July Issue of the Taos Newsletter: Systems Management and Remote Management

Using Remote Management to Ensure Productivity and Keep Up with Customer Demands

By Brian Higginbotham, Remote Management Architect with a Fortune 500 Company

Remote management is essential to IT professionals for maintaining efficiency and pro-activeness in the IT enterprise. Technologies such as Windows Management Instrumentation (WMI), Systems Management Server (SMS), Group Policy Objects (GPO), and Windows Scripting Host (WSH) are available to IT professionals to automate many of the routine tasks in managing a Windows enterprise. An IT professional that has experience/knowledge in these technologies will become a valuable asset to any corporation.

The Technologies

WBEM

Web Based Enterprise Management (WBEM) is a Desktop Management Task Force led initiative where Microsoft, Compaq, Dell and other companies have directional roots in the initiative. The goal of WBEM is to provide a common framework for managing computing devices. Microsoft’s implementation of the WBEM specification is called Windows Management Instrumentation (WMI.)

WMI provides an abstraction and common language, Windows Query Language (WQL), to retrieve data from the underlying WMI providers. A WMI provider is a set of classes that define and allow interaction with functionalities defined in classes. For instance, the CIMWin32 provider hosts numerous classes that define how to manage the Win32 Operating System. An example of a class is Win32_OperatingSystem where IT administrators can retrieve data about the installed Operating System or perform medial tasks such as rebooting the computer.

One critical feature of WMI is the ability to interact with local and remote computers through DCOM. A WQL query that returns data or a script that reboots a local computer can easily run on a remote computer by simply changing the target.

For instance, the following script connects to WMI on the local machine and reboots the computer:

Set collOS=GetObject("Winmgmts:{(RemoteShutdown)}!\\.\root\cimv2").ExecQuery("Select * from Win32_OperatingSystem where Primary='True'")

For Each Instance in collOS

Wscript.echo "About to reboot computer.."
Instance.Reboot()

Next

The same query will reboot a remote machine with a simple change to the WMI moniker:

Set collOS=GetObject("Winmgmts:{(RemoteShutdown)}!\\<RemoteMachine>\root\cimv2").ExecQuery("Select * from Win32_OperatingSystem where Primary='True'")

For Each Instance in collOS

Wscript.echo "About to reboot computer.."
Instance.Reboot()

Next

Another Benefit of WMI is to handle events from the operating system. WMI accomplishes this through an event provider framework for signaling events. Two types of events are possible: Intrinsic Events and Extrinsic Events. Intrinsic events are built into WMI where as Extrinsic events occur from an external event provider (Written separately by a WMI developer.)

Intrinsic events are usually high cost events that work by taking a snapshot at a given interval and compare the snapshot to fire the event. For instance, I can request that WMI watch for events in a 5 second interval on a MSNDIS_MediaConnectStatus (ie A Network Interface connection status changes.) The following WQL query perform this for us:

Select * from __InstanceModificationEvent within 5 where TargetInstance ISA ‘MSNDIS_MediaConnectStatus’

The above event will detect changes every 5 seconds and the cost is that WMI must process the same query every 5 seconds and store the prior results for comparing on the next interval. Deltas from the comparison will fire to the event consumer that registered the event for additional logic.

Two types of events are commonly used: Temporary Event Consumers and Permanents Event Consumers. The difference between these consumers is that a Temporary Event Consumer ends when the process terminates and a Permanent event consumer is registered with WMI via MOF, Management Object Format, syntax. Hence the permanent event runs in the WMI process, which is always alive (At least as long as the WMI service is up and running.)

Although event consumers are important in WMI, they are beyond the scope of this document. You can read about event consumers online at http://msdn.microsoft.com.

Systems Management Server

Systems Management Server is a Microsoft product that provides enterprise management of your Windows environment. SMS provides many interfaces to automate routine tasks such as:

1. Hardware and Software Inventory
2. Software Distribution with elevated rights to heterogeneous Windows Operating Systems
3. Software Metering for application usage statistics
4. Remote Troubleshooting tools such as remote control and remote assistance management

Hardware and Software Inventory

SMS uses enterprise standards such as WMI to retrieve a common and consistent data set from computing devices. With the power of WMI, SMS is able to extend its framework dynamically through MOF syntax. For instance, SMS can update clients to collect new hardware inventory through the MOF. As an FYI, there are over 900 WMI classes for collecting data and by default SMS leverages 200ish classes. Additionally, the SMS client agent retrieves software inventory from clients based on site settings (ie What files should SMS scan *.exe, *.dll etc..) All of this data is collected on preset intervals and viewed on the SMS primary site server (i.e. Database serve).

Software Distribution with elevated rights to heterogeneous Windows Operating Systems

Any IT organization can benefit from using SMS to automate routine tasks. For instance, one can set a software distribution rule that targets Windows XP Professional Workstations with a Service Pack 1 package. From a central console, one can view the progress of the Windows XP Professional service pack distribution. Instead of focusing time on manually installing software or looking for failed installations, one can now focus on where the service pack installations failed or in other areas. Additionally, the SMS system can send common application installs to a range of different Windows operating systems.

Software Metering for Application Usage Statistics

Software metering allows IT organizations to track what software is currently being used on computing devices. In SMS 2003 the software metering component was re-written to provide only application usage information. Application usage is tracked through process creation and termination events and reported on custom intervals as setup in the SMS console. For instance, an IT organization may want to view the use of Microsoft Visio on workstations in the Denver office. The SMS administrator would setup a rule for monitoring application usage on the Visio package and the data would collect on scheduled inventory intervals and is viewable in the central SMS database. Now the IT organization is empowered to view what software is currently in use and make licensing decisions accordingly.

Remote troubleshooting tools such as Remote Control and Remote Assistance Management

Remote Troubleshooting is crucial in the IT enterprise to drive down the cost of ownership. It is much easier to resolve a BKM or customer related issue by using remote control interfaces than to send a physical PC technician to workstations. Remote manageability will require these remote tools to ensure efficiency and effectiveness in the IT enterprise.

The SMS system provides a fat remote control that in today’s technology should be used as a last resort given the speed of the remote control agent. In addition, SMS provides a common interface to issue Remote control to workstations through the SMS console. For instance, the SMS console can use RDP through the Remote Desktop interface or use a Remote Assistance call or use the native SMS remote control. The key differences on these technologies are as follows:

Remote Desktop is not a customer interaction remote control. Use this only to troubleshoot the problem remotely as a technician (ie Without the end-user viewing the session.)

Remote Assistance is a peer-to-peer customer interactive session. Since the session is peer-to-peer, the end user will see everything the technicians sees. Although, the technician is limited to the end-users desktop and can not span logons.

SMS Remote control is a slower interface but will span logons. For instance, a Technician can log the user off the workstation and log in under the technician rights or troubleshoot an issue with the users logon credentials (i.e. when the user logs into the desktop).

Other Technologies For Managing the Windows Enterprise

For the sake of clarity, there are many remote administration software technologies.

A few technologies such as Windows Scripting Host and/or Group Policy Object are available to manage the dynamic computing environment:

Windows Scripting Host – Scripting interface that provides access to WMI and other areas. For instance, I can use VBScript to access WMI information.

Group Policy Object – Active Directory policy conformance that can use WMI filters to selectively apply GPOs. For instance, I can tell a GPO to apply on to Windows XP Professional workstations.

Summary

Let’s face it - IT professionals are plagued with reacting to problems. And we live in an “event rich” world where computing devices are begging to be managed proactively. The key challenge as an IT professional is to use the right tools for the right issues. Without remote management tools, it is impossible to keep up with customer demands and ultimately ensure productivity with the computing devices. On the other hand, when armed with the right tools, the IT professional can proactively warn end-users about impending failures or make capacity planning decisions based on factual data. The technologies and tools presented above enable IT professionals to make those right decisions.