As I've completely ripped off this most excellent post...just in case it is ever taken down, I'll put the reference at the top:
http://skatterbrainz.blogspot.co.nz/2009/08/enabling-windows-7-remote-management.html
I hope to customise this to my personal style at a later date:
References:
http://skatterbrainz.blogspot.co.nz/2009/08/enabling-windows-7-remote-management.html
http://skatterbrainz.blogspot.co.nz/2009/08/enabling-windows-7-remote-management.html
I hope to customise this to my personal style at a later date:
Thank you Skatterbrainz.I’ve been searching for a comprehensive article/blog-post/kb, etc on this for a while but have only been able to find pieces of the overall solution I was looking for. The challenge?Enable remote management capabilities on Windows 7 clients within an Active Directory domain environment using Group Policy.Which capabilities?
- Be able to PING clients
- Be able to connect to clients via Remote Desktop
- Be able to connect to clients via Computer Management
- Be able to connect to clients through Event Viewer, RegEdit, etc.
You may notice that my “solution” doesnt’ involve a great deal of security options. That’s because I’m pretty comfortable with the boundary security on my network environment, which will not be described herein. Suffice it to say that I am only interested in being able to enable and use these capabilities. If you need increased security, you can configure additional options via Group Policy settings to suit your needs.Computer Configuration \ Policies \ Administrative Templates…Network \ Network Connections \ Windows Firewall \ Domain Profile
- Allow ICMP Exceptions:
- ENABLED - Allow inbound echo request
- Allow Inbound remote administration:
- ENABLED: Enter asterisk (*) in IPv4 address box
- Allow inbound Remote Desktop:
- ENABLED: Enter asterisk (*) in IPv4 address box
Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Connections:
- Allow users to connect remotely using Remote Desktop services
- ENABLED
Windows Components \ Windows Remote Management (WinRM) \ WinRM Service:
- Allow automatic configuration of listeners
- ENABLED: Enter asterisk (*) in IPv4 address box
If you need a nudge in the right direction for how to add these settings:
- Open Group Policy Management (aka “GPMC”)
- Expand Forest: <name> / Domains / <your-domain> / Group Policy Objects
- Right-click and select “New”
- Enter a name for the GPO (e.g. “Remote Management”) and click OK
- Right-click on the new GPO and select “Edit”
- Follow the guideline above to locate and enable the settings
- Right-click on the very top of the tree-view panel on the name of the GPO and select “Properties”
- Check the box “Disable User Configuration settings”
- Click “Yes” to accept the warning.
- Close the Group Policy Management Editor
- Right-click on the desired computer OU in the GPMC and select “Link an existing GPO” and select your new GPO.
- That’s it.
You can then either wait for the regular GPO refresh cycle to run (about 90 minutes on average, sometimes less) or go to a client and open a CMD console (remember to right-click and choose “Run as Administrator”) and at the command prompt, enter “GPUPDATE /FORCE” and press Enter. You should be able to connect to that client from another client on your domain immediately after that. If you still cannot, double-check your GPO settings and double-check where you linked the GPO (which OU) related to the computer account within AD. You can (and should) use GPRESULT on the remote client to diagnose GPO issues.
References:
http://skatterbrainz.blogspot.co.nz/2009/08/enabling-windows-7-remote-management.html
No comments:
Post a Comment