Windows 7 / Getting Started

---

Managing Windows Server 2008 Remotely

Windows 2008's built-in feature set allows it to be easily managed remotely. This capability eases administration time, expenses, and energy by allowing administrators to manage systems from remote locations rather than having to be physically at the system.

Remote Server Administration Tools

The Remote Server Administration Tools include a number of tools to manage Windows 2008 remotely. This set of tools replaced the Adminpack.msi set of tools that shipped with previous versions of Windows.

There are different tools for the roles (see Table 20.5) and for the features.

TABLE-5 Remote Server Administration Tools for Roles

Tool	Description
Active Directory Certificate Services Tools	Active Directory Certificate Services Tools includes the Certification Authority, Certificate Templates, Enterprise PKI, and Online Responder Management snap-ins.
Active Directory Domain Services (AD DS) Tools	Active Directory Domain Services Tools includes Active Directory Users and Computers, Active Directory Domains and Trusts, Active Directory Sites and Services, and other snap-ins and command-line tools for remotely managing Active Directory Domain Services.
Active Directory Lightweight Directory Services (AD LDS) Tools	Active Directory Lightweight Directory Services Tools includes Active Directory Sites and Services, ADSI Edit, Schema Manager, and other snap-ins and command-line tools for managing Active Directory Lightweight Directory Services.
Active Directory Rights Management Services (AD RMS) Tools	Active Directory Rights Management Services (AD RMS) Tools includes the Active Directory Rights Management Services (AD RMS) snap-in.
DHCP Server Tools	DHCP Server Tools includes the DHCP snap-in.
DNS Server Tools	DNS Server Tools includes the DNS Manager snapin and dnscmd.exe command-line tool.
Fax Server Tools	Fax Server Tools includes the Fax Service Manager snap-in.
File Services Tools	File Services Tools include the following: Distributed File System Tools includes the DFS Management snap-in, and the dfsradmin.exe, dfscmd.exe, dfsdiag.exe, and dfsutil.exe command-line tools. File Server Resource Manager Tools includes the File Server Resource Manager snap-in, and the filescrn.exe and storrept.exe command-line tools. Services for Network File System Tools includes the Network File System snap-in, and the nfsadmin.exe, showmount.exe, and rpcinfo.exe command-line tools.
Network Policy and Access Services Tools	Network Policy and Access Services Tools includes the Routing and Remote Access and Health Registration Authority snap-ins.
Print Services Tools	Print Services Tools includes the Print Management snap-in.
Terminal Services Tools	Terminal Services Tools includes the TS RemoteApp Manager, TS Gateway Manager, and TS Licensing Manager snap-ins.
Universal Description, Discovery, and Integration (UDDI) Services Tools	UDDI Services Tools includes the UDDI Services snap-in.
Web Server (IIS) Tools	Web Server (IIS) Tools includes the Internet Information Services (IIS) 6.0 Manager and IIS Manager snap-ins.
Windows Deployment Services Tools	Windows Deployment Services Tools includes the Windows Deployment Services snap-in, wdsutil.exe command-line tool, and Remote Install extension for the Active Directory Users and Computers snap-in.

TABLE-6 Remote Server Administration Tools for Features

Tool	Description
BitLocker Drive Encryption Tools	BitLocker Drive Encryption Tools includes the manage-bde.wsf script.
BITS Server Extensions Tools	BITS Server Extensions Tools includes the Internet Information Services (IIS) 6.0 Manager and IIS Manager snap-ins.
Failover Clustering Tools	Failover Clustering Tools includes the Failover Cluster Manager snap-in and the cluster.exe command-line tool.
Network Load Balancing Tools	Network Load Balancing Tools includes the Network Load Balancing Manager snap-in and the nlb.exe and wlbs.exe command-line tools.
SMTP Server Tools	SMTP Server Tools includes the Internet Information Services (IIS) 6.0 Manager snap-in.
WINS Server Tools	Windows Internet Naming Service (WINS) Server Tools includes the WINS snap-in.

The tools are installed as a feature. You can install all the tools or only the specific ones that you need. To install the Remote Server Administration Tools, execute the following steps:

1. Launch Server Manager.
2. Select the Features folder.
3. Click the Add Features link.
4. Locate the Remote Server Administration Tools feature.
5. Select the desired tools (more than one can be selected).
6. Click Next to accept the selected tools.
7. Click Install to install the selected tools.
8. Click Close to exit the wizard.
9. Close the Server Manager window.

After the tools are installed, you can manage remote computers by selecting the Connect to Another Computer command from the Action menu.

Windows Remote Management

Windows Remote Management (WinRM) allows an administrator to run command lines remotely on a target server. When WinRM is used to execute the command remotely, the command executes on the target server and the output of the command is piped to the local server. This allows administrators to see the output of those commands.

The commands run securely, as the WinRM requires authentication and also encrypts the network traffic in both directions.

WinRM is both a service and a command-line interface for remote and local management of servers. The service implements the WS-Management protocol on Windows 2008. WSManagement is a standard web services protocol for management of software and hardware remotely.

In Windows 2008, the WinRM service establishes a Listener on the HTTP and HTTPS ports. It can coexist with Internet Information Services (IIS) and share the ports, but uses the /wsman URL to avoid conflicts. The IIS role does not have to be installed for this to work.

The WinRM service must be configured to allow remote management of the target server and the Windows Firewall must be configured to allow Windows Remote Management traffic inbound. The WinRM service can be configured through GPO or via the WinRM command line. To have the WinRM service listen on port 80 for all IP addresses on the server and to configure the Windows Firewall, execute the following commands on the target server:

1. Select Start, Run.
2. Enter the command winrm quickconfig.
3. Click OK to run the command.
4. Read the output from WinRM. Answer y to the prompt that asks, "Make These Changes [y/n]?"

Now the target server is ready to accept commands. For example, suppose an administrator is logged on to a server dc1.companyabc.com and needs to remotely execute a command on branch office server dc3.companyabc.com. These steps assume that WinRM has been configured and the firewall rule has been enabled. Use the following steps to remotely execute the command:

1. Open a command prompt on DC1.
2. Enter the command winrs -r:http://dc3.companyabc.com ipconfig /all.

The output of the command will be shown on the local server (DC1), in this case the IP configuration of the target server (DC3).

This is particularly useful when executing a command or a set of commands on numerous servers. Rather than having to log on to an RDP session on each server and execute the command, the command can be remotely executed in a batch file against all the target servers.

PowerShell

The powerful new command-line shell is now integrated into Windows 2008. PowerShell is an administrator-focused shell and scripting language that has a consistent syntax that makes it easy to use. It operates on a cmdlet paradigm, which is, in effect, mini commandline tools. The syntax for the cmdlets is the same as for the PowerShell scripting language, reducing the learning curve of the administrator.

PowerShell can run its own scripts and cmdlets, as well as legacy scripts such as VBScript (.vbs), batch files (.bat), and Perl scripts (.perl). The shell can even run Windows-based command-line tools. Many of Microsoft's new applications, such as Microsoft Exchange 2007 and System Center Operations Manager 2007, are integrated with PowerShell and add a host of cmdlets to help automate administration.