HyperV How to allow remote access to MMC Snap Ins


Not every MMC snap-in has a firewall group, here are those that do:

MMC Snap-inRule Group
Event ViewerRemote Event Log Management
ServicesRemote Service Management
Shared FoldersFile and Printer Sharing
Task SchedulerRemote Scheduled Tasks Management
Reliability and Performance “Performance Logs and Alerts” and “File and Printer Sharing”
Disk ManagementRemote Volume Management
Windows Firewall with Advanced SecurityWindows Firewall Remote Management

On the Server Core box you can enable these by running: Netsh advfirewall firewall set rule group=“” new enable=yes Where is the name in the above table.

You can remotely enable these using the Windows Firewall with Advanced Security MMC snap-in, after you have locally on the Server Core box enabled the rule group to allow it to connect.

MMC Snap-ins without a Rule Group

Not every MMC snap-in has a rule group to allow it access through the firewall, however many of them use the same ports for management as those that do. Therefore, you will find that enabling the rules for Event Viewer, Services, or Shared Folders will allow most other MMC snap-ins to connect. Of course, you can also simply enable the remote administration rule group (see my last post).

MMC Snap-ins that Require Addition Configuration

In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:

Device Manager

To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy

  1. On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
  2. Connect to the Server Core installation
  3. Navigate to Computer Configuration\Administrative Templates\Device Installation
  4. Enable “Allow remote access to the PnP interface”
  5. Restart the Server Core installation

Disk Management

You must first start the Virtual Disk Service (VDS) on the Server Core installation

IPSec Mgmt

On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script: Cscript \windows\system32\scregedit.wsf /im 1

Jason Kulatunga

Build Automation & Infrastructure guy @Adobe. I write about, and play with, all sorts of new tech. All opinions are my own.

San Francisco, CA blog.thesparktree.com

Subscribe to Sparktree

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!