Tue, Mar 25 2008 19:51
bradley
RSAT, Vista and ShellRunas
Download details: Microsoft Remote Server Administration Tools for Windows Vista 86-bit Edition (KB941314):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fc-d52065de9960&displaylang=en&Hash=jfptexA7eVIT2sQ8t4AKFfaJ3O%2f1dT2G%2fC9oL7XqEQ1m8ytqeBddcCG9%2b6yKZVHI6XUfNSekDe%2b%2b2BQMX2oDYg%3d%3d
Microsoft Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista SP1
When you install Vista sp1 it removed the GPMC from the workstation that you need to admin group policies on the server that impact Vista workstations.
|
To install the Administration Tools pack |
-
Download the Administration Tools package from the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=95703).
-
Open the folder into which the package downloaded, and double-click the package to unpack it and start the Microsoft Remote Server Administration Tools Setup Wizard.
|
Note |
|
You must accept the License Terms and Limited Warranty to begin installing Administration Tools. |
-
Complete all the steps required by the wizard, and click Finish to exit the wizard when installation is complete.
-
Click Start, click Control Panel, and then click Programs.
-
In the Programs and Features area, click Turn Windows features on or off.
-
If you are prompted by User Account Control to allow the Windows Features dialog box to open, click Continue.
-
In the Windows Features dialog box, expand Remote Server Administration Tools.
-
Select the remote management tools that you want to install.
-
Click OK.
And there ya go....
Just remember if you log in as "you" and not as a domain admin you'll see inaccessible on some of the domain policies.
I think you'll want to add this as your tool bag as well... in fact it's a MUST have if you are a lazy bone like me and don't want to relog into the domain.
ShellRunas:
http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx
Go to the command line.. do ShellRunas /reg to make it register into the tool bar
And then you get this:
Which allows you to enter domain credentials
Please read Dr. J's Security Resource Kit for the fact that I have now "But suppose the user logging on to the workstation is a member of the local administrators group on the server. And say the domain administrator frequently logs on to the server. .....However, in this case, a user who logs on to the workstation is a member of the Administrators group on the server. Thus, the security of the server is dependent on the security of the workstation. That means the security of the entire domain is dependent on the security of the workstation. And, guess what: the user on that workstation just unwittingly ran the attacker's tool."
In this case I have no choice. I must use a workstation to admin the Vista group policies as I cannot at the server. I know I'm adding a bit of risk logging in as the domain admin on a workstation, but it's an acceptable risk I take.
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")