Configure Servers for Remote Management
Remote management is better suited and revised to simplify remote management
Can use Server Manager to manage multiple servers
All servers and server groups where you pick the servers in the group
Can multiselect servers to perform same action on multiple servers
Add servers from AD, DNS (Name or IP), and can import from file
WMI provides administrative interface to scripts, programs and built-in Windows tools
WMI provides administrative interface to scripts, programs and built-in Windows tools
Passed to Distributed Component Object Model (DCOM) or Windows Remote Managment (WinRM).
WinRm is implementation of independent standard called WS-Management Protocol
MMC and Computer Management rely on WMI over DCOM
Movement towards WinRM tools over DCOM
PowerShell and RemoteShell are notable tools that use WinRM
WinRM starts automatically by default in 2008 and 2012 Servers
Uses ports 5985 HTTP or 5986 HTTPS
Requires a listener on the remote server
Can configure it all by running winrm quickconfig on server you want to manage
On 2012 WinRM is enabled by default
Reenable Remote Management from command prompt-- configure-SMRemoting.exe -disable (enable)
Can use sconfig enables WinRM Remote based only
Local administrators except the built-in account may not have rights to manage remotely
LocalAccountTokenFilterPolicy registry settings must be configured to allow other administrators to manage
For 2008 must install .Net 4 and Windows Management Framework 3.0
Update 2682011 enables server manager to collect performance data
Group Policy is the most efficient way to configure remote management on multiple servers
Can achieve two things--create WinRM listeners on IP address ranges and create inbound firewall rules to allow WinRm and DCOM
Policy Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management
Select WinRM service
Double click Allow Remote Server Management Through WinRM
In the IPv4 and IPv6 filter boxes, type in the IP addresses you want to allow remote access.
Next do Firewall
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Secuirty\Windows Firewall
Select Remote Event Log Management from predefined.
WinRm is implementation of independent standard called WS-Management Protocol
MMC and Computer Management rely on WMI over DCOM
Movement towards WinRM tools over DCOM
PowerShell and RemoteShell are notable tools that use WinRM
WinRM starts automatically by default in 2008 and 2012 Servers
Uses ports 5985 HTTP or 5986 HTTPS
Requires a listener on the remote server
Can configure it all by running winrm quickconfig on server you want to manage
On 2012 WinRM is enabled by default
Reenable Remote Management from command prompt-- configure-SMRemoting.exe -disable (enable)
Can use sconfig enables WinRM Remote based only
Local administrators except the built-in account may not have rights to manage remotely
LocalAccountTokenFilterPolicy registry settings must be configured to allow other administrators to manage
For 2008 must install .Net 4 and Windows Management Framework 3.0
Update 2682011 enables server manager to collect performance data
Group Policy is the most efficient way to configure remote management on multiple servers
Can achieve two things--create WinRM listeners on IP address ranges and create inbound firewall rules to allow WinRm and DCOM
Policy Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management
Select WinRM service
Double click Allow Remote Server Management Through WinRM
In the IPv4 and IPv6 filter boxes, type in the IP addresses you want to allow remote access.
Next do Firewall
Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Secuirty\Windows Firewall
Select Remote Event Log Management from predefined.
No comments:
Post a Comment