Introducing Server management tools

I am Kriti Jindal, a program manager on the Server management tools team.

At last year’s Ignite and Build conferences, Jeffrey Snover (Technical Fellow) and Andrew Mason (Principal PM Manager) first demoed the Server management tools. Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. Today, we are announcing the public preview of Server management tools!

For a quick overview of the features supported, checkout my demo video:

For those of you interested in a deeper dive, continue reading!

Server management tools overview

As I mentioned above, Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. This is especially useful when managing headless servers such as Nano Server and Server Core. These tools also provide rapid access to your on premises infrastructure alongside your Azure resources. In this first release, the tools can only be used to manage Windows Server 2016 Technical Preview SKUs running on-premises as well as in Azure. The tools are hosted in Microsoft Azure.

Currently, the tools offer the following capabilities:

  • View and change system configuration
  • View performance across various resources and manage processes and services
  • Manage devices attached to the server
  • View event logs
  • View the list of installed roles and features
  • Use a PowerShell console to manage and automate

This is a preliminary set of tools that are required for basic server diagnostics. If you have specific requests on what tools would be most valuable to you, please let us know using the Windows Server Management Tools UserVoice feedback site.

Setup and deployment

A Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machines. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The machine must have an internet connection.

If the machine hosting the gateway is a Windows Server 2012 R2 machine, please install WMF 5.0. This is required to use PowerShell to manage Windows Server 2016 Technical Preview or Nano Server machines from Windows Server 2012 R2. Use the following link to install WMF 5.0:

If the machine hosting the gateway is a Windows Server 2016 Technical Preview machine, no additional preparation is required.

You will also need an Azure subscription to use Server management tools.

Now let’s discuss how you can setup the Server management tools gateway and start managing your machine(s).

Step 1: Create a new Server management tools connection

Ok so you have a machine that you want to be able to manage via Server management tools. To begin your deployment, log in to your Azure portal account and search for “Server management tools” in Marketplace or navigate to it:

Select the Server management tools, read the description, review the terms of this Preview release, and click “Create”.

This will open a form prompting you to fill out the information for the connection you are establishing.

Please provide the NAME/IP/FQDN of the machine you want to connect to. If you have an existing resource group and gateway, you may opt to select them here rather than to create a new group or gateway.

If this is the first Server management tools connection you are creating, you will also need to choose to create a new Server management tools gateway and give it a name. You will be prompted to complete the gateway configuration after the Server management tools connection is created.

Once the form has been completed, click create at the bottom of the screen and you will be taken back to the Azure Startboard. Assuming “Pin to Startboard” was checked, you will see a tile appear that will indicate the deployment is in progress. Please note that you are not actually creating the connection to the machine but just a resource in Azure. The connection to the machine is initiated once you provide the credentials on the main Server management tools blade.

Once the deployment succeeds, you will be taken to the Server management tools blade where you can provide the credentials and connect to the machine. The User Name and Password are not being created by the connection, and must already exist on the machine and have proper permissions. I.e. use a user account which is a member of the local Administrators group on the target server you are connecting to.

Step 2: Configuring a new Server management tools Gateway

If you are creating a new gateway, you will see the following status:

Click to open the Gateway Configuration page and read carefully and follow the directions to set up your on-premises machine or Azure VM as the gateway.

Note: Please unzip the zip file and run the gateway MSI installer from the folder you unzipped to. If you run the MSI from the zip file without unzipping first, you will need to also specify the profile.json file.

After installing the gateway MSI, return to the Azure portal, and click Refresh. You will now be prompted to enter the credentials to start managing the machine. You will see the following status:

Congratulations! You have established a remote connection to your resource and are now able to perform management tasks on it through the Azure Portal.

Managing Workgroup machines

In order to connect to workgroup machines (e.g. non-domain-joined Nano Servers), run the following command in PowerShell or Command Prompt as Administrator.  TargetMachineNameOrAddress should be the NetBIOS name, FQDN or IP address (IPv4 or IPv6) that you’ve used when creating the Server management tools connection in Azure (which is also the name displayed at the top of the blade). You can also add multiple machines by separating them with commas.

Command Prompt: winrm set winrm/config/client @{ TrustedHosts=”TargetMachineNameOrAddress” }
PowerShell: winrm set winrm/config/client ‘@{ TrustedHosts=”TargetMachineNameOrAddress” }’

NOTE: The commands above will replace any previous list of registered trusted hosts with the host(s) you specify in the command. You can use the following command in PowerShell with the Concatenate parameter to add a computer name to an existing list of trusted hosts.
Set-Item wsman:\localhost\Client\TrustedHosts TargetMachineNameOrAddress –Concatenate

Additional connectivity requirements

If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:

REG ADD HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

If you wish to connect to a workgroup machine which is not on the same subnet as the gateway, run the following command in an administrator session on the target machine:

NETSH advfirewall firewall add rule name=”WinRM 5985″ protocol=TCP dir=in localport=5985 action=allow

The Server management tools team is looking forward to your feedback on the public preview. You can provide feedback on the tools directly via the feedback button in the Azure portal. We also routinely monitor the Windows Server Management Tools UserVoice feedback site for suggestions on improvements and encourage you to submit your ideas there.



Comments (43)

  1. Adz says:

    I though jeffrey snover was technical fellow

  2. Asd says:

    He wasn’t last year ^^

  3. Chris Smith says:

    Looks really slick and I can’t wait for it to support 2012!

  4. Lyon TIll says:

    Slight update to the winrm above:
    winrm set winrm/config/client ‘@{ TrustedHosts="<>" }’

    1. Lyon, thanks for pointing this out! I didn’t realize the difference until now. Single quotation marks are required in PowerShell, but not in the Command Prompt. You can also use Set-Item with the Concatenate parameter to add a computer name to an existing list of trusted hosts, instead of replacing the list. I’ve updated the blog post with this info.

  5. AWC says:

    Not cool, Why do I have to connect to Azure to manage a local device?

  6. Mycroft says:

    What AWC said. We do not use any cloud services for anything else; now, you’re saying I have to have an Azure account to manage my on-premises servers? I truly hope this is a temporary state of affairs.

  7. Bert says:

    Like AWC and Mycroft I don’t see any benefit for me to have management tools in the (paid) cloud for management of on premises server. I need this toolset in my LAN.

  8. Walter says:

    Well, if you only have your own LAN infrastructure this might not do you much good. However, if you are in a hybrid environment, with servers locally and in Azure, this does help out a lot.
    Even better, for MSP’s supporting multiple customers that can have all sorts of infrastructure (on local LAN, in a datacenter, in Azure or even in something like Amazon cloud), this looks like a great way to manage and maintain your servers….

  9. Anthony says:

    I echo the concerns above — I like the cloud option for those situations where you have workloads in hybrid cloud situations but this seems to create a situation where if there is, lets just say, a fiber cut outside a company’s data center not only do
    they lose access to cloud services (and other WAN provided connectivity) but they also lose the ability to manage their own infrastructure? that seems like an unacceptable risk for production environments. This needs to be able to run stand alone on prem (meaning
    without Azure stack for those in a VMWare world) if we are to see the true promise of Nano Server.

  10. AWC says:

    I agree with Walter if you have a hybrid environment, but I live in a world where almost all my workloads are local.

    It’s not uncommon for Google, Microsoft, and all the other providers that get you to the cloud to have both scheduled and unscheduled service interruptions. My company has seen this as a consumer of cloud services and we have very good internet services, which
    is why I’m unwilling to risk not being able to manage mission critical local workloads if there is an interruption anywhere in the service path.

    As Anthony said " This needs to run stand alone on prem…"

    There are too many layers and too many ways something can go wrong, and lets face it, when things go wrong they seldom go wrong in the best way possible…

    I hope you’re listening Microsoft…

  11. Brendan says:

    Hi everyone – I’m a PM in the Server org working on the management tools with Kriti.

    This is great feedback; we know that a cloud dependency is not the right option for many businesses, so we’re evaluating how to make our tools available in other delivery vehicles, including Azure Stack.

    Traditional MMC snap-ins will continue to work against Nano Server as well, so even if the link to the cloud is broken, classic management strategies (including PowerShell) are still viable. If you have an interest in providing more feedback, or talking with
    us about your requirements, please feel free to email me at brendanp @


  12. Jason says:

    Just chiming in…Azure is a no-go for us.

    I wish we could simply have some simple, easy-to-use tools that we can fully host locally without it being chatty with the outside world. There are too many areas in our environment where we couldn’t do Azure-managed stuff even if we really wanted to, due to
    laws and regulations (such as PCI).

  13. I wonder if there will be an On-Premise version from Server Manager running from another Windows Server 2016 GUI Management Server?

  14. BillF says:

    What about those of us who work for ‘3 letter’ Government agencies? Azure would be a no go.

    1. Ben says:

      @Schulz – Why this shameless plug for your books here. I see it has no relevance to the topic. Please STOP doing such ads in technical posts.

  15. David Arbogast says:

    On Prem is of little interest to me as it eliminates too many benefits. Being web-based, this is a toolset that naturally allows a "work from anywhere" approach, and it seems easier to leverage it this way than to deploy and secure another web based tool
    on local servers. I am an Azure fan, however, unlike some commenting here… and I leverage cloud services. If my datacenter was to become unavailable for any reason, I’d appreciate having my management tools in the cloud as I work through DR and continue
    to manage my other resources…. Ideally, without driving to the office at 2am on a Sunday….

  16. Emma says:

    I use Semantic Sales to manage with email mess. It let me save up to 9 hours a week. Follow up reminder, missed e-mail reminder. Also it has an option — when I receive letter from new contact, they sending me his accounts in FB and Linkedin.

  17. Joe Raby says:

    I looked at the RSAT tools for Windows 10 (support for Server 2016 TP4) and it still lacks a GUI console for WDS. Why?? Why do you require that a GUI console for WDS run only on a server? I thought the whole purpose of RSAT and general best practise was
    to get rid of GUI consoles off of servers. Command-lines just don’t cut it, and using something like cloud management over Azure for a small business server (Essentials) isn’t realistic. However, best practises are. And getting GUI consoles off of servers
    is still a noble goal. Also, I thought Essentials was built for people that didn’t have some high-level enterprise certification – this is why command-lines just don’t work for this product even though there are WDS integration scenarios (client PC backup
    and restore) in the Dashboard, however, all server installations would benefit from having a WDS console in RSAT.

  18. Dev Ramdin says:

    I agree with the other comments that it would be great to have a way to deploy this on premises. Perhaps as a Server 2016 role/feature.

  19. Cloud-Ras says:

    Lets say that if a server won’t boot in Azure, would this make it a possibility to manage the server?

  20. Mike Brown says:

    Will these tools be able to manage 2012R2 Servers?

  21. BizD3v says:

    Will we be able to manage multiple locations from a single Server Management Service? Early demos made it seem that way and we were looking forward to a "single pane of glass" to manage servers at multiple offices. Unlike others here who IMHO are missing
    the point, I’m less interested in "corrupting" this tool’s purpose by addressing on-perm (plenty of tools to do that, as you point out), but rather really leveraging it to do things a local or VPN connection can’t.

  22. Kriti Jindal says:

    Hi everyone. Thanks for the great feedback. We will investigate the feasibility of the features requested in the comments.

    @BizD3v, I would love to further understand your scenario. Please reach out to me. My email is

  23. John says:

    Hello, is it possible to manage Nano Server via powershell directly from my PC?

  24. MNscripter says:

    John, you most certainly can! PSRemoting works, just keep in mind that the set of available cmdlets in the nano session is reduced.

  25. Kriti Jindal says:

    To get more details on managing Nano Server, you can also refer to

  26. Mark Kazokas says:

    I do not understand why we cannot have both. We are a small University and do not currently have an Azure account, nor do not have any plans for it in the immediate future. While, I would not have a problem managing Nano systems using Powershell, there is a big learning curve, as I am not the only onsite admin. I do not feel comfortable deploying Nano out without, at the very least, a remote management gui tool, so other (not as technical) users can survive when I am not available. Can’t the same tools be developed to run from an on prem server, which would not only be more responsive, but also would allow me to continue to manage my Nano servers in the event of our internet connection going down (this has happened for nearly 2 full days a few weeks ago)

    1. Kriti Jindal says:

      Thanks for the feedback Mark. There has been a lot of customer feedback in this space and we are evaluating options for an on-prem solution. We understand that dependency on the cloud is not ideal for all businesses. I would love to understand the limitations, if any, for getting an Azure subscription. Please feel free to email me at

      1. anotherhostingadmin says:

        Chiming in on all the others that are not happy with the way this SMT is working: As a managed hosting service provider, I manage quite a number of customers. For this we have very strict rules and security in place, and jumphosts that are not reachable from the internet that connect to those customers via an out-of-band network. Now with this tool we are supposed to log on to a public cloud provider, then with that make a connection to a Windows machine, and have this windows machine be a gateway to the innards of a highly secure datacenter.. I don’t think so..

        I can see this tool works just fine if you want to manage something that’s in Azure already, but for secure environments this just won’t fly.

        1. Kriti Jindal says:

          Thanks for the feedback. It is definitely helpful for us to understand various scenarios where cloud dependency is not an option for our customers.

  27. Gary says:

    Unfortunately, for both me and my main employer, the licensing model of this, and both the coming licensing model of azure stack leave a hugely unpalatable taste in our mouth.

    Azure on-prem is now a dead end for us. Whereas we were happy to pay for system center datacenter licensing and use Azure Pack, subscription only and usage based billing of on-prem products means we will not be deploying this or stack. Our Azure Pack deployments are now just run and maintain, while we evaluate other options all the way down to allowing users limited SCVMM console access.

    Nevermind the fact that some of our scenarios are entirely off-internet or on tightly controlled governmental networks beyond just FedRAMP level of concerns.

    1. Kriti Jindal says:

      Hi Gary,
      Server Management Tools do not have a licensing model, and neither does the Azure subscription associated with them. If you only use Server Management Tools in your Azure subscription, you should not incur any cost.
      As for Azure Stack, please reach out directly to

  28. Anas says:

    When I try to install the gatewayservice.msi file I got an error message saying: “server management tools gateway setup wizard ended prematurely”

    Any idea about this error please?

    1. Kriti Jindal says:

      Thank you for the feedback Anas. I will need some more details to help you with the issue. Could you please email me and we can continue the discussion.

      1. Christoffer Martinsson says:


        I also experienced this error (2012R2). In my case it seems to be related to the creation of the self-signed certificate:

        “GenerateEncryptionCert returned actual error code 1603” appears if running .msi with logging.

        Trying with an existing certificate throws: SetPrivateKeyPermissions returned actual error code 1603

        Any ideas?


        1. Kriti Jindal says:

          Thanks for the feedback Chris. This is a known issue with WS2012R2 and we are working on releasing a fix. I apologize for the inconvenience.

  29. drag racer says:

    Thanks for sharing!

  30. Dan Herrmann says:

    What are valid anti-malware tools for Nano Server

    1. Hi Dan, Windows Defender is an optional package on Nano Server and currently the recommended anti-malware solution. Please see our Nano Server blog for updates and future questions on Nano Server –

  31. OB says:

    Is there, or will there ever be, an API for invoking Powershell code on gateway servers or devices behind them using .net?
    We would like to add support for SMT via Azure in our existing UWP app which currently uses a custom gateway server 🙂

  32. Sheeraz says:

    Why on earth would you move your users to manage local infrastructure via Azure? What about unscheduled outage? What about System small businesses internet issues – Internet outage means no admin work? even though Internet outage is thing of the past but it has happened and probably will continue to happen and yes, PS is not a skill everyone possess.