Windows Server 2012 R2 Core Setup Part 2
Let's continue the Windows Server Core setup from where we left it in the previous article of the series!
We will start by enabling the Remote Desktop firewall rules so you can connect to the server remotely:
Next, it's time to allow access to administrative file shares like c$ using:
Some monitoring systems use ping to test if a system is up, in that case we have to allow it through the firewall:
Those rules are part of the File and Printer Sharing group and will be enabled if you enable the group.
Now that we have allowed the Remote Desktop connections through the firewall, it's time to check if Remote Desktop is enabled and if not, enable it.
First, we will use the following command to check if Remote Desktop is enabled:
If the result is 1 connections are not allowed.
If you get 1 and want to enable Remote Desktop, execute the following commands:
To make Remote Desktop more secure, we will enable the Network Level Authentication:
James O'Neill has a great post where he wraps the above commands in functions here.
This is the end of the second article in the series, in the next - and last - article we will see how to update the server with the latest updates from Microsoft Update.
We will start by enabling the Remote Desktop firewall rules so you can connect to the server remotely:
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Next, it's time to allow access to administrative file shares like c$ using:
Enable-NetFirewallRule -DisplayGroup "File and Printer Sharing"
Some monitoring systems use ping to test if a system is up, in that case we have to allow it through the firewall:
Get-NetFirewallRule -Name FPS-ICMP4-* | Enable-NetFirewallRule
Those rules are part of the File and Printer Sharing group and will be enabled if you enable the group.
Now that we have allowed the Remote Desktop connections through the firewall, it's time to check if Remote Desktop is enabled and if not, enable it.
First, we will use the following command to check if Remote Desktop is enabled:
(Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections
If the result is 1 connections are not allowed.
If you get 1 and want to enable Remote Desktop, execute the following commands:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' ` -Name "fDenyTSConnections" -Value 0
To make Remote Desktop more secure, we will enable the Network Level Authentication:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' ` -Name "UserAuthentication" -Value 1
James O'Neill has a great post where he wraps the above commands in functions here.
This is the end of the second article in the series, in the next - and last - article we will see how to update the server with the latest updates from Microsoft Update.