After you add the roles using ocsetup or dism, it’s often easier to configure the role
with the Microsoft Management Console (MMC) from a remote computer. For
example, if you enable the DHCP server role on a Server Core computer
named SC1, you can then use another computer with a full installation
(not Server Core) to remotely connect to SC1 and configure the DHCP
server role. First, enter the following line at the Server Core prompt
to modify the firewall to enable remote administration of the DHCP
server:
netsh advfirewall firewall set rule group="dhcp server"
new enable=yes
You can then use the DHCP console from another server with the following steps.
| Step | Action |
|---|
| 1. | Launch the DHCP Server console. |
| 2. | Right-click DHCP and select Add Server. Type the name of the Server Core server hosting DHCP.
Your display should look similar to Figure 1.
Note
In the display, the sc1.pearson.pub has already been added to the DHCP
console and shows in the background. This enables you to see what it
looks like when it’s been added. Notice that the dc1.pearson.pub DHCP
server has up arrows on the IPv4 and IPv6 nodes indicating that the
server has been authorized and scopes have been configured and
activated. However, the Server Core DHCP server has not been authorized
yet.
|
| 3. | Click OK to add the server. |
| 4. | After the server has been added, you can right-click the server and select Authorize. You can then configure the DHCP server from the console. |
You can enable remote administration using any MMC with the following command:
netsh advfirewall firewall set rule group="remote administration"
new enable=yes
You can disable remote administration using any MMC with the following command. Note that you only change enable=yes to enable=no.
netsh advfirewall firewall set rule group="remote administration"
new enable=no
You can also enable remote administration of
specific consoles (such as just the DHCP server console as shown
earlier). Use the following syntax to enable specific consoles:
netsh advfirewall firewall set rule group="rule-group-name"
new enable=yes
The following table shows the rule group name that you substitute in the command.
| Rule Group Name | Enables You to Use This MMC Snap-In |
|---|
| DHCP Server | DHCP |
| Remote Event Log Management | Event Viewer |
| Remote Services Management | Services |
| File and Printer Sharing | Shared Folders |
| Remote Scheduled Tasks Management | Task Scheduler |
| Performance Logs and Alerts
and
File and Printer Sharing | Reliability and Performance |
| Remote Volume Management | Disk Management |
| Windows Firewall Remote Management | Windows Firewall with Advanced Security |
| Remote Administration | All MMC snap-ins |
The preceding table is not all inclusive. To view a list of all rule groups, use the following command:
netsh advfirewall firewall show rule name=all | more
Tip
The | more at the end of the command enables you to view the rules one screen at a time. Use Enter
to show the rules one line at a time, or the spacebar to show the rules
one page at a time. If you press Ctrl+C, it stops the display.
