http://blogs.technet.com/b/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-of-a-workgroup-server-core-installation.aspx
Not every MMC snap-in has a firewall group, here are those that do:
MMC Snap-in | Rule Group |
Event Viewer | Remote Event Log Management |
Services | Remote Service Management |
Shared Folders | File and Printer Sharing |
Task Scheduler | Remote Scheduled Tasks Management |
Reliability and Performance | “Performance Logs and Alerts” and “File and Printer Sharing” |
Disk Management | Remote Volume Management |
Windows Firewall with Advanced Security | Windows Firewall Remote Management |
On the Server Core box you can enable these by running:
Netsh advfirewall firewall set rule group=“
You can remotely enable these using the Windows Firewall with Advanced Security MMC snap-in, after you have locally on the Server Core box enabled the rule group to allow it to connect.
MMC Snap-ins without a Rule Group
Not every MMC snap-in has a rule group to allow it access through the firewall, however many of them use the same ports for management as those that do. Therefore, you will find that enabling the rules for Event Viewer, Services, or Shared Folders will allow most other MMC snap-ins to connect. Of course, you can also simply enable the remote administration rule group (see my last post).
MMC Snap-ins that Require Addition Configuration
In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:
Device Manager
To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy
- On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
- Connect to the Server Core installation
- Navigate to Computer Configuration\Administrative Templates\Device Installation
- Enable “Allow remote access to the PnP interface”
- Restart the Server Core installation
Disk Management
You must first start the Virtual Disk Service (VDS) on the Server Core installation
IPSec Mgmt
On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script: Cscript \windows\system32\scregedit.wsf /im 1