What needs to be configured to do remote disk management of a Server Core installation in Windows Server 2012 via PowerShell?

Hi there! We have made no secret that Server Core is the preferred method of deployment for Windows Server 2012. In this blog post we highlight an area in Server Core deployments that has caused some customer confusion, the ability to do remote disk management on a server core system. During the Windows Server 2012 TAP program, we have the chance to work closely with customers and identify and provide detailed information on how to make this challenging scenario work.

Thomas Roettinger, Server Core scenario lead will take you thru the details of how and what needs to be configured to do remote disk management of a Server Core system using Windows PowerShell.

Natalia Mackevicius
Group Program Manager, Partner and Customer Ecosystem Team

 

What needs to be configured to do remote disk management of a Server Core installation in Windows Server 2012 via PowerShell?

The PowerShell module for managing the firewall is called "netsecurity" and is automatically loaded by the PowerShell automatic module loading functionality, new in Windows Server 2012. You can view the cmdlets that the netsecurity module contains by typing the following command at a PowerShell command prompt

 

Get-Command -Module netsecurity

 

Power user shortcut: You can also use ‘gcm’ as an alias for Get-Command, and PowerShell will automatically expand switches for you when it can do so unambiguously; so the following command would have the same effect. Try it!

 

gcm -m netsecurity

 

By default, Windows Server is installed with a firewall that enables out-of-the-box security. It allows remote management by PowerShell and WMI but must be configured to allow other management tools. Before you can remotely manage your server, you need to enable the corresponding firewall rules for the incoming exceptions list.

After using gcm -m netsecurity, we can see two particularly promising cmdlets: Get-NetFirewallRule and Enable-NetFirewallRule. Most of the rules are disabled by default, and enabling the rule grants access to the firewall which is set to “deny by default.” Windows Server 2012 ships with at least 145 firewall rules pre-configured – at least PowerShell says so when I run (Get-NetFirewallRule).Length – but thanks to PowerShell we can explore these rules to find the ones we need to enable.

When I ran Get-NetFirewallRule for the first time, I noticed that there are several columns in the output. One of them, DisplayGroup, looked particularly useful.

 

Figure 1. Running Get-NetFirewallRule resulted in a list of results such as this one.

 

I then wanted to list all the unique DisplayGroups that are available:

 

                Get-NetFirewallRule | Select DisplayGroup -Unique | Sort DisplayGroup

 

I found that the Remote Volume Management group was what I was looking for. Using Get-NetFirewallRule | Where { $_.DisplayGroup –Eq “Remote Volume Management”} | Format-Tableto list just the rules applicable to the Remote Volume Management group, we can see that for remote disk management there are 3 incoming rules:

  • RVM-RPCSS-In-TCP (Remote Volume Management (RPC-EPMAP) )
  • RVM-VDSLDR-In-TCP (Display Name: Remote Volume Management - Virtual Disk Service Loader)
  • RVM-VDS-In-TCP (Display Name: Remote Volume Management - Virtual Disk Service (RPC))
  • The necessary rules can be enabled with the following command: 

Enable-NetFirewallRule -name RVM-RPCSS-In-TCP,RVM-VDSLDR-In-TCP,RVM-VDS-In-TCP

 

Using Server Manager from a server running Windows Server 2012 with the Server Graphical Management Tools and Infrastructure feature enabled, you can now browse "All Servers" and select this Server Core server.

Note: A Server with a GUI installation of Windows Server 2012 has the Server Graphical Management Tools and Infrastructure feature enabled by default. You will also be able to install these remote management tools on a Windows 8 “client” PC by downloading and installing the Remote Server Administration Toolkit, available at no charge from Microsoft.

By right clicking on the server object in Server Manager, you can launch Computer Management and start working with the Disk Management remotely.

 

Figure 2.

 

I hope you find this blog post useful; and keep watching this space for more posts on managing Server Core and other Windows Server 2012 topics from early engineering program tutorials.

A special thanks goes to my co-worker Benjamin Herila for helping me with this blog post!

Thomas Roettinger
Program Manager (PACE)
Server and Cloud Division

Comments

  • Anonymous
    May 02, 2012
    Thanks to the new ISE, realized this cmdlet has a switch for groupname so Get-NetFirewallRule -DisplayName "Remote volume management"     might be a better practice.  Good stuff!

  • Anonymous
    May 07, 2012
    I'm slightly disappointed that we are still having to deal with RPC in Server 2012...  Here's to hoping that the evolution in management protocols continues and that we are headed towards 100% WSMAN-based remote administration.