New
#1
Remote Computer Management configuration help - please
Hello All Seven Gurus, (I'm back)
I got off to bad start a few weeks ago with somewhat of rant about Microsoft and Windows 7. Hopefully with and after my apology you all have forgiven me and will help me? I have information to share and need some help.
One of my complaints was with regard to the advanced tab having been removed from the remote computer management properties. I found a solution which I have posted at the bottom. It is not completely functional but I am well on my way. I have played with PowerShell and "shutdown -i" however would love to get the computer management (a GUI interface) functional again.
When I remotely connect via computer management to a remote Windows 7 system and try to view events, I get the following error message:
"Unable to connect to the computer "ZEUS-3B" (my new build). The error was:
The Network path was not found."
If anyone has a solution to this problem coupled with the instructions below much of what I use computer management for would be functional again.
Thanks,
Garret334
Here is a link to the originator of the text below. I wanted to give him his due credit.
Skatterbrainz Blog: Enabling Windows 7 Remote Management via Group Policy
Thursday, August 27, 2009
Enabling Windows 7 Remote Management via Group Policy
I’ve been searching for a comprehensive article/blog-post/kb, etc on this for a while but have only been able to find pieces of the overall solution I was looking for. The challenge?
Enable remote management capabilities on Windows 7 clients within an Active Directory domain environment using Group Policy.
Which capabilities?
- Be able to PING clients
- Be able to connect to clients via Remote Desktop
- Be able to connect to clients via Computer Management
- Be able to connect to clients through Event Viewer, RegEdit, etc.
You may notice that my “solution” doesnt’ involve a great deal of security options. That’s because I’m pretty comfortable with the boundary security on my network environment, which will not be described herein. Suffice it to say that I am only interested in being able to enable and use these capabilities. If you need increased security, you can configure additional options via Group Policy settings to suit your needs.
Computer Configuration \ Policies \ Administrative Templates…
Network \ Network Connections \ Windows Firewall \ Domain Profile
- Allow ICMP Exceptions:
- ENABLED - Allow inbound echo request
- Allow Inbound remote administration:
- ENABLED: Enter asterisk (*) in IPv4 address box
- Allow inbound Remote Desktop:
- ENABLED: Enter asterisk (*) in IPv4 address box
Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Connections:
- Allow users to connect remotely using Remote Desktop services
- ENABLED
Windows Components \ Windows Remote Management (WinRM) \ WinRM Service:
- Allow automatic configuration of listeners
- ENABLED: Enter asterisk (*) in IPv4 address box
If you need a nudge in the right direction for how to add these settings:
- Open Group Policy Management (aka “GPMC”)
- Expand Forest: <name> / Domains / <your-domain> / Group Policy Objects
- Right-click and select “New”
- Enter a name for the GPO (e.g. “Remote Management”) and click OK
- Right-click on the new GPO and select “Edit”
- Follow the guideline above to locate and enable the settings
- Right-click on the very top of the tree-view panel on the name of the GPO and select “Properties”
- Check the box “Disable User Configuration settings”
- Click “Yes” to accept the warning.
- Close the Group Policy Management Editor
- Right-click on the desired computer OU in the GPMC and select “Link an existing GPO” and select your new GPO.
- That’s it.
You can then either wait for the regular GPO refresh cycle to run (about 90 minutes on average, sometimes less) or go to a client and open a CMD console (remember to right-click and choose “Run as Administrator”) and at the command prompt, enter “GPUPDATE /FORCE” and press Enter. You should be able to connect to that client from another client on your domain immediately after that. If you still cannot, double-check your GPO settings and double-check where you linked the GPO (which OU) related to the computer account within AD. You can (and should) use GPRESULT on the remote client to diagnose GPO issues.
Feedback is always welcome. Enjoy!
Posted by skatterbrainz