Manage Non-Domain Server from Domain Client using RSAT

Manage Non-Domain Server from domain Client

RSAT -  Remote Server Administration Tools

Sample Names used below:

- Non-domain fully qualified server name: `MyServerName.Local`

- Local admin user for login: `\\MyServerName.Local\Administrator`

 

1. Install or Add RSAT to the Client PC running Pro versions Windows 10 / 11. 

 - Download Link for older version and install instructions: https://www.microsoft.com/en-us/download/details.aspx?id=45520. 

- Please pay attention to the Installation Section as no download is necessary for versions after Windows 10 October 2018 Update. 

- List of RSAT tools available via Features on Demand:  https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#remote-server-administration-tools-rsat 

- List of RSAT dependencies: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#remote-server-administration-tools-rsat 

- New versions of windows can `Add an Optional Feature`, click `+`, choose RSAT features like `Server Manager`, etc.

- Other Management tools can be installed via `Turn Windows Features On or Off`. For example, `Hyper-V Management Tools`. 

2. Open `Server Manager` on client PC using Domain Admin Credentials (if you need to add domain servers for management).

3. Dashboard|Add Other Servers to Manage 

4. For non AD servers, use DNS Tab to add server by name or IP.

5. Once server added, it should appear in the list of All Servers. If errors are shown next to added servers, please, right-click on Server and choose `Manage As ...` and use `MyServerName.Local\Administrator` to login. !!!*Please note that in some cases username `Administrator` is not optional*!!!

6. If after right clicking and refreshing server it still shows Errors like `Kerberos authentication error` or `Online - Access denied`, open PowerShell as administrative user and add non-domain servers to Trusted Hosts via:

```PowerShell

Set-Item WSMan:\localhost\Client\TrustedHosts "MyServerName.Local" -Concatenate -Force

``` 

7. Check if server was added to trusted list:

```PowerShell

Get-Item WSMan:\localhost\Client\TrustedHosts

``` 

8. Allow Remote access on Public Zones (in case you client is on DC and the server is not). Enables firewall rules for CredSSP and WinRM:

```PowerShell

Enable-WSManCredSSP -Role server

``` 

More info at:

Add Servers to Server Manager | Microsoft Learn

Enable PowerShell Remoting on a standalone (workgroup) computer – 4sysops

Remotely manage Hyper-V hosts | Microsoft Learn 

 


 

Comments

Post a Comment

Popular posts from this blog

Create Application specific password for Google

Create Application specific password for Google Starting 2022-05-30 Google is no longer supporting less secure apps. Please use below steps to turn on App password for your google account. Login to your Google email at https://gmail.google.com . Navigate to https://myaccount.google.com/signinoptions/two-step-verification . Enable " two step verification ". Create application-specific password via https://security.google.com/settings/security/apppasswords . Save a 16 digits App password that can be used by specific app using your Google email address.      
Read more