In-Depth

Figuring Out the Pieces of Microsoft Management Console

Microsoft set a lofty goal of creating a consistent interface to help you manage a variety of network tasks. MMC takes us partway there; here's what works— and which pieces still are missing.

One size fits all. That’s a statement like “the check is in the mail”—we’re wise to treat it with skepticism. Is it possible to create a single interface to host all the myriad administrative tools for the Windows environment, or is it preferable to have specialized tools for specialized functions? Can we have it both ways, or does any deviation from the standard weaken the concept of a common interface?

Microsoft’s intended scope for Microsoft Management Console (MMC) is astounding when you look at how many different products are supposed to fit into the MMC interface. Can it be done? Can MMC be all things to all programs?

Microsoft Management Console was the centerpiece of the keynote address at TechEd in 1997. The concept seemed benign enough, although did we really mind having separate tools for User Manager for Domains and Server Manager? On the other hand, the ability to create customized management consoles sounded interesting.

Since that time, more and more applications are appearing with MMC snap-ins as the management interface. In SMS 2.0, the old SMS Administrator interface has been abandoned for an MMC snap-in. Internet Information Server (IIS) 4.0 uses it, as do SQL Server 7.0 and MS Online Analytical Processing (OLAP) services. The BackOffice Resource Kit 4.5 uses MMC as the interface for all tools. Even Independent Software Vendors (ISVs) like Hewlett-Packard are writing for it.

And of course, MMC is at the center of all management in Windows 2000. Microsoft intends it, in fact, as the administrative interface for everything eventually, a huge mandate by any standards. Since you’ll be facing this tool more and more often as a network administrator, we’ll start by explaining what MMC is and what it can do for you. We’ll then look at how it’s being implemented, and finally, some of the larger questions that this interface begs.

So What is MMC?

Administrators take care of many different tasks on the network, from day-to-day operations to fixing problems. This, of course, means different things with different products. For an operating system, administration includes jobs like adding user accounts, configuring the hard disks, and assigning rights and permissions to files. For an application like SQL Server, administration could be backing up or creating new databases. For IIS, administration could encompass creating a new virtual directory. The idea behind MMC is to provide administrators with a consistent interface to do lots of different administrative tasks. Thus, the “management” in Microsoft Management Console means the ability to work with or manage all your administrative tasks in one place.

MMC is essentially just a container for small tools called snap-ins. It can also contain Web pages, folders, and ActiveX controls. The container itself doesn’t provide any administrative capabilities. The snap-ins are the management tools provided by various applications and—in the case of Windows 2000—the operating system itself. Snap-ins can’t run outside of MMC.

Each snap-in uses a window structure similar to the Explorer interface. The left side of the window shows a container tree; the right side shows the contents of each container. MMC is what’s called an MDI, or Multiple Document Interface. This means it’s possible to have multiple windows, all attached to the same console. (An example of a Single Document Interface is Microsoft Internet Explorer, where each session can display only one window at a time.)

The idea is that, as an administrator, you can take one or more snap-ins and create custom management consoles for your lesser admins. Each custom console would be saved as a Management Saved Console file with an .MSC extension, showing only the options and views that each administrator should work with. This lets MMC create very specific consoles for the skill level and job description of every administrator. The .MSC file can be given to another user or administrator and automatically invoked to re-create a specific management environment. You could send it in an email message or copy it directly to a user’s Start Menu. Theoretically, if the required snap-ins aren’t installed in the computer where the .MSC file is being run, MMC will download the required components.

Tip:
It’s easy to add something to an NT user’s Start Menu or Desktop across the network—assuming you have sufficient rights, of course. Start Windows Explorer and go to Tools | Map Network Drive. In the path, type:

\\computername\admin$

Admin$ is a special hidden share that always points to the directory where Windows is installed, regardless of what drive letter it’s on. Only administrators have access to this share. Once you have a drive letter mapped to the Admin$ share, use Explorer to find the Profiles directory on that drive. Under Profiles, locate the user you want or select the All Users profile directory. You can paste an executable, a shortcut, or an MMC .MSC file directly into the user’s Desktop folder, or anyplace you like on his or her Start Menu. It shows up immediately.

What sort of consoles might you create? If you have an admin who needs to distribute software through SMS, you might create one .MSC file that has the SMS packages and collections containers but nothing else. You might have another administrator who works with queries. You could create another .MSC file with the SMS queries container, the SQL 7.0 snap-in, and some of the specialized query tools included in the BackOffice Resource Kit 4.5 (BORK) (see Figure 1).

Figure 1. An example of a customized Microsoft Management Console .MSC file.

It’s important to note that MMC isn’t intended to impose security on your users. It’s more like a giant menu in which you can turn on the display of some options on and turn off others—but those options aren’t disabled entirely. That’s left to the security of the application you’re running.

While MMC doesn’t enforce security, it does provide administrative control over the menu-like options. MMC uses different modes to determine what users can and can’t do within the console. If MMC is opened in Author Mode, all manner of changes can be made to the console. The administrator can opt to save the console so it opens in User Mode and limit it to three types of access: full access, delegated access with multiple windows, and delegated access with a single window. (In the next version, MMC 1.2, Microsoft uses the term “limited access” instead of delegated access.)

With full access, users can’t add or remove snap-ins, but they can move through the entire console tree and open new windows with their existing snap-ins. With delegated access, users can’t add or remove snap-ins; they also can’t display any windows not previously saved with the console. With the multiple windows option, more than one window can be saved as part of the console. In our queries .MSC example, we might save the BORK tools in one window and put the SQL database and SMS query container in another window.

These administrative controls don’t provide any sort of security. If users can gain access in Author Mode, they can rerun the SMS Site Database Connection Wizard snap-in and give themselves access to more than just the queries. As we’ll discuss later, Windows 2000 can use Group Policy Objects (GPOs) to prevent users from starting MMC in author mode at all.

Design Disparities

Microsoft has many plans for version 1.2, which ships with Win2K. One hopes the new version will follow the stated design philosophy better than the current version. We have several significant examples of differences between design and implementation.

In a white paper entitled simply, “Microsoft Management Console: Overview,” Microsoft claims that “the MMC environment provides for seamless integration between snap-ins.” While this is undoubtedly the goal, the reality falls short. For example, the Proxy Server snap-in is a problem child. If you run MMC 1.1 and open .MSC files created with 1.0, MMC will ask if you want to update to the 1.1 MSC format. If you do, and the document contains Proxy snap-ins, you’ll never be able to administer Proxy from that file again because the three DLLs fail to initialize. In discussions with Microsoft about this, we were unable to arrive at a workaround.

There are other disparities between the design and the realization of that design. Ideally, the .MSC files are supposed to allow you to package up any snap-in and send it to any computer. According to the white paper overview, “If the second administrator does not have all the necessary Snap-Ins installed on his or her computer, MMC will automatically download the needed Snap-Ins when the second administrator loads the .MSC file.” Download from where? The document doesn’t specify.

We found this same sentence in a few documents with the same name but different dates. In the document at www.microsoft.com/MANAGEMENT/MMC/overview.htm, copyright 1996, there’s a footnote that says, “Auto-download is not implemented now; it will be in a release after the Professional Developers Conference.” A later copy of the document, dated 1998, makes no such disclaimer. Has it been implemented? And as far as we can tell, no. We tried with SQL, SMS, the BORK, and IIS—none of them will run unless that application is installed on the computer on which you’re trying to run the .MSC file.

Right-clicking on something in the tree while in Author Mode presents an option for “New window from here.” This menu option is supposed to create a window with that node as the top of a new tree. Figure 2 shows how this feature presumably works. Note that in the top window, you can see all of the SMS options. The bottom window shows the result of invoking “New window from here” on the Collections node in the tree. Unfortunately, the change isn’t preserved. No matter how many “New windows from here” we opened, when we reopened the console, we got the full tree again in each one of those windows. This is the best case to hope for; there are documented cases of this option hanging your system with IIS and Terminal Server (as reported in KnowledgeBase article Q194393, “New Window From Here Option in MMC May Cause Fatal Error”). We have anecdotal experience with it hanging our SMS systems.

Figure 2. The “New window from here” option doesn’t stick and can actually hang your system.

Saving .MSC files in User Mode is supposed to prevent mischievous lesser admins from changing their consoles. In reality, getting access to Author Mode isn’t difficult. Once the user has started the .MSC file, he or she can right-click on the console’s title bar and bring up the User Options. From there, the user can select the option to “always open console files in Author Mode.” (See Figure 3). And it does. Also, if MMC is started with the /A switch, that automatically invokes Author Mode.

Figure 3. Getting access to Author Mode is a fairly easy matter, even for those who shouldn’t have it.

Usually in the Windows interface, the mouse can be used to access an object quickly and effectively. In this regard, certain snap-ins are a giant step backward. In the SMS snap-in, if you want to start one of the SMS Tools, you must first right-click the tool, then select “All tasks” from the context menu, then finally select the tool you want to start. Whatever happened to good old “double click?” (See Figure 4.)

Figure 4. Steps required to open an SMS tool don’t necessarily follow the clicking practices we’re accustomed to.

Another pet peeve from users of various snap-ins is how hard it can be to find what you need in the interface. Granted, the SMS 1.2 interface was far from perfect, but at least everything was fairly visible. In SMS 1.2, you had to use the File | Properties option to see all the site configuration settings. Once you found them, there was a clear button to set the parent site. In the 2.0 snap-in the method for joining a child site to a parent site is also set in the site properties. But the only way you can see those properties is to find the precise node in the tree and bring up the properties page. Even trying to explain which node to select is monumentally difficult without using pictures. Trying to remember where these options live can be every bit as difficult. In Figure 5, we show you how to accomplish this action in SMS 1.2 using the old interface. Figures 6 and 7 show you the process in MMC. Ouch!

Figure 5. Joining two sites in SMS 1.2 was fairly simple: File | Properties, then click a button.

Figure 6. Doing the same in SMS 2.0 is a bit more complex. First, locate the precise node in the tree and bring up a Site properties page...

Figure 7. …Then join two sites in SMS 2.0.

Because MMC is so visually based on the tree, it’s difficult to adapt this interface to comply with Microsoft’s own accessibility standards. Part of the Microsoft design guidelines for the Windows interface require that it be accessible without a mouse. With the SQL Server snap-in, among others, this is badly implemented. If you could use a mouse, you could simply click on the server you want to administer and bypass all other servers. Without the mouse, you have to arrow through the hierarchy of servers; MMC insists on actually connecting to every server you touch. If you have several servers, you can’t just move through the list, it’s arrow-wait-arrow-wait and then arrow again. In researching this article, we tried to move through a list past a server whose SQL Server service was stopped; we got two error messages regarding an inability to connect, then a Dr. Watson error message.

Another Achilles heel in the current implementation of MMC: It’s a single-threaded application. All snap-ins share that thread. What this means to us is that if a snap-in hangs or is simply very slow, nothing else can be done with MMC until the snap-in finishes or MMC is restarted. Consider what this means to the administrator who would like to multi-task. If a snap-in is taking a long time on the task—such as a database backup in SQL Server—it’s necessary to open several instances of MMC. One suggestion from Microsoft is to create small MSCs, each containing a single tool—one for Enterprise Manager, one for SMS, one for IIS—which sort of brings us back to where we started.

In many places, the MMC documentation states that it will run on Windows 9.x. MMC does, but most snap-ins don’t. This is akin to hiring a chauffeured car to take you on a mountain trip in winter. You ask, “Can the car handle icy winter roads?” The answer is yes. But when you get there, you find the car can but the driver can’t. Many administrators are frustrated and confused by this.

Who’s Behind the Wheel?

Taking a step back, it’s important to remember our initial description of MMC—it’s just a container for snap-ins. It’s easy to “shoot the messenger.” In this case, the messenger is the MMC envelope that wraps up a hodge-podge of different utilities written by different program groups or different companies, often without much regard for consistency. So who “owns” MMC?

There’s an actual MMC product group at Microsoft. They’ve recently been moved from the BackOffice team to be part of the Windows group. We’ll hope this gives them a better chance to integrate MMC with all the Windows products. (Suggestions and comments to the team can be addressed to mmcnews@microsoft.com.) Even though there’s a crew for MMC, the snap-ins are still written by different application teams at Microsoft, or by different vendors, or by independent programmers. And there isn’t much to go by in the way of standards. Microsoft Press has a book in the works that will be a snap-in author’s guide and will provide some sort of interface guidelines. But at the moment, there are no other guidelines to MMC standardization. That’s too bad, because it’s possible that these standards will address many current concerns. But even when standards are in place, will they be followed? Perhaps a better question than “Who owns MMC” is “Who enforces MMC?”

Even with standards in place, designers of snap-ins will still have a great deal of autonomy. For example, it will be up to each application to decide whether or not the snap-in will run on the Windows 9x platform. Even though MMC will run on Windows 9x, is that helpful if there are no snap-ins? MMC provides support for drag and drop, but it’s up to the snap-in creators to use this feature within their applications. In SMS, this has forced us back a step from the days when we could drag a package and drop it over a group to initiate software distribution. And if the SMS designers decide to hide the settings for joining two sites under a bushel, can any standard be crafted that could forbid them? If they did, would it be enforced? As Bill Cosby is credited with saying, “I don’t know the key to success, but the key to failure is to try to please everyone.”

The Future of The Beast

Since this article is being written well before Windows 2000 is scheduled to make its debut, it’s difficult to say for certain which new MMC features will ship with it. As Microsoft says in all of its beta disclaimers, we “cannot guarantee the accuracy of any information presented after the date of publication.” But we can tell you what Microsoft is saying about the beta version of MMC 1.2.

MMC is at the center of all management in Windows 2000. Old friends from NT 4.0 like Event Viewer and Performance Monitor have been given a once-over to adapt them to the MMC interface. Many new tools to manage Active Directory have been added, and they, of course, also use MMC.

One important feature for managing security is the ability to control who can get into Author Mode. Rather than leaving the weak restrictions in place from the NT 4.0/Win9x platforms, Windows 2000 can use Group Policy Objects (GPOs) to determine who gets Author Mode access. Even for users with access to Author Mode, GPOs can be used to set lists of permitted snap-ins and restricted snap-ins; GPOs can be configured to permit all snap-ins except the restricted ones, or they can restrict all snap-ins except the permitted ones.

In the next release of MMC, “taskpads” are supposed to be more widely implemented. A taskpad is a simplified window of task-oriented information. It uses a dynamic HTML (DHTML) page to show shortcuts to other tasks, groups of tasks by function, and simplified task lists. While these features are available to programmers in MMC 1.1, in 1.2 ordinary users will be able to customize their MMC environment with their own taskpads. They’ll also be able to maintain “favorites” inside their .MSC files.

One feature we probably won’t see in MMC 1.2 is printing. MMC doesn’t provide print services to snap-ins; instead the snap-in itself is required to handle printing tasks. This is an additional burden placed on snap-in developers, many of whom may never have considered the intricacies of printing before. Generally, we assume that the application will provide this service; for example, if I’m creating a solution in Word using VBA, I depend on being able to invoke the print method in Word. MMC offers no such service. What we’ll get in MMC 1.2 is the ability to export the data displayed in MMC to a text file.

The export feature will be enhanced by the ability to customize the columns configuration in a details list view. We should be able to rearrange columns or hide them completely. Certain snap-ins may also provide filtering by using drop-down list boxes under the column headings. As noted before, these will be options that snap-in developers may or may not choose to implement.

We’re also looking forward to a design change in the next release. Microsoft Certificate Server comes with the option pack and is used in public key/private key encryption. In the current version, the .MSC created by the installation of Certificate Server is stored in \winnt\system32. This isn’t good, since storing things in the system directory isn’t secure. The only items there should be system files, which should be protected from casual access, accidental deletion, and viruses. In Windows 2000, the system directory is more closely guarded and this .MSC file will be placed somewhere more appropriate.

MMC Snap-Ins: The Developer's Perspective
As part of its philosophy of having everything managed through MMC, Microsoft has made snap-in development available to a wide audience. Kits are available for download that ease the development of custom snap-ins.

Snap-ins can be developed with Visual C++ or Visual Basic tools available at www.microsoft.com/management/MMC/download.htm. VC++ programmers can download the 2.1M SDK; VB developers should try the ActiveX Designer for Visual Basic (1.1M), in beta at the time of this writing. While downloading, take a look at www.microsoft.com/management/MMC/devinfo.htm for some TechEd PowerPoint presentations; while the most interesting stuff is lacking (there are many slides that say “demo”), they’re decent roadmaps.

I downloaded and installed the VB kit. After my install, I was able to make a new project type: a SnapIn. I found several forms and controls in my project, but I had little to no idea what to do with them. Fortunately, the setup program also gave me some samples to look at. The FileExplorerSample.vbp project creates a snap-in that acts a lot like Explorer; it allows the user to navigate through directory hierarchies. The snap-in designer setup registers this new snap-in. Therefore, after setting up the designer, you can create a new MMC document and add in the FileExplorer snap-in. The software asks several questions when you do this: Should network drives and computers be browseable? Should the user be able to delete or rename files?

After the configuration, the snap-in is ready for use. Take a few minutes to work with it—not so much because you’re going to want to use the tool, but to see what it does in order to look at the VB project and see how it’s coded. Find VBSnapInsGuide.chm; this is the compiled HTML help document.

Reading the doc and looking at the project makes the target audience clear. Although the VB tool is impressive in the amount of complexity it hides, it’s obviously aimed at accomplished VB developers. Skills in scripting Office applications with VBA won’t be enough to understand what’s happening with a snap-in. ActiveX knowledge is required, especially:

  • How ActiveX DLLs interact with the system, including how to register them with regsvr32.
  • How project compatibility works and what its implications are.
  • How ActiveX controls are used on forms.

My favorite book covering these topics is Dan Appleman’s Developing COM/ActiveX Components with Visual Basic 6: A Guide To The Perplexed (SAMS, 1998, ISBN 1-56276-576-0, $49.99).

As you experiment, remember: The snap-in development kit is beta code. My testing resulted in many illegal operations, but produced no lasting ill effects. The most frustrating thing for me was that my snap-ins would sometimes appear in MMC’s add/remove snap-in dialog—and sometimes would not. This is OK for beta code, but the final version will have to be far more stable if it is to be widely adopted.

Now that I can write my own snap-ins, I’m paying close attention to the good and the bad in the snap-ins I use. By doing this, I hope to learn what to do and what not to do. It’s important to remember that MMC gives the snap-in, and therefore the snap-in designer, a lot of power.

For example, it’s possible to write a snap-in that has an overly long timeout while trying to connect to a remote computer. Because all of the snap-ins are sharing a single thread, nothing else can be done with that instance of MMC until the snap-in releases the thread. This is somewhat analogous to the situation we had with 16-bit Windows, in which a single application could hang the entire system. If Microsoft fixes the bugs, supports the kit with documentation and examples, and doesn’t break our snap-ins with future MMC versions (like what happened with the Proxy Server snap-in and MMC 1.2), this might be a very useful tool. Time will tell.

—Richard White

Too Simple to be Powerful?

According to Microsoft literature, MMC provides several key benefits like task orientation, customization of consoles, integration, extensibility, and overall interface simplification. The task orientation is definitely a plus. Being able to customize the .MSCs for admins of different abilities and job descriptions is a boon. Allowing users to create their own taskpads in MMC 1.2 will add even more flexibility. But until the “New window from here” option works reliably and consistently, one of our major customization options hovers just out of reach.

Integration in MMC is a good idea, as long as someone can keep all the snap-ins from stepping all over each other. Who will watch the sandbox to make sure everyone plays together? How will extensibility be maintained when we’re dealing with so many variables? Granted, ensuring compatibility of management apps isn’t as far-reaching a task as ensuring compatibility of applications within an OS, but it confronts many of the same problems. How do you change one thing without breaking everything else? And if the application programmer doesn’t follow the rules and something blows up, it’s the container that ends up looking bad. On the MMC home page (www.microsoft.com/management/MMC) Microsoft maintains a snap-in gallery where ISVs can have their snap-ins posted. According to Microsoft, any submitted snap-ins can then also be tested to make sure they’ll still work as changes are made to the MMC container. But all it takes is one change from the ISV or one change from a service pack, and everything goes poof.

Overall, interface simplification is an admirable goal, but it begs the question—is there such a thing as being too simplified? While management tasks are presumably becoming more straightforward, the programs behind them are becoming more complex. An analogy can be made to cars over the past few years. You can get a car now that doesn’t need a tune-up for years. Doors, windows, seat operation—all of these are power-driven and packed with features. But what happens when something breaks? It isn’t as simple as grabbing a wrench and popping the hood anymore. We’re seeing the same thing with our OSs and applications. SQL Server may be auto-tuning, but what happens when it doesn’t auto-tune things correctly for a particular application?

The Windows 2000 MMC provides a snap-in for managing user accounts, but it doesn’t give many options outside the wizards. The SMS MMC provides a special switch to start the admin console with additional node information not present in the default settings. Perhaps this is something that should be more widely used and documented. If the management interface is too simplified, administrators will have to turn to other means to get the job done—tweaking the registry, using ISQL, or writing scripts. The more simplified the interface, the more frequently we’ll have to abandon it for truly tough tasks. And the more frequently other vendors will step in and write different management tools, tools which may or may not use MMC. While this doesn’t negate the value of having simple tools for simple tasks, it takes us further from the goal of having a true unified management interface.

We’re not saying that Microsoft—or any other software company—has to be perfect. But when it sets a task for itself, like creating a comprehensive and consistent interface, how effectively can it deliver? Will Microsoft really come through with a one-size-fits-all Microsoft Management Console? The check is in the mail.

Featured

comments powered by Disqus

Subscribe on YouTube