Manage Untrusted Servers in Server Manager

Manage Untrusted Servers in Server Manager

Q: Can I manage remote untrusted servers using Server Manager?

A: When using Server Manager on a domain-joined Windows client or server OS, the user who is using Server Manager has his or her credentials used on the remote servers being managed.

If needed, a different set of credentials can be used for specific servers: Right-click the server and select the Manage As ... action, which allows a set of credentials to be added. If you want to manage a server that's in an untrusted domain or in a workgroup, then some additional actions are required:

  • NTLM authentication will be used for hosts in untrusted domains or in a workgroup which will require the host to be added to the machine running Server Manager's TrustedHost list. Check the current value of TrustedHosts using the following:
    (get-item wsman:localhost\client\trustedhosts).value

    If the return result is not a * which means anyone is trusted add the new host you want to manage to the list of trusted hosts using the following (where server1 and server2 are new hosts to be managed):
    $trustedhosts = (get-item wsman:localhost\client\trustedhosts).value
    	set-item wsman:localhost\client\trustedhosts -value 
    	"$trustedhosts,server1,server2" 
    
    
  • If the remote server to be managed is a workgroup machine, you need to enable elevation of processes for the non-Administrator account using the following:
    New-ItemProperty -Name LocalAccountTokenFilterPolicy -path 
    	HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType 
    	DWord -value 1
  • If the target machine is not connected to a domain network you might need to manually enable the Windows Remote Management (HTTP-In) firewall exception for the connected network (on a workgroup machine this could be the Public network).
  • Right-click the server, which will show a Kerberos target resolution error, and select the Manage As ... action.

    Enter the credential to use. If the server is in a workgroup, include the workgroup name (e.g., workgroup\administrator) then the password and click OK.

After all the above is done, you will have a connection to the remote server and information gathered and displayed plus management available.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish