Microsoft Server 2008 R2 Remote Server Administration
Dec 27, 2015
Microsoft Server 2008 R2
Remote Server Administration
Remote Server Administration
• Remote Desktop Services• Remote Desktop Connection• Remote Desktop Protocol• Remote Assistance• Remote Server Administration T0ols.
Remote Desktop for Administration
• Default implementation of Remote Desktop Services (formerly known as Terminal Services in 2003 ((formerly formerly known as Terminal Services-Remote Administration Mode in Server 2000))
• Two administrators can be logged onto a server a the same time performing remote administration
Remote Desktop for Administration
• It’s also possible to configure a server as a Remote Desktop Session Host server so that it can run desktop applications for remote users.– This is Terminal Services renamed!
• Two primary tools used for RDA are:– Remote Desktop Connection– Remote Desktop
Remote Desktop for Administration
• Three options1. Don’t allow Connections to this computer: Obvious2. Allow connections from computers running any version of
Remote Desktop (less secure): will allow RDC connections from clients older than 6.0. Supports users connecting via XP with older RDC.
3. Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure): RDC 6.0 or higher available on Vista and Windows 7, can be installed on XP running SP2 or later.
Remote Desktop for Administration
Remote Desktop for Administration
• When enabled, an exception is automagically created in the firewall on the local system.– Still uses port 3389
• Can be launched via command line or Run line by using mstsc.exe
Mstsc.exe /v:svreddc1 Connect to server named svreddc1
Mstsc.exe /f Connect in full screen mode
Mstsc.exe /span Connect utilizing multiple monitors
Remote Desktops
• A tool used to connect to remote computers• Allows you to connect to multiple computers
at the same time and switch between connections
• Can run one instance of the program with multiple connections versus only one connection in RDC.
• Must add feature through Remote Server Administration Tools
Remote Desktops
Remote Assistance
• Used to be primarily used for desktop systems• Not enabled by default on 2008 R2• Useful for remote office support for servers• Allows for remote control of system• Generates invitation with password that can’t
be changed.
Remote Assistance
Windows Remote Management Services
• Windows Remote Management Services (WinRM) will allow you to issue any command-line command from one computer against another. It utilizes two commands– The WinRM tool is executed on the remote server and
enables the server to listen and respond to WinRS requests
– The WinRS tool is executed from the command line on a desktop or other server accessed by an administrator. It allows the administrator to execute any command-line commands against the remote server
Windows Remote Services
• Enabling WinRM– It is not enabled by default.– RD Gateway enables WinRM– Enabled by doing the following:
– Prompts to allow following changes• Create WinRM listener on http://* to access WS-Man
requests to any IP on this machine• Enable the WinRM firewall exception• Configure LocalAccountTokenFilterPolicy to grant
administrative rights remotely to local users.
C:\WinRM quickconfig
Windows Remote Services
C:\WinRM enumerate WinRM/config/listener
Verify settings by typing:
Windows Remote Services
• Connect to server by typing:
C:\winrs –r:servername command
C:\winrs –r:w2k8r201 cmd
Remote Server Administration Tools
• RSAT replaces adminpack.• Available in 32bit and 64bit• Full access to administer network at your
desktop• Must be added after installation through
ProgramsAdd Windows Features• Can be used to administer 2003 domains, but
cannot use Active Directory Administrative Center inherently. Requires secure web services.
Questions