10 tips for remotely administering workstations

Relying on various technologies to remotely administer workstations can save you a significant amount of time and money. Here are some pointers to help you get the most out of remote administration tools and tactics.

Note: This information is also available as a PDF download.

#1: Know thy hardware

You may feel as though you have ingrained knowledge about your inventory of workstations -- but do you really know it? Having critical information available is imperative to being able to remotely administer the workstation through the life of a system. Consider the following factors:

  • Is USB 2.0 available on all systems?
  • Is there a DVD or CD drive? Can it write?
  • What boot sequence have you configured -- and how do you change it?
  • What kind of connectivity back to your main back office is available?

Knowing the answers to these types of questions will make a big difference in many of the situations you'll need to address in a remote administration role for workstations.

#2: Identify client firewalls and configurations

If you have client firewalls in place, be sure you know what can and can't be done. Determine where and by whom any tasks can be performed (and how to disable that). A good example would be trying to get a critical file or update to an application from an auto update mechanism or some other nonstandard source. While this "one-off" mechanism may sound simple enough, will all systems be able to access the update as expected?

#3: Know thy network

Many large enterprises put rules in place for remote locations that do everything from limiting traffic amounts for each site to restricting what traffic can occur from the remote site to restricting MAC addresses that can connect on the remote site. For the plethora of tasks that are involved with remote administration of workstations, be sure to build your strategy around network traffic patterns that are permitted. Also know the procedure or parameters to get the permitted traffic changed if possible.

#4: Memorize command-line tools to save time

For those of you who are dealing with low bandwidth connections, having your common administrative tasks memorized from a command line can save everyone's time. For Windows XP systems, consider memorizing the following commands:

  • Compmgmt.msc -- Computer Management MMC snap-in, a good hub of all types of information, including the Event Log, Device Manager, and Services.
  • Ipconfig -- The TCP/IP configuration utility. Some common parameters include /release, /renew, /flushdns, and /registerdns.
  • Shutdown.exe -- A tool to remotely reboot or shut down a system. With appropriate permissions, a system can be rebooted remotely as well.
  • Net Use -- Can be used to map a drive, simply authenticate, or stop a mapping.

#5: Make everything as centralized and singular as possible

When possible, have every element of your workstation infrastructure collected in one place and one instance. The last thing you want to have to worry about is a large number of little file servers scattered around your enterprise. So for file storage, having remote users use the central resource is critical. That way, your backups and consistent security access policies are the same for your remote users as for your central users. Your IT costs will be lower and you'll ensure that administration and access are controlled in one manner regardless of location.

A notable exception may be a large remote site with a number of users who may end up flooding the remote connection between the sites with consistent traffic. If you have a remote office that has, say, 40 people in it, a local file server may be appropriate, with backups occurring over the network, time and traffic permitting. By contrast, consider the example of a store, where you may have fewer than 10 users and only a few computers. In this situation, you want to do everything possible to keep the IT footprint low.

#6: Have Internet distribution mechanisms

For remote locations, consider going directly to the Internet instead of using the VPN or wide area connection. For instance, say you need to deploy a large service pack for the client operating system. If you are looking at a 300MB download for a handful of clients, deployment would not be possible on most remote connections. Certain client administration tools can manage distribution of packages over the Internet to help remote locations and laptop users while away from the central network. For example, when remote workstations (including laptops) are to receive their management packs through the Internet, iPass may provide the quickest download.

#7: Line up alternate connectivity options

We all find ourselves using a tool in a primary fashion and being able to address 95% of our issues through that tool. For Windows XP, that would generally be Remote Desktop. But in the rare situation where you can't use Remote Desktop to get to a client system, what do you do? Have alternate tools lined up to provide you access to your systems, as needed. Here are some examples:

  • DameWare --Offers push install and remove when done using Windows credentials over TCP/IP connection.
  • VNC -- Good old trusty remote client, service driven. Maybe use for alternate connectivity and starting the VNC service as needed.
  • LogMeIn.com --Great offerings in Internet-to-client connectivity; works through most proxy configurations.

#8: Ensure OS platform consistency

To effectively administer workstations remotely without your IT costs spiraling out of control, having a single platform is an absolute requirement. It is worth the pain of being late in implementing a platform to maintain your consistency for remote administration and support. (Between the lines, that means wait on Vista.) If a second platform is introduced, the landscape changes for the workstation administration team. Everything has to be done once for each platform. Along these lines, having a standard workstation hardware inventory also contributes to a more efficient IT organization.

#9: Control scope

Okay, this is not really an administration technique, but for remote workstations, you have to manage what you agree to do as an administrator. Let's say you have a number of remote offices for a small number of users whom you provide with standard equipment. This equipment inventory includes workstations or laptops, a laser printer shared for all local systems, and network connectivity for everything available at the central site. Inevitably, one day you get a question along the lines of, "Can we get this other printer that scans and faxes?" from the remote site.

This is a critical issue because the site is taking the scope out of what's normal -- and the support end will suffer because you, as an administrator, are responsible for drivers on this new device. You'll also be stepping away from a consistent computing platform. Having scan and fax capabilities isn't a bad thing -- but the business needs to understand that asking for functionality outside of what's normal costs money -- and the costs become much more than just a $199 multi-function unit.

#10: Don't provide lesser support for remote users

Don't let the remote users suffer. The dynamic for remote workstations is different from a centrally located user. There may not be another system to walk over to and use, there may not be someone readily available to perform a quick task for them, and there may be customers waiting. Users in locations without a local IT staff are really on there own in a lot of ways, and you don't want them to feel that way about the technology. Providing good service from the administration side is important to the success of an IT organization.