Novell Documentation: ZENworks 6.5 - Managing Remote Windows Servers

Managing Remote Windows Servers

The following sections provide information that will help you effectively manage Remote Management sessions on Windows 2000/2003 servers:

Initiating Remote Management Sessions

You have several options for initiating a Remote Management session from ConsoleOne. They include the following:

Initiating Remote Management Session from the ConsoleOne Tools Menu

In ConsoleOne, click Tools > ZENworks Remote Management > Remote Console > Windows.
In the Remote Management dialog box, enter the IP address or the DNS name of the managed server.
Enter the agent password.
Select the Remote Management operation that you want to initiate with the managed server.
Click OK.

Initiating Remote Management Session from the eDirectory/NDS Namespace

You can start a Remote Management session from the eDirectory (NDS) namespace (in ConsoleOne) using one of the following methods:

In ConsoleOne, select a managed server.
Click Tools > ZENworks Remote Management > Remote Console > Windows.
In the Remote Management dialog box, select the IP address of the managed server from the Agent drop-down list.

The IP address of the selected managed server is automatically populated to the Agent drop-down list.
Enter the agent password.
Select the Remote Management operation that you want to initiate with the managed server.
Click OK.

You can also use the following procedure:

In ConsoleOne, right-click a managed server.
Click Remote Management.
In the Remote Management dialog box, select the IP address of the managed server from the Agent drop-down list.

The IP address of the selected managed server is automatically populated to the Agent drop-down list.
Enter the agent password.
Select the Remote Management operation that you want to initiate with the managed server.
Click OK.

Initiating Remote Management Session from the Atlas Namespace

Before initiating a Remote Management session from the Atlas namespace (in ConsoleOne), make sure that the NetWare^® Management Agent^TM (NMA) is installed and the Discovery discovers the network topology.

To initiate the Remote Management session:

In ConsoleOne, right-click a managed server.
Click Actions > Remote Control or Remote View.
Select the IP address and enter the agent password.

The IP address of the selected managed server is automatically populated to the Agent drop-down list.
Click OK.

Initiating Remote Management Session from the Remote Management Agent

If the managed server is configured behind dynamic NAT, the managed server cannot be accessed from the management console but the management console can be accessed from the managed server. To resolve this problem:

The user at the managed server must initiate a request for a Remote Management session to the remote operator by using the Request Session option.

IMPORTANT: Before initiating a Remote Management session from the Remote Management Agent, the remote operator must ensure that ConsoleOne is running on the management console.

NOTE: The first instance of ConsoleOne receives the request when a session request is initiated from a Remote Management Agent to the management console running on a terminal server. None of the ConsoleOne instances receive the session request until all ConsoleOne instances are closed on the session where ConsoleOne was launched for the first time. To receive the session request, ConsoleOne must be launched again on any terminal session.

To request for a session, the user at the managed server must do the following:
1. Right-click the Remote Management Agent icon.
2. Select Request Session.
3. Enter the IP address or the DNS name of the management console.
4. Select the Remote Control or Remote View operation from the drop-down list.
5. Click OK.
The Remote Management Listener listens to the request and notifies the remote operator about it. The remote operator must accept the request and provide the following credentials for the request in the Select Authentication Mode dialog box:
1. Enter the password for authentication.
2. Click OK.

Operating with Windows XP SP2

Windows XP SP2 comes with a firewall enabled by default. As a result, the Remote Control Listener running on Windows XP SP2 cannot receive connections initiated by the Remote Management Agent.

You need to configure the firewall settings to allow the Remote Control Listener to receive connections.

The Remote Control Listener binds to TCP port 1762 by default. In order to change the ports, refer to Configuring Remote Control Listener Port.

Configuring Remote Management Ports

This section provides information on the following topics:

Configuring Remote Management Agent Port

The Remote Management Agent port binds to TCP port 1761 by default. You may configure it to run on a different TCP port by following the steps mentioned below:

Open ZENworks_agent_directory\rmagent\rmcfg.ini file.
Under the Remote Management Agent Port section, set the DefaultCommPort to the desired port number.
Restart the Novell ZfS Remote Management Agent service.

To initiate a remote session to a managed server where the Remote Management Agent is running on any port other than 1761, the following modifications need to be done on the management console:

Open the ConsoleOne_directory\1.2\bin\rmports.ini file.
Under the Remote Management Agent Ports section, add the port number.

NOTE: If the Remote Management Agents are running on different ports on different managed servers, you may mention the port numbers one below the other under the Remote Management Agent Ports section.

Configuring Remote Control Listener Port

The Remote Control Listener port binds to TCP port 1762 by default when ConsoleOne is started. You may configure it to run on a different TCP port by following the steps mentioned below:

Open ConsoleOne_directory\1.2\bin\rmports.ini file.
Under the Remote Control Listener Port section, set the DefaultCommPort to the desired port number.
Restart ConsoleOne.

To initiate a remote session request to a management console, where the Remote Control Listener is running on any port other than 1762, the following modifications need to be done on the managed servers:

Open the ZENworks_agent_directory\rmagent\rmcfg.ini file.
Under the Remote Control Listener Ports section, add the port number.

NOTE: If the Remote Control Listeners are running on different ports on different management consoles, you may mention the port numbers one below the other under the Remote Control Listener Ports section.

Managing a Remote View Session

After you have initiated a Remote Management session and selected Remote View as the operation, you have several options to help you view the managed server.

Controlling the Display of the Viewing Window

You can regulate the display of the Viewing window through using the control options.

To enable the control options:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.

Click Configure.

Option	Description
Enable High Quality Scaling	Enhances the quality of images in the Scale To Fit Mode.
Enable Accelerator Keys	Enables the accelerator keys on the management console so that you can change the default accelerator key sequences during the remote session.
Enable Encryption	Encryption is an optional feature and will be effective per session. If the saved configuration has enabled encryption, the session will be encrypted from the start of the session. Encrypting a whole session provides greater security as the data transferred over the wire will be encrypted and it will be difficult to decipher anything meaningful even after the data over the wire is captured. However, it impacts performance slightly and is recommended when the security requirement is very stringent.
Hide Wallpaper	Suppresses any wallpaper displayed on the managed server. This option is enabled by default. If you want to display the wallpaper on the managed server during a Remote View session, disable this option.
Color Quality	By default, on a fast Link, the color quality is set to Normal and on a slow link the color quality is set to 256 colors. You can change the color quality of the slow link or the fast link to one of the following: 16 Colors: Forces the use of 16-color palette on the managed server during a Remote Management session. This enhances the Remote Management performance particularly over a slow-link. 256 Colors: Forces the use of 256-color palette on the managed server during a Remote Management session. This enhances the Remote Management performance over a slow-link. Normal: The color is not altered and the setting is the same on the managed server during a Remote Management session.
Network Type	if the managed server is connected by a LAN, select the Fast Links option to enhance the Remote Management performance. if he managed server is connected over a dial-up link or by WAN, select the Slow Links option to enhance the Remote Management performance.

To save the Control Parameter settings, select the Save on Exit check box.

The saved settings are implemented in the next Remote View session.
Click OK.

Using the Viewing Window Accelerator Keys

You can use accelerator keys to assign the shortcut keys to the control options and also to control the display of the Viewing window. Default accelerator key sequences are assigned to each accelerator key option. The Accelerator Keys dialog box displays the default key sequence in the edit field of each accelerator key option. You can define a custom accelerator key sequence to change the default sequence. For more information, see Defining a Custom Accelerator Key Sequence.

To enable the Accelerator Keys option:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.
Click Configure.
Select Enable Accelerator Keys.
Click OK.

To open the Accelerator Keys dialog box:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.
Click Accelerator Keys.

The following table explains the Accelerator Key options you can during the Remote View session:

Option	Default Keystroke	Description
Toggle Full Screen	Ctrl+Alt+M	Applicable only if the color resolution settings on the management console and managed server are same. Sizes the Viewing window to the size of your screen without window borders.
Refresh Screen	Ctrl+Alt+R	Refreshes the Viewing window.
Restart Session	Ctrl+Alt+T	Re-establishes the connection with the managed server.
Enable Accelerator Keys	Ctrl+Alt+A	Allows you to enable or disable the default accelerator key sequences.
Stop Viewing	Left-Shift+Esc	Closes the Viewing window.
Configure Dialog	Alt+M	Opens the Control Parameters dialog box.
Accelerator Keys Dialog	Alt+A	Opens the Accelerator Keys dialog box.
Poll Full Screen	Alt + L	Scans and renders the information of the entire screen of the managed server.
Scale To Fit	Ctrl+Alt+G	Hides the scroll bars and scale the Remote Management window to fit your screen.

Defining a Custom Accelerator Key Sequence

The default keystrokes assigned to the accelerator key options are displayed in the edit field to the right of each accelerator key option in the Accelerator Keys dialog box. You can change the accelerator key sequence and define a custom accelerator key sequence if you do not want to use the default keystroke.

To define a custom accelerator key sequence:

Click the Remote Management Agent icon, located at the top-left corner of the Viewing window.
Click Accelerator Keys.
Click the edit field of the accelerator key option where you want to define a custom accelerator key sequence.
Press the new accelerator key sequence.
Click OK.

IMPORTANT: The shift keys are left-right sensitive, and are indicated in the Control Options dialog box as LShift and RShift. Avoid the use of standard key sequences like Ctrl+C, Ctrl+V, Shift+Del, etc.

Managing a Remote Control Session

After you have initiated a Remote Management session and selected Remote Control as the operation, you can control the managed server from the management console to provide user assistance and to help resolve server problems. With remote control connections, the remote operator can go beyond viewing the managed server to taking control of it.

You can effectively manage a Remote Control session by performing the following tasks with the Viewing window control options, the Viewing window toolbar buttons, and the Remote Management Agent icon options:

Controlling the Display of the Viewing Window

You can control the display of the managed server by using the Viewing window control options.

To enable control options:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.
Click Configure.

Select the control options you want to enable for the remote session.

The following table explains the options you can use to control the display of the Viewing window.

Option	Description
Block Mouse Movements to Agent	To reduce network bandwidth consumption, blocks all the mouse movements to the Agent.
Enable High Quality Scaling	Enhances the quality of images in the Scale To Fit mode.
Enable Accelerator Keys	Enables the accelerator keys on the management console so that you can change the default accelerator key sequences during the remote session.
Enable Encryption	Encryption is an optional feature and will be effective per session. If the saved configuration has enabled encryption, the session will be encrypted from the start of the session. Encrypting a whole session provides greater security as the data transferred over the wire will be encrypted and it will be difficult to decipher anything meaningful even after the data over the wire is captured. However, it impacts performance slightly and is recommended when the security requirement is very stringent.
System Key Pass	Passes Alt-key sequences on the management console to the managed server. NOTE: During a Remote View session, the System Key pass Through option is not enabled.
Hide Wallpaper	Suppresses any wallpaper displayed on the managed server. This option is enabled by default. If you want to display the wallpaper on the managed server during a Remote Control or Remote View session, disable this option.
Enable Encryption	Encryption is an optional feature and will be effective per session. If the saved configuration has enabled encryption, the session will be encrypted from the start of the session. Encrypting a whole session provides greater security as the data transferred over the wire will be encrypted and it will be difficult to decipher anything meaningful even after the data over the wire is captured. However, it impacts performance slightly and is recommended when the security requirement is very stringent.
Color Quality	By default, on a fast Link, the color quality is set to Normal and on a slow link the color quality is set to 256 colors. You can change the color quality of the slow link or the fast link to one of the following: 16 Colors: Forces the use of 16-color palette on the managed server during a Remote Management session. This enhances the Remote Management performance particularly over a slow-link. 256 Colors: Forces the use of 256-color palette on the managed server during a Remote Management session. This enhances the Remote Management performance over a slow-link. Normal: The color is not altered and the setting is the same on the managed server during a Remote Management session.
Network Type	If the managed server is connected by a LAN, select the Fast Links option to enhance the Remote Management performance. If the managed server is connected over a dial-up link or by WAN, select the Slow Links option to enhance the Remote Management performance.

To save the Control Parameter settings, select the Save on Exit check box.

The saved settings are implemented in the next Remote Control session.

Using the Viewing Window Accelerator Keys

You can use accelerator keys to assign shortcut keys to the control options and also to control the display of the Viewing window. Default accelerator key sequences are assigned to each accelerator key option. The Accelerator Keys dialog box displays the default key sequence in the edit field of each accelerator key option. You can define a custom accelerator key sequence to change the default sequence. For more information, see Defining a Custom Accelerator Key Sequence.

To enable the Accelerator Keys option:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.
Click Configure.
Select Enable Accelerator Keys.

To open the Accelerator Keys dialog box:

Click the Remote Management Agent icon, located at the top left corner of the Viewing window.
Click Accelerator Keys.

The following table explains the Accelerator Key options you can use to control the display of the Viewing window:

Option	Default Keystroke	Description
Toggle Full Screen	Ctrl+Alt+M	Applicable only if the color resolution settings on the management console and managed server are similar. Sizes the Viewing window to the size of your screen without window borders.
Refresh Screen	Ctrl+Alt+R	Refreshes the Viewing window.
Restart Session	Ctrl+Alt+T	Re-establishes the connection with the managed server.
Enable Accelerator Keys	Ctrl+Alt+A	Enables you to change the default accelerator key sequences.
Stop Viewing	Left-Shift+Esc	Closes the Viewing window.
Configure Dialog	Alt+M	Opens the Control Parameters dialog box.
Accelerator Keys Dialog	Alt+A	Opens the Accelerator Keys dialog box.
Poll Full Screen	Alt + L	Scans and renders the information of the entire screen.
Scale To Fit	Ctrl+Alt+G	Hides the scroll bars and scale the Remote Management window to fit your screen.
System Key Pass	Ctrl+Alt+S	Passes Alt-key sequences on the management console to the managed server.
Mouse/Keyboard Lock	Ctrl+L	Locks the keyboard and mouse controls at the managed server. This option is available only if the Allow Locking User's Keyboard and Mouse option is enabled in the Server Remote Management Policy.
Blank Screen	Ctrl+Alt+B	Blanks the screen at the managed server. This option is available only if the Allow Blanking User's Screen option is enabled in the Server Remote Management Policy.
Reboot	Ctrl+Alt+D	Sends the Ctrl+Alt+Del keystroke to the managed server. Display the Security window on the managed server.
Start	Alt+R	Invokes the Start menu on Windows server.
Switch Applications	Ctrl+T	Switches applications on managed servers.

Using the Toolbar Buttons on the Viewing Window

The following table describes the toolbar options in the Viewing window:

Button	Default Keystroke	Key Function
Screen Blanking	Ctrl+L	Enabled only if the Allow Blanking User's Screen option is enabled in the effective Remote Control policy of the managed server. Blanks the screen at the managed server. When the remote operator selects this option, the screen of the managed server is be blacked out and the operations performed by the remote operator on the managed server are not visible to the user at the managed server. Not supported over certain display adapters. Refer to the ZENworks 6.5 Server Management Readme for the list of display adapters that do not support this feature.
Mouse and Keyboard Lock	Ctrl+Alt+B	Locks the keyboard and mouse controls at the managed server. When the remote operator selects this option, the user at the managed server will not be able to use the keyboard and mouse controls of the managed server.
System Start	Alt+R	Invokes the Start menu on the managed server.
Application Switcher	Ctrl+T	Sends the Alt-tab key sequences to the managed server. Switches applications on managed servers. To switch the applications, In the Viewing window, click the Application Switcher icon or press the Application Switcher shortcut key. To traverse to the application you want using the Application Switcher icon. To view the application, press Tab.
System Key Pass Through	Ctrl+Alt+S	Sets the system key pass to On or Off. Passes Alt-key sequences from the management console to the managed server. Certain key sequences such as Ctrl+Esc, Alt+Tab, Ctrl+Alt+Del, and Alt+PrintScreen are not allowed even when the System Key Pass-Through is set to On. However, you can use the toolbar buttons on the Viewing window for the Ctrl+Esc, Alt+Tab, and Ctrl+Alt+Del keystrokes.
Reboot	Ctrl+Alt+D	Sends the Ctrl+Alt+Del keystroke to the managed server. Displays the Security window on the managed server.
Refresh Screen	Ctrl+Alt+R	Refreshes the viewing window.
Full Screen Polling	Alt+L	Scans and renders the information of the entire screen of the managed server continuously.
Scale To Fit	Ctrl+Alt+G	Hides the scroll bars and scales the Remote Management window to fit your screen.
Session Encryption		Encryption is an optional feature and will be effective per session. If the saved configuration has the option enabled, the session will be encrypted from the start of the session. Encrypting a whole session provides greater security as the data transferred over the wire will be encrypted and it will be difficult to decipher anything meaningful even after the data over the wire is captured. However, it impacts performance slightly and is recommended when the security requirement is very stringent.

You can define a custom key sequence if you do not want to use the default key sequence. For more information, see Defining a Custom Accelerator Key Sequence.

Enabling the Wallpaper on the Managed Server

When the remote operator initiates a Remote Control session, any wallpaper displayed on the desktop of the managed server is suppressed. This feature reduces the response time from the managed server for requests from the management console because less traffic is generated over the network while the wallpaper is suppressed.

You can configure the control parameter for this option to change the default settings and enable the display of the wallpaper on the managed server. When you terminate the Remote Control session, the suppressed wallpaper will be restored.

To enable the display of suppressed wallpaper on the managed server:

Click the Remote Management Agent icon, located at the top left corner, then click Configure.
Deselect the Hide Wallpaper option.

Using the Remote Management Agent Icon

By default, the Remote Management Agent icon is displayed in the system tray of the Windows servers. This icon indicates that the Remote Management Agent is loaded on the managed server.

The user at the managed server can right-click the Remote Management Agent icon and choose from the following options:

Option	Description
Terminate RC/RV Session	Disconnects and closes the remote session on the managed server and displays a message on the management console indicating that the remote session is closed.
Security	Allows the user at the managed server to set or clear the password for the server.
Information	Displays information such as who is accessing the managed server for the remote session, security settings, and the protocol in use for the remote session. For details, see Obtaining Information About Remote Management Sessions. You can right-click or double-click the Remote Management Agent icon to view the Information window.
Shutdown Agent	This option is always dimmed on managed servers. To shutdown the Remote Management Agent on managed servers, the user must go to the Service Control Panel and stop the "Novell ZFS Remote Management Agent" service.
Request Session	Enables the user at the managed server to request a remote operator to perform remote session.
Help	Displays the Remote Management Agent help.

Setting Up a Password for the Managed Server

The user at the managed server can set an agent password. This password overrides the password set by the administrator during the ZENworks 6.5 Remote Management installation.

To set the agent password:

From the managed server, right-click the Remote Management Agent icon.
Click Security > Set Password.

Use a password of ten or fewer alphanumeric characters. The password is case sensitive and cannot be blank.

After the completion of the Remote Management session, you can clear the agent password. If you clear the agent password, the remote operator cannot perform the Remote Management operations.

To clear the agent password:

On the managed server, right-click the Remote Management Agent icon.
Click Security > Clear Password.

Obtaining Information About Remote Management Sessions

Using the Information window, the user at the managed server can view details about the session, such as the name of the remote operator how is remotely managing the server, the security settings, and the protocol in use for the remote session.

To view information about remote sessions:

On the managed server, right-click the Remote Management Agent icon.
Click Information.
Click the General tab to view the general information and the Security tab to view the security information.

See the following sections for details:

Obtaining General Information

The following table explains the general information you can obtain about Remote Management sessions from the Information window:

Parameter	Description
RM Operation	Lists the ongoing Remote Management sessions.
RM Information > Initiator	Displays the name of the remote operator.
RM Information > Protocol	Displays the protocol that the Remote Management Agent uses to communicate with the management console during a remote session.
Optimization Status > RC/RV Optimization	Displays if the optimization driver is enabled or disabled for the Remote Management session. The remote session performance is enhanced if the optimization driver is enabled.

Obtaining Security Information

The Security Information dialog box displays information based on the Remote Control and Remote View sessions.

Options	Description
Permission Required	Indicates if the remote operator should obtain permission from the user at the managed server each time the he wants to perform the remote management session on the managed server.
Audible Signal Required	Indicates if an audible signal should be sent to the managed server every time the remote operator accesses the managed server.
Beep Every	Indicates the time interval based on which the audible signal is periodically sent to the managed server.
Visual Signal Required	Indicates if a visible signal should be sent to the managed server every time the remote operator accesses the managed server.
Session Encryption Enabled	Indicates whether a remote session will be encrypted or not. Session Encryption Enabled is applicable for Remote Control and Remote View.
Display Name Every	Indicates the time interval based on which the visual signal is periodically sent to the managed server.
Screen Blanking Allowed	Indicates if the remote operator is allowed to blank the managed server screen. Screen Blanking Allowed is applicable for Remote Control only.
Locking Control Allowed	Indicates if the remote operator is allowed to lock the keyboard and mouse controls of the managed server. Locking Control Allowed is applicable for Remote Control only.

Remote Operator Identification Display

The Remote Management Agent will display the identification of the remote operator in the following dialog boxes on the managed server:

Permission dialog box
Visible signal dialog box

The information displayed is console_machine_name\console_windows_username.

Viewing the Audit Log for Remote Management Sessions

ZENworks Server Management records log information on a Windows managed server.

To view the audit log for Remote Management sessions:

Click Start > Programs > Administrative Tools > Event Viewer.
Click Log > Application.
Double-click the event associated with the source Remote Management Agent.

To view only the events pertinent to the Remote Management Agent, choose Remote Management Agent from the source drop-down list in the Filter dialog box.

Improving the Remote Management Performance

The Remote Management performance, especially over a slow link, has been enhanced through using improved compression.

The performance during a Remote Management session over a slow link or a fast link varies depending on the network traffic. For better response time, try one or more of the following strategies:

On the Management Console

Select the Hide Wallpaper option on the managed server in the Control Parameters dialog box.
Assign color settings on the management console higher than the managed server or assign the same color settings for the management console and the managed server.
Select 16 Colors or 256 Colors mode in the Control Parameters dialog box to enhance the Remote Management performance.
The speed of the management console depends upon the processing power of the client machine. We recommended that you to use single-processor client with a Pentium* III, 500MHz (or later).

On the Managed Server

Deselect the Enable Pointer Shadow option before starting the Remote Control or Remote View session.
To disable Enable Pointer Shadow:

1. From the Windows desktop, click Start > Settings > Control Panel > double-click Mouse.

2. Click Pointers.

3. Deselect Enable Pointer Shadow.

4. Click Apply >OK.
At the managed server, use a plain background. Do not set a wallpaper pattern.
If the Task manager is opened at the target machine, it is recommended to minimize or close it.
Make sure that the scrolling texts (such as the debug windows) and animations are not active on the managed server.
Make sure to minimize or close the dialog boxes that are not in use.
To perform any operations at the managed server, if possible, use the toolbar options instead of menu options.
To maximize the Remote Management performance over WAN, configure the following settings in the Control Parameters dialog box at the managed server:
- Set the color mode of the managed server to 16 color.
- Select the Slow Link Option.

Shutting Down and Restarting the Remote Management Agent

The following sections explain how you can use the Remote Management Agent during remote sessions:

Shutting Down the Remote Management Agent

You can shut down the Remote Management Agent during a remote session. When you shut down the Remote Management Agent, the remote session stops. To start another remote session, you need to restart the Remote Management Agent. For more information, see Restarting the Remote Management Agent.

To shut down the Remote Management Agent on a Windows 2000/2003 managed server:

From the Control Panel, double-click Administrative Tools.
Double-click Services.
Click Novell ZFS Remote Management Agent > Stop.

IMPORTANT: You can stop the Remote Management Agent on Windows 2000/2003 server only if you have the rights to stop the Windows service.

Restarting the Remote Management Agent

During ZENworks Server Management installation, the Remote Management Agent is installed on the managed server and started automatically when the managed server starts up. If you shut down the Remote Management Agent during a remote session, the remote session stops. To start another remote session, you need to restart the Remote Management Agent on the managed server.

To restart the Remote Management Agent on Windows 2000/2003 managed server:

From the Control Panel, double-click Administrative Tools.
Double-click Services.
Click Novell ZFS Remote Management Agent > Start.

IMPORTANT: You can start the Remote Management Agent on Windows 2000/2003 server only if you have the rights to start the Windows service.