Wednesday, April 29, 2009

Managing local group policy on Windows Server 2008 Core Edition

In Windows Server 2008 Core Edition, you can manage the group policy remotely through a MMC snap-in. To configure this, you’ll need to go through a few hoops. First, get a MMC snap-in pointed to the Windows Server 2008 Core Edition server. For a default configuration, you’ll need to configure Windows firewall to allow this traffic. This command will stop Windows firewall:

netsh advfirewall set allprofiles state off

When the Group Policy configurations are finished, run this command to turn firewall back on:

netsh advfirewall set allprofiles state on

From a remote system, run MMC.exe, add the Group Policy Object, and point it to a remote system. Figure A shows a remote system being pointed by TCP/IP address.

Figure A

Click image to enlarge.

Once saved, the local console can interact with the remote group policy configuration of the core server. This can work in conjunction with a domain-based Group Policy configuration if applicable. Be sure not to overlap, as the domain configuration will override a local configuration by re-application. Permissions need to be in place for this to work correctly. This can include using domain-based credentials or passing administrative credentials manually with the ‘net use’ command.

The snap-in can be saved for future use, making it easier to access the core server’s local Group Policy easier. Figure B shows the snap-in being saved for the core server.

Figure B

Click image to enlarge.

Remember to turn the Windows firewall on if you turned it off. Now you’re finished!

It would be best to keep MMCs for the local Group Policy configuration of Windows core servers by computer name or IP address and store centrally for other administrators to access if required. This can save setup time for frequent access.

0 Responses to “Managing local group policy on Windows Server 2008 Core Edition”