How to Remote Manage Server 2008 (R1) Core with No Domain
- I've recently decided to install Server 2008 Core on an old computer of mine to use as a DHCP/AD/DNS server for my home network. At the moment I have the server and one other computer connected to the same router. Neither are in a workgroup, and I haven't yet begun the process of setting up a domain or DHCP on the server. The server is getting its IP manually, the computer from the DHCP on the router (easily disabled).
The issue I'm running into is that when I attempt to manage the firewall through the MMC on my computer, I receive the following error:
You do not have the correct permissions to open the Windows Firewall with Advanced Security console.
Normally this is a problem I'm pretty familiar with. Just log into the server and add your domain account to the Administrators or Remote Users group. Unfortunately, as I said, there IS no domain here, and I haven't been able to find a way to connect via the MMC with the local admin account of the server. I have tested that the computer is able to get to the server, and had to temporarily disable the firewall to be able to do so.
Below are the two relevant commands that I've run:
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
netsh advfirewall set currentprofile settings remotemanagement enable
Any insight or suggestions on how to remote manage the firewall in this setting would be appreciated.
Réponses
To manage a server that is running a Server Core installation and is not a domain member using an MMC snap-in
1. If the server running a Server Core installation is not a member of a domain, establish alternate credentials to use to connect to the Server Core installation by typing the following command at a command prompt on your client computer:
cmdkey /add:<ServerName> /user:<UserName> /pass:<password>
Where:
ServerName is the name of the server running a Server Core installation.
UserName is the name of an administrator account.
To be prompted for a password, omit the /pass option.
2. When prompted, type the password for the user name that is specified in the previous step.
3. If the firewall on the computer running a Server Core installation is not already configured to allow MMC snap-ins to connect, follow the steps in "To configure Windows Firewall to allow MMC snap-in(s) to connect." Then return to this procedure.
4. On a different computer, start an MMC snap-in, such as Computer Management.
5. In the left pane, right-click the top of the tree and click Connect to another computer. (In the Computer Management example, you would right-click Computer Management (Local).)
6. In Another computer, type the computer name of the server running a Server Core installation and click OK.
7. You can now use the MMC snap-in to manage the server running a Server Core installation as you would any other computer running a Windows Server operating system.
To configure Windows Firewall to allow MMC snap-in(s) to connect
· To allow all MMC snap-ins to connect, at a command prompt, type:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
· To allow only specific MMC snap-ins to connect, at a command prompt, type:
Netsh advfirewall firewall set rule group=“<rulegroup>” new enable=yes
Where:
Rulegroup is one of the values from the table below, depending on which snap-in you want to connect.
MMC snap-in
Rule group
Event Viewer
Remote Event Log Management
Services
Remote Services Management
Shared Folders
File and Printer Sharing
Task Scheduler
Remote Scheduled Tasks Management
Reliability and Performance
· Performance Logs and Alerts
· File and Printer Sharing
Disk Management
Remote Volume Management
Windows Firewall with Advanced Security
Windows Firewall Remote Management
Notes
· Some MMC snap-ins do not have a corresponding rule group that allows them to connect through the firewall. However, enabling the rule groups for Event Viewer, Services, or Shared Folders will allow most other snap-ins to connect.
· Additionally, certain snap-ins require further configuration before they can connect through the firewall:
· Device Manager. You must first enable the Allow remote access to the PnP interface policy setting. To do this, on a computer running Windows Vista or a full installation of Windows Server 2008, open the Local Group Policy Editor MMC snap-in, connect to the computer running a Server Core installation, navigate to Computer Configuration\Administrative Templates\Device Installation, and then enable Allow remote access to the PnP interface. Restart the computer running a Server Core installation.
Note that when Device Manager is used remotely, it is read-only.
· Disk Management. You must first start the Virtual Disk Service (VDS) on the computer running a Server Core installation.
· IP Security Monitor. You must first enable remote management of this snap-in. To do this, at a command prompt, type:
Cscript \windows\system32\scregedit.wsf /im 1
· Reliability and Performance. The snap-in does not require any further configuration, but when you use it to monitor a computer running a Server Core installation, you can only monitor performance data. Reliability data is not available.- Marqué comme réponseMervyn ZhangMSFT, Modérateurjeudi 5 novembre 2009 08:16
Toutes les réponses
To manage a server that is running a Server Core installation and is not a domain member using an MMC snap-in
1. If the server running a Server Core installation is not a member of a domain, establish alternate credentials to use to connect to the Server Core installation by typing the following command at a command prompt on your client computer:
cmdkey /add:<ServerName> /user:<UserName> /pass:<password>
Where:
ServerName is the name of the server running a Server Core installation.
UserName is the name of an administrator account.
To be prompted for a password, omit the /pass option.
2. When prompted, type the password for the user name that is specified in the previous step.
3. If the firewall on the computer running a Server Core installation is not already configured to allow MMC snap-ins to connect, follow the steps in "To configure Windows Firewall to allow MMC snap-in(s) to connect." Then return to this procedure.
4. On a different computer, start an MMC snap-in, such as Computer Management.
5. In the left pane, right-click the top of the tree and click Connect to another computer. (In the Computer Management example, you would right-click Computer Management (Local).)
6. In Another computer, type the computer name of the server running a Server Core installation and click OK.
7. You can now use the MMC snap-in to manage the server running a Server Core installation as you would any other computer running a Windows Server operating system.
To configure Windows Firewall to allow MMC snap-in(s) to connect
· To allow all MMC snap-ins to connect, at a command prompt, type:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
· To allow only specific MMC snap-ins to connect, at a command prompt, type:
Netsh advfirewall firewall set rule group=“<rulegroup>” new enable=yes
Where:
Rulegroup is one of the values from the table below, depending on which snap-in you want to connect.
MMC snap-in
Rule group
Event Viewer
Remote Event Log Management
Services
Remote Services Management
Shared Folders
File and Printer Sharing
Task Scheduler
Remote Scheduled Tasks Management
Reliability and Performance
· Performance Logs and Alerts
· File and Printer Sharing
Disk Management
Remote Volume Management
Windows Firewall with Advanced Security
Windows Firewall Remote Management
Notes
· Some MMC snap-ins do not have a corresponding rule group that allows them to connect through the firewall. However, enabling the rule groups for Event Viewer, Services, or Shared Folders will allow most other snap-ins to connect.
· Additionally, certain snap-ins require further configuration before they can connect through the firewall:
· Device Manager. You must first enable the Allow remote access to the PnP interface policy setting. To do this, on a computer running Windows Vista or a full installation of Windows Server 2008, open the Local Group Policy Editor MMC snap-in, connect to the computer running a Server Core installation, navigate to Computer Configuration\Administrative Templates\Device Installation, and then enable Allow remote access to the PnP interface. Restart the computer running a Server Core installation.
Note that when Device Manager is used remotely, it is read-only.
· Disk Management. You must first start the Virtual Disk Service (VDS) on the computer running a Server Core installation.
· IP Security Monitor. You must first enable remote management of this snap-in. To do this, at a command prompt, type:
Cscript \windows\system32\scregedit.wsf /im 1
· Reliability and Performance. The snap-in does not require any further configuration, but when you use it to monitor a computer running a Server Core installation, you can only monitor performance data. Reliability data is not available.- Marqué comme réponseMervyn ZhangMSFT, Modérateurjeudi 5 novembre 2009 08:16
- Ok...what am I doing wrong? On top of what I mentioned in the first post, I've run the following commands and still get an access denied message from the client computer connecting to the server core through MMC:
Windows 7 client - Bob
User: Bob\Pat - Administrator group
2k8 Core server - Sam
User: Sam\Administrator - Default Administrator account
On Client
cmdkey /add:Sam /user:Pat /pass:
cmdkey /add:Sam /user:Bob\Pat /pass:
cmdkey /add:Sam /user:Administrator /pass:
cmdkey /add:Sam /user:Sam\Administrator /pass:
On Server
netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
cmdkey /add:Sam /user:Pat /pass:
cmdkey /add:Sam /user:Bob\Pat /pass:
cmdkey /add:Sam /user:Administrator /pass:
cmdkey /add:Sam /user:Sam\Administrator /pass:
Naturally, I didn't add all of these at once, I tried them one at a time and checked the results. I'm still doing something wrong, or missing something, but I don't know what. - Hi,
Try the following command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
Managing a Server Core installation: Overview
http://technet.microsoft.com/en-us/library/ee441255(WS.10).aspx
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights.
