As you add remote servers to Server Manager, some of the servers that you add might require different user account credentials to access or manage them. To specify credentials for a managed server that are different from those you use to log on to the computer on which you are running Server Manager, use the Manage As command after you add a server to Server Manager, which is accessible by right-clicking the entry for a managed server in the Servers tile of a role or group home page. Clicking Manage As opens the Windows Security dialog box, in which you can provide a user name that has access rights on the managed server.
These or similar errors can occur in the following conditions.
- The managed server is in the same workgroup as the computer that is running Server Manager.
- The managed server is in a different workgroup from the computer that is running Server Manager.
- One of the computers is in a workgroup, while the other is in a domain.
- The computer that is running Server Manager is in a workgroup, and remote, managed servers are on a different subnet.
- Both computers are in domains, but there is no trust relationship between the two domains.
- Both computers are in domains, but there is only a one-way trust relationship between the two domains.
- The server you want to manage has been added by using its IP address.
To add remote workgroup servers to Server Manager
On the computer that is running Server Manager, add the workgroup server name to the TrustedHosts list. This is a requirement of NTLM authentication. To add a computer name to an existing list of trusted hosts, add the Concatenate parameter to the command. For example, to add the Server01 computer to an existing list of trusted hosts, use the following command.
Set-Item wsman:\localhost\Client\TrustedHosts ServerName -Concatenate -Force
- Determine whether the workgroup server that you want to manage is in the same subnet as the computer on which you are running Server Manager.
If the two computers are in the same subnet, or if the workgroup server’s network profile is set to Private in the Network and Sharing Center, go on to the next step.
If they are not in the same subnet, or if the workgroup server’s network profile is not set to Private, on the workgroup server, change the inbound Windows Remote Management (HTTP-In) setting in Windows Firewall to explicitly allow connections from remote computers by adding the computer names on the Computers tab of the setting’s Properties dialog box.
- To override UAC restrictions on running elevated processes on workgroup computers, create a registry entry called LocalAccountTokenFilterPolicy on the workgroup server by running the following cmdlet.
New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1