Configuring the Firewall on Server Core for Remote Management

Configuring the Firewall on Server Core for Remote Management

  • Comments 15
  • Likes

Just like on a full server installation, the firewall is on by default in a Server Core installation and most inbound traffic is blocked at the end of setup. There are then three scenarios for remote management via MMC: 

  1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, you can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
  2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
  3. Workgroup server – This is the scenario in which you may need to make firewall configuration changes to allow remote management. If you just want all remote management to work you can use:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
 
However, it is possible to be more granular and only allow certain MMC snap-ins to remotely manage the box. I’ll talk more about that in my next post.

 

Note that the other methods of remote management are either enabled out of the box, such as WMI, or when enabled the firewall is configured to allow them, such as Terminal Server remote administration mode.

Comments
  • PingBack from http://geeklectures.info/2008/01/02/configuring-the-firewall-on-server-core-for-remote-management/

  • Andrew,

    When I add

    'Netsh advfirewall firewall set rule group=“remote administration” new enable=yes'

    I get an error 'Group cannot be specified along with other identification conditions.'

    I originally had 'netsh firewall set opmode disable' set and even once I change back to 'netsh firewall set opmode enable' and run your command above I am still shown the same error message.

    Any ideas? or should it have something to do with 'netsh advfirewall set currentprofile settings remotemanagement enable' via the TechNet document <a href="http://technet2.microsoft.com/windowsserver2008/en/library/47a23a74-e13c-46de-8d30-ad0afb1eaffc1033.mspx?mfr=true">here</a>

    Cheers,

    Stephen Edgar

  • Hmm, what build was this on? I just tried this on a recent build, clean installation, and it ran without any errors. I then disabled the remote administration rules, ran the 'netsh firewall set opmode disable' and tried it again and it worked without errors.

    I notice in my post and your comment that the quotation marks have been changed to the fancy angle quotes. If you copied and pasted into a TS window, did the quotes appear correctly as basic/plain quotes? (not sure the right terms here).

    Btw, the step by step guide is in the process of being updated with this information as well as what I'm working on for my next post.

    Andrew

  • Remote management of Server Core installations helps you. It prevents you from having to struggle with

  • NetWeb, run your command again without copying and pasting from Technet.  I hit the same problem and it looks like the double quotes might be part of a different character set.  

    Worked fine when I just typed it.

    Tony

  • If anyone encounters the same error as NetWeb (first post), then this is your solution:

    I had the same error, but I copy and pasted the command in from a webpage, and the quotes must have been Microsoft Word style quotes. I deleted the quotes, replaced them with a new "-quote, re-ran the command, and success!

    I was looking for a solution and came across this page, so I assume that more people will visit this page because they are looking for a solution. :)

  • I had have the same problem and the solution of murrato1 resolve it !

    Tank you.

  • I had have the same problem and the solution of murrato1 resolve it !

    Thank you.

  • Thank you for posting this blog. it really help me alot.. very informative blog I should say..  thanks for your tips! God bless!

    <a href="http://www.searchsense.net">orange county seo</a>

  • I had the same problem with 'Group cannot be specified along with other identification conditions.' Murrato1 solved it. Thank you.

  • Have the following error when entering the "netsh advfirewall" command:

    "No rules match the specified criterie"

    -> OS: Windows Hyper-V 2012 Core

  • Doesn't work in Hyper-V 2012, got error: "No rules match the specified criteria."

  • Also the same problemen "'Group cannot be specified along with other identification conditions", re-type the quotes worked for mee

  • Same issue as with dataCore, running Hyper-v 2012 R2 Server

  • If you get the error "No rules match the specified criteria." it mean the group has not been created for some odd reason.

    if you run "netsh firewall set service type=remoteadmin mode=enable" it will create the group and then you can rerun the command.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment