Windows

Enable remote server management through a GPO

The ability to manage servers remotely is critical for ease of administration and reducing the number of open remote desktop connections. Rick Vanover shows how to deploy this configuration centrally.

When I wrote my April 2010 tip on how to administer Windows Server Core systems remotely, I didn't give much thought to automating the process. Maybe I didn't see myself using the new Server Manager utility as much or possibly was focused too much on possibly using Windows Firewall centrally through Group Policy for all servers on an internal network. However, when I look at my track record, I use remote server management all the time.

Remote server management is a perfect thing to automate centrally with a Group Policy Object (GPO). It's quite easy to do, though it will go a lot better if you have Windows Firewall set up centrally within Group Policy. I've never used Windows Firewall on internal networks; I've played with ideas and configurations that may have used it, but I never pushed it out to a bunch of servers with a firewall profile for an internal network. In most of my recent environments, especially labs, I've set Windows Firewall to be disabled via Group Policy. If you have that in place, this will be a rather easy addition.

To enable remote management, you need to run a winrm command. This is the running configuration for Windows Remote Management, and the associated Windows service is installed and running automatically with default installations of Windows Server 2008 R2. For one-off systems, simply running winrm quickconfig will enable remote management. If you want to apply it centrally to a number of computer accounts, a GPO is the way to go.

The command to run via a script, applied to a computer account GPO, is winrm quickconfig -q and can be saved as a PowerShell script, a .bat, or a .cmd file. This script can be run to a computer account, and it doesn't require a user to log on to execute this script, which makes security provisioning quite easy. The computer script running winrm would go in Computer Configuration | Policies | Windows Settings | Scripts | Startup (Figure A). Figure A

Click the image to enlarge.

Once the computers apply the GPO (usually on the next boot), remote connections from Server Manager are quite easy.

Do you enable remote management on all servers and deploy it centrally? Share your strategies below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

2 comments
Amruta Patil
Amruta Patil

hey i m final year computer science student and i want to do project on remote disaster data recovery and management... can u help me.. actualy m totally blank that what shud i do first

hodgese
hodgese

I would recommend creating a GPO to edit the settings under Computer Configuration->Policies->Administrative templates->Windows Components->Windows Remote Management (WinRM). You may also have to open the proper firewall ports. This approach has worked well in our environment. Detailed instructions can be found here: http://blog.crayon.no/blogs/janegil/archive/2010/03/04/enable_2D00_and_2D00_configure_2D00_windows_2D00_powershell_2D00_remoting_2D00_using_2D00_group_2D00_policy.aspx