Connect using Windows RSAT with a Non-Domain Joined Machine

When deploying your first Windows Server Core installation, you may find yourself having difficulty managing the server using Windows RSAT. This may be because there is no DOMAIN and one or both the server and workstation are part of a WORKGROUP. Below is the method I use to ensure initial access from a workstation using Windows RSAT Tools.

The demo connects a Windows 10 Pro workstation to manage a Microsoft Hyper-V Server 2012 R2 installation. Remember that you’ll at least need to be running Windows 8.1 to properly remotely manage a Windows 2012 server.

Prerequisites

winrm quickconfig
  • Firewall rules have been configured. If you are just testing, you can easily turn of the firewall by running the following:
netsh advfirewall set allprofiles state off

Instructions

You’ll need to start by opening the Component Services MMC, or Run… dcomcnfg. Expand Component Services, then Computers.

  1. Right-click My Computer and select Properties
  2. Select the COM Security tab
  3. Under the Access Permissions section, click Edit Limits…
  4. Highlight ANONYMOUS LOGIN
  5. Check the box next to Remote Access; by default it should be unchecked
RSAT dcomcnfg settings

Next, you’ll want to run PowerShell as an Administrator. The name of my lab server is “2012CORE” and the user is “2012CORE\Administrator“. You’ll want to replace these with your own values.

The first line will add credentials for your server to Windows Credential Manager. The second line adds your server’s DNS hostname to the TrustedHosts list. You cannot use an IP for this. If your workstation cannot reach the server via hostname, you may need to update the hosts file manually. Finally, the third line is used to verify that your server now appears in the TrustedHosts list.

cmdkey /add:2012CORE /user:2012CORE\Administrator /pass
Set-Item "WSMan:\localhost\Client\TrustedHosts" 2012CORE
Get-Item -Path WSMan:\localhost\Client\TrustedHosts | fl Name, Value
RSAT PowerShell

Hopefully, this will help you remotely manage that core server outside of your domain using Windows RSAT.