Last Update: Sep 04, 2024 | Published: Aug 19, 2014
I’m a strong advocate of using PowerShell Remoting instead of RDP or Remote Server Administration Tools (RSAT) wherever possible for server administration, but there’s no doubt that GUI management tools still have their place. The first thing you’ll miss if you go the PowerShell route is Server Manager, in particular its dashboard, which gives a graphical overview of servers so you can quickly establish if there are any problems that need attention. In this article, I’ll show you how to manage servers using Server Manager in Windows 8.1.
Server Manager is easy to set up if you have an on premise Active Directory (AD) domain, but if you want to manage standalone servers, servers in the cloud, or run Server Manager on a workgroup PC, then you’ll need to take some extra configuration steps.
The Server Manager Dashboard (Image: Russell Smith)
In this article, I’m going to show you how to configure a Windows Server 2012 R2 Azure virtual machine (VM) so it can be managed using Server Manager from an on-premises PC running Windows 8.1. In this example, there is no VPN in place between the on-premises site and the Azure virtual network. Although this is not a recommended configuration, it might be useful for lab environments or scenarios where security isn’t critical.
The instructions in this article can be adapted to suit any cloud or on-premises server management scenario by removing any steps specific to Azure. If you have a VPN configured between your on-premises LAN and Azure virtual network, then adding servers running in the Azure cloud to Server Manager is no different to adding servers on your local network. For more information on Azure point-to-site VPNs, see Configure Microsoft Azure to Accept Point-to-Site VPN Connections on the Petri IT Knowledgebase.
Server Manager uses the Windows Remote Management (WinRM) protocol over HTTP, not the fully encrypted HTTPS channel that can be configured for PowerShell Remoting. That’s not to say that WinRM over HTTP doesn’t employ any encryption or that credentials will be exposed in clear text, but nevertheless it is intended for use on secure private networks.
If you want access to other remote server administration tools, such as those that can be launched from Server Manager’s Tools menu, including the Active Directory Administrative Center (ADAC) and Active Directory Users and Computers (ADUC), you should install RSAT on a computer that’s joined to the appropriate domain and that has access to domain controllers over a secure private network.
Server Manager remote management is enabled by default in Windows Server 2012, but is disabled in Windows Server if deployed from Azure’s image gallery. To enable Server Manager remote management:
Enable remote management in Server Manager (Image: Russell Smith)
The following steps modify the default WinRM Windows Firewall rules and adds an endpoint to the Azure cloud service configuration hosting the server. This is only required if you do not have a VPN in place between your on-premises LAN and Azure virtual network.
The default firewall rule for WinRM restricts inbound access to devices with IP addresses on the local subnet. If you want to connect using Server Manager over the Internet, we need to change the rule to allow any address or a specific public IP address.
In an elevated PowerShell window, type the following command and press ENTER. I recommend that you replace any with a specific public IP address.
set-netfirewallrule -name "WINRM-HTTP-In-TCP-PUBLIC" –remoteaddress any
I established the exact name for the WinRM inbound rule associated with the Public firewall profile by running the following command:
get-netfirewallrule -policystore activestore | where { $_.DisplayName -eq "Windows Remote Management (HTTP-In)" }
Modify the default WinRM Windows Firewall Rule (Image: Russell Smith)
Azure automatically configures an endpoint for WinRM over HTTPS for PowerShell Remoting when you create a new virtual machine. No endpoint is created for WinRM over HTTP for security reasons, so we will need to add one manually.
Add a WinRM over HTTP endpoint in Azure (Image: Russell Smith)
You can check the status of the operation by clicking NOTIFICATIONS on the left of the portal. It may take a couple of minutes to create the endpoint.
Alternatively, if you have the PowerShell for Azure configured on a management PC, then you can run the following command from an elevated prompt to configure the endpoint, replacing contososrv1 with the name of the cloud service and VM name as appropriate. For more information about configuring PowerShell for Azure, see Setup Windows Azure PowerShell Management.
get-azurevm -servicename "contososrv1" -name "contososrv1" | add-azureendpoint -name "winrm" -protocol "tcp" -publicport 5985 -localport 5985 | update-azurevm
Now the server side has been configured, let’s install and set up Server Manager on the local management PC. In this example I’m installing RSAT on Windows 8.1.
If you plan to launch Server Manager with a standard user account, you will need to manually start the local WinRM service, or set the service startup type to Automatic.
Because we are not using WinRM over HTTPS, or connecting to servers in the same domain as our on premise management PC, we need to add the DNS name of the remote server to the WinRM Trusted Hosts List.
Now we are ready to launch Server Manager and add the remote server.
Add a remote server in Server Manager (Image: Russell Smith)
After a few seconds, the Manageability status under SERVERS should change to Online if Server Manager is able to successfully connect to the server. Any previous errors that occurred prior to adding credentials for the server can be ignored.