Remotely Managing Windows 2008 Server Core Firewall

As you already know by now, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection. A third management option is to manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.

Read more about Server Core on my “Understanding Windows Server 2008 Server Core” article.
One of the major pains of managing such a GUI-stripped installation is the configuration of the Windows Advanced Firewall settings. Without properly configuring these rules, you will find it extremely difficult to remotely manage your server.
In this article, I assume that you have already configured your server core with the bare minimum requirements to operate in a network. These requirements are:

  • Configuring an IP address
  • Configuring a server name
  • Configuring an administrator’s password

You should, but are not required to, also join the server to your domain.
All of the above can be accomplished by following the “Configuring Windows Server 2008 Server Core Basic Networking Settings” article.
Next, in order to properly configure Server Core to allow you to control its Firewall settings remotely, via GUI, follow these steps:

Step #1: Enable remote management through the firewall

On your Server Core machine, at a command prompt, type the following:

netsh advfirewall set currentprofile settings remotemanagement enable

This will allow you to control the Firewall’s settings from a remote MMC snap-in.
You can always run the following command in order to disable this option:

netsh advfirewall set currentprofile settings remotemanagement disable

Step #2: Open the Windows Firewall snap-in

  1. On a remote computer running Windows Server 2008 or Windows Vista, click Start > Run, then type MMC and press ENTER.
  2. Click File > Add/Remove Snap-in.
  3. In the Add or remove snap-ins, scroll down till you find the Windows Firewall with advanced security snap-in.
  4. Click Add, then in Another Computer, type the name or IP Address of the Server Core server you want to manage.
  5. After a short loading, if all is ok, you will be presented with the management GUI of the remote server.
  6. You can now create new Firewall rules, enable or disable existing rules, export your settings or disable the Firewall altogether. For example, to enable the rule allowing Remote Desktop connections to the Server Core, go to Inbound Rules. In the results pane scroll down till you find Remote Desktop (Tcp-in), right-click it and choose Enable. Note: You can read more about enabling RDP connections on my “Managing Windows 2008 Server Core through RDP” article.   Another example would be to enable ICMP Echo Replies (or simply put – Ping replies) from the Server Core server, allowing the administrators to test for connectivity issues with the server. To enable the rule allowing ICMP Echo Replies from the Server Core, go to Inbound Rules. In the results pane scroll down till you find File and Printer Sharing (Echo Request – ICMPv4-In), right-click it and choose Enable. Pings to the Server Core server should now work.

You can save the current MMC window for future use. As long as you do not change the settings on step #1, or change the server’s IP Address (if you’ve used an IP Address to connect to it in the first place), it should continue working for as long as you want.

Running Server Core requires manual control of many settings, and without proper Firewall configuration you may find it hard to remotely connect to it. This article showed you how to configure the Server Core server in order to remotely connect and configure the Windows firewall component.

Recent Windows Server 2008 Forum threads

Got a question? Post it on our Windows Server 2008 forums!