Management Console

Policies and Procedures for Securing XenApp

Tariq Bin Azad , in Securing Citrix Presentation Server in the Enterprise, 2008

Installing the GPMC

The GPMC is a downloadable production from the Microsoft Downloads Web site. It does not come on the Windows Server 2003 CD. To install the GPMC:

1

Double-click the gpmc.msi package, and click Next (Figure vi.12).

Figure 6.12. GPMC Installation
two

Concur to the Finish User License Agreement (EULA), and click Side by side (Figure 6.13).

Effigy 6.13. Policy Management Console License Agreement
three

Click Terminate to complete the installation (Effigy 6.xiv).

Figure 6.fourteen. Group Policy Finish

Upon completion of the installation, the Group Policy tab that appeared on the Holding pages of sites, domains, and OUs in the Active Directory snap-ins is updated to provide a direct link to GPMC. The functionality that previously existed on the original Group Policy tab is no longer bachelor, since all functionality for managing Group Policy is available through GPMC.

To open up the GPMC snap-in straight, apply either of the following methods:

Click the Group Policy Direction shortcut in the Authoritative Tools binder on the Offset menu or in the Control Panel (Figure half-dozen.fifteen).

Figure 6.xv. Accessing the GPMC

Create a custom MMC console. Click Start, Run, type MMC, and click OK. Point to File, click Add together/Remove Snap-in, click Add, highlight Group Policy Management, click Add, click Close, and and then click OK.

To repair or remove GPMC, apply Add or Remove Programs in Control Console. Alternatively, run the gpmc.msi package, select the advisable pick, and click Terminate.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9781597492812000068

An Introduction to the GFI LANguard Network Security Scanner Management Console

Brien Posey , in GFI Network Security and PCI Compliance Ability Tools, 2009

The Main Console Screen

You can access the management console by choosing the LANguard Network Security Scanner command from the Showtime | All Programs | GFI LANguard Network Security Scanner 8.0 menu. When the direction console first opens, you will come across a screen similar to the one that'southward shown in Figure two.1, asking if you want to perform a local computer scan, a complete network scan, or a custom scan. Since nosotros're not quite prepare to scan anything nonetheless, click the Abolish button. Yous might likewise take noticed in the effigy, that this screen contains a check box that you can deselect if you don't want this screen to exist displayed every time that you open up the management console.

Figure ii.1. Click Cancel to Avert Scanning Annihilation at this Time

When you lot click Cancel, Windows volition brandish the primary management console screen. You can see what the console looks like in Figure two.2.

Figure 2.two. The GFI LANguard Network Security Scanner Direction Console is the Production's Primary Authoritative Interface

In the screen capture above, y'all can encounter that the console is divided into a few different sections, or panes. The pane on the left is a navigation pane. This is the pane that you will apply to move around in the panel. Functions such as initiating a browse, filtering the scan results, and deploying patches are all invoked from this pane.

The right side of the console is currently split into three dissever panes, although in some situations only ii of the panes are used. The upper middle pane is the Scanned Computers pane. When you lot perform a security scan, the computers that have been scanned volition be listed in this pane. Typically, this pane will show each car's Internet Protocol (IP) address, Network Basic Input/Output System (NetBIOS) name, operating system, and service pack level.

Only to the correct of the Scanned Computers pane is the Scan Results pane. When you showtime complete a security scan, this pane will show you lot a brief summary of the scan's effect. If you click on an individual computer in the Scanned Computers pane, the data in the Browse Results pane volition modify to display data related specifically to the currently selected machine.

The pane in the lower right portion of the management console is the Scanner Activity pane. This pane isn't always used, but when information technology is used, it will evidence you how the current scan is progressing.

The management console offers a lot of other functions, but it has been my experience that 99 percent of the time when yous are working with the management console, you will be using the four panes that I accept just described.

Tools & Traps…

Screen Resolution

Nearly servers aren't exactly known for using high-finish video cards, or even offering annihilation across minimal screen resolution. However, in the instance of using the management console, screen resolution is relatively important. Once you begin scanning the computers on your network and analyzing the results, you will see that the management console attempts to brandish a lot of information. At lower resolution levels, a lot of this information will non fit on the screen. Your server console (or remote server session) will demand to be running a brandish resolution of at least 1024 × 768, merely higher resolutions piece of work fifty-fifty ameliorate.

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9781597492850000029

Cisco Enterprise IDS Management

In Cisco Security Professional'southward Guide to Secure Intrusion Detection Systems, 2003

IDS MC Installation

The IDS MC software installs its components into the same directory as the CiscoWorks Common Services software components. This is typically in the directory: Program Files\CSCOPx. The directory construction is shown in Figure ten.4.

Effigy 10.iv. The IDS MC Directory Tree Structure

Cisco chose to utilize an open source plan chosen Apache for the congenital-in Spider web server for CiscoWorks. The subdirectory \Apache is where the Apache Web Server is installed and from where Apache serves the Web pages that are displayed when using the IDS MC. The Sybase subdirectory is where the Sybase SQL Anytime database is installed besides equally where all data from the IDS appliances and the IDSM sensors is stored. The Tomcat subdirectory is where the Tomcat application server is installed. This server provides servlets to the IDS MC from the Common Services. The Etc\ids directory is where the IDS MC is actually stored. The updates subdirectory is where the signature update packs are stored for the MC to push out to the sensors or to the MC itself.

Read full affiliate

URL:

https://world wide web.sciencedirect.com/science/commodity/pii/B9781932266696500306

Planning

In Host Integrity Monitoring Using Osiris and Samhain, 2005

User Access

The management console should only be attainable to security administrators who need to read logs or manage monitored hosts. Practise not install the direction panel on your corporate mail server and expect passwords or file permissions to provide adequate security for the organization. Guest accounts should exist shut off; at the very least remote access should exist express to only those who demand information technology. List all of the personnel who require an account on this organization and what their role is. This will facilitate the full general security administration for the host (east.g., which accounts will have SUDO access).

Note how y'all volition be auditing the actions of user accounts on the direction console host in your planning certificate. This is important for accountability, change management, and the detection of suspicious beliefs.

Read total chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9781597490184500113

Host Integrity Monitoring with Open Source Tools

In Host Integrity Monitoring Using Osiris and Samhain, 2005

Logging

The management console is responsible for all data assay; therefore, all log data resides on the console host. Later every browse, the panel performs a comparison between all of the information in the newly created scan database and the trusted database for that host. Whatsoever differences result in a log message.

Osiris has a few unlike logging vectors. Scan logs generated by the panel can be saved to a file, sent to the system log, or piped to an application. But every bit with scan databases, logs associated with a scan can be configured in three different ways ranging from minimal to one for each scan.

Each log bulletin has an ID to facilitate parsing by log analysis tools (encounter Figure 5.4).

Figure 5.4. Osiris Log Format Structure

Read full chapter

URL:

https://world wide web.sciencedirect.com/science/commodity/pii/B9781597490184500125

Patch Management

Brien Posey , in GFI Network Security and PCI Compliance Power Tools, 2009

Viewing Missing Patch Information Through the Management Console

The management console has kind of an odd way of displaying patching information. If y'all expect at Effigy 7.four, you volition discover that in that location is a System Patching Condition container located below the listing for each computer in the console'due south center pane. Notice though, that when yous click on this container, the pane on the right will simply testify y'all the service packs and patches that are actually installed. Missing patches and service packs are listed beneath the Vulnerabilities container, equally shown in Effigy vii.5.

Effigy 7.4. The System Patching Status Container Merely Shows the Patches and Service Packs That Are Actually Installed on Each Figurer

Figure 7.5. Missing Patches and Service Packs Are Listed Beneath Each Computer's Vulnerability Container

Notice in the effigy above how all of the missing patches and service packs for each computer are grouped by production. This helps you to be able to tell how vulnerable the operating arrangement is, or how vulnerable a item application is on a given calculator.

Read total affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9781597492850000078

Browsing the Consequence Logs

Brien Posey , in GFI Network Security and PCI Compliance Power Tools, 2009

Solutions Fast Track

Browsing the Logs

The management console displays log entries in a single list from all the computers beingness monitored.

Each of the containers on the left side of the console is linked to a dynamic query.

The All Events container does not actually display all the events collected, but rather just those events apropos the currently selected events browser.

Customizing the Events Browser View

To customize the Events Browser, click the Customize View link, plant in the Mutual Tasks area.

The customization process lets y'all control where, or if, issue details should be displayed.

Yous can color-code certain types of events.

Creating Custom Queries

Y'all can create custom queries that appear as containers aslope the default queries.

Y'all can remove a custom query by right-clicking it and choosing the Delete command from the shortcut menu.

Exporting Events

If you need to build a case against someone, information technology is easier to export the pertinent events to a spreadsheet than to sift through log entries.

Exported events are written to a CSV file, which tin be opened in Excel.

Read total chapter

URL:

https://www.sciencedirect.com/science/commodity/pii/B9781597492850000145

Assistants and Active Directory Integration

In Designing SQL Server 2000 Databases, 2001

Microsoft Management Panel

One of the improvements in Windows 2000 was a common framework for authoritative consoles. This framework manifested into the Microsoft Direction Console (MMC). MMC is a primal application used to manage whatever and all facets of the Windows 2000 operating system.

One of the more than confusing aspects of running legacy Windows NT servers was the inconsistency of the administrative tools. Some tools were "right-clickable"; others didn't support pop-upwardly menus. Some tools used an organizational tree structure, others used icons, and so on. MMC was created to streamline and simplify daily direction of Windows 2000 Server systems.

The MMC itself is a shell. It hosts other applications and utilities. This makes the MMC extensible. Not simply will futurity development of Microsoft BackOffice products use this shell, merely administrators can develop their own unique consoles to aid organize their everyday tasks. An MMC can exist created and saved equally a file with an .MSC extension. Once a panel has been saved equally a file, an ambassador can distribute that panel to users, groups—fifty-fifty computers.

The MMC is extensible with snap-ins, additional utilities that work within the MMC shell. To customize the MMC:

i.

Click Start | Run.

2.

Type MMC and press Enter.

3.

Click the Panel menu.

4.

Select Add/Remove Snap-In.

five.

Click the Add button.

half-dozen.

Select the snap-in from the list, and click Add together.

7.

Select the reckoner that this snap-in volition manage, and click Finish.

8.

Continue to add snap-ins until all that are required are added, then click the Shut button.

9.

Click Close when the process is complete.

Tip

To reduce the time and effort it takes to open and close multiple console applications as you lot move from task to task, you can create a custom MMC that includes all the consoles that you lot normally apply. For example, yous might want to add the SQL Enterprise Manager snap-in, the Analysis Manager, and Active Directory Users and Computers to a unmarried custom MMC.

SQL Server Enterprise Manager

SQL Server Enterprise Managing director is the main administrative tool for managing a SQL Server. Enterprise Manager is a consummate SQL Server management tool based on SQL-DMO. With it you tin:

Offset and end SQL Server.

Assign the system ambassador'due south countersign.

Schedule jobs.

Manage SQL Server users and security.

Configure servers.

Register servers, databases, and publications in Active Directory.

Monitor the server with alerts and email notification.

Manage all aspects of a SQL database.

Enterprise Managing director organizes servers into server groups for simplification of assistants. Using these groups, an administrator tin can limit access for users to those items within a detail server group. The server groups can be used for applying commands across several servers at once, instead of a single server at a time. SQL Servers are automatically placed within a default server group named SQL SERVER Grouping. To make your own:

The Delegation of Administration Wizard

In smaller organizations, many DBAs are given the task of managing a gear up of users for all their network needs, in improver to handling database access. These DBAs need to create new users, assign permissions, update the user accounts, and manage their general network use. In the sometime Windows NT domain earth, at that place was no choice just to make these DBAs office of the Domain Admins group, thus granting the database administrators many more rights than were necessary for performing their jobs.

In Windows 2000, this is no longer an consequence. Active Directory enables an administrator to delegate rights to an OU. For DBAs with extended job functions, this means that they tin exist granted their own OUs with their own user accounts and the correct to manage those user accounts. This feature can be executed with the Delegation of Assistants Wizard as follows:

1.

To start the wizard, navigate to the OU that volition be delegated to the DBA, and right-click it.

two.

Select Delegate Command from the popular-up carte du jour.

iii.

Click Next at the Welcome screen for the Delegation of Administration Wizard.

four.

The next screen will ask you lot for the user or group account to whom you want to give control. Click the Add push, and add the user(s) and/or group(due south) to the list past selecting the accounts and clicking the Add together push button for each, then clicking OK to close the dialog box.

5.

Whenever possible, consul control to a grouping and add together the users to information technology, even if in that location is but a single user. This method makes it easier to adjust your administrative team later. Click Next.

6.

The next dialog box allows you to select the administrative functions that will exist given to the accounts y'all selected in the previous dialog box. The most common administrative functions are listed with check boxes at the tiptop, or you lot tin can click the radio button to customize the abilities this administrative group will have. When you lot're finished with your selections, click Next.

seven.

Finally, review the information and verify that it is correct, and so click the Finish push.

1.

Log on as a user with administrative privileges.

ii.

Click Starting time | Programs | Microsoft SQL Server | Enterprise Director.

3.

Right-click the Microsoft SQL Servers container.

4.

Select New SQL Server Grouping from the pop-upward menu. The Create New Server Grouping dialog box shown in Effigy 6.xix will appear.

Figure 6.nineteen. Creating a new server group.
5.

Blazon a name for the new server group. You too have the pick of placing this new server group into a hierarchy by making information technology a subgroup of another server grouping. Otherwise, it should exist a top-level group.

6.

Click OK.

Once the server group is created, you can populate it with servers. To practice so, right-click a server group, and select New SQL Server Registration from the popup carte. Click the Next button at the Welcome screen. Select a SQL Server from the available servers on your network. Click the Add button to motility each server into the Added Servers list, so click Next. On the following screen, select the security type, and click Side by side. Select or create a server grouping, and click Next. Review the information on the final screen, and click the Finish button to add your server to the selected group. Click Close in the message box stating that your registration is successful.

At this signal, yous can begin managing user accounts from within Enterprise Managing director. To grant a user account access to a SQL server:

1.

Log on as a user with administrative privileges.

2.

Click Start | Programs | Microsoft SQL Server | Enterprise Manager.

3.

Navigate to the SQL Server you are administering, and expand the Security container.

four.

Open the Logins container.

v.

Right-click the Logins container.

6.

Select New Login from the pop-upward menu.

7.

If the Authentication type is right (Windows Authentication), click the ellipsis (…) button next to the name box to select a user or grouping business relationship from Active Directory. Otherwise, y'all will exist express to accounts within SQL Server simply.

eight.

Select the account, click the Add together push button, and click OK to finish that dialog box.

9.

Yous will be returned to the SQL Server Login Properties box, which is shown in Figure 6.xx.

Figure six.20. Login properties.
10.

Brand certain that the database and language are right in the dialog box, or leave them as the defaults, and so click the Server Roles tab.

xi.

Select the role or roles that this user account will exist granted by checking the appropriate boxes.

12.

Click the Database Access tab.

xiii.

Select the databases to which you are granting access with the role you selected.

14.

In the lower box of the window, select the blazon of office to grant to that particular database past checking the advisable boxes. (Public is the default.)

fifteen.

Click OK to complete the login creation process.

Logins are one method of granting Active Directory user accounts access to SQL Server databases. Within each database, you lot tin create user access that prompts new logins to be created. All you demand to do is:

1.

Open up Enterprise Managing director.

ii.

Navigate to your selected database.

iii.

Aggrandize the database.

four.

Right-click the Users container.

5.

Select New Database User from the pop-upwards menu.

6.

Utilize the drop-downwards box to select   <   new   >, which will prompt the Login Properties box to open and create a new login.

7.

When you take completed the new login, you lot volition see the login name listed in the drib-downwards listing of the New User properties box, which is shown in Effigy 6.21.

Effigy 6.21. New user creation.
8.

You lot can modify the username if you lot want, and select the database role permissions.

9.

Click OK to complete the new user creation procedure.

Enterprise Managing director is as well useful for administering component services of SQL Server. These services are:

Microsoft Distributed Transaction Coordinator (DTC)

Microsoft Search

SQL Server Agent

You are enabled to only outset or end the Microsoft Distributed Transaction Coordinator service within Enterprise Manager. To exercise and then, select the SQL Server and aggrandize its container. Navigate to the Support Services container and aggrandize that. Right-click Distributed Transaction Coordinator, and select Stop (or First, if the service has already been stopped) from the pop-up bill of fare.

Microsoft search is located in the Support Services container equally well every bit the DTC. The feature is chosen Total-Text Search. You are granted more options with managing search: You lot can showtime and cease the service, clean upward catalogs, and view the Microsoft search properties, which are shown in Effigy half dozen.22. All these options are available on the pop-up carte du jour when you correct-click the Full-Text Search icon.

Effigy 6.22. The Microsoft Full-Text Search Service properties dialog box.

The SQL Server Agent service is located inside a dissimilar container in Enterprise Manager—the Management container located beneath your selected SQL Server. The SQL Server Amanuensis contains iii other objects: Alerts, Operators, and Jobs. To manage the agent itself, correct-click it, and select Kickoff or Stop to change the service's status. Y'all can too select Brandish Error Log or explore the options below the Multi-Server Assistants option, in which you can make the server a principal or a target; create a new warning, operator, or job; or open the SQL Server Agent's Backdrop dialog box, which is shown in Figure 6.23.

Effigy 6.23. SQL Server Amanuensis Properties.

Several tabs are available in the SQL Server Agent Properties dialog box.Table half dozen.1 details the options within each tab.

Tabular array 6.1. SQL Server Agent Options

Tab Options
General Select the SQL Server Agent service startup business relationship, establish the mail profile, and select or view the fault log.
Advanced Set the restart options for the service, configure event forwarding, prepare the CPU Idle settings to optimize performance.
Alarm Arrangement Format addressing of pager east-mails, establish a neglect-prophylactic operator.
Chore System Conform job history log settings, set up job execution parameters, select a proxy business relationship.
Connexion Select the Authentication type (Windows or SQL Server) and set login timeout, view SQL Server alias.

One of the other things that Enterprise Director provides is a method for monitoring your replication betwixt publishers and subscribers. You can likewise manage the agents that are involved in the various types of replication. To view these options, navigate to the SQL Server you accept selected. Open the Replication Monitor folder. You lot can view publishers and right-click on each to manage them. Past right-clicking on an amanuensis listed below a publisher, you can push button new subscriptions, reinitialize all of them, view the agent'due south properties, and refresh the settings.

SQL Server MMC Snap-Ins

Bated from SQL Server Enterprise Director, three other MMC snap-ins can assistance with managing the SQL Server environment:

Component Services

Meta Data Services

SQL Analysis Services

Component Services comprises divide utilities that manage services from the same MMC. Of primary importance to the SQL database administrator, this console provides access to the Microsoft Distributed Transaction Coordinator (DTC). DTC manages distributed transactions. A distributed transaction uses information from multiple databases, whether they are located on the same system or on separate servers. The DTC contains two options: a list of transactions and statistics. The Transaction Statistics choice is shown in Figure 6.24. Both of these options tin provide valuable information to a DBA. If an application involves a transaction beyond multiple information sources, analogous information technology tin ensure that individual transactions that neglect will not skew the issue. The DTC Service provides coordination against inconsistency problems and information loss. The DTC Transaction List in the Component Services MMC allows you lot to monitor the transactions as they occur considering it shows whatsoever distributed transactions that are currently executing. You lot can fifty-fifty resolve a transaction by right-clicking it and forcing it to commit or abort from the options on the pop-upwardly menu. The DTC Transaction Statistics will allow you view the activity statistics running on the system. If your organization is having operation bug, this characteristic can aid you in determining whether distributed transactions need to be given a larger-capacity system.

Figure 6.24. DTC Transaction Statistics in the Component Services MMC.

Metadata is the data that is used to describe another fix of information. It is generally considered an indexing method using a summary and details about a database within the SQL Server organisation. For example, you might accept a table that lists all Internet users' shipping information. The summary information used to draw that information, such as shipping costs past state, is considered metadata. Metadata is used almost within the Assay Services.

The Meta Data Services console is useful in viewing the metadata listed for a database. To use the Meta Data Services MMC, you must offset beginning by registering a database. To do so, right-click the root of the panel, and select Register Database. After the registration is complete, you can utilise the Meta Data Services panel to view metadata.

The Analysis Services MMC, shown in Figure 6.25, is used for discovering the statistics about analysis of the database. When you install an analysis server, this console is a standard selection. You can access it past clicking First | Programs | Microsoft SQL Server | Analysis Services | Analysis Manager.

Figure 6.25. The Analysis Services MMC.

Read full chapter

URL:

https://world wide web.sciencedirect.com/scientific discipline/article/pii/B9781928994190500099

Osiris

In Host Integrity Monitoring Using Osiris and Samhain, 2005

Multiple Management Consoles

The Osiris direction console was not designed to work in conjunction with other console deployments. You tin can deploy multiple management consoles, which can be configured to not step on each other's toes, but there is little advantage.

One reason why you may want to deploy a 2nd or 3rd management console is considering of the load on your panel host. If you are managing thousands of hosts, it may exist more applied to ready 2 or three consoles to distribute the overhead. Another reason has to do with your network topology. Information technology may exist that your network design restricts you lot from placing a console on the network where information technology tin can connect to all of the hosts yous wish to monitor. Or, you may accept hosts on completely separate networks. In whatsoever case, the problem with deploying more than than one console is that you then have to manage more than ane panel. This includes the information associated with a console, as well as maintaining it (e.g., backups). Scan configurations, scan information, and logs are spread across multiple hosts and go more of a management burden.

I take besides seen deployments with multiple consoles where the ambassador was monitoring the same agent from different consoles. This has little value and is not recommended. Non only practice you have the burden of managing more ane console, y'all now have to make sure that the consoles exercise not fight over the agents every bit far as scheduling is concerned. Never run multiple instances of a management console on the same host.

Read full chapter

URL:

https://world wide web.sciencedirect.com/science/commodity/pii/B9781597490184500137

Installing and configuring Windows Server 2008 R2

Dustin Hannifin , ... Joey Alpern , in Microsoft Windows Server 2008 R2, 2010

Microsoft Management Console 101

The Microsoft Management Console (MMC) was introduced with the release of Windows 2000 as the premier tool for managing Windows Servers. The MMC was not but powerful but also very customizable. The concept was unproblematic – A unmarried panel that would allow multiple tools known as snap-ins to be added. Administrators could employ the out-of-box consoles, or create their own customized consoles. These consoles could be used on the server itself, or remotely from an ambassador's workstation. MMC was well received by Windows administrators and continues to exist used with the release of Windows Server 2008 R2. In fact, Server Manager, which will be discussed in the next section, is more or less a Microsoft developed, characteristic-rich MMC. Let usa explore some basic MMC concepts. We will commencement get-go by creating a new console with a few snap-ins. To create a new console, perform the following:

ane.

Create a new console by going to Starting time | Run, and type MMC in the run box. Then click on OK. This will open a new panel with no snap-ins (encounter Figure two.32).

Figure 2.32. Empty MMC.
ii.

Now let us add together a couple of snap-ins. Go to the File menu and choose Add together/Remove Snap-in. This will open the Add/Remove Snap-in selection window.

3.

Add Event View and Services as seen in Figure two.33. If asked for the computer to connect to choose Local Computer, so click on the OK button.

Effigy 2.33. Select MMC Snap-Ins.
4.

You lot will now see the left pane of the console, nether the Console Root, populated with the snap-ins you selected. You can now manage the selected options by clicking on one of the snap-ins. Click to highlight the Services snap-in.

5.

The heart-pane will populate with a list of Windows services. The eye pane is used to display the administrative options based on the snap-in that was selected in the left pane (see Effigy 2.34).

Figure 2.34. Windows Services Snap-In.
half dozen.

If you click on whatsoever service, you will see new options announced in the far right hand pane. This pane is known as the Actions Pane. The Actions Pane volition usually include common actions that tin can be performed on the item selected in the middle pane. In our example, you can click on a service such every bit the DNS Client service. Then click on the More than Deportment pick in the Actions Pane. Choose the choice Restart Service. This will restart the DNS Service.

7.

Now that you have created a custom MMC, you may want to save it for time to come utilize. To save the console, simply get to the File carte and choose the Save As… option. Choose a file name and location and click on the Save button. In futurity, you can open up this console simply by double-clicking it.

You should at present have a basic agreement of what the MMC is and how you can use information technology to administer Windows Servers. We will now take a expect at Server Managing director.

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9781597495783000025