none
How to remotely use Device Manager against Core? RRS feed

  • Question

  • I have been trying to use Device Manager on WS08 Full to manage Server Core but I cannot figure out which firewall rules to enable for this. Can someone tell me which firewall exceptions I need to do this?

     

    I can manage the Core firewall remotely and I've tried enabling various rules but I'd rather not shoot in the dark for this. I'd prefer to use local netsh commands rather than the remote GUI so all I really need are the rule names. I guess I could also get a net trace and get the ports from that but there must be a better way so I'm falling back on you gurus again for help.

     

    Thank you.

    Tuesday, July 17, 2007 5:19 PM

Answers

  • Hi,

     

    To enable the appropriate management rules for remote management, you need to run:

    netsh firewall set services remoteadmin enable

    Sorry if I missed that above, I'm trying to get the netsh advfirewall equivalent from the firewall team.

     

    With the above and the PnP interface enabled, you should be able to connect Device Manager. I have it working, although in a newer build than the June CTP. Right after the read-only message, it should populate the tree of devices in Device Manager.

     

    The other possible issue is credentials. Are both boxes domain joined or is this a workgroup. If in a workgroup with different credentials you will need to use cmdkey to specify different credentials to use:

    cmdkey /add:<servername> /user:<username> /pass:<password> (omit the /pass switch to be prompted for a password)

     

    Andrew

     

     

     

    Tuesday, July 17, 2007 11:43 PM
  • Hi,

     

    I'm working with the firewall team to try and come up with a list along the lines of:

    To use MMC xyz, use netsh advfirewall to enable rule abc

    Until that gets finalized, the recommendation is to just enable remote administration:

    netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

     

    Andrew

     

    Thursday, July 19, 2007 5:59 PM

All replies

  • Hi,

     

    Once you have the firewall configured to allow remote management, you then need to "Allow remote access to the PnP interface" on the Server Core box. To do that, on a Server installation open gpedit.msc and connect to the Server Core box.  Go to Local Computer Policy / Computer Configuration / Administrative Templates / System / Device Installation and enable "Allow remote access to the PnP interface". Reboot the Server Core box.

     

    You should then be able to connect with Device Manager. However, be aware that Device Manager is read only when used remotely.


    Hope that helps,

     

    Andrew

     

     

     

    • Proposed as answer by dydoria Tuesday, May 25, 2010 9:38 PM
    Tuesday, July 17, 2007 5:32 PM
  • Thank you for the response. I was still not able to get Device Manager working after enabling the PnP policy and rebooting. For the remote firewall management, I had just used this command:

     

    netsh advfirewall set allprofiles settings remotemanagement enable

     

    So I assume that the netsh command above is not the only firewall configuration I need to make. I see that there are numerous "Remote Administration (xxx)" firewall rules that are not enabled but enabling those did not seem to help either. If I disable the firewall, using the following command, I get the message that Device Manager is running in Read Only mode but I still do not see the devices:

     

    netsh advfirewall set allprofiles state off

     

    Could you provide the exact firewall rules that need to be configured to allow remote Device Manager functionality?

     

    Also, should I expect the list of devices on Core to be enumerated on build 6.0.6001 (v.222), the June CTP?

     

    Thanks!

    Tuesday, July 17, 2007 6:16 PM
  • Hi,

     

    To enable the appropriate management rules for remote management, you need to run:

    netsh firewall set services remoteadmin enable

    Sorry if I missed that above, I'm trying to get the netsh advfirewall equivalent from the firewall team.

     

    With the above and the PnP interface enabled, you should be able to connect Device Manager. I have it working, although in a newer build than the June CTP. Right after the read-only message, it should populate the tree of devices in Device Manager.

     

    The other possible issue is credentials. Are both boxes domain joined or is this a workgroup. If in a workgroup with different credentials you will need to use cmdkey to specify different credentials to use:

    cmdkey /add:<servername> /user:<username> /pass:<password> (omit the /pass switch to be prompted for a password)

     

    Andrew

     

     

     

    Tuesday, July 17, 2007 11:43 PM
  • I built another Core server and only enabled remote firewall management and now Device Manager works against that Core server. Go figure. I have no idea why. I did run the netsh command afterwards to enable remoteadmin and I can see what it does in the firewall but I can disable remoteadmin and Device Manager continues to work.

     

    I think that firewall management will be a little tough for Core, trying to get all of the remote admin tools working.

     

    Thank you for all of the great info so far!

    Wednesday, July 18, 2007 9:51 PM
  • Hi,

     

    I'm working with the firewall team to try and come up with a list along the lines of:

    To use MMC xyz, use netsh advfirewall to enable rule abc

    Until that gets finalized, the recommendation is to just enable remote administration:

    netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

     

    Andrew

     

    Thursday, July 19, 2007 5:59 PM
  • Andrew,

     

       I am trying to get to Device Manager from my Windows 2008 core too, and I would like to know exactly what commands should I give to make it work. I did the following:

     

    1. I disable the firewall:

    netsh advfirewall set allprofiles state off

     

    2. Enable the PnP services using GPO:

    That´s what I think I may missing. My core is not member from my domain, is standalone (workgroup). How can enable it using Regedit instead?

     

    Any other commands to enable the device manager remotely? I want to create a team using four network cards and I need to get to the Device Properties of the Intel NIC. That´s it!

     

    Regards,

     

    Doria

     

    Wednesday, April 16, 2008 10:05 PM
  • Hi,

     

    For 2 you need to:

    • Start MMC
    • Add Snap-in
    • Select Group Policy Object
    • Follow the dialogs and select your Server Core computer

    You can then set the policy remotely.

     

    However, Device Manager is read only when used remotely so you won't be able to make any configuration changes.

     

    Andrew

     

     

     

     

     

    Wednesday, April 16, 2008 11:26 PM
  • I found it!

     

      Thanks Andrew!

     

    Thursday, April 17, 2008 12:47 PM
  • dydoria.. how did u manage to team ur nics? thx
    Friday, August 1, 2008 6:24 PM
  • I did not! Could not make it work yet.... remote device manager gives read mode only support and Intel does not make available any command line tool either! Dead-end!

    See you.
    Doria
    Doria
    Wednesday, August 20, 2008 3:37 PM
  • Andrew Mason - MSFT said:

    Hi,

     

    I'm working with the firewall team to try and come up with a list along the lines of:

    To use MMC xyz, use netsh advfirewall to enable rule abc

    Until that gets finalized, the recommendation is to just enable remote administration:

    netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

     

    Andrew

     


    What else can I try if the above just results in an error message:

    Computer \\<ip here> cannot be managed. (null)

    The server and the Vista box I am using remotely are both in Workgroup mode.
    I did run the cmdkey command you showed above as the credentials are different.

    I executed all the firewall commands I could find in the step-by-step guides and elsewhere.  I can connect to the server remotely using RDP without any problems, but any MMC connection is refused.   I have spent hours browsing the web for solutions, and the whole "check this blog, check that blog" is getting very old.

    Why is there no central place that has a detailed guide on how to manage a 2008 server core remotely in a workgroup-workgroup setting which ought to be quite common for small shops.  The best resource I found are the guides on petri.co.il, but even though I followed them to the letter, the MMC connection will not work. :(
    Wednesday, September 24, 2008 4:19 PM
  • I also am unable to access Device Manager remotely.  I turned the firewall off, enabed pnp remote in group policy and am still device manager is read only. 

    I turned the firewall back on, enabled remote management just to see and no difference.

    What could I be missing?

    I thought maybe this is a domain policy, but my 2003 domain does not have this pnp setting available. 

    ???

    Thanks!

    My server core keeps bluescreening - it appears to be the video driver that is causing it, I would like to update the driver and get control of device manager remotely.
    • Proposed as answer by DeadFalcon Saturday, May 31, 2014 8:08 PM
    Wednesday, October 8, 2008 10:05 PM
  • Kfoutts said:

    I also am unable to access Device Manager remotely.  I turned the firewall off, enabed pnp remote in group policy and am still device manager is read only. 

    I turned the firewall back on, enabled remote management just to see and no difference.

    What could I be missing?

    I thought maybe this is a domain policy, but my 2003 domain does not have this pnp setting available. 

    ???

    Thanks!

    My server core keeps bluescreening - it appears to be the video driver that is causing it, I would like to update the driver and get control of device manager remotely.


    As Andrew stated above:-

     "You should then be able to connect with Device Manager. However, be aware that Device Manager is read only when used remotely."
    Cheers, Stephen Edgar
    Thursday, October 9, 2008 5:02 AM
  • Kfoutts said:

    I also am unable to access Device Manager remotely.  I turned the firewall off, enabed pnp remote in group policy and am still device manager is read only. 

    I turned the firewall back on, enabled remote management just to see and no difference.

    What could I be missing?

    I thought maybe this is a domain policy, but my 2003 domain does not have this pnp setting available. 

    ???

    Thanks!

    My server core keeps bluescreening - it appears to be the video driver that is causing it, I would like to update the driver and get control of device manager remotely.


    As Andrew stated above:-

     "You should then be able to connect with Device Manager. However, be aware that Device Manager is read only when used remotely."
    Cheers, Stephen Edgar
    Stephen, how can i manage de devices remotely ? there is no way ??

    tks

    Eduardo Trombini MCTS - 2008 network infraestructure MCP - 2003
    Tuesday, July 28, 2009 1:27 PM
  • There is a CLI way to team your NICs if you are using Intel or Broadcom.    Check out the following link:

    http://www.nullsession.com/2010/08/15/nic-teaming-in-server-core-or-hyper-v-server/

     

    Basically it's all command line based, and is a pain in the ass, BUT it does do the trick!

    Thursday, July 14, 2011 5:05 AM
  • Hi Andrew,

    I have a Server core machine that is in a Workgroup and need to connect to it from a Domain Server... I have created the credentials for the Workgroup Core Server on the Server I want to connect with using cmdkey but I get access denied when connecting via MMC. Is there another step needed in order for the Domain Server to know to use the stored credentials?

    So basically, the client has the stored credentials saved but looks like its not using the stored credentials when creating an MMC and pointing it to it. All ports are open so the issue is not there

     

    Cheers

    Thursday, July 14, 2011 10:36 AM
  • I´ve tried everything in this thread, but still I get error message when trying to access Device Manager with Remote Computer Management:

    - Allow remote PnP policy is enabled and applied
    - Remote registry is enabled
    - Firewall state is off
    - PnP service is started

    I would be happy even with read only mode, but I cannot get in device manager at all. I´m running 2012 datacenter core, which I try to contact with W8 client.

    • Edited by yannara Wednesday, July 3, 2013 4:41 PM image
    Wednesday, July 3, 2013 4:38 PM