Windows Server 2012 Remote Management

Windows Server 2012 Remote Management

Windows Server 2012 is best candidate to be remotely administered than any of its predecessors. If offers new capabilities in remote administration as behind the scene existing technologies have been revised to simplify the remote management.

Managing Single or Multiple servers using Server Manager

The new Server Manager (SM_icon) in Windows Server 2012 can help you in managing single or multiple servers remotely using single interface.  Major UI & Functional improvements are done in this new SM.

The “Local Server” option in the left navigation pane allows you to manage current server.

One way you can use Server Manager, to manage multiple servers is using “All Servers” option in the left navigation pane. You can also use “Create Server Group” option in SM on Manage menu to create server groups such as DNS Servers, Exchange Servers etc… You can multi-select servers on Server Manager Pages which enables you to perform some actions simultaneously on all the selected servers.

What you need is to start adding remote servers to Server Manager, which are already enabled for Remote Management.

SM_AddServerOrGroups

 

Remote Management Types (DCOM & WinRM)

For remote management, WMI (Windows Management Interface) queries & configuration commands are typically passed through one of two protocols: Distributed Component Object Model (DCOM) or Windows Remote Management (WinRM).

DCOM is older proprietary technology for the communication of software components across the networks and Microsoft Management Console (MMC) Snap In is an example of DCOM. Generally speaking DCOM components requires certain ports to be opened on the firewall of the server you want to manage.  There are some inbound rules that need to be enabled by either using PowerShell or Windows Firewall with Advanced security. These inbound rules are mentioned below:

1)    COM+ Network Access (DCOM – In).

2)    All rules in the Remote Event Log Management group.

Enable-NetFirewallRule is a PowerShell cmdlet used for this purpose.

Other inbound rules that you might need to create are:

–   Remote Volume Management (for remote disk management)

–   Windows Firewall Remote Management (to use Windows Firewall with Advanced Security remotely).

WinRM is the Microsoft implementation of an independent standard called WS-Management Protocol. WinRM is not new but in Windows Server 2012 most of Remote management features are using WinRM instead of DCOM.

The most significant set of tools which uses WinRM are Windows PowerShell, WinRS (Windows Remote Shell – a client tool for WinRM) & Server Manager 2012.

WinRM tools are firewall friendly as they work over HTTP (port 5985) or HTTPS (port 5986). These ports must be open along with WinRM listener on the server which you want to manage remotely. Both Listener and port can be configured using WinRM command.

Remote management based on WinRM is by default enabled in Windows Server 2012.

Enabling Remote Management on Windows Server 2012

There are different ways to enable Remote Management on Windows Server 2012.

1)    Using SConfig.cmd

2)    Using Server Manager

3)    Using WinRM

4)    Using Command Prompt

5)    Using Group Policy

Enabling Remote Management on Server Core with SConfig

SConfig is a text based configuration tool that is available in the Server Core version of Windows 2012 Sever. Sconfig is was also available in Windows Server 2008 R2.

This is easy to use tool. Just type SConfig at the command prompt in Server Core and you get menu of self-explanatory configuration options. Press 4 to configure Remote Management.

SM_SConfig

Enable Remote Management using Server Manager

To enable Remote Management using Server Manager, perform following steps:

1)    In Server Manager, in the properties area of the Local Server Page, Click the Hyperlink for Remote Management Property as shown below.

2)    In the dialog box that opens select “Enable Remote Management of this Server From Other Computers” and then click OK.

SM_Remoting

Enable Remote Management using WinRM

Open command prompt with an elevated privileges on the server you want to want to manage and type WinRM QuickConfig. It will enable remote management on this server.

SM_WinRM

Enable Remote Management using Command Prompt
Configure-SMRemoting.exe –Enable

Or to disable, use following.

Configure-SMRemoting.exe –Disable

In case you are in Server Core Mode, you can use Configure-SMRemoting –Get to view the current remote management configuration on the server.
The above command is equivalent of WinRM QuickConfig command.
Configure-SMRemoting.ps1 is Powershell cmdlet for same purpose.

SM_ConfigureSMRemoting

Note: Above 4 methods will enable only WMI based remote management.
You still need to enable the DCOM Ports manually if required for your operations.

Local Administrators accounts other than the built-in Administrator account might not have rights to manage server remotely, even if Remote Management is enabled. The Remote User Account (UAC) LocalAccountTokenFilterPolicy registry settings must be configured to allow local accounts of the administrators group other than the built-in administrator account to remotely manage the server.

Enable Remote Management Using Group Policy

This is most efficient way of enabling remote management for both WMI & DCOM based administration (creating WMI Listener and inbound rules for both protocols). I will talk more about this option in my future blog.

Configure Remote Management of earlier versions of Windows Server

Servers running previous versions of Windows Servers can be managed remotely in Server Manager. All you need is to update these servers with .NET Framework 4 and Windows Management Framework 3.0.

Installing these updates makes these operating systems compatible with Server Manager in Windows Server 2012. To configure the servers for remote management, run the WinRM QuickConfig command and (optionally) create the inbound firwall rules needed to support MMC traffic.

As an alternative to WinRM QuickConfig command you also can perform following steps:

1)    Open an elevated Windows PowerShell prompt

2)    Type Set-ExecutionPolicy RemoteSigned

3)    Type Configure-SMRemoting.ps1 –force –enable

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s