Certification Study Guide: 70-417 Exam – Upgrading Your Skills to MCSA Windows Server 2012 Part 2

70-417 Exam MCSA
MCSA Logo

So I’ll be studying to take Microsoft 70-417 exam to upgrade my MCSA certification to Windows Server 2012.  I’ll be blogging my notes and linking to other resources to help out other people who are studying like me.  I’ve found a good set of Youtube videos to help study.

https://www.youtube.com/watch?v=dxW3pplSukU&list=PLjfhsLO8lkPap8PLJ4srnSJp-g8w8C4Vw&index=2

Objective 2.1:  Configure servers for remote management

Managing multiple servers by using Server Manager

As I mentioned in my previous post, you can add multiple servers using Windows Server Manager.  You can add remote servers using the Manage drop down menu.  You can also create server groups to group certain servers together to simplify management.  Some actions can even be performed by selecting multiple servers.

Remote management tasks through All Servers

From Server Manager, you can remotely add roles and features, restart, open computer manager, RDP, PowerShell, and Configure NIC Teaming.  If the remote server is a domain controller, you get even more options, such as Dcdiag, Netdom.exe, Nltest.exe, Ntdsutil.exe, Repadmin.exe, and W32tm.exe.

On the All Servers grouping, you can check the Event Log, Services, Performance, Roles and Features, and Best Practices.

Remote management is configured by default, so if remote management isn’t something you need, or you’re concerned of security issues, you can always go in and shut them off.  Knowing how to turn them off/on will probably be on the exam.

Remote management types: DCOM and WinRM

Windows Management Instrumentation is built on DCOM and WinRM.

WMI over DCOM

MMC snap-ins and computer management work on WMI over DCOM.  Chances are if there’s errors in the event log, a Windows Firewall configuration change is needed.  Most MMC consoles rely on the following firewall rules:

  • COM+ Network Access (DCOM-In)
  • All rules int he Remote Event Log Management group
  • Remote Volume Management (for use of remote disk management)
  • Windows Firewall Remote Management (for use of the firewall remotely)

You can enable these in PowerShell using the Enable -NetFirewallRule cmdlet.

WMI over WinRM

WinRM is a Windows Service.  Tools that rely on WinRM are PowerSHell, WinRS (Windows Remote Shell), and Server Manager 2012.

winrs /r:myserver ipconfig

WinRM is firewall friendly.  It uses 5985 for HTTP and 5986 for HTTPS.  WinRM requires a listener to be enabled on the server you manage remotely.

WinRM Quckconfig at elevated command prompt on the server you want to manage will configure it to listen.

Reenabling Windows Server 2012 for remote management through Server Manager

This is pretty simple to re-enable in Server Manager.  Login to the server, start Server Manager, and there’s a shortcut where it says remote management is disabled.

Configure-SMRemoting.exe -Enable is the command to enable it with PowerShell.

Enable Remote Management on Server Core with SConfig

Type SConfig and choose option 4.  Pretty simple.

The Remote User Account Control (UAC) LocalAccountTokenFilterPolicy registry setting must be configured to allow local accounts of the Administrators group other than the built-in Administrator account to remotely manage the server.

 Configuring remote management of earlier versions of Windows Server

The following are requirements:

Run Winrm Quickconfig and set MMC firewall rules.

PowerShell commands:

  • Set-ExecutionPolicy RemoteSigned
  • Configure-SMRemoting.ps1 -force -enable

Use Group Policy to enable Remote Management

Located in Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management\WinRM Service.

Don’t forget to configure Inbound Firewall Rules for Remote Event Log Management, Windows Remote Management, COM+ Network Access, Remote Volume Management, and Windows Firewall Remote Management:

Computer Configuration\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Firewall With Advanced Security

Remote Server Administration Tools

Don’t forget you can download and install these on a Windows client computer.

Conclusion for 70-417 Exam:  Part 2

This is the second part of my study guide.  I’m hoping this helps some people who are looking for a basic study guide before cramming the exam.  If you have a question or comment, feel free to leave one below.

Read Part 1 of my Study Guide!
Read Part 3 of my Study Guide!

Article written by

Tyler was born and raised in Waterloo, Iowa where he currently resides with his wife Amanda, a cat - Bam, and two sons - Elijah and Benjamin. He is employed as a network administrator with First Security State Bank and enjoys technology and computers. Amanda is a student in at the University of Northern Iowa and is studying to be a teacher. She is also active in the Iowa Army National Guard. She is a 92A, which is a supply specialist.

One Response

  1. 70-417 Exam - Upgrading Your Skills to MCSA Windows Server 2012

    […] Read Part 2 of my Study Guide! […]

Leave a Reply

%d bloggers like this: