Delegation of Administration Using Microsoft Management Console

Summary

Microsoft Management Console (MMC) is a general-purpose management display framework for hosting administration tools built as MMC snap-ins by Microsoft and other companies. The MMC consoles included with Windows 2000 are examples of MMC saved consoles. These are files with an .msc extension, where an administration tool was added to the console and saved with particular options selected. A shortcut was then added to the Administration Tools menu for the console.

Administrators can delegate administration by creating MMC consoles that have preconfigured snap-in administration tools, or that restrict what users can do with the MMC console.

More Information

Administrators can follow these steps to create a custom console:
  1. Open a new Microsoft Management Console by running
    mmc.exe at a command line.
  2. On the Console menu, click Add/Remove Snap-in.
  3. Click Add to display the installed snap-ins.
  4. For each administration tool you want, click the snap-in, and then click Add.
  5. When you are finished, click Close.

    Note that the administrator can further restrict what is displayed to users by restricting the snap-in's extensions. Administration tools can be broken down into sub-components that can be enabled or disabled by clicking the Extensions tab.
  6. Click OK.
  7. Before saving the snap-in, click Options on the Console menu.
  8. Click the Console tab and then click one of the following items in the Console Mode box:

    • Author Mode: This mode allows the user access to all MMC functionality, including the ability to add and remove snap-ins, create new windows, and navigate all portions of the console tree.
    • User Mode - Full Access: This mode allows the user access to all MMC window management functionality and full access to the console tree. It does not allow the user to add or remove snap-ins or to change the console file options. Save commands are removed from the menu because changes that do not affect snap-in relationships are saved automatically.
    • User Mode - Limited Access, Multiple Window: This mode restricts the user's ability to open new windows or gain access to areas of the console tree that were not visible when the console file was saved. All restrictions in place on full-access user mode console files also apply. Multiple child windows are allowed, but users do not have the ability to close them.
    • User Mode - Limited Access, Single Window: This mode is similar to the mode above, except that there is only a single window and the controls for working with multiple windows are not present.

      Note that this does not restrict the user's ability to create MMC consoles. To do this, security on the snap-in extensions must be enforced to restrict which snap-ins are available to the user. Snap-in extensions are installed and registered locally on each computer. If the administrator creates an MMC console on a local computer on which several snap-ins are registered, and those are added to the console, the same snap-ins must be installed on the client computer for the MMC console to display the extensions.
  9. When you are finished, Click Save As on the Console menu. Specify a file name and path for the MMC console. This file is saved with an .msc extension and can be transferred to another user to open on a client computer with the snap-ins preconfigured.
For more information about Microsoft Management Console, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb742441.aspx

In order to create a customized MMC file with an Administration Tool component, you have to obtain the Windows 2000 Adminstration Tools from the Windows 2000 Server CD.

NOTE: In order for the customized MMC file to run properly, the specific snap-in has to be installed on the system that you are planning on executing the cusotmized MMC.
Propriétés

ID d'article : 201341 - Dernière mise à jour : 11 déc. 2008 - Révision : 1

Commentaires