Windows
Server 2008 R2’s built-in feature set allows it to be easily managed
remotely. This capability reduces administration time, expenses, and
energy by allowing administrators to manage systems from remote
locations rather than having to be physically at the system.
Server Manager Remote Management
New to Windows Server 2008 R2
is the Server Manager Remote Management, which allows the Server Manager
console to remotely manage another server. This makes available all the
features of Server Manager to the remote computer, allowing
administrators to easily manage Windows Server 2008 R2 servers from a
central location.
Server Manager Remote
Management is disabled by default. This is a security feature, much like
Remote Desktop, and so Windows Server 2008 R2 defaults to a more secure
state out of the box. To enable the Server Manager Remote Management,
execute the following steps:
1. | Launch Server Manager.
|
2. | Click on the Configure Server Manager Remote Management link.
|
3. | Select the Enable Remote Management of This Server from Other Computers check box.
|
4. | Click OK.
|
Now the system is ready to
accept connections from remote Server Manager consoles. To connect to a
remote computer with the Server Manager console, right-click on the
Server Manager root and select Connect to Another Computer. Enter the remote computer name and click OK.
Remote Server Administration Tools
The Remote Server
Administration Tools include a number of tools to manage Windows Server
2008 R2 remotely. This set of tools replaced the Adminpack.msi set of tools that shipped with Windows Server 2003.
There are different tools for the roles (see Table 1) and for the features (see Table 2).
Table 1. Remote Server Administration Tools for Roles
| Tool | Description |
|---|
| Active Directory Certificate Services Tools | Active
Directory Certificate Services Tools include the Certification
Authority, Certificate Templates, Enterprise PKI, and Online Responder
Management snap-ins. |
| Active Directory Domain Services (AD DS) Tools | Active
Directory Domain Services Tools include Active Directory Users and
Computers, Active Directory Domains and Trusts, Active Directory Sites
and Services, and other snap-ins and command-line tools for remotely
managing Active Directory Domain Services. |
| Active Directory Lightweight Directory Services (AD LDS) Tools | Active
Directory Lightweight Directory Services Tools include Active Directory
Sites and Services, ADSI Edit, Schema Manager, and other snap-ins and
command-line tools for managing Active Directory Lightweight Directory
Services. |
| Active Directory Rights Management Services (AD RMS) Tools | Active
Directory Rights Management Services (AD RMS) Tools includes the Active
Directory Rights Management Services (AD RMS) snap-in. |
| DHCP Server Tools | DHCP Server Tools include the DHCP snap-in. |
| DNS Server Tools | DNS Server Tools include the DNS Manager snap-in and dnscmd.exe command-line tool. |
| Fax Server Tools | Fax Server Tools include the Fax Service Manager snap-in. |
| File Services Tools | File Services Tools include the following: Distributed File System Tools, which include the DFS Management snap-in, and the dfsradmin.exe, dfscmd.exe, dfsdiag.exe, and dfsutil.exefilescrn.exe and storrept.exenfsadmin.exe, showmount.exe, and rpcinfo.exe command-line tools. command-line tools. File Server Resource Manager Tools include the File Server Resource Manager snap-in, and the command-line tools. Services for Network File System Tools include the Network File System snap-in, and the |
| Hyper-V Tools | Hyper-V Tools include the snap-ins and tools for managing the Hyper-V role. |
| Network Policy and Access Services Tools | Network Policy and Access Services Tools include the Routing and Remote Access and Health Registration Authority snap-ins. |
| Print and Document Services Tools | Print Services Tools include the Print Management snap-in. |
| Remote Desktop Services Tools | Remote Desktop Services Tools include the TS RemoteApp Manager, TS Gateway Manager, and TS Licensing Manager snap-ins. |
| Web Server (IIS) Tools | Web Server (IIS) Tools include the Internet Information Services (IIS) 6.0 Manager and IIS Manager snap-ins. |
| Windows Deployment Services Tools | Windows Deployment Services Tools include the Windows Deployment Services snap-in, wdsutil.exe command-line tool, and Remote Install extension for the Active Directory Users and Computers snap-in. |
Table 2. Remote Server Administration Tools for Features
| Tool | Description |
|---|
| BitLocker Drive Encryption Tools | BitLocker Drive Encryption Tools include the manage-bde.wsf script. |
| BITS Server Extensions Tools | BITS Server Extensions Tools include the Internet Information Services (IIS) 6.0 Manager and IIS Manager snap-ins. |
| Failover Clustering Tools | Failover Clustering Tools include the Failover Cluster Manager snap-in and the cluster.exe command-line tool. |
| Network Load Balancing Tools | Network Load Balancing Tools include the Network Load Balancing Manager snap-in and the nlb.exe and wlbs.exe command-line tools. |
| SMTP Server Tools | SMTP Server Tools include the Internet Information Services (IIS) 6.0 Manager snap-in. |
| WINS Server Tools | Windows Internet Naming Service (WINS) Server Tools include the WINS snap-in. |
The tools are installed as a
feature. You can install all the tools or only the specific ones that
you need. To install the Remote Server Administration Tools, execute the
following steps:
1. | Launch Server Manager.
|
2. | Select the Features folder.
|
3. | Click the Add Features link.
|
4. | Locate the Remote Server Administration Tools feature.
|
5. | Select the desired tools (more than one can be selected).
|
6. | Click Next to accept the selected tools.
|
7. | Click Install to install the selected tools.
|
8. | Click Close to exit the wizard.
|
9. | Close the Server Manager window.
|
After the tools are
installed, you can manage remote computers by selecting the Connect to
Another Computer command from the Action menu.
Windows Remote Management
Windows Remote Management
(WinRM) enables an administrator to run command lines remotely on a
target server. When WinRM is used to execute the command remotely, the
command executes on the target server and the output of the command is
piped to the local server. This allows administrators to see the output
of those commands.
The commands run securely, as the WinRM requires authentication and also encrypts the network traffic in both directions.
WinRM is both a service
and a command-line interface for remote and local management of servers.
The service implements the WS-Management protocol on Windows Server
2008 R2. WS-Management is a standard web services protocol for
management of software and hardware remotely.
In Windows Server 2008 R2,
the WinRM service establishes a Listener on the HTTP and HTTPS ports. It
can coexist with Internet Information Services (IIS) and share the
ports, but uses the /wsman URL to avoid conflicts. The IIS role does not
have to be installed for this to work.
The WinRM service must be
configured to allow remote management of the target server and the
Windows Firewall must be configured to allow Windows Remote Management
traffic inbound. The WinRM service can be configured through GPO or via
the WinRM command line. To have the WinRM service listen on port 80 for
all IP addresses on the server and to configure the Windows Firewall,
execute the following commands on the target server:
1. | Select Start, Run.
|
2. | Enter the command winrm quickconfig.
|
3. | Click OK to run the command.
|
4. | Read the output from WinRM. Answer y to the prompt that asks: “Make These Changes [y/n]?”
|
Now the target server is
ready to accept commands. For example, suppose an administrator is
logged on to a server dc1.companyabc.com and needs to remotely execute a
command on branch office server dc3.companyabc.com. These steps assume
that WinRM has been configured and the firewall rule has been enabled. Use the following steps to remotely execute the command:
1. | Open a command prompt on DC1.
|
2. | Enter the command winrs –r: dc3.companyabc.com ipconfig /all.
|
The output of the command will be shown on the local server (DC1)—in this case, the IP configuration of the target server (DC3).
This is particularly useful when
executing a command or a set of commands on numerous servers. Rather
than having to log on to an RDP session on each server and execute the
command, the command can be remotely executed in a batch file against
all the target servers.
PowerShell
The powerful new
command-line shell is now integrated into Windows Server 2008 R2.
PowerShell 2.0 is an administrator-focused shell and scripting language
that has a consistent syntax that makes it easy to use. It operates on a
cmdlet paradigm, which is, in effect, mini command-line tools. The
syntax for the cmdlets is the same as for the PowerShell scripting
language, reducing the learning curve of the administrator. In the
Windows Server 2008 R2, the PowerShell 2.0 allows for shells to run
against remote systems. This enables administrators to execute cmdlets
and scripts across the organization from a central console.
PowerShell can run its own scripts and cmdlets, as well as legacy scripts such as VBScript (.vbs), batch files (.bat), and Perl scripts (.perl).
The shell can even run Windows-based command-line tools. Many of
Microsoft’s new applications, such as Microsoft Exchange 2010 and System
Center Operations Manager 2007 R2, are integrated with PowerShell and
add a host of cmdlets to help automate administration.
Print Management Console
The Print Management
console enables administrators to manage printers across the enterprise
from a single console. It shows the status of printers on the network.
It also allows the control of those printers, such as the following:
Many of the operational controls support multiselecting printers, so that the commands can be run against many printers at once.
The
Print Management console is available within the Server Manager console
or as a standalone tool. Server Manager is the preferred method of
accessing the Print Management console, as it will also manage the role
and provide event messages and other operational information.
The Print Management console
supports printers running on a wide variety of operating systems,
including Windows Server 2008 R2, Windows 7, Windows Server 2008,
Windows Vista, Windows Server 2003, Windows XP, and even Windows 2000.
