2.2 Adding servers for management
Before you can use Server Manager to manage remote servers, you must add
the servers for management. Any server running Windows Server 2012
can be easily added. Servers running Windows Server 2008 with
Service Pack 2 or later and Windows Server 2008 Release 2 with
Service Pack 1 or later can be added as well, as long as each server
has .NET Framework 4.0 and Windows Management Framework 3.0 and has
been enabled for remote management.
You can add a single server to Server Manager by completing these steps:
-
Open Server Manager. In the left pane, select All Servers
to view the servers that have been added for management already.
If the server you want to work with isn’t listed, select Add
Servers on the Manage menu to display the Add Servers dialog
box.
-
In the Add Servers dialog box, the Active Directory panel
is selected by default. Use the options on the Active Directory
panel to enter the computer name or fully qualified domain name
(FQDN) of the remote server that is running Windows Server.
After you enter a name, tap or click Find Now. Alternatively,
use the options on the DNS panel to specify a server by computer
name or IP address and then tap or click the Search
button.
-
In the Name list, double-tap or double-click the server to
add it to the Selected list.
-
Repeat steps 2 and 3 to add others servers. Tap or click
OK.
Rather than add servers one by one, you can use the Import
process to add multiple servers. To do this, follow these
steps:
-
Create a text file that has one host name, fully qualified
domain name, or IP address per line.
-
In Server Manager, select Add Servers on the Manage menu.
In the Add Servers dialog box, select the Import panel.
-
Tap or click the options button to the right of the File
box, and then use the Open dialog box to locate and open the
server list.
-
In the Computer list, double-tap or double-click each
server you want to add to the Selected list. Tap or click
OK.
Server Manager tracks the services, events, and more
for each added server. Servers are listed in the All Servers view by server
name, IP address, and manageability status. Server Manager always resolves IP addresses to host
names. If a server is listed as Not Accessible, you typically need
to log on locally and take corrective action as necessary. For
example, you might need to use a console logon to enable remote
management.
2.3 Creating server groups
When you add servers to Server Management, the servers are
added to the appropriate server groups automatically based on the roles and
features installed. Automatically created server groups make it
easier to manage the various roles and features that are installed
on your servers. If you select the AD DS group, as an example, you
see a list of the domain controllers you added for management as
well as any critical or warning events for these servers and the
status of services the role depends on.
You can create your own server groups as well to group servers
by department, geographic location, or other characteristic. When
you create groups, the servers you want to work with don’t have to
be added to Server Manager already. You can add servers to a group
at any time and those servers are added automatically for management
as well.
You can create a server group by completing these
steps:
-
Open Server Manager. Select Create Server Group on the
Manage menu to display the Create Server Group dialog
box.
Enter a descriptive name for the group. Use the panels and
options provided to add servers to the group with the following
in mind:
-
The Active Directory panel allows you to enter the
computer name or fully qualified domain name of the remote
server that is running Windows Server. After you enter a
name, tap or click Find Now. In the Name list, double-tap or
double-click a server to add it to the Selected list.
-
The DNS panel allows you to add servers by computer
name or IP address. After you enter the name or IP address,
tap or click the Search button. In the Name list, double-tap
or double-click a server to add it to the Selected
list.
-
The Import panel allows you to import a list of
servers. Tap or click the options button to the right of the
File box, and then use the Open dialog box to locate and
open the server list. In the Computer list, double-tap
or double-click a server to add it to the Selected
list.
-
The Server Pool panel, selected by default, lists
servers that have been added for management already. If a
server you want to add to your group is listed here, add it
to the group by double-tapping or double-clicking it.
-
Tap or click OK to create the server group.
2.4 Enabling remote management
You can use Server Manager and other Microsoft Management Consoles
(MMCs) to perform some management tasks on remote computers, as long
as the computers are in the same domain or you are working in a
workgroup and have added the remote computers in a domain as trusted
hosts. You can connect to servers running Full Server, Minimal
Server Interface, and Server Core installations. On the computer you
want to use for managing remote computers, you should be running
either Windows Server 2012 or Windows 8 and you need to install the
Remote Server Administration Tools.
With Windows Server 2012, remote management is enabled by
default for applications and commands that use the
following:
-
Windows Remote Management (WinRM) and Windows PowerShell remote access for management
-
Windows Management Instrumentation (WMI) and Distributed Component Object Model (DCOM)
remote access for management
You’ll find that these types of applications and commands are
enabled for remote management because related inbound rules and
exceptions for Windows Firewall are enabled. For remote management,
Windows Firewall has specific exceptions for Windows Management
Instrumentation, Windows Remote Management, and Windows Remote
Management (Compatibility). In Windows Firewall With Advanced
Security, there are inbound rules that correspond to the standard
firewall-allowed applications. For WMI, the inbound rules are
Windows Management Instrumentation (WMI-In), Windows Management
Instrumentation (DCOM-In), and Windows Management Instrumentation
(ASync-In). For WinRM, the matching inbound rule is Windows Remote
Management (HTTP-In). For WinRM compatibility, the matching inbound
rule is Windows Remote Management - Compatibility Mode
(HTTP-In).
You manage these exceptions or rules in either the standard
Windows Firewall or in Windows Firewall With Advanced Security, not
both. Generally, if you want to allow remote management using
Server Manager, MMCs, and Windows PowerShell, you
should permit WMI, WinRM, and WinRM compatibility exceptions in
Windows Firewall.
When you are working with Server Manager, you can select Local Server in the
console tree to view the status of the remote management property. If you don’t want to allow
remote management of the local server, tap or click
the related link. Next, in the Configure Remote Management dialog
box, clear Enable Remote Management Of This Server From Other
Computers and then tap or click OK.
When you clear the Enable Remote Management Of This Server
From Other Computers check box and then tap or click OK, Server Manager performs several background tasks that
disable Windows Remote Management (WinRM) and Windows PowerShell
remote access for management on the local server. One
of these tasks is to turn off the related exception that allows
applications to communicate through Windows Firewall using Windows
Remote Management. The exceptions for Windows Management
Instrumentation and Windows Remote Management (Compatibility) aren’t
affected.
You must be a member of the Administrators group on computers
you want to manage by using Server Manager. For remote connections
in a workgroup-to-workgroup or workgroup-to-domain configuration,
you should be logged on using the built-in Administrator account or
configure the LocalAccountTokenFilterPolicy registry key to allow
remote access from your computer. To set this key, enter the
following command at an elevated, administrator command
prompt:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v
LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Another way to enable remote management is to type Configure-SMRemoting.exe –Enable at an
elevated, administrator prompt.
Although these techniques enable basic remote management of
computers, you also need to enable rules for these specific
management areas:
-
Disks and volumes
Remote Volume Management must be allowed in
Windows Firewall to remotely manage a computer’s disks and
volumes in Computer Management or Disk Management. In the
advanced firewall, there are several related rules that allow
management of the Virtual Disk Service and Virtual Disk Service
Loader.
Note
You don’t need to enable Virtual Disk Service–related
rules to remotely manage Storage Spaces. You manage Storage Spaces in
Server Manager using the options available when you are
working with File And Storage Services.
-
Event Log Remote Event Log
Management must be allowed in Windows Firewall to remotely
manage a computer’s event logs. In the advanced firewall, there
are several related rules that allow management via named pipes
(NP) and remote procedure calls (RPCs).
-
Remote Desktop Remote
Desktop must be enabled to allow someone to connect to a
server using Remote Desktop.
-
Scheduled Tasks
Remote Scheduled Task Management must be allowed
in Windows Firewall to remotely manage a computer’s scheduled
tasks. In the advanced firewall, there are several related rules
that allow management of scheduled tasks via RPC.
-
Services Remote Service
Management must be allowed in Windows Firewall to remotely
manage a computer’s services. In the advanced firewall, there
are several related rules that allow management via named pipes
and RPCs.
Only Remote Service Management is enabled by default.
Remote management is enabled by default on Server
Core. You can configure remote management on a Server Core installation of
Windows Server 2012 using sconfig. Start the Server Configuration utility by typing sconfig.
Windows PowerShell provides several ways for you to work
with remote computers. One way is to use an interactive remote
session. To do this, open an elevated, administrator Windows
PowerShell prompt. Type enter-pssession
ComputerName –credential
UserName
, where
ComputerName is the name of the remote
computer and UserName is the name of a user
who is a member of the Administrators group on the remote computer
or in the domain of which the remote computer is a member. When
prompted to enter the authorized user’s password, type the
password and then press Enter. You can now enter commands in the
session as you would if you were using Windows PowerShell locally.
To exit the session, type exit-pssession.
