Configuring the Firewall on Server Core for Remote Management

Just like on a full server installation, the firewall is on by default in a Server Core installation and most inbound traffic is blocked at the end of setup. There are then three scenarios for remote management via MMC:

  1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, you can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
  2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
  3. Workgroup server – This is the scenario in which you may need to make firewall configuration changes to allow remote management. If you just want all remote management to work you can use:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

However, it is possible to be more granular and only allow certain MMC snap-ins to remotely manage the box. I’ll talk more about that in my next post.

Note that the other methods of remote management are either enabled out of the box, such as WMI, or when enabled the firewall is configured to allow them, such as Terminal Server remote administration mode.