Cross-Windows Server 2008 Remote Management Barrier

In order to improve the management efficiency of the server system, network administrators often use professional remote control tools to remotely manage the server system; however, the actual management of the Windows Server 2008 server system is remote. At the time, we often encounter obstacles that cannot be managed remotely. The reason why there are so many obstacles is that the group policy and security of the Windows Server 2008 system are obviously enhanced compared with the previous systems. The use of remote control tools is virtually invisible. In order to manage the Windows Server 2008 server system remotely, we need to prescribe the right medicine, and overcome the obstacles of remote management of Windows Server 2008!

1. Crossing Account Barriers

The primary factor that prevents remote management of Windows Server 2008 server systems is the account factor. Before remotely managing the server system, we need to use a professional tool to remotely connect to the server system. When the connection is established, the server system will automatically pop up a prompt window asking us to enter the appropriate login user name and password information correctly. When the account number is incorrect, then we naturally cannot log in to the target server system to remotely manage it.

Once the account of the remote login Windows Server 2008 server system is found to be incorrect, we can recreate a user account in the server system and assign appropriate access rights to the account. When creating a user account, click the "Start" /"Programs" /"Administrative Tools" /"Server Manager" command in the server system desktop, in the pop-up Server Manager window, use the mouse to expand the window in turn side of the display area of ​​"configuration" /"local users and groups" /"user" option, shown in Figure 1;

mouse Right-click the "User" option and execute the "New User" command in the shortcut menu to open the new user creation dialog box, set the user name and password information correctly in the dialog box, and uncheck "User must log in next time" Change password "check", then select the "Password never expires" check box, and finally click the "Create" button, so that a new user account is created successfully;

then return to the user option list In the window, find the target user account that has just been successfully created, right-click the account option, and execute the “Properties” command in the shortcut menu to open the property setting dialog box of the target account. In the "Remote Control" tab, select the "Enable Remote Control" option and the "Require User Permissions" option in the corresponding tab settings page, and then select the "Interact with Session" item under the "Require User Permissions" option;

In order to be able to perform various complicated management and maintenance operations on the server system, we also need to click the “Affiliate” tab here and assign the appropriate permission level to the target user account in the corresponding tab settings page. . When setting the permission level, we can click the "Add" button in the corresponding tab page, from the Select Group dialog box that pops up, select the "Administrator" group, and then click the "OK" button, so that the target account It becomes a server system administrator account, so that we can use this account to remotely manage any content in the server system in the future.

When the tool establishes a remote connection with the Windows Server 2008 server system, the system prompts that the target server host cannot be found at all. When such access disorder occurs, most of the network discovery functions and shared access functions of the Windows Server 2008 server system have not been opened. By default, the server system does not automatically enable these features, we need to manually set the way to eliminate the discovery barriers.

When enabling the network discovery function of the Windows Server 2008 server system, we can right-click the network connection control icon in the lower right corner of the system desktop taskbar and select "Network and Sharing" from the pop-up shortcut menu. Central option, open the Network and Sharing Center list window of the local server system;

Find the "Share and Discover" setting from the list window, and then expand the "Network Discovery" option from the setting In the area, open the option setting dialog box shown in Figure 2. In this dialog box, we find that the Windows Server 2008 server system will select the "Close Network Discovery" option by default. In this case, we need to re-select "Enable Network Discovery". "Options, then click the "Apply" button, this will enable the network discovery feature of the Windows Server 2008 server system.

after enabling network discovery, we also need to enable shared access to a network server system functions. When this feature is enabled, we can click the "Start" /"Settings" /"Network Connection" command, in the network connection list window that appears, right-click the "Local Area Connection" icon, and right click The "Properties" command in the menu opens the Local Area Connection Properties Settings window;

In the "Network" tab of the Settings window, check whether the "File and Printer Sharing for Microsoft Network" item is selected. When it is not selected, we can re-select it, and finally click the "OK" button to end the setting operation, so that the network share access function of the local server system is turned on.

3, across the port barrier

As we know, since the beginning of Windows XP system, Microsoft has always built a firewall system in the operating system, and the Windows Server 2008 server system is no exception, and the firewall function under the system is more powerful than the previous firewall function. Since the firewall of the Windows Server 2008 server system is enabled by default, any network connection established with the server system will be blocked by the firewall. For this reason, we need to find a way to let the firewall release the remote control operation; considering the professional remote control tool All of them establish a remote control connection with the server system through a specific network port. For this reason, we only need to let the firewall release the communication behavior of the specific port of the server system, so that the firewall does not limit the remote control operation. For example, if a remote control tool uses the 9988 port to establish a remote connection with the server system, in order for the firewall to release the communication behavior from port 9988, we can set the Windows Server 2008 server system with its own firewall as follows:

First click the "Start" /"Settings" /"Control Panel" command in the Windows Server 2008 server system desktop, in the pop-up system control panel window, find the "Windows Firewall" icon, and double-click the icon with the mouse, in its In the following interface, click the "Enable or Disable Windows Firewall" option to open the basic configuration interface of the Windows Server 2008 server system with its own firewall;

Second, click the "Exceptions" tab in the configuration interface, open as shown in Figure 3. On the label setting page shown, click the “Add Port” button on the page, and in the subsequent interface, set the port name to “Remote Control Port”, set the port number to “9988”, and then set the communication protocol. "TCP", and finally click the "OK" button, so that the firewall will not We hinder the use of professional tools and server to establish a remote control system connected.

4, across the network barriers

By default, the Windows Server 2008 server system does not allow new users to access the server over the network. As a result, we naturally cannot use the new account to remotely manage the server system. To do this, we can modify the Group Policy parameters of the Windows Server 2008 server system to allow new user accounts to access the server system through the network. Here are the specific setup steps:

First open in the Windows Server 2008 server system desktop "Start" menu, select the "Run" command from it, in the pop-up system run text box, enter the group policy edit command "gpedit.msc", click the Enter key to open the Group Policy Edit window;

Next, position the mouse on the "Computer Configuration" /"Windows Settings" /"Security Settings" /"Local Policies" /"User Rights Assignment" branch option in the list on the left side of the Group Policy Edit window, in the corresponding "User Rights Assignment" In the list on the right of the branch option, find the "Access this computer from the network" group policy project, and double-click the project with the mouse to open the target group policy property setting interface as shown in Figure 4;

in the settings interface "local security settings" tab page, click "Add" button, select the account from the subsequent pop-up In the dialog box, select the new user account we created before, and then click the "OK" button, you can import the target account, so that we can use the new account to remotely manage the server system.

5, cross firewall barriers

Windows Server 2008 server system comes with a firewall By default, other workstations will not be allowed to remotely manage the local server. For this reason, we need to set the relevant parameters of the firewall in the system group policy to ensure that the system has its own firewall to allow others to remotely access the local server system. Management, the following is the specific setup steps:

First open the "Start" menu in the Windows Server 2008 server system desktop, select the "Run" command from it, in the pop-up system run text box, enter Group Policy Edit The command "gpedit.msc", click the Enter key to open the Group Policy Edit window;

Next, position the mouse in the "Computer Configuration" /"Administrative Template" in the list on the left side of the Group Policy Editing Window /On the "Network" /"Network Connections" /"Windows Firewall" branch option, if the local network belongs to the domain work environment, then we select the "Windows Firewall" branch option under the "Domain" Set the file sub-item, in the right area of ​​the corresponding "domain configuration file" sub-item, find the "Windows Firewall: Allow inbound remote management exceptions" group policy project, and double-click the project with the mouse to open as shown in Figure 5. The target group policy property setting interface; select the "enabled" option in the interface, and then click the "OK" button, so that we can cross the firewall barrier in the future.

Similarly, if the local network belongs to a workgroup environment, then we need to select the "Windows Firewall" branch option following "standard profile" child Item, and then enable the "Windows Firewall: Allow Inbound Remote Management Exceptions" group policy under the subkey.