Working with the administration tools
Working with Computer Management
Systems that run Windows Server 2012 R2 are the heart of any Microsoft Windows network. These are the systems that provide the essential services and applications for users and the network as a whole. As an administrator, your job is to keep these systems running; to do this, you must understand the administration options available and put them to the best use possible. Your front-line defense in managing systems running Windows Server 2012 R2 is the administration and support tools discussed in this chapter.
To run most of the administration tools, you must have administrator privileges. If these aren’t included with your current account, you need to provide the credentials for the administrator account when you see the User Account Control prompt. You find detailed information about User Account Control (UAC) in Chapter 9.
Any explanation of how to manage Windows Server 2012 R2 systems must involve the administration and support tools that are included with the operating system. These are the tools you use every day, so you might as well learn a bit more about them.
The one tool you use the most for system administration tasks is Server Manager. It provides setup and configuration options for the local server and options for managing roles, features, and related settings on any remotely manageable server in the enterprise. On servers, Server Manager is pinned to Start and the desktop taskbar by default. This means you can open Server Manager by tapping or clicking the related Start tile or by tapping or clicking the related taskbar button.
Note
The executable for Server Manager is ServerManager.exe. If for some reason Server Manager is unpinned from Start and the desktop, you can start Server Manager by using an Everywhere Search. In the Search box, type ServerManager.exe and then press Enter.
Many other utilities are available for administering Windows Server 2012 R2 systems as well. The tools you use the most include the following:
Control Panel. Control Panel is a collection of tools for managing system configuration. You can organize Control Panel in different ways according to the view you’re using. A view is simply a way of organizing and presenting options. Category view is the default view; it provides access to tools by category, tool, and key tasks. Icons view is an alternative view that lists each tool separately by name.
Graphical administrative tools. The key tools for managing network computers and their resources are the graphical administrative tools. You can access these tools by selecting them individually on the Tools menu in Server Manager.
Administrative. wizards. Wizards are tools designed to automate key administrative tasks. You can access many administrative wizards in Server Manager—the central administration console for Windows Server 2012 R2.
Command-line utilities. You can launch most administrative utilities from the command line. In addition to these utilities, Windows Server 2012 R2 provides others that are useful for working with Windows Server 2012 R2 systems.
Windows PowerShell cmdlets. Windows PowerShell is a full-featured command shell that can use built-in commands called cmdlets, built-in programming features, and standard command-line utilities. Use Windows PowerShell for additional flexibility in your command-line scripting.
You can display the desktop by pressing the Windows key+D. You can switch between Start and the desktop by pressing the Windows key. Use the options panel for Start, Desktop, and PC Settings to display charms. You display charms by sliding in from the right side of the screen or by moving the mouse pointer over the hidden button in the upper-right or lower-right corner of the Start, Desktop, or PC Settings screen. Alternatively, just press the Windows key+C.
One of the charms is the Settings charm. Start Settings, Desktop Settings, and PC Settings have nearly—but not exactly—identical Settings panels. The Start Settings panel has a Tiles option that you can tap or click to display an option for adding or removing tiles for the administrative tools on the Start screen. You can display the Settings panel directly by pressing Windows key+I.
Start and Desktop have a hidden menu that you can display by pressing and holding or right-clicking the lower-left corner of the Start screen or the desktop. You also can press the Windows key+X to display this menu. Options on the menu include:
Command Prompt
Command Prompt (Admin)
Computer Management
Control Panel
Device Manager
Disk Management
Event Viewer
Power Options
Programs And Features
System
Task Manager
File Explorer
Although the command prompt and the administrator command prompt are the default options on the shortcut menu, you can change this configuration. The alternative is for the Windows PowerShell prompt and the administrator Windows PowerShell prompt to be displayed on this menu. To configure which options are available, on the desktop, press and hold or right-click the taskbar and then select Properties. In the Taskbar And Navigation Properties dialog box, on the Navigation tab, select or clear the Replace Command Prompt With Windows PowerShell check box as appropriate.
Important
On Start, the hidden button in the upper-left corner shows a thumbnail view of the desktop when activated, and tapping or clicking the thumbnail opens the desktop. On the desktop, the button in the lower-left corner shows a thumbnail view of Start when activated, and tapping or clicking the thumbnail opens Start. Pressing and holding or right-clicking the thumbnail displays the shortcut menu.
The following sections provide brief introductions to these administrative utilities. Additional details for key tools are provided throughout this book. Keep in mind that to use these utilities, you might need an account with administrator privileges.
Control Panel contains utilities for working with a system’s setup and configuration. From Start, you access Control Panel by tapping or clicking the Control Panel tile. From the desktop, you can display Control Panel by accessing the Charms bar, tapping or clicking Settings, and then tapping or clicking Control Panel. When you are working with File Explorer, you can display Control Panel by tapping or clicking the leftmost option button (down arrow) in the address list and then tapping or clicking Control Panel.
Many Control Panel tools and related Properties dialog boxes can be opened directly. On Start, just enter the name of the Control Panel Item with the .cpl extension and then press Enter. In the WindowsSystem32 folder, these items are listed with the Control Panel Item type. For example, type inetcpl.cpl to open the Internet Properties dialog box.
Most administration tools are found on the Tools menu in Server Manager. As Table 4-1 shows, dozens of administration tools are available for working with Windows Server 2012 R2. The tool you use depends on what you want to do and, sometimes, on how much control you want over the aspect of the operating system you are seeking to manage. Several tools, including Server Manager and Computer Management, are discussed later in this section. Other tools are discussed later in this chapter or in other appropriate chapters of this book.
Table 4-1. Tools for administration
Administrative Tool | Description |
|---|---|
Active Directory Administrative Center | Used to perform many key management tasks for Active Directory. |
Active Directory Domains And Trusts | Used to manage trust relationships between domains. |
Active Directory Rights Management Services | Used to view and change configuration settings for Active Directory Rights Management Services (AD RMS) clusters in the enterprise. |
Active Directory Sites And Services | Used to create sites and to manage the replication of Active Directory information. |
Active Directory Users And Computers | Used to manage users, groups, contacts, computers, organizational units (OUs), and other objects in Active Directory Domain Services (AD DS). |
Certification Authority | Used to create and manage server certificates for servers and users on the network. Certificates are used to support public key infrastructure (PKI) encryption and authentication. |
Computer Management | Used to manage services, devices, disks, and the system hardware configuration. It is also used to access other system tools. |
DFS Management | Used to create and manage distributed file systems (DFS) that connect shared folders from different computers. |
DHCP | Used to configure and manage the Dynamic Host Configuration Protocol (DHCP) service. |
DNS | Used to configure and manage the Domain Name System (DNS) service, which can be integrated with Active Directory. |
Event Viewer | Used to view the system event logs and manage event log configurations. |
Failover Cluster Manager | Used to manage failover clustering. Clustering enables groups of computers to work together, providing failover support and additional processing capacity. |
Fax Service Manager | Used to manage fax services and servers. |
Used to manage directory quotas, file screening, and reports. | |
Group Policy Management | Used to configure and manage Group Policy Objects (GPOs). |
Hyper-V Manager | Used to manage Hyper-V and related virtual machine instances. |
Internet Information Services (IIS) 6.0 Manager | Used to manage Windows web servers running IIS 6.0. |
Internet Information Services (IIS) Manager | Used to manage Windows web servers running IIS 7.0 or later. |
iSCSI Initiator | Used to connect to remote Internet Small Computer System Interface (iSCSI) targets and configure connection settings. |
Local Security Policy | Used to view and manage settings for local security policy. |
MPIO | Used to manage multipath I/O (MPIO) for storage arrays. |
Network Load Balancing Manager | Used to manage Network Load Balancing (NLB) configuration settings and clusters. |
Network Policy Server | Used to manage Network Access Policy (NAP) client settings, policies, and policy servers. |
Print Management | Used to manage Windows print servers and related printers, print queues, printer drivers, and so on. |
Remote Access Management | Used to manage DirectAccess and virtual private networking (VPN). |
Routing And Remote Access | Used to configure and manage the Routing And Remote Access service, which controls routing interfaces, dynamic Internet Protocol (IP) routing, and remote access. |
Security Configuration Wizard | Used to create security policies based on server roles. |
Services | Used to manage the startup and configuration of Windows services. |
Services for Network File System (NFS) | Used to configure and maintain Services for NFS. |
Share And Storage Management | Used to manage network shares and volumes. It also provisions storage for storage area networks (SANs). |
System Configuration | Used to perform startup troubleshooting and manage the system startup configuration. |
System Information | Used to view information about hardware resources, hardware components, and the software environment. |
Task Scheduler | Used to view and manage scheduled tasks. |
Volume Activation Tools | Used to install, activate, and manage volume license keys and to configure Key Management Service (KMS). |
Used to manage servers, devices, and system images used for deployments. | |
Windows Firewall With Advanced Security | Used to configure and manage firewall and Internet Protocol Security (IPsec) policies. |
Windows Memory Diagnostic | Used to perform diagnostics testing on a computer’s physical memory. |
Windows Server Backup | Used to manage backup and recovery. You also can use it to schedule automatic backups. |
Windows Server Update Services | Used to configure and manage update services. |
Windows System Resource Manager | Used to manage resource usage on a per-processor basis (deprecated). |
WINS | Used to manage Windows Internet Naming Service (WINS). This service resolves Network Basic Input/Output (NetBIOS) System names to IP addresses and is used with computers running very early versions of Windows and applications written for these very early operating systems that require the Computer Browser service. |
Usually, you can use graphical administrative tools to manage the system that you’re currently logged on to and systems throughout your Windows domains. For example, in the Event Viewer console, you specify the computer you want to work with by pressing and holding or right-clicking the Event Viewer node in the left panel and then choosing Connect To Another Computer. This opens the Select Computer dialog box shown in Figure 4-1. You can then choose Another Computer and type the name of the computer, as shown.
Note
With some tools, such as Event Viewer, you can connect to another server by using alternate credentials. To do this, select the Connect As Another User check box and then tap or click Set User. After you select or type the account name to use in the form of DOMAINUserName, such as CPANDLWilliamS, type the account password and then tap or click OK. Keep in mind that remote management of computers is a feature that must be enabled. As discussed later in this chapter, you need to enable inbound rules on the Windows Firewall for each management area you want to work with. For example, you must specifically enable remote management through Event Viewer.
Which administrative tools are available on a server depends on its configuration. When you add roles, role services, and features, the related management tools are installed on the server. One way remote management is made possible is by installing the Remote Server Administration Tools (RSAT). On servers, you install management tools as features of the operating system by using the Add Roles And Features Wizard.
For remote management from your desktop computer, you can get the Remote Server Administration Tools for Windows 8.1 as a download from the Microsoft Download Center (http://download.microsoft.com). Because different versions are available for x64 and x86 systems, be sure to download the version that is appropriate for your desktop computer.
Tip
Beginning with Windows Server 2012 R2, binary source files for roles, role services, and features can be removed to enhance security. If the binaries for the tools you want to use have been removed, you need to install the tools by specifying a source. For more information about role and feature binaries, see Chapter 6.
You can install management tools on a server by following these steps:
Open Server Manager by tapping or clicking the Server Manager button on the taskbar. Alternatively, from Start, tap or click the Server Manager tile.
In Server Manager, select Add Roles And Features on the Manage menu. This starts the Add Roles And Features Wizard. If the wizard displays the Before You Begin page, read the introductory text and then tap or click Next. You can avoid seeing the Before You Begin page the next time you start this wizard by selecting the Skip This Page By Default check box before tapping or clicking Next.
On the Select Installation Type page, Role-Based Or Feature-Based Installation is selected by default. Tap or click Next.
On the Select Server Destination page, you can choose to install roles and features on running servers or virtual hard disks. Either select a server from the server pool or select a server on which to mount a virtual hard disk (VHD). Keep in mind that only servers that have been added for management in Server Manager are listed. If you are adding roles and features to a VHD, tap or click Browse and then use the Browse For Virtual Hard Disks dialog box to locate the VHD. When you are ready to continue, tap or click Next twice. This skips the Select Server Roles page.
On the Select Features page, expand Remote Server Administration Tools and the related subnodes to view the available feature and role administration tools. Select the tool or tools to install. If additional features are required to install a tool you selected, you see an additional dialog box. Tap or click Add Features to close the dialog box and add the required features to the server installation. When you are ready to continue, tap or click Next.
If the server on which you want to install the administrative tools doesn’t have all the required binary source files, the server gets the files from Windows Update by default or from a location specified in Group Policy. You also can specify an alternate path for the source files. To do this, tap or click the Specify An Alternate Source Path link, type that alternate path in the box provided, and then tap or click OK. For network shares, enter the Universal Naming Convention (UNC) path to the share, such as \CorpServer41WS12. For mounted Windows images, enter the WIM path prefixed with WIM: and include the index of the image to use, such as WIM:\CorpServer41WS12install.wim:4. For a locally mounted image, enter the alternate path for the mounted WIM file, such as c:mountdirwindowswinsxs.
Tap or click Install to begin the installation process. The Installation Progress page tracks the progress of the installation. If you close the wizard, tap or click the Notifications icon in Server Manager and then tap or click the link provided to reopen the wizard.
When Setup finishes installing the administration tools you selected, the Installation Progress page will be updated to reflect this. Review the installation details to ensure that all phases of the installation were completed successfully.
Many command-line utilities are included with Windows Server 2012 R2. Most of the utilities you work with as an administrator rely on TCP/IP. Because of this, you should configure TCP/IP networking before you experiment with these tools.
As an administrator, you should familiarize yourself with the following command-line utilities:
Appcmd. Displays and manages the configuration of IIS.
Arp. Displays and manages the IP-to-physical address mappings Windows Server 2012 R2 uses to send data on the TCP/IP network.
Bcdedit. Displays and manages boot configuration data on the local system.
DiskPart. Displays and manages disk partitions on local and remote systems.
Note
Windows 8.1 and Windows Server 2012 R2 might be the last versions of Windows to support Disk Management, DiskPart, and DiskRaid. The Virtual Disk Service (VDS) COM interface is being superseded by the Storage Management application programming interface (API). You can continue to use Disk Management and DiskPart to manage storage. These tools cannot be used to manage Storage Spaces, and the cmdlets in the Storage module for Windows PowerShell cannot be used to manage dynamic disks. Dynamic disks also are being phased out in favor of Storage Spaces and might not be available in future versions of Windows.
Dnscmd. Displays and manages the configuration of DNS services.
Ftp. Starts the built-in FTP client.
Hostname. Displays the computer name of the local system.
Ipconfig. Displays the TCP/IP properties for network adapters installed on the system. You can also use it to renew and release DHCP information.
Nbtstat. Displays statistics and current connections for NetBIOS over TCP/IP.
Net. Displays a family of useful networking commands.
Netsh. Displays and manages the network configuration of local and remote computers.
Netstat. Displays current TCP/IP connections and protocol statistics.
Nslookup. Checks the status of a host or IP address when used with DNS.
Pathping. Traces network paths and displays packet loss information.
Route. Manages the routing tables on the system.
Schtasks. Displays and manages scheduled tasks on local and remote systems.
Tracert. During testing, determines the network path taken to a remote system.
Wbadmin. Performs backup and recovery operations, including system state recovery and recovery of any type of disk to an alternate location; also gets disk details, including name, globally unique identifier (GUID), available space, and related volumes.
Wevtutil. Displays and manages event logs on local and remote systems.
To learn how to use these command-line tools, type the name at a command prompt followed by /?. Windows Server 2012 R2 then provides an overview of how the command is used (in most cases).
You can more easily manage most of the tasks performed with the Net commands by using graphical administrative tools and Control Panel utilities. However, some of the Net tools are very useful for performing tasks quickly or for obtaining information, especially during telnet sessions to remote systems. These commands include the following:
Net Start. Starts a service on the system
Net Stop. Stops a service on the system
Net Time. Displays the current system time or synchronizes the system time with another computer
Net Use. Connects and disconnects from a shared resource
Net View. Displays a list of network resources available to the system
To learn how to use any of the Net command-line tools, type net help at a command prompt followed by the command name, such as net help start. Windows Server 2012 R2 then provides an overview of how the command is used.
Windows PowerShell, installed by default on Windows Server 2012 R2, is a full-featured command shell that can use built-in commands called cmdlets and built-in programming features in addition to standard command-line utilities. Normally, Windows PowerShell is installed by default on Windows Server 2012 R2 and on Windows 8.1 Pro and Windows 8.1 Enterprise. If so, you can run Windows PowerShell by using the following techniques:
Note
If Windows PowerShell is not installed, you can install it as a feature of the operating system. In Windows Server 2012 R2, use the Add Features And Roles Wizard. In Windows 8.1, use Control Panel to turn on Windows PowerShell as a feature.
After starting Windows PowerShell, you can enter the name of a cmdlet at the prompt, and it will run in much the same way as a command-line command. You can also execute cmdlets from within scripts. Cmdlets are named using verb-noun pairs. The verb tells you what the cmdlet does in general. The noun tells you what specifically the cmdlet works with. For example, the get-variable cmdlet either gets all Windows PowerShell environment variables and returns their values or gets a specifically named environment variable and returns its values. These are the common verbs associated with cmdlets:
Get-. Queries a specific object or a subset of a type of object, such as a specified mailbox or all mailbox users
Set-. Modifies specific settings of an object
Enable-. Enables a setting or mail-enables a recipient
Disable-. Disables an enabled setting or mail-disables a recipient
New-. Creates a new instance of an item, such as a new mailbox
Remove-. Removes an instance of an item, such as a mailbox
At the Windows PowerShell prompt, you can get a complete list of available cmdlets by typing get-command. To get help documentation on a specific cmdlet, type help followed by the cmdlet name, such as help get-variable.
All cmdlets have configurable aliases as well, which act as shortcuts for executing cmdlets. To list all available aliases, type get-item –path alias: at the Windows PowerShell prompt. You can create an alias that invokes any command by using the following syntax:
new-item –path alias:AliasName –value:FullCommandPath
Here, AliasName is the name of the alias to create, and FullCommandPath is the full path to the command to run, such as:
new-item –path alias:sm –value:c:windowssystem32compmgmtlauncher.exe
This example creates the alias sm for starting Server Manager. To use this alias, you just type sm and then press Enter when you are working with Windows PowerShell.
Server Manager is your central management console. You can use it for the initial setup and configuration of roles and features and much, much more. Not only can Server Manager help you quickly set up a new server, the console also can help you quickly set up and maintain your server environment.
Normally, Windows Server 2012 R2 starts Server Manager whenever you log on, and you can access Server Manager on the desktop. If you don’t want the console to start each time you log on, tap or click Manage and then tap or click Server Manager Properties. In the Server Manager Properties dialog box, select Do Not Start Server Manager Automatically At Logon and then tap or click OK.
Note
Group Policy can be used to control the automatic start of Server Manager as well. Enable or disable the Do Not Display Server Manager Automatically At Logon policy setting within Computer ConfigurationAdministrative TemplatesSystemServer Manager.
As Figure 4-2 shows, the default view of Server Manager is the Dashboard, which has quick links for adding roles and features to local and remote servers, adding servers to manage, and creating server groups. You find similar options on the Manage menu:
Add Roles And Features. Starts the Add Roles And Features Wizard, which you can use to install roles, role services, and features on the server.
Add Other Servers To Manage. Opens the Add Servers dialog box, which you can use to add servers you want to manage. Added servers are listed when you select the All Servers node. Press and hold or right-click a server in the Servers pane of the All Servers node to display a list of management options, including Restart Server, Manage As, and Remove Server.
Create A Server Group. Opens the Create A Server Group dialog box, which you can use to add servers to server groups for easier management. Server Manager creates role-based groups automatically. For example, domain controllers are listed under AD DS, and you can quickly find information about any domain controllers by selecting the related node.
In the left pane of Server Manager (also sometimes referred to as the console tree), you find options for accessing the Dashboard, the local server, all servers added for management, and server groups. When you need to connect to a server by using alternate credentials, press and hold or right-click a server in the All Servers node and then select Manage As. In the Windows Security dialog box, enter your alternate credentials and then tap or click OK. Credentials you provide are cleared when you exit Server Manager. To save the credentials and use them each time you log on, select Remember My Credentials in the Windows Security dialog box. You need to repeat this procedure any time you change the password associated with the alternate credentials.
When you are logged on to a server and select Local Server, you can manage the basic configuration of the server. The Properties panel is where you perform much of your initial server configuration. Properties available for quick management include the following:
Computer Name. Lists the computer name. Tap or click the related link to open the System Properties dialog box with the Computer Name tab selected. You can then change a computer’s name by tapping or clicking Change, providing the computer name, and then tapping or clicking OK. By default, servers are assigned a randomly generated name.
Customer Experience Improvement Program. Specifies whether the server is participating in the Customer Experience Improvement Program (CEIP). Tap or click the related link to change the participation settings. Participation in CEIP enables Microsoft to collect information about the way you use the server. Microsoft collects this data to help improve future releases of Windows. No data collected as part of CEIP personally identifies you or your company. If you elect to participate, you can also provide information about the number of servers and desktop computers in your organization and about your organization’s general industry. If you opt out of CEIP by turning this feature off, you miss the opportunity to help improve Windows.
Domain. Lists the domain membership (if any). Tap or click the related link to open the System Properties dialog box with the Computer Name tab selected. You can then change a computer’s domain information by tapping or clicking Change, providing the domain information, and then tapping or clicking OK. By default, servers are configured as part of a workgroup called WORKGROUP.
Ethernet. Specifies the TCP/IP configuration of wired Ethernet connections. Tap or click the related link to display the Network Connections console. You can then configure network connections by double-tapping or double-clicking the connection you want to work with and then tapping or clicking Properties to open the Properties dialog box. By default, servers are configured to use dynamic addressing for both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). You can also display the Network Connections console by tapping or clicking Change Adapter Settings under Tasks in Network And Sharing Center.
Internet Explorer Enhanced Security Configuration. Specifies the status of Internet Explorer Enhanced Security Configuration (IE ESC). Tap or click the related link to enable or disable IE ESC. If you tap or click the link for this option, you can turn this feature on or off for administrators, users, or both. IE ESC is a security feature that reduces the exposure of a server to potential attacks by raising the default security levels in Internet Explorer security zones and changing default Internet Explorer settings. By default, IE ESC is enabled for both administrators and users.
NIC Teaming. Shows the status and configuration of network interface card (NIC) teaming. Tap or click the related link to add or remove teamed interfaces and to manage related options.
Product ID. Shows the product identifier for Windows Server. Tap or click the related link to enter a product key and activate the operating system over the Internet.
Remote Desktop. Opens the System Properties dialog box with the Remote tab selected. You can then configure Remote Desktop by selecting the configuration option you want to use and tapping or clicking OK. By default, no remote connections to a server are allowed. In the Small Icons or Large Icons view of Control Panel, you can open the System Properties dialog box with the Remote tab selected by double-tapping or double-clicking System and then tapping or clicking Remote Settings in the left pane.
Remote Management. Specifies whether remote management of this server from other servers is enabled. Tap or click the related link to enable or disable remote management.
Time Zone. Lists the current time zone for the server. Tap or click the related link to open the Date And Time dialog box. You can then configure the server’s time zone by tapping or clicking Change Time Zone, selecting the appropriate time zone, and then tapping or clicking OK twice. You can also open the Date And Time dialog box by pressing and holding or right-clicking the clock on the taskbar and then selecting Adjust Date/Time. Although all servers are configured to synchronize time automatically with an Internet time server, the time synchronization process does not change a computer’s time zone.
Windows Error Reporting. Specifies the status of Windows Error Reporting (WER). Tap or click the related link to change the participation settings for WER. In most cases, you want to enable WER for at least the first 60 days following the installation of the operating system. With WER enabled, your server sends descriptions of problems to Microsoft, and Windows notifies you of possible solutions to those problems. You can view problem reports and possible solutions by using Action Center. To open Action Center, tap or click the Action Center icon in the notification area of the taskbar and then select Open Action Center.
Windows Firewall. Lists the status of Windows Firewall. If Windows Firewall is active, this property displays the name of the firewall profile that currently applies and the firewall status. Tap or click the related link to open the Windows Firewall utility. By default, Windows Firewall is enabled. In the Small Icons or Large Icons view of Control Panel, you can open Windows Firewall by tapping or clicking Windows Firewall.
Windows Update. Specifies the current configuration of Windows Update. Tap or click the related link to open the Windows Update utility in Control Panel, which you can then use to enable automatic updating (if Windows Update is disabled) or to check for updates (if Windows Update is enabled). In the Small Icons or Large Icons view of Control Panel, you can display Windows Update by selecting Windows Update.
Other information about the local server is organized into several main headings, each with an associated management panel. The available management panels include:
Best Practices Analyzer. Enables you to run the Best Practices Analyzer on the server and review the results. To start a scan, tap or click Tasks and then tap or click Start BPA Scan.
Events. Provides summary information about warning and error events from the server’s event logs. Tap or click an event to display more information about the event.
Performance. Enables you to configure and view the status of performance alerts for CPU and memory usage. To configure performance alerts, tap or click Tasks and then tap or click Configure Performance Alerts.
Properties. Shows the computer name, domain, network IP configuration, time zone, and more. Each property can be tapped or clicked to display a related management interface quickly.
Roles And Features. Lists the roles and features installed on the server in the approximate order of installation.
Services. Lists the services running on the server by name, status, and start type. Press and hold or right-click a service to manage its run status.
When you press and hold or right-click a server name in the Servers pane of a server group or in the All Servers view, you open an extended list of management options. These options perform the corresponding task or open the corresponding management tool with the selected server in focus. For example, if you right-click CorpServer53 and then select Computer Management, Computer Management connects to CorpServer53 and then opens.
Before you can use Server Manager to manage remote servers, you must add the servers for management. Any server running Windows Server 2012 R2 can be easily added. Servers running Windows Server 2008 with Service Pack 2 or later and Windows Server 2008 Release 2 with Service Pack 1 or later can be added as well, as long as each server has .NET Framework 4.0 and Windows Management Framework 3.0 and has been enabled for remote management.
You can add a single server to Server Manager by completing these steps:
Open Server Manager. In the left pane, select All Servers to view the servers that have been added for management already. If the server you want to work with isn’t listed, select Add Servers on the Manage menu to open the Add Servers dialog box.
In the Add Servers dialog box, the Active Directory panel is selected by default. Use the options on the Active Directory panel to enter the computer name or fully qualified domain name (FQDN) of the remote server that is running Windows Server. After you enter a name, tap or click Find Now. Alternatively, use the options on the DNS panel to specify a server by computer name or IP address and then tap or click the Search button.
In the Name list, double-tap or double-click the server to add it to the Selected list.
Repeat steps 2 and 3 to add others servers. Tap or click OK.
Rather than add servers one by one, you can use the Import process to add multiple servers. To do this, follow these steps:
Create a text file that has one host name, fully qualified domain name, or IP address per line.
In Server Manager, select Add Servers on the Manage menu. In the Add Servers dialog box, select the Import panel.
Tap or click the options button to the right of the File box and then use the Open dialog box to locate and open the server list.
In the Computer list, double-tap or double-click each server you want to add to the Selected list. Tap or click OK.
Server Manager tracks the services, events, and more for each added server. Servers are listed in the All Servers view by server name, IP address, and manageability status. Server Manager always resolves IP addresses to host names. If a server is listed as Not Accessible, you typically need to log on locally and take corrective action as necessary. For example, you might need to use a console logon to enable remote management.
When you add servers to Server Manager, the servers are added to the appropriate server groups automatically, based on the installed roles and features. Automatically created server groups make it easier to manage the various roles and features that are installed on your servers. If you select the AD DS group, as an example, you see a list of the domain controllers you added for management in addition to any critical or warning events for these servers and the status of services the role depends on.
You can also create your own server groups to group servers by department, geographic location, or other characteristic. When you create groups, the servers you want to work with don’t have to be added to Server Manager already. You can add servers to a group at any time, and those servers are added automatically for management.
You can create a server group by completing these steps:
Open Server Manager. Select Create Server Group on the Manage menu to open the Create Server Group dialog box.
Enter a descriptive name for the group. Use the provided panels and options to add servers to the group with the following in mind:
The Active Directory panel enables you to enter the computer name or fully qualified domain name of the remote server that is running Windows Server. After you enter a name, tap or click Find Now. In the Name list, double-tap or double-click a server to add it to the Selected list.
The DNS panel enables you to add servers by computer name or IP address. After you enter the name or IP address, tap or click the Search button. In the Name list, double-tap or double-click a server to add it to the Selected list.
The Import panel enables you to import a list of servers. Tap or click the options button to the right of the File box and then use the Open dialog box to locate and open the server list. In the Computer list, double-tap or double-click a server to add it to the Selected list.
The Server Pool panel, selected by default, lists servers that have been added for management already. If a server you want to add to your group is listed here, add it to the group by double-tapping or double-clicking it.
Tap or click OK to create the server group.
You can use Server Manager and other Microsoft Management Consoles (MMCs) to perform some management tasks on remote computers as long as the computers are in the same domain or you are working in a workgroup and have added the remote computers in a domain as trusted hosts. You can connect to servers running Full Server, Minimal Server Interface, and Server Core installations. On the computer you want to use for managing remote computers, you should be running either Windows Server 2012 R2 or Windows 8.1, and you need to install Remote Server Administration Tools.
With Windows Server 2012 R2, remote management is enabled by default for applications and commands that use the following:
Windows Remote Management (WinRM) and Windows PowerShell remote access for management
Windows Management Instrumentation (WMI) and Distributed Component Object Model (DCOM) remote access for management
You’ll find that these types of applications and commands are enabled for remote management because related inbound rules and exceptions for Windows Firewall are enabled. For remote management, Windows Firewall has specific exceptions for Windows Management Instrumentation, Windows Remote Management, and Windows Remote Management (Compatibility). In Windows Firewall With Advanced Security, there are inbound rules that correspond to the standard firewall-allowed applications. For WMI, the inbound rules are Windows Management Instrumentation (WMI-In), Windows Management Instrumentation (DCOM-In), and Windows Management Instrumentation (ASync-In). For WinRM, the matching inbound rule is Windows Remote Management (HTTP-In). For WinRM compatibility, the matching inbound rule is Windows Remote Management - Compatibility Mode (HTTP-In).
You manage these exceptions or rules in either the standard Windows Firewall or Windows Firewall With Advanced Security, not both. Generally, if you want to allow remote management using Server Manager, MMCs, and Windows PowerShell, you should permit WMI, WinRM, and WinRM compatibility exceptions in Windows Firewall.
When you are working with Server Manager, you can select Local Server in the console tree to view the status of the remote management property. If you don’t want to allow remote management of the local server, tap or click the related link. Next, in the Configure Remote Management dialog box, clear Enable Remote Management Of This Server From Other Computers and then tap or click OK.
When you clear the Enable Remote Management Of This Server From Other Computers check box and then tap or click OK, Server Manager performs several background tasks that disable Windows Remote Management (WinRM) and Windows PowerShell remote access for management on the local server. One of these tasks is to turn off the related exception that allows applications to communicate through Windows Firewall, using Windows Remote Management. The exceptions for Windows Management Instrumentation and Windows Remote Management (Compatibility) aren’t affected.
You must be a member of the Administrators group on computers you want to manage by using Server Manager. For remote connections in a workgroup-to-workgroup or workgroup-to-domain configuration, you should be logged on using the built-in Administrator account or configure the LocalAccountTokenFilterPolicy registry key to allow remote access from your computer. To set this key, enter the following command at an elevated, administrator command prompt:
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Another way to enable remote management is to type Configure-SMRemoting.exe –Enable at an elevated, administrator prompt.
Although these techniques enable basic remote management of computers, you also need to enable rules for these specific management areas:
Disks and volumes. Remote Volume Management must be allowed in Windows Firewall to manage a computer’s disks and volumes remotely in Computer Management or Disk Management. In the advanced firewall, several related rules enable management of the Virtual Disk Service and Virtual Disk Service Loader.
Event Log. Remote Event Log Management must be allowed in Windows Firewall to manage a computer’s event logs remotely. In the advanced firewall, several related rules allow management through named pipes (NPs) and remote procedure calls (RPCs).
Remote Desktop. Remote Desktop must be enabled to allow someone to connect to a server by using Remote Desktop. You also must configure access.
Scheduled Tasks. Remote Scheduled Task Management must be allowed in Windows Firewall to manage a computer’s scheduled tasks remotely. In the advanced firewall, several related rules allow management of scheduled tasks through RPC.
Services. Remote Service Management must be allowed in Windows Firewall to manage a computer’s services remotely. In the advanced firewall, several related rules allow management through NPs and RPCs.
Only Remote Service Management is enabled by default. Remote management is enabled by default on Server Core. You can configure remote management on a Server Core installation of Windows Server 2012 R2 by using sconfig. Start the Server Configuration utility by typing sconfig.
Computer Management, shown in Figure 4-3, provides tools for managing local and remote systems. The tools available through the console tree provide the core functionality and are divided into the following three categories, as shown in the accompanying screen:
System Tools
Storage
Services And Applications
The system tools are designed to manage systems and view system information. The available system tools are these:
Task Scheduler. Used to view the Task Scheduler Library and to create and manage tasks.
Event Viewer. Used to view the event logs on the selected computer. Event logs are covered in Chapter 10.
Shared Folders. Used to manage the properties of shared folders in addition to sessions for users working with shared folders and the files the users are working with. Managing shared folders is covered in Chapter 18.
Local Users And Groups. On non–domain controller (DC) computers, used to manage local users and local user groups on the currently selected computer. Local users and local user groups aren’t part of Active Directory and are managed instead through the Local Users And Groups view. Domain controllers don’t have local users or groups and, because of this, there isn’t a Local Users And Groups view.
Performance. Used to monitor system reliability and performance through charts and logs. You can also use this tool to alert users of adverse performance conditions. For more information about performance logging and alerting, see “Performance logging” in Chapter 11.
Device Manager. Used as a central location for checking the status of any device installed on a computer and for updating the associated device drivers. You can also use it to troubleshoot device problems. Managing devices is covered in Chapter 7.
The Computer Management storage tools display drive information and provide access to drive-management tools. The available storage tools include the following:
Windows Server Backup. Used to manage backups for server data. You enable backups by adding the Windows Server Backup feature.
Disk Management. Used to manage hard disks and the way they are partitioned. You can also use it to manage volume sets and software-based redundant array of independent disks (RAID) arrays. Disk Management is discussed in Chapter 13.
Note
Storage Spaces are preferred to software-based RAID and traditional disk-partitioning techniques. Before you implement software-based RAID or partition disks by using Disk Management, you might want to review the options for creating Storage Spaces and allocating storage by using Storage Spaces. See Chapter 17.
The Computer Management Services And Applications tools help you manage services and applications installed on the server. Any application or service-related task that can be performed in a separate tool can be performed through the Services And Applications node as well. For example, if DHCP is installed on the currently selected system, you can manage DHCP through the Services and Applications node. You could also use the DHCP tool, which can be accessed on the Tools menu in Server Manager. Either way, you can perform the same tasks.