Server Manager has been the primary server administration tool for Windows Server ever since Windows Server 2003. The most obvious improvement to the Server Manager tool in Windows Server 2012 R2 is the ability to perform administrative tasks on remote servers and on the local system.
When you log on to a GUI installation of Windows Server 2012 R2 with an administrative account, Server Manager loads automatically, displaying the Welcome tile. The Server Manager interface consists of a navigation pane on the left containing icons representing various views of server resources. Selecting an icon displays a home page in the right pane, which consists of a number of tiles containing information about the resource. The Dashboard page, which appears by default, contains, in addition to the Welcome tile, thumbnails that summarize the other views available in Server Manager. These other views include a page for the Local Server, a page for All Servers, containing any additional servers you have added to the manager, and others for server groups and role groups.
The primary difference between the Windows Server 2012 R2 (and Windows Server 2012) Server Manager and previous versions is the ability to add and manage multiple servers at once. Although only the local server appears in Server Manager when you first run it, you can add other servers, enabling you to manage them together. The servers you add can be physical or virtual and can be running any version of Windows Server since Windows Server 2003. After you add servers to the interface, you can create groups containing collections of servers, such as those at a particular location or those performing a particular function. These
groups appear in the navigation pane, enabling you to administer them as a single entity.
To add servers in Server Manager, use the following procedure.
1. In the navigation pane, click the All Servers icon to open the All Servers home page.
2. From the Manage menu, select Add Servers to open the Add Servers dialog box.
3. Select one of the following tabs to specify how you want to locate servers to add:
– Active Directory Enables you to search for computers running specific operating systems in specific locations in the local AD DS domain
– DNS Enables you to search for servers in your currently configured Domain Name System (DNS) server
– Import Enables you to supply a text file containing the names or IP addresses of the servers you want to add
4. Initiate a search or upload a text file to display a list of available servers.
5. Select the servers you want to add and click the right arrow button to add them to the Selected list, as shown in Figure 2-22.
FIGURE 2-22 Selecting servers in Server Manager
6. Click OK. The servers you selected are added to the All Servers home page.
7. Close the Server Manger console.
Once you have added remote servers to the Server Manager interface, they appear on the All Servers home page. You can then access them in a variety of ways, depending on the version of Windows the remote server is running.
Managing non-domain joined servers
When you add servers that are members of an Active Directory Domain Services (AD DS) domain to the Server Manager interface, Windows Server 2012 R2 uses the standard Kerberos authentication protocol and your current domain credentials when connecting to the remote systems. You can also add servers that are not joined to an AD DS domain, but obviously, the system cannot authenticate using an AD DS account.
Note: Candidates for the 70-410 exam should be familiar with remote management techniques for both non-domain servers and domain servers. This means using alternative authentication methods and network communication that does not rely on AD DS for server discovery.
To manage a non-domain joined server using Server Manager, you must first complete the following tasks:
– Supply administrative credentials for the non-domain joined server.
– Add the non-domain joined server to the system’s WS-Management TrustedHosts list.
To add non-domain joined servers to Server Manager, you must use the DNS option or the Import option in the Add Servers Wizard. After creating the server entries, you must right-click each one and select Manage As from the context menu. This displays a Windows Security dialog box, in which you can supply credentials for an account with administrative privileges on the remote server.
Domain membership automatically establishes a trust relationship among the computers in the domain. To manage computers that are not in a common domain, you must establish that trust yourself by adding the computers you want to manage to the TrustedHosts list on the computer running Server Manager.
The TrustedHosts list exists on a logical drive called WSMan:; the path to the list itself is WSMan:\localhost\Client\TrustedHosts. To add a computer to the list, use the Set-Item cmdlet in Windows PowerShell. After opening a Windows PowerShell session with administrative privileges on the computer running Server Manager, use the following command to add the servers you want to manage to the list:
Set-Item WSMan:\localhost\Client\TrustedHosts –value <servername> -force
Managing Windows Server 2012 R2 servers
When you add servers running Windows Server 2012 R2 to Server Manager, you can immediately begin using the Add Roles and Features Wizard to install roles and features on any of the servers you have added.
You can also perform other administrative tasks, such as configuring network interface card (NIC) teaming and restarting the server, because Windows Remote Management (WinRM) is enabled by default on Windows Server 2012 R2.
WinRM enables administrators to manage a computer from a remote location by using tools based on Windows Management Instrumentation (WMI) and Windows PowerShell. If the default WinRM setting has been modified, or if you want to change it manually, you can do so through the Server Manager interface.
On the Local Server home page, the Properties tile contains a Remote Management indicator that specifies the server’s current WinRM status. To change the WinRM state, click the Remote Management hyperlink to open the Configure Remote Management dialog box.
Clearing the Enable Remote Management Of This Server From Other Computers check box disables WinRM; selecting the check box enables it.
NOTE: USING WINDOWS POWERSHELL
To manage WinRM from a Windows PowerShell session, as in the case of a computer with a Server Core installation, use the following command:
■■ -Get Displays the current WinRM status
■■ -Enable Enables WinRM
■■ -Disable Disables WinRM
CONFIGURING WINDOWS FIREWALL
If you attempt to launch MMC snap-ins targeting a remote server, such as the Computer Management console, you will receive an error because of the default Windows Firewall settings in Windows Server 2012 R2. MMC uses the Distributed Component Object Model (DCOM) for remote management instead of WinRM, and these settings are not enabled by default.
To address this problem, you must enable the following inbound Windows Firewall rules on the remote server you want to manage:
– COM+ Network Access (DCOM-In)
– Remote Event Log Management (NP-In)
-Remote Event Log Management (RPC)
-Remote Event Log Management (RPC-EPMAP)
To modify the firewall rules on the remote system, you can use any one of the following methods:
-Open the Windows Firewall with Advanced Security MMC snap-in on the remote server (if it is a Full GUI installation).
-Use the NetSecurity module in Windows PowerShell.
– Create a GPO containing the appropriate settings and apply it to the remote server.
– Run the Netsh AdvFirewall command from an administrative command prompt.
NOTE: USING WINDOWS POWERSHELL
To configure the Windows Firewall rules required for remote server management using DCOM on a Server Core installation, you can use the following Windows PowerShell syntax:
Set-NetFirewallRule –name <rule name> –enabled True
To obtain the Windows PowerShell names for the preconfigured rules in Windows Firewall, use the Get-NetFirewallRule command. The resulting commands to enable the four rules listed earlier are as follows:
ComPlusNetworkAccess-DCOM-In –enabled True
RemoteEventLogSvc-In-TCP –enabled True
Set-NetFirewallRule –name RemoteEventLogSvc-NP-In-TCP
RemoteEventLogSvc-RPCSS-In-TCP –enabled True
For the administrator interested in remote management solutions, the Group Policy method provides distinct advantages. It not only enables you to configure the firewall on the remote system without accessing the server console directly but enables you to configure the firewall on Server Core installations without having to work from the command line. Finally—and possibly most important for large networks—you can use Group Policy to configure the firewall on all the servers you want to manage at once.
To configure Windows Firewall settings by using Group Policy, use the following procedure.
This procedure assumes the server is a member of an AD DS domain and has the Group Policy Management feature installed:
1. In Server Manager, open the Group Policy Management console and create a new GPO, giving it a name like Server Firewall Configuration.
2. Open the GPO you created using the Group Policy Management Editor.
3. Browse to the Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Inbound Rules node.
4. Right-click Inbound Rules and, from the shortcut menu, select New Rule. The New Inbound Rule Wizard appears, displaying the Rule Type page.
5. Select the Predefined option and, in the drop-down list, select COM+ Network Access and click Next. The Predefined Rules page opens.
6. Click Next to open the Action page.
7. Leave the Allow The Connection option selected and click Finish. The rule appears in the Group Policy Management Editor console.
8. Open the New Inbound Rule Wizard again.
9. Select the Predefined option and, in the drop-down list, select Remote Event Log Management. Click Next. The Predefined Rules page opens, displaying the three rules in the Remote Event Log Management group.
10. Leave the three rules selected and click Next to open the Action page.
11. Leave the Allow The Connection option selected and click Finish. The three rules appear in the Group Policy Management Editor console.
12. Close the Group Policy Management Editor console.
13. In the Group Policy Management console, link the Server Firewall Configuration GPO you just created to your domain.
14. Close the Group Policy Management console.
The settings in the GPO you created will be deployed to your remote servers the next time they recycle or restart and you will be able to use MMC snap-ins, such as Computer Management and Disk Management, to connect to them remotely.
Managing down-level servers
The Windows Firewall rules you have to enable for remote servers running Windows Server 2012 R2 are also disabled by default on computers running earlier versions of Windows Server, so you also have to enable them there.
Unlike Windows Server 2012 R2 and Windows Server 2012, however, earlier versions of the operating system lack the WinRM support needed for them to be managed by using the new Server Manager.
By default, when you add servers running Windows Server 2008 or Windows Server 2008 R2 to the Windows Server 2012 R2 Server Manager, they appear with a manageability status that reads “Online – Verify WinRM 3.0 service is installed, running, and required firewall ports are open.”
To add WinRM support to servers running Windows Server 2008 or Windows Server 2008 R2, you must download and install the following updates:
– .NET Framework 4.0
– Windows Management Framework 3.0
These updates are available from the Microsoft Download Center at the following URLs:
After you install the updates, the system automatically starts the Windows Remote Management service, but you must still complete the following tasks on the remote server:
– Enable the Windows Remote Management (HTTP-In) rules in Windows Firewall, as shown in Figure 2-23.
FIGURE 2-23 The Windows Remote Management rules in the Windows Firewall with Advanced Security console
– Create a WinRM listener by running the winrm quickconfig command at a command prompt with Administrative privileges.
– Enable the COM+ Network Access and Remote Event Log Management rules in Windows Firewall, as described in the previous section.
After installing the updates listed here, there are still limitations to the management tasks you can perform on earlier versions of Windows Server from a remote location. For example, you cannot use the Add Roles And Features Wizard in Server Manager to install roles and features on earlier versions of Windows Server. These servers do not appear in the server pool on the Select Destination Server page.
However, you can use Windows PowerShell to install roles and features on servers running Windows Server 2008 and Windows Server 2008 R2 remotely, as in the following procedure.
1. Open a Windows PowerShell session with Administrative privileges.
2. Establish a Windows PowerShell session with the remote computer by using the following command:
Enter-PSSession <remote server name> -credential <user name>
3. Type the password associated with the user name you specified and press Enter.
4. Display a list of the roles and features on the remote server by using the following command:
5. Using the short name of the role or service as it appears in the Get-WindowsFeature display, install the component by using the following command:
Add-WindowsFeature <feature name>
6. Close the session with the remote server by using the following command:
7. Close the Windows PowerShell window.
NOTE: WINDOWS POWERSHELL
When you install a role or feature on a remote server by using Windows PowerShell, the installation does not include the role’s management tools as a wizard-based installation does. However, you can install the tools along with the role or feature if you include the IncludeManagementTools parameter in the Install-WindowsFeature command line. Be aware,however, that in the case of a Server Core installation, adding the IncludeManagementTools parameter will not install any MMC snap-ins or other graphical tools.
Creating server groups
For administrators of enterprise networks, it might be necessary to add a large number of servers to Server Manager. To avoid having to work with a long scrolling list of servers, you can create server groups based on server locations, functions, or any other organizational paradigm.
When you create a server group, it appears as an icon in the navigation pane, and you can manage the servers in the group just as you would those in the All Servers group.
To create a server group, use the following procedure:
1. In Server Manager, in the navigation pane, click the All Servers icon. The All Servers home page appears.
2. From the Manage menu, select Create Server Group to open the Create Server Group dialog box, as shown in Figure 2-24.
FIGURE 2-24 The Create Server Group dialog box in Server Manager
3. In the Server Group Name text box, type the name you want to assign to the server group.
4. Select one of the four tabs to choose a method for selecting servers.
5. Select the servers you want to add to the group and click the right arrow button to add them to the Selected box.
6. Click OK. A new server group icon with the name you specified appears in the navigational pane.
7. Close the Server Manager console.
Creating server groups does not affect the functions you can perform on them. You cannot, for example, perform actions on entire groups of servers. The groupings are just a means to keep a large number of servers organized and easy to locate.
This article is a part of 70-410 Installing and Configuring Windows Server 2012 Prep course, more articles in this course are :