Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail

To add remote workgroup servers to Server Manager

  1. On the computer that is running Server Manager, add the workgroup server name to the TrustedHosts list. This is a requirement of NTLM authentication. To add a computer name to an existing list of trusted hosts, add the Concatenate parameter to the command.

    Or else you will get an error: ” WinRM negotiate authentication error”.
    For example, to add the Server01 computer to an existing list of trusted hosts, use the following command.
    Set-Item wsman:\localhost\Client\TrustedHosts Server01 -Concatenate -Force
    
  2. Determine whether the workgroup server that you want to manage is in the same subnet as the computer on which you are running Server Manager.

    If the two computers are in the same subnet, or if the workgroup server’s network profile is set to Private in the Network and Sharing Center, go on to the next step.

    If they are not in the same subnet, or if the workgroup server’s network profile is not set to Private, on the workgroup server, change the inbound Windows Remote Management (HTTP-In) setting in Windows Firewall to explicitly allow connections from remote computers by adding the computer names on the Computers tab of the setting’s Properties dialog box.

    Reference: How to set the Network Profile to Private( https://www.youtube.com/watch?v=KRBXOuCWk18)

  3. System_CAPS_security Security Note
    Running the cmdlet in this step overrides User Account Control (UAC) measures that prevent elevated processes from running on workgroup computers unless the built-in Administrator or the System account is running the processes. The cmdlet lets members of the Administrators group manage the workgroup server without logging on as the built-in Administrator. Allowing additional users to manage the workgroup server can reduce its security; however, this is more secure than providing built-in Administrator account credentials to what might be multiple people who are managing the workgroup server.

     

    To override UAC restrictions on running elevated processes on workgroup computers, create a registry entry called LocalAccountTokenFilterPolicy on the workgroup server by running the following cmdlet.

    New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1
    
  4. On the computer on which you are running Server Manager, open the All Servers page.

  5. If the computer that is running Server Manager and the target workgroup server are in the same workgroup, skip to the last step. If the two computers are not in the same workgroup, right-click the target workgroup server in the Servers tile, and then click Manage as.

  6. Log on to the workgroup server by using the built-in Administrator account for the workgroup server.

  7. Verify that Server Manager is able to connect to and collect data from the workgroup server by refreshing the All Servers page, and then viewing the manageability status for the workgroup server.

 Show remote server Network configuration
winrs -r:hostname ipconfig /all
hostname: make sure the hostname can be resolved by DNS server. if you use IP address, you may get the error message:
WinrsCommand