily Drill Down, I’ll introduce you to MMC.
Basic MMC terminology
I’ll introduce some of the terminology up front so that you can familiarize yourself with the necessary terms before reading further. If you print this list, you’ll have a reference for when you come across a term that’s unfamiliar to you:
- Active Directory: This Windows 2000 directory service stores information about all objects on the computer network and makes the information available for administrators and users. Within Active Directory, users can access resources anywhere on the network with a single logon. Similarly, administrators have a single point of administration for all objects on the network.
- Assigned application: In the Windows 2000 operating system, you can use the Software Installation snap-in extension of the Group Policy snap-in to assign applications to users so that the applications appear to be installed and available on the user's desktop whenever the user logs on. The assigned applications can be made available to everyone or to a designated group, or you can restrict access to specified users or groups.
- Author mode: When you create a console using this mode, you’re granted full access to all MMC functionality, including the ability to add or remove snap-ins, create new windows, create taskpad views and tasks, add items to the Favorites list, and view all portions of the console tree. See also User mode.
- Console tree: The console tree represents the hierarchy of objects and containers that are available in a console. The left pane of an MMC console window contains the console tree and the Favorites tab. See also Favorites tab.
- Details pane: The Details view sits in the right pane of an MMC console window and displays the relevant view of the selected item in the console tree. The information can be displayed as a list view, a taskpad, an ActiveX control, or an HTML page.
- Document: Another name for Tool; see below.
- Domain: A domain is a grouping of servers and other network objects under a single name. Domains allow you to group objects to reflect a company’s organization. Each domain stores only the information about the objects located in that domain. By partitioning the directory information this way, Active Directory scales up to as many objects as you need to store information about your network. Each domain is a security boundary—this means that security policies and settings (such as administrative rights, security policies, and security descriptors) do not cross from one domain to another. The administrator of a domain has absolute rights to set policies within that domain only. See also Security descriptor.
- Extension snap-in: An extension snap-in provides functionality only when used with a parent snap-in. Extension snap-ins can add nodes to the namespace or just extend existing nodes with new menus, toolbars, property pages, wizards, or Help. See also Snap-in.
- Favorites tab: This tab appears when you open a new console in author mode or when an item has already been added to the Favorites list in a console. The Favorites list can include shortcuts to tools, items in the console, or tasks.
- Management Saved Console file: A Management Saved Console file (denoted by an .msc extension) constitutes a tool. After an administrator has assembled a tool using various snap-ins, the administrator can save the tool to an MSC file. The tool can then be opened and reused later. Since it is a file, a Management Saved Console can also be passed on to another administrator with ease. See also Tool.
- Multiple Document Interface (MDI): An MDI is an interface that provides multiple views or windows.
- Microsoft Management Console (MMC): MMC is the general, Independent Software Vendor (ISV)-extensible common management console in the Windows 2000 operating system. The console itself is a Windows-based Multiple Document Interface (MDI) application.
- Mode of extensibility: This is the behavior that a snap-in provides, extending the console with more functionality. Microsoft has defined several modes of extensibility, and every snap-in must provide at least one of those modes.
- Namespace: The namespace is the hierarchy of objects and containers that are displayed in a console window. The namespace includes both the console tree and the details pane.
- Node: A node can be any manageable object, task, or view. Examples of nodes include computers, users, and Web pages.
- Package (.msi file): Windows Installer packages contain databases that store all the information necessary to set up an application in a variety of situations.
- Published application: Published applications are those that the administrator makes available for on-demand use.
- Security descriptor: All containers and objects on the network have a set of security information, or a security descriptor, attached to them. A security descriptor consists of Discretionary Access Control Lists (DACLs) and System Access Control Lists (SACLs). DACLs specify which users or groups can access an object and the types of access (permissions) granted to those groups or users. A Success or Failure attribute for each access event is based on the permissions granted to each group and user in the object's DACL.
- Snap-in: A snap-in is software that makes up the smallest unit of a console extension. Snap-ins are tools that extend the MMC console and provide administrative functionality. A stand-alone snap-in functions independently from other snap-ins, whereas an extension snap-in, as its name implies, extends the functionality of another snap-in and therefore cannot run independently. See also MMC.
- Stand-alone snap-in: A stand-alone snap-in can be added to a console by itself and runs independently from other snap-ins; an extension snap-in can only be added to extend the functionality of another snap-in. See also MMC.
- Tool: A tool is a collection of multiple snap-ins into a single console. It provides the entire management behavior represented by all its snap-ins. A tool can be saved and reloaded. A tool is also called a document.
- User mode: Creating a console in user mode allows you to eliminate some authoring features that users may not need. For example, you can provide users with full access to the console tree but prevent them from adding or removing consoles or modifying console properties. Three types of user mode are available: full access; limited access, multiple windows; and limited access, single window.
Although I’ve explained many terms here, keep in mind that this by no means represents a comprehensive list.
What is MMC?
Microsoft Management Console (MMC) is an extensible common presentation service for management applications. In simple terms, MMC is a utility where all the management functions are found and where the same look and feel is provided to the user whichever function is being used.
MMC is included in the Windows 2000 operating system. Although Microsoft also included a version of MMC with some of the most recent service packs for NT 4.0, I’ll concentrate on Windows 2000 for now. In this Daily Drill Down, I’ll provide an overview of the MMC user interface, the MMC architecture, and the concept of management snap-ins.
MMC is a Windows-based MDI application that heavily uses Internet technologies. The console is given added value by the use of snap-ins that perform management tasks. The MMC programmatic interfaces permit the snap-ins to integrate with the console. These interfaces deal only with the presentation to the user; the snap-in itself contains the code to do the task it is designed for. Snap-ins provide the actual management behavior. MMC itself offers no management functionality. The MMC environment allows seamless integration between snap-ins.
You can run non-MMC management programs on the computer at the same time as one or more instances of MMC and use the operating system to switch back and forth, as expected.
You can also create shortcuts in the MMC console to the non-MMC tools. These shortcuts are saved when the tool is saved to an MSC file. Within MMC, you can create shortcuts to any executable program (.exe), script, or URL.
Microsoft Management Console provides several key benefits. Some of these benefits are listed below:
- Task orientation: The tools being defined to work with MMC are task oriented in nature—they cater to the task being performed rather than merely displaying the raw objects that can be manipulated. Also, because administrators can customize their own tools, using pieces from various vendors allows them to create tools that contain only the user interface they need to complete their tasks.
- Integration: The user interface for all the management tasks an administrator must perform is held in a single console. As new applications are added to a computer or network, their administration is integrated into the existing administration common console.
- Customization of consoles: In enterprises where administration is divided into several tasks, each of which is allocated to one or more administrators, you can build custom consoles, tailored to the particular management needs and the tasks involved. For example, you can create a custom console for software installation and maintenance, another for scripts administrators, another for security Group Policy, and so on.
- Delegation: Administrators can easily modify existing tools to create new tools with reduced functionality and less-complex views of the tool namespace, and then give these tools to others. People who receive such a tool are presented a simpler, more manageable view of the tasks they are being asked to perform. This is a good way to delegate some of the easier Windows administration tasks to less-qualified or less-experienced administrators or even to users.
- Overall interface simplification: All tools built for MMC, whether from Microsoft or third-party software vendors, have a similar appearance, making it easier for users to use all tools after learning one of them. Because you can mix and match tools from any vendor, you can use the best tool from each management product category. MMC also enables a single piece of software to provide functionality across the interface in a consistent manner.
- Extensibility: Developers can extend the base functionality of MMC snap-ins by creating extension snap-ins. This allows software vendors to reuse Microsoft tools without writing a lot of code. Various mechanisms are available for extending snap-ins, including extending the namespace, context menus, toolbars, and property pages as well as creating Wizard 97-style pages.
What are snap-ins?
Each MMC tool is built from a collection of smaller tools called MMC snap-ins. One snap-in represents one unit of management behavior. A snap-in is the smallest unit of console extension.
The snap-in may call on other supporting controls and dynamic link libraries (DLLs) to accomplish its task. Snap-ins extend MMC by adding and enabling management behavior. Management behavior may be provided in a number of ways. For example, a snap-in might add elements to the viewable node namespace, or it might simply extend a tool by adding context menu items, toolbars, property pages, wizards, or Help to an existing snap-in.
The relationship of the snap-in to the console consists of a common hosting environment and cross-application integration. Because the snap-ins contain no user interface, they cannot be run outside MMC. MMC alone provides no management functionality.
MMC provides a common wrapper for snap-ins, created either by Microsoft or by third-party software vendors. Given the relevant permissions, it’s possible to create custom management tools from one or more snap-ins. These custom tools can then be saved for later use or for sharing with other administrators and users. This model enables efficient tool customization and the creation of multiple tools of varying levels of complexity for task delegation.
The MMC user interface
The MMC user interface looks very much like an MDI version of Windows Explorer. What you’ll actually see with MMC will vary depending on which snap-in you’ve loaded. Let’s start by looking at the Computer Management Console that comes standard with Windows 2000. You can find the Computer Management utility under Administrative Tools in Control Panel.
The MDI child windows offer a variety of views that include a command bar, a console tree (the left pane), and a details pane (the right pane). The command bar contains both drop-down menus and buttons. The console tree displays the items available in the console and may not be visible in all views. This tree-formatted listing shows all visible nodes, each of which represents a manageable container, object, task, or view.
The term container refers to an item in the console tree that displays child containers below it in the console tree when expanded and displays its child containers in the details pane (subject to the selected view) when selected. The term object refers to an item in the console tree that does not have child items displayed beneath it in the console tree; an object displays information in the details pane when it is selected in the console tree.
The details pane displays the result of selecting a node in the console tree. It may be a list of the contents of a folder or a management-related view (such as the performance graph in this example), which can be Web- or ActiveX control-based. The MMC namespace consists of the console tree and the details pane.
MMC can be configured to represent powerful management tools, but it can also be designed to offer a scaled-down view that can be less daunting to less-experienced administrators.
Each of the views above can be saved to separate files as different tools. When one of these files is sent to another person, that person can open the file, and the corresponding tool will be loaded as configured. For example, a senior administrator could create a particular view (e.g., a list of services on servers) and send that view to an operator who will manage only the services on that computer. The operator receives the user interface for the view created and can access only items in that view.
An administrator creates customized views simply by using the Snap-in Manager to dynamically load and unload snap-ins. The Snap-in Manager provides a list of available snap-ins, allowing users to add or remove snap-ins to the console. To access the Snap-in Manager, administrators click Add/Remove Snap-in on the MMC Console menu.
The majority of the graphical user interfaces for MMC are standard Windows 2000-based software GUI elements, tailored for use with MMC. The MMC console has a main menu, an Action band, and a toolbar. The primary menus are Console, Window, and Help; these menus provide commands that affect the entire console.
A band is a rectangular area that contains menus and icons. The Action band contains the following menus:
- Action: Includes the same contents as a context menu in Windows; the menu appears when you right-click an object or container.
- View: Controls how information is displayed in the details pane.
- Favorites: Include tasks, shortcuts to tools, or items in the console. The Favorites tab is displayed when you open a new console or when an item has already been added to the Favorites list in a console. As author, you gain full access to all MMC functionality. You can add or remove snap-ins, create new windows, create taskpad views and tasks, add items to the Favorites list, and view all parts of the console tree.
The MMC console also contains two standard Windows toolbars: the Console toolbar and the Snap-in toolbar. The Console toolbar contains the main menu and author mode band (author mode). The Snap-in toolbar includes the Action band, common commands bands, and one or more snap-in-specific bands.
The MMC console also contains property sheets. As its name suggests, a property sheet is a window that users can open to view and edit the properties of an item. A property sheet can contain a number of property pages, selected by tabs, which contain settings for a group of related properties.
Wizards are something that we have seen quite a bit of in Windows NT but that are even more numerous in Windows 2000. As you’d expect, some MMC snap-ins use wizards to automate and simplify tasks for users. For example, the Active Directory Users And Computers snap-in includes the Delegation Of Control wizard that administrators use to delegate control of Active Directory objects. Administrators use this wizard to grant other users permission to manage users, groups, computers, organizational units, and other objects stored in the Active Directory service.
MMC tends to use dialog boxes that are usually modal, which means that the dialog box must be closed before the user can access another window. However, MMC is primarily modeless, which allows users to move between open windows.
Windows 2000 offers many new features that make it a challenge for old-time Windows NT users. One of the newest features is Microsoft Management Console. In this Daily Drill Down, I’ve given you a brief introduction to MMC.
Richard Charrington’s computer career began when he started working with PCs—back when they were known as microcomputers. Starting as a programmer, he worked his way up to the lofty heights of a Windows NT Systems Administrator, and he has done just about everything in between. Richard has been working with Windows since before it had a proper GUI and with Windows NT since it was LANManager. Now a contractor, he has slipped into script writing for Windows NT and has built some very useful auto-admin utilities.The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.