U-Tools: Unique Tools for Windows System Administrators
U-Move Help
Menu

Enable Remote Management (server side)

To remotely manage the new server you will need to grant permission to access the new server for Remote Administration.

On the new server open a PowerShell administrative console and type,

  Enable-NetFirewallRule -DisplayGroup "File and Printer Sharing"
  Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"
  Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Remote Desktop is optional.

If you installed a non-English edition of Windows Server, type the following commands instead:

  Enable-NetFirewallRule -DisplayGroup "@FirewallAPI.dll,-28502"
  Enable-NetFirewallRule -DisplayGroup "@FirewallAPI.dll,-29252"
  Enable-NetFirewallRule -DisplayGroup "@FirewallAPI.dll,-28752"

Capitalization is not important.

To enable the Remote Desktop service, hold down the Windows Logo key and press R. Type control and click Ok to open the Control Panel. Click on System and Security -> System -> Remote Settings (left). Click on the tab Remote, and under Remote Desktop select Allow connections and click Ok.

Windows Server Core: To start the Remote Desktop service, type

  • Type sconfig
  • Select menu item 7 (Remote Desktop).
    • Select option E (Enable).
    • Select the level of authentication (High or Low).

You will not be able to remotely access Task Scheduler, Device Manager, Windows Firewall, Performance Logs, or Disk Management until after you have loaded Active Directory into the new computer. To remotely manage these services requires domain membership.

Set LocalAccountTokenFilterPolicy

If the server is not a member of a domain, the User Account Control (UAC) system will prevent you from remotely managing the server with a local administrator account (except for the built-in Administrator account). If you want to remotely manage the computer using a local administrative user logon account, you will need to set the LocalAccountTokenFilterPolicy to 1 in the registry:

  New-ItemProperty -Name LocalAccountTokenFilterPolicy -path ↵
     HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System ↵
     -propertyType DWord -value 1

How to add the new server to Server Manager

To add the new server to Server Manager so that you can remotely manage it, use the following procedure:

  1. Do the steps in Enable Remote Management (client side). This is required to authorize non-Kerberos network connections to unknown servers.
  2. Click on Manager (top) -> Add Servers.
  3. Click on the tab DNS. In the box Search type in the name or Internet address of the new server, then click on the spyglass icon (right).
  4. Click on the > arrow (middle) to select the server and click Ok.
  5. Server Manager will warn about a “Kerberos target resolution error”. This is normal. To supply the logon credentials, right-click on the new server name and select Manage As ....
  6. Type in the user name MyServer\Administrator where MyServer is the true name of the computer (not the Internet address), and Administrator is the name of the Administrator user account. Type in the password. Check the box Remember my credentials and click Ok. If done correctly, the red Kerberos warning message will disappear.

To test connectivity, right-click on the server name and select Computer Management.

For more information

See Add Servers to Server Manager (Microsoft Docs).

Windows Server 2008 R2: Open an administrative console and type,

  netsh advfirewall firewall set rule ↵
     group="File and Printer Sharing" new enable=yes
  netsh advfirewall firewall set rule ↵
     group="Remote Event Log Management" new enable=yes
  netsh advfirewall firewall set rule ↵
     group="Remote Desktop" new enable=yes

Remote Desktop is optional.

If you installed a non-English edition of Windows Server, type the following commands instead:

  netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28502" ↵
     new enable=yes
  netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29252" ↵
     new enable=yes
  netsh advfirewall firewall set rule group="@FirewallAPI.dll,-28752" ↵
     new enable=yes

Capitalization is not important.

To start the Remote Desktop service, hold down the Windows Logo key and press R. Type control and click Ok to open the Control Panel. Click System and Security -> System -> Remote Settings (left). Click on the tab Remote, and under Remote Desktop select Allow connections and click Ok.

Windows Server 2008 Core: To start the Remote Desktop service, type

  scregedit.wsf /ar 0

If the new computer is running Windows Server 2008 R2 and you wish to manage it with Server Manager, type

  Enable-PSRemoting
  Configure-SMRemoting.ps1 -Enable

You will not be able to remotely access Task Scheduler, Device Manager, Windows Firewall, Performance Logs, or Disk Management until after you have loaded Active Directory into the new computer. To remotely manage these services requires domain membership.

For more information

See also Enable Remote Server Management (client side).

U-Move for Active Directory
U-Move for Active DirectoryU-Move for Active Directory
Backing Up Active DirectoryBacking Up Active Directory
Restoring Active DirectoryRestoring Active Directory
Cloning Active DirectoryCloning Active Directory
Upgrading Active DirectoryUpgrading Active Directory
Remote Use and ScriptingRemote Use and Scripting
Remote Server ManagementRemote Server Management
Enable Remote Management (client side)Enable Remote Management (client side)
Enable Remote Management (server side)Enable Remote Management (server side)
AD Consulting and Repair ServiceAD Consulting and Repair Service
AD Recovery ServiceAD Recovery Service
Error MessagesError Messages