So I’ll be studying to take Microsoft 70-417 exam to upgrade my MCSA certification to Windows Server 2012. I’ll be blogging my notes and linking to other resources to help out other people who are studying like me. I’ve found a good set of Youtube videos to help study.
Objective 2.1: Configure servers for remote management
Managing multiple servers by using Server Manager
As I mentioned in my previous post, you can add multiple servers using Windows Server Manager. You can add remote servers using the Manage drop down menu. You can also create server groups to group certain servers together to simplify management. Some actions can even be performed by selecting multiple servers.
Remote management tasks through All Servers
From Server Manager, you can remotely add roles and features, restart, open computer manager, RDP, PowerShell, and Configure NIC Teaming. If the remote server is a domain controller, you get even more options, such as Dcdiag, Netdom.exe, Nltest.exe, Ntdsutil.exe, Repadmin.exe, and W32tm.exe.
On the All Servers grouping, you can check the Event Log, Services, Performance, Roles and Features, and Best Practices.
Remote management is configured by default, so if remote management isn’t something you need, or you’re concerned of security issues, you can always go in and shut them off. Knowing how to turn them off/on will probably be on the exam.
Remote management types: DCOM and WinRM
Windows Management Instrumentation is built on DCOM and WinRM.
WMI over DCOM
MMC snap-ins and computer management work on WMI over DCOM. Chances are if there’s errors in the event log, a Windows Firewall configuration change is needed. Most MMC consoles rely on the following firewall rules:
- COM+ Network Access (DCOM-In)
- All rules int he Remote Event Log Management group
- Remote Volume Management (for use of remote disk management)
- Windows Firewall Remote Management (for use of the firewall remotely)
You can enable these in PowerShell using the Enable -NetFirewallRule cmdlet.
WMI over WinRM
WinRM is a Windows Service. Tools that rely on WinRM are PowerSHell, WinRS (Windows Remote Shell), and Server Manager 2012.
winrs /r:myserver ipconfig
WinRM is firewall friendly. It uses 5985 for HTTP and 5986 for HTTPS. WinRM requires a listener to be enabled on the server you manage remotely.
WinRM Quckconfig at elevated command prompt on the server you want to manage will configure it to listen.
Reenabling Windows Server 2012 for remote management through Server Manager
This is pretty simple to re-enable in Server Manager. Login to the server, start Server Manager, and there’s a shortcut where it says remote management is disabled.
Configure-SMRemoting.exe -Enable is the command to enable it with PowerShell.
Enable Remote Management on Server Core with SConfig
Type SConfig and choose option 4. Pretty simple.
The Remote User Account Control (UAC) LocalAccountTokenFilterPolicy registry setting must be configured to allow local accounts of the Administrators group other than the built-in Administrator account to remotely manage the server.
Configuring remote management of earlier versions of Windows Server
The following are requirements:
- .NET Framework 4
- Windows Management Framework 3.0
- Performance update associated with KB 2682011. This allows Server Manager to collect performance data.
Run Winrm Quickconfig and set MMC firewall rules.
- Set-ExecutionPolicy RemoteSigned
- Configure-SMRemoting.ps1 -force -enable
Use Group Policy to enable Remote Management
Located in Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management\WinRM Service.
Don’t forget to configure Inbound Firewall Rules for Remote Event Log Management, Windows Remote Management, COM+ Network Access, Remote Volume Management, and Windows Firewall Remote Management:
Computer Configuration\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Firewall With Advanced Security
Remote Server Administration Tools
Don’t forget you can download and install these on a Windows client computer.
Conclusion for 70-417 Exam: Part 2
This is the second part of my study guide. I’m hoping this helps some people who are looking for a basic study guide before cramming the exam. If you have a question or comment, feel free to leave one below.