Server Core

Configuring the Firewall on Server Core for Remote Management

Just like on a full server installation, the firewall is on by default in a Server Core installation and most inbound traffic is blocked at the end of setup. There are then three scenarios for remote management via MMC: 

  1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, you can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
  2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
  3. Workgroup server – This is the scenario in which you may need to make firewall configuration changes to allow remote management. If you just want all remote management to work you can use:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
 
However, it is possible to be more granular and only allow certain MMC snap-ins to remotely manage the box. I’ll talk more about that in my next post.

 

Note that the other methods of remote management are either enabled out of the box, such as WMI, or when enabled the firewall is configured to allow them, such as Terminal Server remote administration mode.

Published Wednesday, January 02, 2008 4:41 PM by amason

Comments

 

Geek Lectures - Things geeks should know about » Blog Archive » Configuring the Firewall on Server Core for Remote Management said:

PingBack from http://geeklectures.info/2008/01/02/configuring-the-firewall-on-server-core-for-remote-management/

January 2, 2008 8:20 PM
 

Netweb said:

Andrew,

When I add

'Netsh advfirewall firewall set rule group=“remote administration” new enable=yes'

I get an error 'Group cannot be specified along with other identification conditions.'

I originally had 'netsh firewall set opmode disable' set and even once I change back to 'netsh firewall set opmode enable' and run your command above I am still shown the same error message.

Any ideas? or should it have something to do with 'netsh advfirewall set currentprofile settings remotemanagement enable' via the TechNet document <a href="http://technet2.microsoft.com/windowsserver2008/en/library/47a23a74-e13c-46de-8d30-ad0afb1eaffc1033.mspx?mfr=true">here</a>

Cheers,

Stephen Edgar

January 8, 2008 8:13 AM
 

amason said:

Hmm, what build was this on? I just tried this on a recent build, clean installation, and it ran without any errors. I then disabled the remote administration rules, ran the 'netsh firewall set opmode disable' and tried it again and it worked without errors.

I notice in my post and your comment that the quotation marks have been changed to the fancy angle quotes. If you copied and pasted into a TS window, did the quotes appear correctly as basic/plain quotes? (not sure the right terms here).

Btw, the step by step guide is in the process of being updated with this information as well as what I'm working on for my next post.

Andrew

January 9, 2008 6:37 PM
 

The things that are better left unspoken said:

Remote management of Server Core installations helps you. It prevents you from having to struggle with

April 3, 2008 5:32 AM
Anonymous comments are disabled

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
 Microsoft
Page view tracker