I’m trying to setup a Sandbox environment for playing with Active Directory things for testing.
I’d like to have all servers virtualized and only one of them with a GUI for lower resource usage.
To make things easier, I’d rather the one server with a GUI be the one I manage the other servers from. I realize I could do the same from a Windows 10 machine with the Remote Management tools installed, but having a server available to do it with as well would be ideal.
My question is really: Is this how I’m supposed to be enabling this functionality on Server 2012/2016?
I’m finding that I have to do the following things to allow Remote Volume Management, as an example:
- Add Firewall exceptions for the Remote Volume Management inbound connections (RPC-EPMAMP and RPC) on the client.
- Do the same for the server managing the client.
There are firewall groups for these specific things. As an example:
But there isn’t one for all of them combined. Meaning I’d have to manually create firewall exceptions for each individual grouping on both the managing server and the managed server.
Then there’s the WinRM (WIndows Remote Management) console and I’m not even sure if that’s the same thing.
I assume it’s not.
I’ve elected to use Group Policy Objects so I can make this easier, but I’d like to make as few changes as possible to achieve what I want for security and management reasons.
My goal is to just go into the managing server with the GUI, go to All Servers (as it’s running Server 2012/2016), right click the server I want to manage, then go to Computer Management and make changes there.
Why isn’t this just one tick box? Why is enabling this kind of management so tedious? Is there an easier way? Am I overtaking the plumbing?
I understand atomizing it into individual things, but since they’re all so related in being aspects of Remote Management, I would expect a big “enable all of it” option.
Enabling Remote Management on the individual servers themselves, since that is an option, doesn’t do as I wish. For example:
Apparently it’s enabled, but this doesn’t let me Remote Volume Management. I had to specifically enable firewall rules for that on the Domain.
It’s all very unintuitive given that the options don’t enable the things I’d expect them to, and that there are multiple things that don’t seem to relate. i.e. Windows Remote Management VS the individual Remote Management options.
