How to Enable Remote Administration of Server Core via MMC using NETSH
Hello, this is LaNae Wade from the Directory Services team.
Windows Server 2008 Core introduces some challenges in administering servers without an explorer shell. Here are some netsh commands that will help you administer your Server Core installation remotely through MMC snap-ins.
Allowing Administration of Server Core from a Remote MMC
To administer the Server Core installation from a remote MMC you must configure the Windows Firewall.
If you do not configure the firewall to allow remote administration via MMC you will get an error. For example:
When you attempt to connect to a Windows Server 2008 Core installation via Device Manager you may receive the following message:
Unable to access the computer “ComputerName” Make sure that this computer is on the network, has remote administration enabled, and is running the “Plug and Play” and “Remote registry” services.
The error was: Access Denied
When you attempt to connect to a Windows Server 2008 Core installation via Event Viewer you may receive the following message:
Event Viewer cannot connect to computer “ComputerName”. The error reported is: The RPC server is unavailable
When you attempt to connect to a Windows Server 2008 Core installation via Event Viewer you may receive the following message:
Disk Management could not start Virtual Disk Service (DS) on “ComputerName”. This can happen if the remote computer does not support VDS, or if a connection cannot be established because it was blocked by Windows Firewall.
In order to run the Netsh advfirewall commands you must have the correct permissions.
· If you are a member of the Network Operators group you can run the commands from any command prompt.
· If you are not a member of the Local Administrators or Network Operators group and do not have delegated permissions to run the netsh advfirewall command, you can only run the commands that display information. You cannot make any changes to the settings.
Before you can make any changes to the firewall settings remotely you must first enable remote administration of the firewall by typing the following command at a command prompt:
Netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable =yes
Once the firewall has been configured for remote administration you can began to allow remote management through MMC snap-ins. You can configure the firewall to allow remote management via all MMC snap-ins or you can specify particular MMC snap-ins.
The following command will allow you to remotely manage a Server Core installation through all MMC snap-ins.
Netsh advfirewall firewall set rule group=”remote administration” new enable=yes
To allow remote management via specific MMC snap-ins, run the following command.
Netsh advfirewall firewall set rule group=”<rulegroup>” new enable=yes
Note: You can reference the table below for available rulegroups. Some snap-ins will require more configuration before you can connect to them through a firewall. Also, some MMC snap-ins do not have an associated rule group that allows connections through firewalls.
If you look at the chart above you will see Disk Management and its corresponding rule group. This is one of the MMC snap-ins that will need additional configuration. In order to use this snap-in for remote management you must first start the Virtual Disk Service (VDS) on the computer that is running the Server Core installation. You also have to configure the Disk Management rules on the computer that is running the MMC snap-in. The command to enable the Remote Volume Management Rule group is as follows.
Netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes
Running this command will enable the Remote Volume Management – Virtual Disk Service Loader (RPC), Remote Volume Management – Virtual Disk Service (RPC), and Remote Volume Management – Virtual Disk Service (RPC-EPMAP) inbound rules. Remember these rules must be enabled on both the server that is running the MMC and the remote Server Core installation.
Summary
You now know some of the commands you can run to enable remote management through MMCs. There are other commands besides netsh that would allow you to enable remote management through MMCs not covered in this blog. Check out the NETSH Technical Reference it has a lot of this information in it, as well as a ton of other netsh commands. You can download it from the link below.
- LaNae Wade