Microsoft

Managing local group policy on Windows Server 2008 Core Edition

To access group policy on Windows Server 2008 Core Edition, most situations can be addressed by a domain group policy configuration. Occasionally, local objects may need to exist. Rick Vanover explains how to get it done.

In Windows Server 2008 Core Edition, you can manage the group policy remotely through a MMC snap-in. To configure this, you'll need to go through a few hoops. First, get a MMC snap-in pointed to the Windows Server 2008 Core Edition server. For a default configuration, you'll need to configure Windows firewall to allow this traffic. This command will stop Windows firewall:

netsh advfirewall set allprofiles state off

When the Group Policy configurations are finished, run this command to turn firewall back on:

netsh advfirewall set allprofiles state on
From a remote system, run MMC.exe, add the Group Policy Object, and point it to a remote system. Figure A shows a remote system being pointed by TCP/IP address. Figure A

Figure A

Click image to enlarge.

Once saved, the local console can interact with the remote group policy configuration of the core server. This can work in conjunction with a domain-based Group Policy configuration if applicable. Be sure not to overlap, as the domain configuration will override a local configuration by re-application. Permissions need to be in place for this to work correctly. This can include using domain-based credentials or passing administrative credentials manually with the 'net use' command.

The snap-in can be saved for future use, making it easier to access the core server's local Group Policy easier. Figure B shows the snap-in being saved for the core server. Figure B

Figure B

Click image to enlarge.

Remember to turn the Windows firewall on if you turned it off. Now you're finished!

It would be best to keep MMCs for the local Group Policy configuration of Windows core servers by computer name or IP address and store centrally for other administrators to access if required. This can save setup time for frequent access.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About Rick Vanover

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

Editor's Picks

Free Newsletters, In your Inbox