Microsoft ADS Windows Server 2012 R2 Lesson 6 Configuring Servers for Remote Management

Using Server Manager for Remote Management
In Windows Server 2012 R2, Server Manager has been improved to include the ability to perform administrative tasks on remote servers as well as on the local system.
Server Manager contains tiles that represent other views including a page for the Local Server and one for All Servers, and server groups and role groups.
Adding Workgroup Servers
To remotely manage a server that is part of a workgroup, you must add the name of the workgroup server to the TrustedHosts list on the computer running Server Manager.

PowerShell command:
Set-Item wsman:localhostClientTrustedHosts -Concatenate -Force

To manage a non-domain joined server using Server Manager, you must first complete the following tasks:
1. Supply administrative credentials for the non-domain joined server.

2. Add the non-domain joined server to the system’s WS-Management TrustedHosts list

To manage a non-domain joined server using Windows PowerShell
Set-Item WSMan:localhostClientTrustedHosts -value -force
a Windows feature that enables administrators to execute management commands and scripts on remote computers, using a communications protocol called WS-Management Protocol.
To manage WinRM from a Windows PowerShell session, as in the case of a computer with a Server Core installation, use the following command:
Configure-SMRemoting.exe -Get|-Enable|-Disable
Configuring Windows Firewall
If you use MMC snap-ins targeting a remote server, Windows Firewall default settings will block the communications.
Inbound Firewall rules must be managed:
COM+ Network Access (DCOM-In)
Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)
To configure the Windows Firewall rules required for remote server management using DCOM on a Server Core installation, you can use the following Windows PowerShell syntax:
Set-NetFirewallRule -name -enabled True
To obtain the Windows PowerShell names for the preconfigured rules in Windows Firewall, you use the Get- NetFirewallRule command. Use the following resulting commands to enable the previous four rules:
Set-NetFirewallRule -name ComPlusNetworkAccess-DCOM-In -enabled True Set-NetFirewallRule -name RemoteEventLogSvc-In-TCP -enabled True Set-NetFirewallRule -name RemoteEventLogSvc-NP-In-TCP -enabled True Set-NetFirewallRule -name RemoteEventLogSvc-RPCSS-In-TCP -enabled True
Managing Down-Level Servers
Earlier versions of Windows Server lack the WinRM support needed for them to be remotely managed by Server Manager
Windows Server 2008 and 2008 R2 must have the following updates downloaded and installed:
.NET Framework 4.0
Windows Management Framework 3.0
Managing Down-Level Servers (tasks needed to be completed on the remote server)
After the updates are installed, the system automatically starts the Windows Remote Management Service, but there are still tasks that must be completed on the remote server:
Enable the Windows Remote Management (HTTP-In) rules in Windows Firewall.
Create a WinRM listener by running the winrm quickconfig command at a command prompt with administrative privileges.
Enable the COM+ Network Access and Remote Event Log Management rules in Windows Firewall.
Using Remote Server Administration Tools (RSAT)
You can manage remote servers from any computer running Windows Server 2012.
All the required tools are installed by default.
The new administrative method that Microsoft is promoting urges administrators to keep servers locked away and use a workstation to manage servers from a remote location.
To manage Windows servers from a workstation, you must download and install the Remote Server Administration Tools package
Using Remote Server Administration Tools (continued)
When you install RSAT on a workstation running Windows 8, all the tools are activated by default.
When you launch Server Manager on a Windows workstation, there is no local server, and there are no remote servers to manage until you add some.
Your access to the servers you add depends on the account you use to log on to the workstation.
You can connect to the server using another account by right-clicking it and, from the context menu, selecting Manage As to display a standard Windows Security dialog box, in which you can supply alternative credentials.
Configuring PowerShell Web Access Gateway
The gateway configuration process consists of the following IIS tasks:

Create an application pool for the pswa web application.
Associate the application pool with a website.
Configure the website to use the path to the gateway site files.
Configure the website to use an https binding.
Specify an SSL certificate for the website to use

To configure a test installation of the gateway application on a lab server, you can open an elevated Windows PowerShell session and execute the following command:
This command creates a new application pool for the gateway in IIS and associates it with the Default Web Site. The command also causes the server to generate a self-signed certificate and bind it to the site,
Install-PswaWebApplication -UseTestCertificate
Working with Remote Servers
Server Manager provides three basic methods for addressing remote servers
Contextual tasks:
When you right-click a server in a Servers tile, anywhere in Server Manager, you see a context menu that provides access to tools and commands pointed at the selected server
Non-contextual tasks:
The menu bar at the top of the Server Manager console provides access to internal tasks.
Non-contextual tools:
The console’s Tools menu provides access to external programs.