4. When you are fi nished adding snap-ins to folders, click OK to close the Add Or
Remove Snap-Ins dialog box and return to the console you are creating.
Some snap-ins prompt you to select a computer to manage, as shown in the following
screen:
If you want the snap-in to work with whichever computer the console is running
on, select Local Computer. Otherwise, select Another Computer, and then type the
computer name or IP address of the computer you want to use. If you don’t know the
computer name or IP address, click Browse to search for the computer you want to
work with.
Specify Which Computer to Manage
To ensure you can specify which computer to manage when running the console
from the command line, you must select the Allow The Selected Computer To Be
Changed When Launching From The Command Line check box. When you select
this option and save the console, you can set the computer to manage using the
/Computer=RemoteComputer parameter.
Some snap-ins are added by using wizards with several confi guration pages, so when
you select these snap-ins you start the associated wizard and the wizard helps you
confi gure how the snap-in is used. One snap-in in particular that uses a wizard is
Link To Web Address. When you add this snap-in, you start the Link To Web Address
Wizard, as shown in the following screen, and the wizard prompts you to create an
Internet shortcut. Here, you type the Uniform Resource Locator (URL) you want to use,
click Next, enter a descriptive name for the URL, then click Finish. Then, when you
select the related snap-in in the console tree, the designated Web page appears in the
details pane.
Specify Which Computer to Manage
To ensure you can specify which computer to manage when running the console
from the command line, you must select the Allow The Selected Computer To Be
Changed When Launching From The Command Line check box. When you select
this option and save the console, you can set the computer to manage using the
/Computer=RemoteComputer parameter.r
Building Custom MMCs 167

tool. Before you do this, however, there are a couple of fi nal design issues you should
consider:

What you want the initial console view to be

Which user mode you want to use

Which icon you want to use

What you want to name the console tool and where you want it to be located
Setting the Initial Console View Before Saving
By default, the MMC remembers the last selected node or snap-in and saves this as
the initial view for the console. In the example tool created, if you expand the General
folder, select Active Directory Users And Computers, and then save the console, this
selection is saved when the console is next opened.
Keep in mind that subsequent views depend on user selections.
Note
Only the folder with the selected snap-in is expanded in the saved view. If you use fold-
ers and select a snap-in within a folder, the expanded view of the folder is saved with the
snap-in selected. If you expand other folders, the console is not saved with these folders
expanded.
Note
Only the folder with the selected snap-in is expanded in the saved view. If you use fold-
ers and select a snap-in within a folder, the expanded view of the folder is saved with the
snap-in selected. If you expand other folders, the console is not saved with these folders
expanded.
Building Custom MMCs 169
Chapter 6
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Setting the Console Mode Before Saving

Do Not Save Changes To This Console
Select this check box to prevent the user
from saving changes to the console. Clear this check box to change the view auto-
matically based on the user’s last selection in the console before exiting.

Allow The User To Customize Views
Select this check box to allow users to add
windows focused on a selected item in the console. Clear this check box to pre-
vent users from adding customized views.
Chapter 6
170 Chapter 6 Windows Server 2008 MMC Administration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Setting the Console Icon Before Saving
While you are working in the Options dialog box, you might consider setting custom
icons for your console tools. All the console tools developed by Microsoft have their
own icons. You can use these icons for your console tools as well, or you could use
icons from other Microsoft programs quite easily. In the Options dialog box (which is
displayed when you select Options on the File menu), click Change Icon. This displays
the Change Icon dialog box, as shown in the following screen:
Building Custom MMCs 171
Chapter 6
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
In the Change Icon dialog box, click Browse. By default, the Open dialog box should
open with the directory set to %SystemRoot%\System32. In this case, type shell32.dll
as the File Name, and click Open. You should now see the Change Icon dialog box with
the Shell32.dll selected, which will allow you to choose one of several hundred icons
registered for use with the operating system shell (see the following screen). Choose an
icon, click OK, and then click OK to close the Options dialog box. From then on, the
icon will be associated with your custom console tool.
Saving the Console Tool to the Desktop, the Start Menu, or a Folder

By default, the name shown on the console tool’s title bar is set to the fi le name you des-
ignate when saving it. As long as you are in author mode, you can change the console
tool name using the Options dialog box. Select Options on the File menu, and then type
the name in the box provided at the top of the Console tab.
Designing Custom Taskpads for the MMC
When you want to simplify administration or limit the available tasks for junior admin-
istrators or Power Users, you might want to consider adding a taskpad to a console
tool. By using taskpads, you can create custom views of your console tools that contain
shortcuts to menu commands, shell commands, and navigation components.
Getting Started with Taskpads
Basically, taskpads let you create a page of tasks that you can perform quickly by click-
ing the associated shortcut links rather than using the existing menu or interface
provided by snap-ins. You can create multiple taskpads in a console, each of which
is accessed as a taskpad view. If you’ve worked with Windows XP or Windows Vista,
you’ve probably seen the revised Control Panel, which is a taskpad view of Control
Panel. As with most taskpads, Control Panel has two purposes: It provides direct access
to the commands or tasks so that you don’t have to navigate menus, and it limits your
options to a set of predefi ned tasks that you can perform.
You create taskpads when you are working with a console tool in author mode. Task-
pads can contain the following items:

Menu commands
Menu commands are used to run the standard menu options of
included snap-ins.

Shell commands
Shell commands are used to run scripts or programs or to open
Web pages.

Navigation components

Used to start the New Object—Group Wizard

Create User
Used to start the New Object—User Wizard

Connect To Domain
Used to select the domain to work with

Create Advanced Query
Used to defi ne an Active Directory query and save it so
that it can be reused
Note
You could also add a Connect To Domain Forest option that would be used to select the
domain forest to work with. We haven’t used the taskpad to limit the options; rather,
we’ve simply provided quick access shortcuts to commonly run tasks. In the next section,
you’ll learn how to limit user options.
Understanding Taskpad View Styles
Taskpads can be organized in several different ways. By default, they will have two
views: an extended taskpad view and a standard view. The extended view contains the
list of tasks that you’ve defi ned and can also contain the console items being managed.
The standard view contains only the console items being managed. When you create
the taskpad, you have the option of hiding the standard view simply by selecting the
Hide Standard Tab check box.
Note
You could also add a Connect To Domain Forest option that would be used to select the
domain forest to work with. We haven’t used the taskpad to limit the options; rather,
we’ve simply provided quick access shortcuts to commonly run tasks. In the next section,
you’ll learn how to limit user options.
Chapter 6
174 Chapter 6 Windows Server 2008 MMC Administration

in the usual way. For example, the taskpad shown in Figure 6-8 doesn’t defi ne any tasks
that manage policy or security, so the snap-ins in these folders will be fully accessible.
To make it so users can’t work with these snap-ins directly, you must defi ne taskpads for
those snap-ins or add tasks that use menu commands from those snap-ins to the current
taskpad or another taskpad.
Designing Custom Taskpads for the MMC 175
Chapter 6
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
When you select the No List option, you can limit users’ options to the tasks you’ve
defi ned and not allow users to access the console items being managed. To do this, you
specify that the Standard tab should be hidden. From then on, when working with the
console items being managed, users can perform only the tasks defi ned on the taskpad,
such as those shown in Figure 6-9.
Figure 6-9. By using the No List style and hiding the Standard tab, you can limit user options.
Creating and Managing Taskpads
Any console tool that has at least one snap-in can have an associated taskpad. To create
a taskpad, you must open the console in author mode, then follow these steps:
1. In your custom MMC, right-click the folder or console item that you want to
work with, choose Action, and then choose New Taskpad View to start the New
Taskpad View Wizard. Keep in mind that a single taskpad can be used to manage
multiple console items.
2. In the New Taskpad View Wizard, click Next, and then confi gure the taskpad
display (see Figure 6-10 for an example). Select the style for the details page as
Vertical List, Horizontal List, or No List, and set the task description style as
Text or InfoTip. You can also choose to hide the Standard tab (which only limits
the tasks that can be performed if you also select the No List style). As you make
selections, the wizard provides a depiction of what the results will look like as a
fi nished taskpad. Click Next to continue.
3. On the Taskpad Reuse page (shown in Figure 6-11), you must decide whether to
apply the taskpad view to the selected tree item only (the item you right-clicked)

create three additional taskpads. Any additional taskpads you create can be placed at
the same place in the console tree or at a different part of the console tree. You access
multiple taskpads placed at the same part of the console tree by using the tabs provided
in the details pane.
As long as you are in author mode, any taskpad you created can easily be edited or
removed. To edit a taskpad view, right-click the item where you defi ned the taskpad,
and then select Edit Taskpad View from the shortcut menu. This opens a Properties dia-
log box containing two tabs:

General
Use the options on the General tab shown in the following screen to con-
trol the taskpad style as well as to display or hide the Standard tab. Click Options
to specify to which items the taskpad view is applied.

Tasks
Use the Tasks tab to list current tasks defi ned for the taskpad. Use the
related options to create new tasks or manage the existing tasks.
Chapter 6
178 Chapter 6 Windows Server 2008 MMC Administration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Creating and Managing Tasks
You create tasks by using the New Task Wizard. By default, this wizard starts automati-
cally when you fi nish creating a taskpad view. You can start the wizard using the task-
pad Properties dialog box as well. On the Tasks tab, click New. Alternatively, in your
MMC, right-click the folder or console item where you defi ned the taskpad, and then
select Edit Taskpad View from the shortcut menu.
After the New Task Wizard is started, click Next, and then select the command type as
follows:

Choose Menu Command to run the standard menu options of included snap-ins.

list of tasks on the taskpad provided you click Finish to fi nalize the creation of the cur-
rent task. If you want to create another task, select the When I Click Finish, Run This
Wizard Again check box, and then repeat this process. Otherwise, just click Finish.
Creating Shell Command Tasks
After choosing to create a shell command, specify the command line for the task, as
shown in Figure 6-13.
Figure 6-13 Set the command line for the script or program you want to run.
Chapter 6
180 Chapter 6 Windows Server 2008 MMC Administration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
The options are as follows:

Command
The full fi le or Universal Naming Convention (UNC) path to the com-
mand you’ve chosen to run, such as C:\Scripts\Checkpol.bat or \\Corpserver01\
Scripts\Checkpol.bat. The command can be a shell or batch script or a program.
If you don’t know the path to use, click Browse, and then use the Open dialog box
to fi nd the program that you want to run.

Parameters
The command-line parameters you want to pass to the script or pro-
gram. Click the right arrow beside the Parameters fi eld to display variables that
you can use (these are related to the snap-in you selected originally when creating
the taskpad). Select a variable to add it to the list of command-line parameters.

Start In
The startup (or base) directory for the script or program you’ve chosen,
such as C:\Temp.

Run

Next, you set the name and description for the task. The name is used as the shortcut
link designator for the task. The description is displayed as text under the shortcut link
or as an InfoTip, depending on the way you confi gured the taskpad. If you are creating a
link to the main console tool page, you might want to call it Home.
Next, you can choose an icon for the task. As discussed previously, you can select Icons
Provided By MMC or Custom Icon. If you created a link called Home, there is a Home
icon provided by the MMC to use. If you use custom icons, you probably want to use the
Shell32.dll in the %SystemRoot%\System32 directory to provide the custom icon.
Chapter 6
182 Chapter 6 Windows Server 2008 MMC Administration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
When you click Next again, the wizard confi rms the task creation and shows a current
list of tasks on the taskpad provided you click Finish to fi nalize the creation of the cur-
rent task. If you want to create another task, select the When I Click Finish, Run This
Wizard Again check box, and then repeat this process. Otherwise, just click Finish.
Arranging, Editing, and Removing Tasks
As long as you are in author mode, you can edit tasks and their properties by using the
taskpad Properties dialog box. To display this dialog box, right-click the folder or item
where you defi ned the taskpad, and then select Edit Taskpad View from the shortcut
menu. On the Tasks tab shown in Figure 6-16, you can do the following:

Arrange tasks
To arrange tasks in a specifi c order, select a task, and then click
Move Up or Move Down to set the task order.

Create new tasks
To create a new task, click New, and then use the New Task
Wizard to defi ne the task.

Edit existing tasks

Chapter 6
184 Chapter 6 Windows Server 2008 MMC Administration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
W
indows Server 2008 has different confi guration architecture than its predeces-
sors. You prepare servers for use by installing and confi guring the following
components:

Server roles
Server roles are related sets of software components that allow serv-
ers to perform a specifi c function for users and other computers on networks. A
computer can be dedicated to a single role, such as Active Directory Domain Ser-
vices, or a computer can provide multiple roles.

Role services
Role services are software components that provide the functional-
ity of server roles. Each server role has one or more related role services. Some
server roles, such as Domain Name Service (DNS) and Dynamic Host Confi gura-
tion Protocol (DHCP), have a single function and installing the role installs this
function. Other roles, such as Network Policy And Access Services and Active
Directory Certifi cate Services, have multiple role services that you can install.
With these server roles, you can choose which role services to install.

Features
Features are software components that provide additional functionality.
Features, such as WINS and Windows Server Backup, are installed and removed
separately from roles and role services. A computer can have multiple features
installed or none, depending on its confi guration.
You confi gure roles, role services, and features using the Server Manager console.
Server Manager has a command-line counterpart, called ServerManagerCmd.exe, which

(AD CS)
AD CS provides functions necessary for issuing and revoking
digital certifi cates for users, client computers, and servers.
Includes these role services: Certifi cation Authority, Certifi cation
Authority Web Enrollment, Online Certifi cate Status Protocol, and
Microsoft Simple Certifi cate Enrollment Protocol (MSCEP).
Active Directory
Domain Services
(AD DS)
AD DS provides functions necessary for storing information about
users, groups, computers, and other objects on the network and
makes this information available to users and computers. Domain
controllers give network users and computers access to permitted
resources on the network.
Active Directory
Federation Services
(AD FS)
AD FS complements the authentication and access management
features of AD DS by extending them to the World Wide Web.
Includes these role services and subservices: Federation Service,
Federation Service Proxy, AD FS Web Agents, Claims-Aware Agent,
and Windows Token-Based Agent.
Active Directory
Lightweight Directory
Services (AD LDS)
AD LDS provides a data store for directory-enabled applications
that do not require AD DS and do not need to be deployed on
domain controllers. Does not include additional role services.
Active Directory
Rights Management