Remotely managing Exchange Servers over the years seems to fall into one of two options, with some variations. First, either install the management tools components on your local workstation or second, use terminal services (RDP remote desktop) to access the console. In this overview, I will look at those options and other adaptations.
Installing Management Tools on the Workstation
Back in Exchange 5.5 and 2000, it was easy to install management tools on a Windows 2000 Pro workstation to administer Exchange. Exchange 5.5 had a separate application, admin.exe, that was installed from the CD by selecting the administration components only through the setup interface. Even the Exchange 2000 CD had the Exchange 5.5 administration tools for optional installation. Exchange 2000 also had separate administration components using a Microsoft Management Console (MMC) for each of Active Directory Users and Computers (ADUC) and Exchange System Manager (ESM). Using MMC as the standard interface added flexibility. It was possible to combine administrative interfaces into a single MMC with, for example, ADUC, ESM, Message Tracking, IIS Admin, Certificate Services and Event Viewer.
Well, once administrators had used Exchange administration tools from their desktops, it seems they wanted to continue, but things get a little complicated with different versions of Exchange as well as server and workstation operating systems. In addition, for a coexistence scenario, you needed both Exchange 5.5 and Exchange 2000 administration tools. Let's start with Windows XP Pro. Installing ESM 2000 was not supported and failed on installation demanding the presence of the Windows 2000 Administration Tools. Trying to install the Windows 2000 Admin Tools on XP returns an error as well. The 'workaround' if we can call it that was to ignore the error for the Windows 2000 Admin Tools and proceed. After that, install the Exchange 2000 ESM. It worked. Oh, you wanted to use Outlook on that machine as well? Well, that, too, was not supported:
Microsoft does not recommend installing Exchange Server 5.5 and Outlook 2000 or later on the same computer
Microsoft does not support installing Exchange Server components and Outlook on the same computer
It can lead to unexpected and challenging issues, such as that outlined in Microsoft KB 329136:
"The information store could not be opened" error message occurs when you try to view client permissions in Exchange Server 2003 or Exchange 2000 Server
Next we add Windows 2003 and Exchange Server 2003 into the mix. Windows 2003 had its own Windows 2003 Adminpak.msi. The same limitations applied to Windows 2003 as Windows 2000 when installing ESM on a Windows XP workstation, but it still worked. There was a challenge if you upgraded Windows XP to sp2 after ESM (and therefore IIS Manager) was installed. Reinstalling IIS and then ESM again seemed to work. Or, if you were more meticulous, removing and reapplying the IIS components called ‘Common Files' and ‘Internet Information Services' also worked as outlined in Microsoft KB 834121.
What to consider when you install Exchange System Management Tools on Windows XP
Ok, so you again want to use Outlook on the same workstation? Now, when you install ESM on XP there are often conflicts with Outlook. These Outlook conflicts with ESM focus on MAPI. Some people have had better luck that others having them operate in tandem on their Windows XP workstation; whereas, others seemed cursed by their attempts. With Outlook 2003 and Outlook 2007, Microsoft provides some format for troubleshooting MAPI conflicts with Outlook in Microsoft KB 813602, but the conflict with ESM remains an issue.
You receive an error message if a file conflicts with the MAPI file on your computer when you start Outlook 2007 or Outlook 2003
Finally, Windows Vista enters into the picture. Microsoft clearly states that Exchange Management Tools for Exchange 2000/2003 are not supported on Windows Vista.
You cannot install the Exchange Management Console or the Exchange System Manager on a Windows Vista-based computer
This has to be one of the many small issues that deter companies from adopting the newest Windows client. The first block is the Windows 2003 Administration Tools needed by the ESM. Some people have successfully got the Windows 2003 Administrator Tools installed on Windows Vista by manually registering the .dll files with regsrv32. Indeed much of the functionality provided by the tools is then available on Vista. Microsoft has compiled the list of .dlls, a script to register them, and a list of new issues created by this option at their KB 930056:
You experience installation errors and compatibility problems when you install Windows Server 2003 management tools on a Windows Vista-based computer
Well, along comes Exchange Server 2007. The MMC console is replaced by an application specific to Exchange 2007. We have returned to a non-extensible format as we had for Exchange 5.x. The Exchange 2007 Management Console (EMC) can be installed separately from the various server roles it controls. Exchange 2007, however, adds a very critical requirement – it is a 64-bit application. With the RTM version of Exchange 2007, installing the EMC on Windows Vista clients is not supported. However, Exchange 2007 Service Pack 1 brings some relief to those who prefer to administer their servers using installed tools on their Vista workstation. The Exchange 2007 sp1 Custom Installation lets you select just the Management Console for installation on Windows Vista where the appropriate prerequisites have been met, such as Windows Powershell 1.0 (MS KB 928439 as shown below), MMC 3.0 and the .Net Framework 2.0. The EMC includes the Exchange Management Shell (EMS) and the compiled Help files. Installing from the same media as your production Exchange 2007 Server means you are working with a 64-bit application that needs a 64-bit operating system. If you are running Windows Vista with the 32-bit client, then you need to download the appropriate 32-bit binaries available on the Microsoft download site:
Microsoft Exchange Server 2007 Management Tools (32-bit)
Windows PowerShell 1.0 Installation Package for Windows Vista
The actual installation of the Exchange 2007 Management tools is not that difficult for either the 32-bit or 64-bit versions as outlined in KB 555841 and Microsoft Technet as referenced:
How to Install the Exchange 2007 Management Tools
Installing Exchange 2007 Management Tools On a 32 Bit Operating System
If installing the ESM (2000/2003) or the EMC (2007) seems to you to be a hassle, well, you are far from alone. Thankfully, Microsoft provides a Remote Desktop feature allowing access to the Exchange Server desktop from the workstation without installing any Exchange components locally. In Windows 2000 this was referred to as Terminal Services – Administration Mode. It is now much more common and included in all business Windows operating systems as Remote Desktop. Other applications can serve the same function, but they introduce their own set of costs, administration and security issues. These remote administration tools include pcAnywhere and Virtual Network Computing (VNC).
The client executable for RDP is mstsc.exe in the %systemroot%\System32 folder. It has a couple of parameters that you can use. You can edit a shortcut to include parameters for the window size, server name, or even log into the console. The /console switch logs the administrator into the actual console. What the administrator sees in his RDP session is exactly what he sees if he logged in directly at the server. For a server name E2K7-MB-02, an administrator might run the following from the run line in the start menu of his workstation:
>mstsc /v:E2K7-MB-02 /console
Run mstsc /? For the list of parameters.
For companies of 75-250 employees, I recommend using an Administration Server or station. This is a secure Windows 2003 R2 server which hosts your management applications. This may include Antivirus management console or Windows Software Update Services (WSUS). I would install the necessary Exchange Management Tools on that server and use RDP to access that using a separate Administrator-level logon. Of course, at your workstation, you are authenticated with the lowest required privileges to perform your tasks. You do not likely need to be authenticated as an Exchange administrator all the time, so using a separate server and username for this makes some secure sense.
RDP has come a long way as well, with various systems able to use Microsoft or third party RDP clients. This includes Windows Mobile, Linux, and MacOSX. I don't know many who administer Exchange from their Linux box, but at least they could if so compelled.
Windows Vista adds another compelling option for some administrators. Vista can host operating systems as virtual clients. This includes Windows XP sp2 which can be used for the ESM tools for Exchange 2003 administration. As we discussed, ESM, needing IIS6, is not supported on Vista; however, it can run on Windows XP sp2 which can run as a guest using Virtual PC on Vista.