Managing Roles, Role Services, and FeaturesWhen you want to manage server configurations, you’ll primarily use Server Manager to manage roles, role services, and features. Not only can you use Server Manager to add or remove roles, role services, and features, but you can also use Server Manager to view the configuration details and status for these software components. Show
Performing Initial Configuration TasksServer Manager is your central management console for the initial setup and configuration of roles and features. Not only can Server Manager help you quickly set up a new server, the console also can help you quickly set up your management environment. Normally, Windows Server 2012 automatically starts Server Manager whenever you log on and you can access Server Manager on the desktop. If you don’t want the console to start each time you log on, tap or click Manage and then tap or click Server Manager Properties. In the Server Manager Properties dialog box, select Do Not Start Server Manager Automatically At Logon and then tap or click OK. As Figure 2-1 shows, Server Manager’s default view is the dashboard. The dashboard has quick links for adding roles and features to local and remote servers, adding servers to manage, and creating server groups. You’ll find similar options are on the Manage menu:
Figure 2-1 Use the dashboard for general administration. In Server Manager’s left pane (also referred to as the console tree), you’ll find options for accessing the dashboard, the local server, all servers added for management, and server groups. When you select Local Server in the console tree, as shown in Figure 2-2, you can manage the basic configuration of the server you are logged on to locally.
Figure 2-2 Manage the properties of the local server. Information about the local server is organized into several main headings, each with an associated management panel:
The Properties panel is where you perform much of your initial server configuration. Properties available for quick management include the following:
Server Manager Essentials and BinariesThe Server Manager console is designed to handle core system administration tasks. You’ll spend a lot of time working with this tool, and you should get to know every detail. By default, Server Manager is started automatically. If you closed the console or disabled automatic startup, you can open the console by tapping or clicking the related option on the taskbar. Alternatively, another way to do this is by pressing the Windows key, typing ServerManager.exe into the Apps Search box, and then pressing Enter. Server Manager’s command-line counterpart is the ServerManager module for Windows PowerShell. When you are logged on to Windows Server 2012, this module is imported into Windows PowerShell by default. Otherwise, you need to import the module before you can use the cmdlets it provides. You import the ServerManager module by entering Import-Module ServerManager at the Windows PowerShell prompt. Once the module is imported, you can use it with the currently running instance of Windows PowerShell. The next time you start Windows PowerShell, you need to import the module again if you want to use its features. At a Windows PowerShell prompt, you can obtain a detailed list of a server’s current state with regard to roles, role services, and features by typing get-windowsfeature. Each installed role, role service, and feature is highlighted and marked as such, and a management naming component in brackets follows the display name of each role, role service, and feature. By using Install-WindowsFeature or Uninstall-WindowsFeature followed by the management name, you can install or uninstall a role, role service, or feature. For example, you can install Network Load Balancing by entering install-windowsfeature nlb. You can add –includeallsubfeature when installing components to add all subordinate role services or features. Management tools are not included by default. To add the management tools, add -includemanagementtools when installing components. Binaries needed to install roles and features are referred to as payloads. With Windows Server 2012, payloads are stored in subfolders of the %SystemDrive%\Windows\WinSXS folder. Not only can you uninstall a role or feature, but you also can uninstall and remove the payload for a feature or role using the –Remove parameter of the Uninstall-WindowsFeature cmdlet. Subcomponents of the role or feature are removed as well. To also remove management tools, add the -includeallmanagementtools parameter. When you want to install a role or feature, you can install the related components and restore any removed payloads for these components using the Install-WindowsFeature cmdlet. By default, when you use Install-WindowsFeature, payloads are restored via Windows Update. In the following example, you restore the AD DS binaries and all related subfeatures via Windows Update: install-windowsfeature -name ad-domain-services -includeallsubfeature You can use the –Source parameter to restore a payload from a Windows Imaging (WIM) mount point. For example, if your enterprise has a mounted Windows Image for the edition of Windows Server 2012 you are working with available at the network path \\ImServer18\WinS12EE, you could specify the source as follows: install-windowsfeature -name ad-domain-services -includeallsubfeature -source \\imserver18\wins12ee Keep in mind that the path you specify is only used if required binaries are not found in the Windows Side-By-Side folder on the destination server. While many large enterprises might have standard images that can be mounted using network paths, you also can mount the Windows Server 2012 distribution media and use the Windows\WinSXS folder from the installation image as your source. To do this, follow these steps:
Group Policy can be used to control whether Windows Update is used to restore payloads and to provide alternate source paths for restoring payloads. The policy you want to work with is Specify Settings For Optional Component Installation And Component Repair, which is under Computer Configuration\Administrative Templates\System. This policy also is used for obtaining payloads needed to repair components. If you enable this policy (as shown in Figure 2-3), you can do the following:
Figure 2-3 Control component installation through Group Policy. Managing Your Servers RemotelyYou can use Server Manager and other Microsoft Management Consoles (MMCs) to perform some management tasks on remote computers, as long as the computers are in the same domain or you are working in a workgroup and have added the remote computers in a domain as trusted hosts. You can connect to servers running full-server, minimal-interface, and Server Core installations. On the computer you want to use for managing remote computers, you should be running either Windows Server 2012 or Windows 8 and you need to install the Remote Server Administration Tools. With Windows Server 2012, the Remote Server Administration Tools are installed as a feature using the Add Roles And Features Wizard. If the binaries for the tools have been removed, you need to install the tools by specifying a source, as discussed in “Server Manager Essentials and Binaries” earlier in the chapter. You can get the Remote Server Administration Tools for Windows 8 as a download from the Microsoft Download Center (http://download.microsoft.com). Different versions are available for x64 and x86 systems. By default, remote management is enabled for servers running Windows Server 2012 for two types of applications and commands:
These types of applications and commands are permitted for remote management because of exceptions configured in Windows Firewall, which is enabled by default for Windows Server 2012. In Windows Firewall, exceptions for allowed apps that support remote management include the following:
In Windows Firewall With Advanced Security, there are inbound rules that correspond to the standard firewall allowed apps:
You manage these exceptions or rules in either the standard Windows Firewall or in Windows Firewall With Advanced Security, not both. If you want to allow remote management using Server Manager, MMCs, and Windows PowerShell, you typically want to permit WMI, WinRM, and WinRM compatibility exceptions in Windows Firewall. When you are working with Server Manager, you can select Local Server in the console tree to view the status of the remote management property. If you don’t want to allow remote management of the local server, click the related link. In the Configure Remote Management dialog box, clear Enable Remote Management Of This Server From Other Computers and then tap or click OK. When you clear Enable Remote Management Of This Server From Other Computers and then tap or click OK, Server Manager performs several background tasks that disable Windows Remote Management (WinRM) and Windows PowerShell remote access for management on the local server. One of these tasks is to turn off the related exception that allows apps to communicate through Windows Firewall using Windows Remote Management. The exceptions for Windows Management Instrumentation and Windows Remote Management (Compatibility) aren’t affected. You must be a member of the Administrators group on computers you want to manage by using Server Manager. For remote connections in a workgroup-to-workgroup or workgroup-to-domain configuration, you should be logged on using the built-in Administrator account or configure the LocalAccountTokenFilterPolicy registry key to allow remote access from your computer. To set this key, enter the following command at an elevated, administrator command prompt: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f Many other types of remote management tasks depend on other exceptions for Windows Firewall. Keep the following in mind:
Only Remote Service Management is enabled by default. You can configure remote management on a Server Core installation of Windows Server 2012 using Sconfig. Start the Server Configuration utility by entering sconfig. Connecting to and Working with Remote ServersUsing Server Manager, you can connect to and manage remote servers, provided that you’ve added the server for management. To add servers one at a time to Server Manager, complete these steps:
To add many servers to Server Manager, you can use the Import process and these steps:
After you add a remote computer, the Server Manager console shows the name of the remote computer in the All Servers view. Server Manager always resolves IP addresses to host names. As shown in Figure 2-4, the All Servers view also lists the Manageability status of the server as well. If a server is listed as “Not accessible,” you typically need to log on locally to resolve the problem. In the All Servers view, the servers you add are listed in the Servers pane so that you can manage them each time you work with Server Manager. Server Manager tracks the services, events, and more for each added server, and each server is added to the appropriate server groups automatically based on the roles and features installed. Automatically created server groups make it easier to manage the various roles and features that are installed on your servers. If you select the AD DS group, as an example, you see a list of the domain controllers you added for management as well as any critical or warning events for these servers and the status of services the role depends on. If you want to group servers by department, geographic location, or otherwise, you can create your own server groups. When you create groups, the servers you want to work with don’t have to be added to Server Manager already. You can add servers by searching Active Directory or DNS, or by importing a list of host names, fully qualified domain names, or IP addresses. Any server you add to a custom group is added automatically for management as well.
Figure 2-4 Note the Manageability status of each server, and take corrective actions as necessary. To create a server group, complete these steps:
When you press and hold or right-click a server name in the Servers pane of a server group or in the All Servers view, you display an extended list of management options. These options perform the corresponding task or open the corresponding management tool with the selected server in focus. For example, if you were to right-click CorpServer172 and then select Computer Management, Computer Management connects to CorpServer172 and then opens. You can work with a remote computer using an interactive remote Windows PowerShell session. To do this, open an elevated, administrator Windows PowerShell prompt. Type enter-pssession ComputerName –credential UserName, where ComputerName is the name of the remote computer and UserName is the name of a user who is a member of the Administrators group on the remote computer or in the domain of which the remote computer is a member. When prompted to enter the authorized user’s password, type the password and then press Enter. You can now enter commands in the session as you would if you were using Windows PowerShell locally. To exit the session, enter exit-pssession. The following example enters an interactive remote session with Server85 using the credentials of Williams: enter-pssession server85 -credential williams Adding and Removing Roles, Role Services, and FeaturesServer Manager automatically creates server groups based on the roles of the servers added for management. As an example, the first time you add a domain controller, Server Manager might create AD DS, DNS, and File And Storage Services groups to help you more easily track the roles of the domain controllers. When you select a role-based group in the left pane, the Servers panel shows the servers you added for management that have this role. The details for the selected server group provide the following information:
You can manage a service by pressing and holding or right-clicking the service and then tapping or clicking Stop Service, Start Service, Pause Service, Resume Service, or Restart Service as appropriate. In many cases, if a service isn’t running as you think it should, you can use the Restart option to resolve the issue by stopping and then starting the service. See Chapter 3. for detailed information about working with events and system services. The Manage menu has two key options for working with roles and features:
With Windows Server 2012, you can install roles and features on running servers (whether physical machines or virtual) as well as virtual hard disks. Servers must be added for management in Server Manager, and they must be online. Virtual hard disks that you want to work with don’t have to be online, but they must be selectable when you are browsing for them. Because of this, you might need to map a network drive to access a network share. With this in mind, you can add a server role or feature by following these steps:
You can remove a server role or feature by following these steps:
How do I enable remote management in Windows Server?In Windows Server 2016, remote management is enabled by default.. To disable remote management, type Configure-SMremoting.exe -disable, and then press Enter.. To enable remote management, type Configure-SMremoting.exe -enable, and then press Enter.. Which tool is used for the remote management of the server manager?RSAT enables IT administrators to remotely manage roles and features in Windows Server from a computer that is running Windows 10 and Windows 7 Service Pack 1.
How do I enable remote administration enabled?How to enable the Remote Desktop Administration feature manually?. Click start>Run.. Enter gpedit.msc.. Click OK.. Double-click Computer Configuration>Administrative Templates>Network>Network Connections>Windows Firewall.. Double-click Domain Profile>Windows Firewall: Allow remote administration exception.. Select Enabled.. What is allow remote server management through WinRM?Information. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.
|