Designing custom taskpads for the MMC
Publishing and distributing your custom tools
The Microsoft Management Console (MMC) and the prepackaged administration tools that use it help you more readily manage computers, users, and other aspects of the network environment. The MMC not only simplifies administration but also helps integrate the many disparate tools in the Windows operating system.
The advantages of having a unified interface are significant because after you learn the structure of one MMC tool, you can apply what you’ve learned to all the other MMC tools. Equally significant is the capability to build your own consoles and customize existing consoles. You can, in fact, combine administrative components to build your own console configuration and then store this console for future use. You would then have quick access to the tools you use the most through a single console.
In this chapter, you learn how to work with and customize the MMC. You also find a discussion of administration tools that use the MMC. You can learn many techniques to help you understand Windows Server 2012 R2 better, and indeed, as mentioned in the previous chapter, you must master the MMC before you can truly master Windows Server 2012 R2.
The MMC is a framework for management applications that offers a unified interface for administration. It is not designed to replace management applications; rather, it is designed to be their central interface. As such, the MMC doesn’t have any inherent management functions. It uses add-in components, called snap-ins, to provide the necessary administrative functionality.
Keep in mind that the MMC isn’t a one-size-fits-all approach to administration. Some administrative functions aren’t implemented for use with the MMC. You configure many system and operating system properties by using Control Panel utilities. Many other system and administrative functions are accessed using wizards. Most administrative tools, regardless of type, have command-line counterparts that run as separate executables from the command line.
The really good news, however, is that you can integrate all non-MMC tools and even command-line utilities into a custom console by creating links to them. In this way, your custom console remains the central interface for administration, and you can use it to access quickly any type of tool with which you routinely work. For more information, see the Building custom MMCs section later in this chapter.
For selected snap-ins, the MMC supports the following capabilities:
Multiple-item selecting and editing. These features enable you to select multiple objects and perform the same operations on them, including editing.
Drag-and-drop functionality. This enables you to perform such tasks as dragging a user, computer, or group from one organizational unit (OU) to another in Active Directory Users And Computers.
For the Active Directory Users And Computers snap-in, you can do the following:
Reset access permissions to the default values for objects, show the effective permission for an object, and show the parent of an inherited permission.
Save Active Directory queries and reuse them so that you can perform common or complex queries easily.
MMC 3.0 is designed to support snap-ins created for MMC 2.0 and MMC 1.2. You can add these snap-ins to an MMC 3.0 console, and they will run as they do in the versions of MMC for which they were designed. You can use MMC 3.0 to open a console created using MMC 2.0 or MMC 1.2. If you then save the console, you are prompted to save the console in MMC 3.0 format. Doing so will update the console so that it uses the MMC 3.0 framework. However, you will not be able to open the console on computers running previous versions of MMC. The reason for this is that MMC 2.0 and MMC 1.2 do not support MMC 3.0 snap-ins or consoles.
To take advantage of what the MMC framework has to offer, you add any of the available standalone snap-ins to a console. A console is simply a container for snap-ins that uses the MMC framework. Dozens of preconfigured snap-ins are available from Microsoft, and they provide the functionality necessary for administration. Third-party tools from independent software vendors also now use MMC snap-ins.
Note
The terms console and tool are often used interchangeably. For example, in the text, I often refer to something as a tool when technically it is a preconfigured console containing a snap-in. Active Directory Users And Computers is a tool for managing users, groups, and computers. Not all tools are consoles, however. The System tool in Control Panel is a tool for managing system properties, but it is not a console.
Although you can load multiple snap-ins into a single console, most of the preconfigured consoles have only a single snap-in. For example, most of the tools on the Tools menu in Server Manager consist of a preconfigured console with a single snap-in—even the Computer Management tool, as shown in Figure 5-1, consists of a preconfigured console with the Computer Management snap-in added to it.
The many features of the Computer Management snap-in are good examples of how snap-ins can have nodes and extension components. A node defines a level within the console or within a snap-in. Computer Management has a root node, which is labeled Computer Management, and three top-level nodes, which are labeled System Tools, Storage, and Services And Applications. An extension component is a type of snap-in that extends the functionality of an existing snap-in. Computer Management has many extensions. In fact, each entry under the top-level nodes is an extension—and many of these extensions can themselves have extensions.
These particular extensions are also implemented as standalone snap-ins, and when you use them in your own console, they add the same functionality as they do in the preconfigured administration tools. You’ll find that many extensions are implemented as both extensions and standalone snap-ins. Many doesn’t mean all: some extensions are meant only to add functionality to an existing snap-in, and they are not also implemented as standalone snap-ins.
Keep in mind that extensions are optional and can be included or excluded from a snap-in by changing options within the console when you are authoring it. For example, if you didn’t want someone to be able to use Disk Management from within Computer Management, you could edit the extension options for Computer Management on that user’s computer to remove the entry for Disk Management. The user would then be unable to manage disks from within Computer Management. The user would still, however, be able to manage disks by using other tools.
An MMC has two operating modes: author mode and user mode. In author mode, you can create and modify a console’s design by adding or removing snap-ins and setting console options. In user mode, the console design is frozen, and you cannot change it. By default, the prepackaged console tools for administration open in user mode, and this is why you are unable to make changes to these console tools.
When you open a console that is in author mode, you have additional options on the File menu that help you design the interface. You can use these options to create new consoles, open existing consoles, save the current console, add or remove snap-ins, and set console options. In contrast, when you are working with one of the preconfigured console tools or any other tool in user mode, you have a limited File menu. With user mode, you can access a limited set of console options or exit the console—that’s it.
In author mode, you also have a Favorites menu, which you can use to add and organize favorites. The Favorites menu does not appear in user mode.
When you are finished designing a console tool, you should change to user mode. Console tools should be run in user mode, and author mode should be used only for configuring console tools. Three user-mode levels are defined:
User mode—full access. Users can access all window-management commands in the MMC but can’t add or remove snap-ins or change console properties.
User mode—limited access, multiple window. Users can access only the areas of the console tree that were visible when the console was saved. Users can create new windows but cannot close existing windows.
User mode—limited access, single window. Users can access only the areas of the console tree that were visible when the console was saved and are prevented from opening new windows.
A console’s mode is stored when you save the console and is applied when you open the console. In author mode, you can change the console mode by using the Options dialog box, which you open by selecting Options from the File menu. You cannot change the mode when a console is running in user mode. That doesn’t mean you can’t change back to author mode, however, and then make further changes as necessary.
To open any existing console tool in author mode, press and hold or right-click the tool’s icon and choose Author. This also works for the preconfigured administration tools. Just navigate to the %SystemDrive%ProgramDataMicrosoftWindowsStart MenuProgramsAdministrative Tools folder, press and hold or right-click the related shortcut, and then choose Author. You will then have full design control over the console, but remember that if you make changes, you probably don’t want to overwrite the existing .msc file for the console. So, instead of choosing Save from the File menu after you make changes, choose Save As and save the console with a different name. For best results and easy access to the modified console, be sure to follow the techniques discussed later in the chapter in the Saving the console tool section.
As Figure 5-2 shows, the MMC window consists of the console tree, the main pane, and an optional actions pane. The left pane is the console tree. It provides a hierarchical list of nodes available in the console. At the top of the tree is the console root, which could be specifically labeled Console Root or, as with the preconfigured tools, be simply the snap-in name. Generally, snap-ins appear as nodes below the console root. Snap-ins can also have nodes, as is the case with Computer Management. In any case, if there are nodes below the console root, you can expand them by tapping or clicking the plus sign to the left of the node label or by double-tapping or double-clicking the node.
The main pane is also referred to as the details pane, and its contents change depending on the item you’ve selected in the console tree. When you are working with one of the lowest-level nodes in the console tree, you’ll sometimes have two views to choose from in the details pane: standard or extended view. The difference between the two is that the extended view typically provides quick access links to related, frequently performed tasks and a detailed description of the selected item. These are not displayed in the standard view.
One way to start a console tool is to select it on the Tools menu in Server Manager or double-tap or double-click its icon on the desktop or in File Explorer. You can also start console tools from the Search box, the command prompt, and the Windows PowerShell prompt. The executable for the MMC is Mmc.exe, so you can open the MMC by typing mmc in the Search box and then pressing Enter or by entering mmc at a command prompt. Either way, you’ll end up with a blank (empty) console you can use to design your custom administration tool.
To use an existing console, you can specify the console file to open when the MMC runs. This is, in fact, how the preconfigured tools and any other tools that you create are started. For example, if you press and hold or right-click the shortcut for Computer Management in the %SystemDrive%ProgramDataMicrosoftWindowsStart MenuProgramsAdministrative Tools folder and then select Properties, you’ll see that the target (the command that is run) for the menu item is as follows:
%windir%System32Compmgmt.msc /s
The first part of the target (%windir%System32Compmgmt.msc) is the file path to the associated Microsoft Saved Console (.msc) file. The second part of the target (/S) is a command parameter to use when running the MMC. It follows that you can run the MMC by specifying the file path to the .msc file to use and any necessary command parameters by using the following syntax:
mmc FilePath Parameter(s)Here, FilePath is the file path to the .msc file to use, and Parameter(s) can include any of the following parameters:
/A. Enables author mode, so you can make changes to preconfigured consoles and other consoles previously set in user mode.
/S. Prevents the console from displaying the splash screen that normally appears when the MMC starts in earlier versions of the Windows operating system. This parameter isn’t needed when running on Windows Server 2008 or later.
/32. Starts the 32-bit version of the MMC, which is needed only if you explicitly want to run the 32-bit version of the MMC on a 64-bit Windows system.
/64. Starts the 64-bit version of the MMC, which is available only on 64-bit versions of Windows.
Most console tools are found in the %SystemRoot%System32 directory. This puts them in the default search path for executables. Because there is a file type association for .msc files, specified files of this type are opened using Mmc.exe; you can open any of the preconfigured tools stored in %SystemRoot%System32 by specifying the file name followed by the .msc extension. For example, you can start Event Viewer by typing eventvwr.msc.
This works because of the file association that specifies that .msc files are executed using Mmc.exe. (You can examine file associations by using the ASSOC and FTYPE commands at the command prompt.)
Some console tools aren’t in the %SystemRoot%System32 directory—or the search path, for that matter. For these tools, you must type the complete file path.
Generally, the preconfigured MMC consoles available on a server depend on the roles, role services, and features that are installed. As you install additional roles, role services, and features, additional tools for administration are installed, and these tools can be both console tools and standard tools. You don’t have to rely on roles, role services, and features installation for tool availability, however. You can, in fact, install the complete administrative tool set on any full-server installation regardless of the roles, role services, or features being used.
Follow these steps to install the complete administrative tool set:
In Server Manager, the local server is added automatically for management. If you want to install the admin tools on another server, you need to add the server for management by using Add Other Servers To Manage. Using Server Manager for remote management requires the configuration discussed in Chapter 4 and a minimum set of permissions.
In Server Manager, tap or click Manage and then tap or click Add Roles And Features. This starts the Add Roles And Features Wizard. If the wizard displays the Before You Begin page, read the Welcome message and then tap or click Next.
On the Select Installation Type page, select Role-Based Or Feature-Based Installation and then tap or click Next.
On the Select Destination Server page, the server pool shows servers you’ve added for management. Tap or click the server you are configuring and then tap or click Next twice.
On the Select Features page, select the Remote Server Administration Tools check box. This selects key tools under the Role Administration Tools and Feature Administration Tools nodes. If you want to select additional tools, expand the tools node and select tools to install as appropriate. If prompted to install required features, tap or click Add Features and then tap or click Next as prompted.
Tap or click Install. When the wizard finishes installing the administration tools, tap or click Close.
These tools are then available on the Tools menu in Server Manager and can also be started quickly in the Search box or at the command prompt by typing only their file name (in most cases). At times, you might find it quicker to open consoles from the command line. For example, on a server optimized for handling background services and not programs being run by users, you might find that navigating the menu is too slow. To help you in these instances, Table 5-1 provides a list of the key console tools and their .msc file names. Note that some of the MMCs won’t be available even if you install all the Remote Server Administration tools. Tools for certain server roles and features are only available when those roles and features are installed.
Table 5-1. Key console tools and their .msc file names
Tool Name | .msc File Name |
|---|---|
Active Directory Administrative Center | dsac.exe |
Active Directory Domains And Trusts | domain.msc |
Active Directory Rights Management Services | AdRmsAdmin.msc |
Active Directory Sites And Services | dssite.msc |
Active Directory Users And Computers | dsa.msc |
ADSI Edit | adsiedit.msc |
Certificate Templates Console | certtmpl.msc |
Certificates - Current User | certmgr.msc |
Certificates - Local Computer | certlm.msc |
certsrv.msc | |
Computer Management | compmgmt.msc |
Device Manager | devmgmt.msc |
DFS Management | dfsmgmt.msc |
DHCP Manager | dhcpmgmt.msc |
Disk Management | diskmgmt.msc |
DNS Manager | dnsmgmt.msc |
Event Viewer | eventvwr.msc |
Failover Cluster Management | cluadmin.msc |
Fax Service Manager | fxsadmin.msc |
Group Policy Management | gpmc.msc |
Health Registration Authority | hcscfg.msc |
Hyper-V Manager | virtmgmt.msc |
Local Group Policy Editor | gpedit.msc |
Local Security Policy | secpol.msc |
Local Users And Groups | lusrmgr.msc |
NAP Client Configuration | napclcfg.msc |
Network Policy Server | nps.msc |
Online Responder Manager | ocsp.msc |
Performance Monitor | perfmon.msc |
Print Management | printmanagement.msc |
RD Gateway Manager | tsgateway.msc |
RD Licensing Diagnoser | lsdiag.msc |
Performance Monitor | perfmon.msc |
Remote Desktop Licensing Manager | licmgr.exe |
Resultant Set Of Policy | rsop.msc |
Routing And Remote Access | rrasmgmt.msc |
Services | services.msc |
Services For Network File System | nfsmgmt.msc |
Task Scheduler | taskschd.msc |
Trusted Platform Module Management | tpm.msc |
Windows Deployment Services | wdsmgmt.msc |
Windows Firewall With Advanced Security | wf.msc |
Windows Server Backup | wbadmin.msc |
WINS Manager | winsmgmt.msc |
Some snap-ins can be set to work with local or remote systems. If this is the case, you see the name of the computer with focus in parentheses after the snap-in name in the console tree. When the snap-in is working with the local computer, you see (Local) after the snap-in name. When the snap-in is working with a remote computer, you see the remote computer name in parentheses after the snap-in name, such as (CORPSERVER01).
Generally, regardless of which type of snap-in you are using, you can specify the computer you want to work with in one of two ways. Within the MMC, you can press and hold or right-click the snap-in node in the console tree and then select Connect To Another Computer. This opens the Select Computer dialog box, as shown in Figure 5-3.
If you want the snap-in to work with the computer the console is running on, select Local Computer. Otherwise, select Another Computer and then type the computer name or Internet Protocol (IP) address of the computer you want to use. If you don’t know the computer name or IP address, tap or click Browse to search for the computer you want to work with.
Some snap-ins that can be set to work with local and remote systems can be started from the command line with the focus set on a specific computer. This is a hidden feature that many people don’t know about or don’t understand. Set the focus when you start a console from the command line by using the following parameter:
/computer=RemoteComputerHere, RemoteComputer is the name or IP address of the remote computer you want the snap-in to work with, such as:
compmgmt.msc /computer=corpserver01
or:
services.msc /computer=corpserver32
Note
For remote management, the appropriate Windows Firewall rules must be enabled on the target computer. Specifically, the inbound rule for COM+ Network Access (DCOM-In) must be enabled in addition to any appropriate rules related to the snap-in you want to work with. For more information, see Chapter 4.
Several hidden options are available with the Active Directory–related snap-ins. For Active Directory Users And Computers, Active Directory Sites And Services, and Active Directory Domains And Trusts, you can use the /Server parameter to open the snap-in and connect to a specified domain controller. For example, if you want to start Active Directory Users And Computers and connect to the CorpSvr02 domain controller, you could do this by typing the following:
dsa.msc /server=CorpSvr02
For Active Directory Users And Computers and Active Directory Sites And Services, you can use the /Domain parameter to open the snap-in and connect to a domain controller in the specified domain. For example, if you want to start Active Directory Users And Computers and connect to the cpandl.com domain, you could do this by typing the following:
dsa.msc /domain=cpandl.com
If you find that the existing console tools don’t meet your needs or you want to create your own administration tool with the features you choose, you can build your own custom console tools. This enables you to determine which features the console includes, which snap-ins it uses, and which additional commands are available.
The steps for creating custom console tools are as follows:
Create the console for the tool.
Add snap-ins to the console. Snap-ins you use can include Microsoft console tools and console tools from third-party vendors.
When you are finished with the design, save the console in user mode so that it is ready for use.
Each step is examined in detail in the sections that follow. Optionally, you can create one or more taskpad views containing shortcuts to menu commands, shell commands, and navigation components you want to include in your custom tool. Techniques for creating taskpad views are discussed in the Designing custom taskpads for the MMC section later in this chapter.
The first step in building a custom console tool is to create the console you’ll use as the framework. To get started, open a blank MMC in author mode. Type mmc in the Search box and then press Enter. This opens a blank console titled Console1 that has a default console root, as shown in Figure 5-4.
If you want your custom tool to be based on an existing console, you can open its .msc file and add it to the new console. Select Open on the File menu and then use the Open dialog box to find the .msc file you want to work with. As discussed previously, most .msc files are in the %SystemRoot%System32 directory. Any existing console you choose will open in author mode automatically. Keep in mind that you generally don’t want to overwrite the existing .msc file with the new .msc file you are creating. Because of this, when you save the custom console, be sure to choose Save As rather than Save on the File menu.
If you want to start from scratch, work with the blank console you just opened. The first thing you want to do is rename the console root to give it and the related window a more meaningful name. For example, if you are creating a console tool to help you manage Active Directory Domain Services, you could rename the console root Active Directory Management. To rename the console root and the related window, press and hold or right-click the console root and select Rename. Type the name you want to use and then press Enter.
Next, consider how many windows the console tool must have. Most console tools have a single window, but as shown in Figure 5-5, a console can have multiple windows, each with its own view of the console root. You add windows to the console by using New Window on the Window menu. After you add a window, you’ll probably want the MMC to tile the windows automatically, as shown in Figure 5-5. You can tile windows by selecting Tile Horizontally on the Window menu. You don’t have to do this, however; anytime there are multiple windows, you can use the options on the Window menu to switch between them.
While you are thinking about the organization of the tool and the possibility of using additional views of the console root, you should also consider the types of snap-ins that you want to add to the console. Each of the tools listed in Table 5-1 is available as a standalone snap-in you can add to the console. If you’ve installed any third-party tools on the computer, these tools might have standalone snap-ins you can use. Many other snap-ins are also available from Microsoft.
Again, think of snap-in types or categories, not necessarily specific snap-ins you want to use. You might want to organize the snap-ins into groups by creating folders for storing snap-ins of a specific type or category. For example, if you are creating a console tool for managing Active Directory, you might find that there are four general types of snap-ins you want to work with: General, Policy, Security, and Support. You would then create four folders in the console with these names.
Folders are implemented as a snap-in you add to the console root. To add folders to the console root, follow these steps:
In the MMC, choose Add/Remove Snap-In from the File menu in the main window. As shown in Figure 5-6, this opens the Add Or Remove Snap-Ins dialog box.
The Available Snap-ins list shows all available snap-ins. Scroll through the list until you see the Folder snap-in. Select Folder and then tap or click Add. The Folder snap-in is added to the Selected Snap-ins list. Repeat this for each folder you want to use. If you are following the example and want to use four folders, tap or click Add three more times so that four Folder snap-ins appear in the Add Or Remove Snap-Ins dialog box, as shown in Figure 5-6.
Now close the Add Or Remove Snap-ins dialog box by tapping or clicking OK and return to the console you are creating.
After you add folders, you must rename them. Press and hold or right-click the first folder and choose Rename. Type a new name and then press Enter. If you are following the example, rename the folders: General, Policy, Security, and Support. When you are finished renaming the folders, follow a similar process to add the appropriate snap-ins to your console.
Choose Add/Remove Snap-in on the File menu in the main window. This opens the Add Or Remove Snap-ins dialog box shown in Figure 5-6.
Tap or click Advanced. Select the Allow Changing The Parent Snap-in check box. When you tap or click OK, the Add Or Remove Snap-ins dialog box is updated to include a Parent Snap-in drop-down list.
In the Parent Snap-in drop-down list, choose the folder to use. In the Available Snap-ins list, choose a snap-in to add as a subnode of the selected folder and then tap or click Add. When you are finished adding snap-ins to the selected folder, repeat this step to add snap-ins to other folders.
When you are finished adding snap-ins to folders, tap or click OK to close the Add Or Remove Snap-ins dialog box and return to the console you are creating.
Some snap-ins prompt you to select a computer to manage, as shown in Figure 5-7.
If you want the snap-in to work with whichever computer the console is running on, select Local Computer. Otherwise, select Another Computer and then type the computer name or IP address of the computer you want to use. If you don’t know the computer name or IP address, tap or click Browse to search for the computer you want to work with.
Some snap-ins are added by using wizards with several configuration pages, so when you select these snap-ins, you start the associated wizard, and the wizard helps you configure how the snap-in is used. One particular snap-in that uses a wizard is Link To Web Address. When you add this snap-in, you start the Link To Web Address Wizard, as shown in Figure 5-8, and the wizard prompts you to create an Internet shortcut. Here, you type the Uniform Resource Locator (URL) you want to use, tap or click Next, enter a descriptive name for the URL, and then tap or click Finish. Then, when you select the related snap-in in the console tree, the designated webpage appears in the details pane.
While you are adding snap-ins, you can also examine the available extensions for snap-ins. In the Add Or Remove Snap-ins dialog box, choose a previously selected snap-in and then tap or click Edit Extensions. In the Extensions For dialog box, all available extensions are enabled by default, as shown in Figure 5-9. So, if you want to change this behavior, you can select Enable Only Selected Extensions and then clear the individual check boxes for extensions you want to exclude.
Figure 5-10 shows the example console with snap-ins organized using the previously discussed folders:
General. Contains Active Directory Users And Computers, Active Directory Sites And Services, and Active Directory Rights Management Services
Policy. Contains Group Policy Management and Resultant Set Of Policy
Security. Contains Security Templates and Security Configuration And Analysis
Support. Contains links to Microsoft Knowledge Base, Microsoft Tech Support, and Windows Server Home Page
When you are finished with the design, you are ready to save your custom console tool. Before you do this, however, you should consider a few final design issues:
What you want the initial console view to be
Which user mode you want to use
Which icon you want to use
What you want to name the console tool and where you want it to be located
By default, the MMC remembers the last selected node or snap-in and saves this as the initial view for the console. In the example tool created, if you expand the General folder, select Active Directory Users And Computers, and then save the console, this selection is saved when the console is next opened.
Keep in mind that subsequent views depend on user selections.
When you are finished authoring the console tool, select Options on the File menu. In the Options dialog box, as shown in Figure 5-11, you can change the console mode so that it is ready for use.
Figure 5-11. On the Console tab of the Options dialog box, you select a console mode and determine whether users can change the console.
In most cases, you’ll want to use User Mode - Full Access. Full access has the following characteristics:
Users have a Window menu that enables them to open new windows; they can also press and hold or right-click a node or snap-in and choose New Window From Here to open a new window.
Users can press and hold or right-click and choose New Taskpad View to create a new taskpad view.
With user mode set to Limited Access, Multiple Window, the console has the following characteristics:
Users have a Window menu that allows them to arrange windows; they also can press and hold or right-click a node or snap-in and choose New Window From Here to open a new window.
Users cannot press and hold or right-click and choose New Taskpad View to create a new taskpad view.
With user mode set to Limited Access, Single Window, the console has the following characteristics:
Users do not have a Window menu and cannot press and hold or right-click a node or snap-in and choose New Window From Here to open a new window.
Users cannot press and hold or right-click and choose New Taskpad View to create a new taskpad view.
To prevent user selections from changing the view, you find two handy options when you select Options from the File menu:
Do Not Save Changes To This Console. Select this option to prevent the user from saving changes to the console. Clear this option to change the view automatically, based on the user’s last selection in the console before exiting.
Allow The User To Customize Views. Select this option to enable users to add windows focused on a selected item in the console. Clear this option to prevent users from adding customized views.
While you are working in the Options dialog box, you might consider setting custom icons for your console tools. All the console tools developed by Microsoft have their own icons. You also can use these icons for your console tools, or you could use icons from other Microsoft programs quite easily. In the Options dialog box (which opens when you select Options on the File menu), tap or click Change Icon. This opens the Change Icon dialog box, as shown in Figure 5-12.
In the Change Icon dialog box, tap or click Browse. By default, the Open dialog box should open with the directory set to %SystemRoot%System32. In this case, type shell32.dll as the File Name and tap or click Open. You should now see the Change Icon dialog box with the Shell32.dll selected, which enables you to choose one of several hundred icons registered for use with the operating system shell. (See Figure 5-13.) Choose an icon, tap or click OK, and then tap or click OK to close the Options dialog box. From then on, the icon will be associated with your custom console tool.
After you set the user mode, you can save the console tool. It can appear as one of the following:
A desktop icon. Select Save As on the File menu and then navigate the folder structure to %SystemDrive%Users%UserName%Desktop. Here, %UserName% is the name of the user who will work with the tool. After you type a name for the console, tap or click Save.
A folder icon. Select Save As on the File menu and then navigate to the folder where you want the console tool to reside. After you type a name for the console, tap or click Save.
An option on the Tools menu in Server Manager. Select Save As on the File menu and then navigate to the %SystemRoot%System32 folder. After you type a name for the console, tap or click Save. Tap and hold or right-click the MMC and then select Create Shortcut. By default, you are prompted to save the shortcut on the desktop and tap or click Yes to confirm. Tap and hold or right-click the shortcut and then select Cut. In File Explorer, navigate the folder structure to %SystemDrive%ProgramDataMicrosoftWindowsStart MenuProgramsAdministrative Tools. In the right pane of File Explorer, tap and hold or right-click and then select Paste.
An option on the Tools menu in Server Manager for a specific user. Select Save As on the File menu and then navigate to the %SystemRoot%System32 folder. After you type a name for the console, tap or click Save. Tap and hold or right-click the MMC and then select Create Shortcut. By default, you are prompted to save the shortcut on the desktop and tap or click Yes to confirm. Tap and hold or right-click the shortcut and then select Cut. In File Explorer, navigate the folder structure to %SystemDrive%Users%UserName%AppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools. In the right pane of File Explorer, tap and hold or right-click and then select Paste. Here, %UserName% is the name of the user who will work with the tool.
When you want to simplify administration or limit the available tasks for junior administrators or Power Users, you might want to consider adding a taskpad to a console tool. By using taskpads, you can create custom views of your console tools that contain shortcuts to menu commands, shell commands, and navigation components.
Basically, taskpads enable you to create a page of tasks you can perform quickly by tapping or clicking the associated shortcut links rather than using the existing menu or interface provided by snap-ins. You can create multiple taskpads in a console, each of which you access as a taskpad view. Control Panel is an example of a console that has a taskpad. As with most taskpads, the Control Panel has two purposes: it provides direct access to the commands or tasks so that you don’t have to navigate menus, and it limits your options to a set of predefined tasks you can perform.
You create taskpads when you are working with a console tool in author mode. Taskpads can contain the following items:
Menu commands. Menu commands are used to run the standard menu options of included snap-ins.
Shell commands. Shell commands are used to run scripts or programs or to open webpages.
Navigation components. Navigation components are used to navigate to a saved view on the Favorites menu.
Taskpad commands are also called tasks. You run tasks just by tapping or clicking their links. In the case of menu commands, tapping or clicking the links runs the menu commands. For shell commands, tapping or clicking the links runs the associated scripts or programs. For navigation components, tapping or clicking the links displays the designated navigation views. If you have multiple levels of taskpads, you must include navigation components to enable users to get back to the top-level taskpad. The concept is similar to having to create a home link on webpages.
Figure 5-14 shows a taskpad created for the Active Directory Users And Computers snap-in that has been added to the custom tool created earlier in the chapter.
As you can see, the task page view is labeled Active Directory Management, and it provides the following commands:
Create Computer. Used to start the New Object—Computer Wizard
Find Objects. Used to open the Find Users, Contacts, And Groups dialog box
Create Group. Used to start the New Object—Group Wizard
Create User. Used to start the New Object—User Wizard
Connect To Domain. Used to select the domain to work with
Create Advanced Query. Used to define an Active Directory query and save it so that it can be reused
Taskpads can be organized in several ways. By default, they will have two views: an extended taskpad view and a standard view. The extended view contains the list of tasks you’ve defined and can also contain the console items being managed. The standard view contains only the console items being managed. When you create the taskpad, you have the option of hiding the standard view by selecting the Hide Standard Tab check box.
The extended view of the taskpad can be organized using a vertical list, a horizontal list, or no list. In a vertical list, as shown previously in Figure 5-14, taskpad commands are listed to the left of the console items they are used to manage. This organization approach works well when you have a long list of tasks and you still want users to be able to work with the related snap-ins.
With a horizontal list, as shown in Figure 5-15, the console items managed by the taskpad are listed above the taskpad commands. This organization style is best when you want to display multiple columns of taskpad commands and still be able to work with the related snap-ins.
In some cases, you might not want to show the console items being managed by the taskpad in the same view as the tasks. In this case, you can specify that no list should be used. When you choose the No List option, the taskpad commands are shown by themselves on the taskpad tab (Active Directory Management in the example), and users can tap or click the Standard tab to access the related console items.
When you select the No List option, you can limit users’ options to the tasks you’ve defined and not allow users to access the console items being managed. To do this, you specify that the Standard tab should be hidden. From then on, when working with the console items being managed, users can perform only the tasks defined on the taskpad, such as shown in Figure 5-16.
Any console tool that has at least one snap-in can have an associated taskpad. To create a taskpad, you must open the console in author mode and then follow these steps:
In your custom MMC, press and hold or right-click the folder or console item you want to work with and then choose New Taskpad View to start the New Taskpad View Wizard. Keep in mind that a single taskpad can be used to manage multiple console items.
In the New Taskpad View Wizard, tap or click Next and then configure the taskpad display. (See Figure 5-17 for an example.) Select the style for the details page as Vertical List, Horizontal List, or No List and set the task description style as Text or InfoTip. You also can choose to hide the Standard tab (which only limits the tasks that can be performed if you also select the No List style). As you make selections, the wizard provides a depiction of what the results will look like as a finished taskpad. Tap or click Next to continue.
On the Taskpad Reuse page (shown in Figure 5-18), you must decide whether to apply the taskpad view to the selected tree item only (the item you press and hold or right-click) or to any other tree item of the same type. If you choose the latter option, you also have the option to change the default display for any items used in the taskpad to the taskpad view. Typically, you’ll want to do this to standardize the view, especially if you’ve hidden the Standard tab and don’t want users to have other options. Tap or click Next.
Next, you set the name and description for the taskpad. The name appears at the top of the taskpad and on the tab at the bottom of the taskpad. The description appears at the top of the taskpad under the taskpad name. Tap or click Next.
On the final wizard page, tap or click Finish to create the taskpad. The Add New Tasks To This Taskpad After The Wizard Closes check box is selected by default, so if you tap or click Finish without clearing this option, the New Task Wizard starts and helps you create tasks for the taskpad.
If you want to create multiple taskpads, you can repeat this procedure. For the example console, you might want to have a taskpad for each folder; in that case, you would create three additional taskpads. Any additional taskpads you create can be placed at the same place in the console tree or at a different part of the console tree. You access multiple taskpads placed at the same part of the console tree by using the tabs provided in the details pane.
As long as you are in author mode, any taskpad you created can easily be edited or removed. To edit a taskpad view, press and hold or right-click the item where you defined the taskpad and then select Edit Taskpad View from the shortcut menu. This opens a Properties dialog box containing two tabs:
General. Use the options on the General tab, shown in Figure 5-19, to control the taskpad style and to display or hide the Standard tab. Tap or click Options to specify to which items the taskpad view is applied.
Tasks. Use the Tasks tab to list current tasks defined for the taskpad. Use the related options to create new tasks or manage the existing tasks.
You create tasks by using the New Task Wizard. By default, this wizard starts automatically when you finish creating a taskpad view. You also can start the wizard by using the taskpad Properties dialog box. On the Tasks tab, tap or click New. Alternatively, in your MMC, press and hold or right-click the folder or console item where you defined the taskpad and then select Edit Taskpad View from the shortcut menu.
After the New Task Wizard is started, tap or click Next and then select the command type as follows:
Choose Menu Command to run the standard menu options of included snap-ins.
Choose Shell Command to run scripts or programs or to open webpages.
Choose Navigation to navigate to a saved view on the Favorites menu.
The subsequent screens you see depend on the type of task you are creating.
After choosing to create a menu command, select a source for the command, as shown in Figure 5-20. You specify the source of the command as a node from the console tree or from the list in the results pane for the item selected when you started the wizard. If you choose Node In The Tree as the source, select a snap-in in the console tree and then choose one of the available commands for that snap-in. The available commands change based on the snap-in you’ve selected.
Next, you set the name and description for the task. The name is used as the shortcut link designator for the task. The description is displayed as text under the shortcut link or as an InfoTip, depending on the way you configured the taskpad.
On the Task Icon page, you can choose an icon for the task. Select Icons Provided By MMC to choose any of the icons the MMC provides. Tap or click an icon to select it and to display what the icon symbolizes and its alternate meanings. If you want to use a different set of icons, select Custom Icon and then tap or click Browse. This opens the Change Icon dialog box. Tap or click Browse to open the Open dialog box. By default, the Open dialog box should open with the directory set to %SystemRoot%System32. In this case, type shell32.dll as the File Name and tap or click Open. You should now see the Change Icon dialog box with the Shell32.dll selected, which enables you to choose one of several hundred icons registered for use with the operating system shell.
When you tap or click Next again, the wizard confirms the task creation and shows a current list of tasks on the taskpad if you tap or click Finish to finalize the creation of the current task. If you want to create another task, select the When I Click Finish, Run This Wizard Again check box and then repeat this process. Otherwise, just tap or click Finish.
After choosing to create a shell command, specify the command line for the task, as shown in Figure 5-21.
The options are as follows:
Command. The full file or Universal Naming Convention (UNC) path to the command you’ve chosen to run, such as C:ScriptsCheckpol.bat or \Corpserver01ScriptsCheckpol.bat. The command can be a shell or batch script or a program. If you don’t know the path to use, tap or click Browse and then use the Open dialog box to find the program you want to run.
Parameters. The command-line parameters you want to pass to the script or program. Tap or click the right arrow beside the parameters field to display variables you can use. (These are related to the snap-in you selected originally when creating the taskpad.) Select a variable to add it to the list of command-line parameters.
Start In. The startup (or base) directory for the script or program you’ve chosen, such as C:Temp.
Run. The type of window the script or program should run within: a normal, minimized, or maximized window.
Next, you set the name and description for the task. The name is used as the shortcut link designator for the task. The description is displayed as text under the shortcut link or as an InfoTip, depending on the way you configured the taskpad.
Next, you can choose an icon for the task. As discussed previously, you can select Icons Provided By MMC or Custom Icon. If you use custom icons, you probably want to use the Shell32.dll in the %SystemRoot%System32 directory to provide the custom icon.
When you tap or click Next again, the wizard confirms the task creation and shows a current list of tasks on the taskpad if you tap or click Finish to finalize the creation of the current task. If you want to create another task, select the When I Click Finish, Run This Wizard Again check box and then repeat this process. Otherwise, just tap or click Finish.
Navigation tasks are used to create links from one taskpad to another or from a taskpad to a saved console view. Before you can create navigation tasks, you must save a console view or a view of a particular taskpad to the Favorites menu. To do this, while in author mode, navigate down the console tree until the taskpad or item to which you want to navigate is selected and then select Add To Favorites on the Favorites menu. In the Add To Favorites dialog box, shown in Figure 5-22, type a name for the favorite and then tap or click OK. Then you can create a navigation task on a selected taskpad that uses that favorite.
You create the navigation task by using the New Task Wizard. In the New Task Wizard, choose Navigation as the task type. Next, select the favorite to which you want users to navigate when they tap or click the related link. As shown in Figure 5-23, the only favorites available are the ones you’ve created as discussed previously.
Next, you set the name and description for the task. The name is used as the shortcut link designator for the task. The description is displayed as text under the shortcut link or as an InfoTip, depending on the way you configured the taskpad. If you are creating a link to the main console tool page, you might want to call it Home.
Next, you can choose an icon for the task. As discussed previously, you can select Icons Provided By MMC or Custom Icon. If you created a link called Home, the MMC provides a Home icon to use. If you use custom icons, you probably want to use the Shell32.dll in the %SystemRoot%System32 directory to provide the custom icon.
When you tap or click Next again, the wizard confirms the task creation and shows a current list of tasks on the taskpad if you tap or click Finish to finalize the creation of the current task. If you want to create another task, select the When I Click Finish, Run This Wizard Again check box and then repeat this process. Otherwise, just tap or click Finish.
As long as you are in author mode, you can edit tasks and their properties by using the taskpad Properties dialog box. To open this dialog box, press and hold or right-click the folder or item where you defined the taskpad and then select Edit Taskpad View from the shortcut menu. On the Tasks tab shown in Figure 5-24, you can do the following:
Arrange tasks. To arrange tasks in a specific order, select a task and then tap or click Move Up or Move Down to set the task order.
Create new tasks. To create a new task, tap or click New and then use the New Task Wizard to define the task.
Edit existing tasks. To edit a task, select it and then tap or click Modify.
Remove tasks. To remove a task, select it and then tap or click Remove.
As you’ve seen, the MMC provides a complete framework for creating custom tools that can be tailored to the needs of a wide range of users. For administrators, you could create custom consoles tailored for each individual specialty, such as security administration, network administration, or user administration. For junior administrators or advanced users with delegated privileges, you could create custom consoles that include taskpads that help guide them by providing lists of common commands, and you can even restrict this list so that these individuals can perform only these commands.
Because custom consoles are saved as regular files, you can publish and distribute them as you would any other file. You could put the consoles on a network file server in a shared folder. You could email the consoles directly to those who will use them. You could use Active Directory to publish the tools. You could even copy them directly to the Tools menu in Server Manager, as discussed previously.
In any case, users need appropriate access permissions to run the tasks and access the snap-ins. These permissions must be granted for a particular computer or for the network.