Remotely Manage Devices in Windows 2008 Server Core
As I wrote in previous Windows Server 2008 articles, a Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles. You can read more about Server Core in the “What’s Related” section at the bottom of this page.
Getting to the point of this article, remotely managing Server Core is not as hard as it seems. You can read more about it on several of my articles, but the point is that most things can be done remotely by using the regular MMC-based snap-in Administration tools, WinRM and WinRS, and even through Remote Desktop.
This article focuses on remote administration via the MMC-based Administration tools. In order to get these to work across the network you will need to run the following command on the server core machine (or on any other Windows Server 2008 server for that matter):
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
netsh advfirewall firewall set rule group=“remote administration” new enable=yes
The above command will allow for most remote management tools to work out-of-the-box. However, in addition to allowing the MMC snap-ins through the firewall, using Device Manager remotely requires additional configuration. If you don’t perform the following steps you will end up with this error:
Running Device Manager remotely
To allow Device Manager to connect to a remote computer, you must first enable the “Allow remote access to the PnP interface” setting on the target computer’s Local Group Policy.
1. On a Windows Vista or Windows Server 2008 installation, start the Group Policy Object MMC snap-in by typing MMC in the Run box and pressing Enter.
2. In the Add or Remove Snap-Ins window, scroll to find Group Policy Object Editor, and click Add.
3. In the Select Group Policy Object window, click Browse.
4. In the Browse for Group Policy Object window, click Another Computer, and either type or browse for the remote server core machine.
5. In the Select Group Policy Object window, click Finish.
6. In the Add or Remove Snap-Ins window click Ok.
7. In the Group Policy of the remote computer, navigate to Computer Configuration -> Administrative Templates -> System -> Device Installation.
8. Enable the Allow remote access to the PnP interface setting.
9. Close the MMC console (you don’t have to save it, but you can if you want to).
10. Restart the Server Core installation.
Now you can connect to the remote server core machine and manage its devices by using Device Manager.
1. Open Computer Management through the Administrative Tools folder.
2. Right-click Computer Management and select Connect to another computer.
3. In the Select computer window, type or browse to the remote server core computer. Click Ok.
4. Expand System tools -> Device Manager. Note that now you can perform changes on the listed devices.
And that’s it! You are done!