Remote Management for the Holidays

The end of the year is a slow time for many organizations: Employees and customers are on holiday, the year-end accounting has to be finished, and so forth. However, "slow" doesn't mean "dead"; you'll probably find that you have the usual number of Exchange-related management tasks keeping you busy even if you'd rather be out doing your holiday shopping or visiting family. But if you spend a little time preparing now, you'll be able to perform many Exchange administration tasks without being near your server.

Let's start with the basics. You can run both Microsoft Exchange Administrator and Exchange System Manager (ESM) from remote workstations, as long as the remote workstation meets some basic requirements. Obviously, the workstation needs to be connected to your network either directly or through a VPN. You'll also need to ensure that your workstation has the right software: Exchange Administrator can run on any version of Windows 2000 or Windows NT, but ESM requires Win2K (Microsoft doesn't even support running ESM on Windows XP). The fact that you can install ESM only on machines that are members of an Active Directory (AD) domain might prevent you from installing it on your home computer.

However, what can you do if you're visiting Grandma's house for the holidays? That's where advanced preparation comes in. You can use a variety of remote-access products to reach into your network. These products vary in price, convenience, and security. The most obvious product, of course, is Win2K Server Terminal Services, which you're probably familiar with. The Terminal Services administration mode gives you as many as two simultaneous Terminal Services sessions on any Win2K server, which is usually plenty. Terminal Services is secure (you log on to Terminal Services just as you log on to a "real" computer on your network) and performs decently over slow links. However, Terminal Services requires a special client, and it requires that you open TCP port 3389 to the machines you want to manage. (Don't forget this step unless you want to be calling your firewall administrator at 10:00 P.M. on Christmas Eve to open the port for you!)

You can carry a disk that contains the client software (Microsoft provides Win32 and Mac OS X clients; a Linux client is available at, or you can deploy Microsoft Terminal Services Advanced Client (TSAC), an ActiveX control that lets you establish Terminal Services sessions. (For information about downloading TSAC to your Microsoft IIS server, see the Microsoft article "How Terminal Server Advanced Client Connects to a Terminal Server Computer," Of course, TSAC works only from Microsoft Internet Explorer for Windows, so if Grandma has a Macintosh, you'll be out of luck.

Terminal Services works wonders, but it's not always the perfect solution; you might need to access a machine (such as your desktop workstation) on which the Terminal Services server software isn't installed or on which the two administrative-mode Terminal Services sessions are already in use. I've been using a subscription service called GoToMyPC ( with good results. You install a small program on your computer, specifying a password that only you know. Then, when you log on to the GoToMyPC Web site, you can see the PCs that are associated with your account and use a Windows or Java client to connect to any of them. Users who don't know the unique password can't get in. GoToMyPC is unique in a couple of ways. First, all of its communications are encrypted and tunneled over port 80, so you don't have to open any additional firewall ports. Second, you can choose from varying levels of service, depending on your needs and pocketbook. Other commercial products, such as Symantec's pcAnywhere and Computer Associates' (CA's) ControlIt (formerly Remotely Possible), also provide remote access, but I tend to avoid installing them on servers because installation typically requires a reboot.

Finally, there's Virtual Network Computing (VNC) from AT&T Laboratories Cambridge ( VNC is free, cross platform, and open source, so tinkerers can fiddle with it to their heart's content. However, compared with GoToMyPC and Terminal Services, VNC is primitive: It offers little security (apart from an optional password used to block connections), no printer redirection, and relatively poor performance on slow links. However, it is free, and that might make it worth investigating for some uses.

Spending a bit of time now can pay off big when a problem arises and you're miles away. Instead of rushing to the office (or trying, often in vain, to talk someone else through diagnosing and fixing the problem over the phone), you can coolly fix the problem from the comfort of your own keyboard, then get on with your holiday revels. Install and enjoy!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.