70-410 Exam Objective 2.1 – Configure Servers for Remote Management

Hello Folks, welcome back!

Our today's topic is 70-410 Exam Objective 2.1 - Configure Servers for Remote Management.

In my previous article, we spoke about how to create and Manage Active Directory Groups and OU's, which you can read here.

RDP is not an ideal way of managing servers nowadays. There are better ways of doing it and we will be looking at it now.

By enabling Remote Management, we will be managing hundreds of servers and clients very easily.

In today's objective, we will be covering how to:

• Configure WinRM.
• Configure Down-level Server Management.
• Configure Servers for Day-to-Day Management tasks.
• Configure Multi-Server Management.
• Configure Server Core.
• Configure Windows Firewall.
• Manage non-domain joined servers.

Configure WinRM

On Server 2012 R2, the WinRM service is already enabled by default. It is a web service, it uses HTTP/HTTPS. The Default TCP port is 5985.

To enable WinRM from the command line, use the below command.

WinRM quickconfig

To do the same from PowerShell,

Enable-PSRemoting

Now that we have enabled the WinRm Service, let us try to execute the commands on the remote computers.

From the command line, winrs can be used to execute the command on remote computers.

From PowerShell, you can first create a PSSession with the Remote Computer and then execute the commands as seen below.

Another way of doing this with a cmdlet called Invoke-Command.

Invoke-Command -ComputerName Server1 {Get-Service -Name bits}

You can see in the last column that the information is from the Remote Computer.

Configure Down-level Server Management

For Windows 7 and Server 2008 R2 and above:

• Install Windows Management Framework 4
• .NET Framework 4

For Windows XP and Windows Server 2003

• Install Windows Management Framework 2

Configure Server for Day-to-Day Management Tasks

The below steps that you can perform to manage your servers from your client machine.

• Install RSAT on your client (Turn ON from Features).
• Add Servers to Server Manager.
• Add Snap-ins using mmc.

Configure Multiserver Management

In order to manage multiple servers from a single location, you can perform the below steps.

• Configure Server Manager to allow management on servers (Enable Remote Management)
• Add Servers to Server Manager.
• Group Servers.

Configure Server Core

There are multiple ways of doing this from command line, PowerShell and also through the GUI using the sconfig.

From the command line.

WinRM quickconfig

From PowerShell

Enable-PSRemoting

From sconfig, you can select the Option 4 and follow along.

Configure Windows Firewall

When you try to enable Remoting either from the command line or from PowerShell, it performs various firewall changes in the background.

Let us now see how to do it manually.

From Server Manger

Select Windows Firewall with Advanced Security from Tools, click on Inbound Rules and enable Windows Remote Management HTTP-in Rule.

From the command line

netsh
advfirewall
firewall set rule group - "Remote Administration" new enable=yes

From PowerShell

First to search for the rule in case you do not know the exact Rule Name.

Get-NetFirewallRule | select Name, displayName | where {$_.displayname -like "*Remote*"}

Now that we know the name of the Rule, we can enable it.

Get-NetFirewallRule -Name WinRM-HTTP-In-TCP | Set-NetFirewallRule -Enabled:True

Manage Non-Domain Joined Servers

From Server Manager

Select the server that is not domain joined and right click and select Manage As. From here on, you will have to provide Alternate Credentials i.e local account on the selected Server.

From PowerShell

We can make use of Get-Credential cmdlet and run a query on the Remote computer.

Invoke-Command -ComputerName Server2 -Crential (Get-Credential) {Get-Service -Name bits}

You can now provide the username and password of the local account on the remote computer.

That's it in today's article, I hope this has been informative and thank you for reading!