PrepAway - Latest Free Exam Questions & Answers

You need to manage Server2 remotely from Server1

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. The domain contains a standalone server named Server2
that is located in a perimeter network. Both servers run Windows Server 2012 R2.
You need to manage Server2 remotely from Server1.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
From Server1, run the Enable-PsRemotingcmdlet.

B.
From Server2, run the winrm command.

C.
From Server2/ run the Enable-PsRemotingcmdlet.

D.
From Server1, run the winrm command.

27 Comments on “You need to manage Server2 remotely from Server1

  3. yhawx says:

    I think answer maybe d:
    Because in hh849694.aspx .It say
    “on Windows Server® 2012, Windows PowerShell remoting is enabled by default.”
    So we not need run enable-psremoting cmdlet again, if it is enabled by default.




    0



    0
  5. Singh says:

    B is the correct answer. Winrm should be installed on the target computer. In this case you need to manage Server 2 remotely.

    Server 2 – Install Winrm
    Server 1 – Install Winrs




    0



    0
  7. Adam says:

    This is a difficult question and many people are posting different answers. So I am still searching for the right answer.

    On this article it says:
    http://blogs.technet.com/b/poshchap/archive/2014/07/04/powershell-remoting-considerations.aspx

    Windows Server 2012 R2

    PS Remoting enabled by default.

    The Enable-PSRemoting cmdlet performs the following operations:

    — Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:

    —– Starts the WinRM service.

    —– Sets the startup type on the WinRM service to Automatic.

    —– Creates a listener to accept requests on any IP address.

    —– Enables a firewall exception for WS-Management communications.

    —– Registers the Microsoft.PowerShell and Microsoft.PowerShell.Workflow session
    configurations, if it they are not already registered.

    —– Registers the Microsoft.PowerShell32 session configuration on 64-bit
    computers, if it is not already registered.

    —– Enables all session configurations.

    —– Changes the security descriptor of all session configurations to allow
    remote access.

    —– Restarts the WinRM service to make the preceding changes effective.

    To run this cmdlet, start Windows PowerShell with the “Run as administrator”
    option.




    0



    0
      1. Paul says:

        Agree on B being the correct answer. Both servers must be running WinRM, but you would run WinRS (remove shell) from Server1 in order to manage Server2 (which is running WinRM).

        “WinRS is the Windows Remote Shell. With WinRS, you can query remote Windows machines that are running WinRM. However, keep in mind that your machine also needs to be running WinRM to use WinRS.”

        So B appears to be “more correct” than D.

        http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/How-Windows-Server-2008-WinRM-WinRS.html




        0



        0
  9. Andrzej says:

    Answer D: looks correct in the domain to workgroup scenario too.

    Note: In Windows Workgroup environment, there is a need to add a trust for the server that the client initiate a connection to it.
    winrm set winrm/config/client @{TrustedHosts=”%servername1%,”%servername2%”}
    Verity the new settings by using the command:
    “winrm enumerate winrm/config/listener”

    https://support.microsoft.com/kb/555966/en-us

    Another source: https://technet.microsoft.com/en-us/library/dd759202.aspx

    If you are managing a remote computer from a computer that is running Windows 7, start the Windows Remote Management (WinRM) service to allow for the addition of trusted hosts. Open a Command Prompt session with elevated user rights by clicking Start , clicking All Programs , clicking Accessories , right-clicking Command Prompt , and then clicking Run as administrator . Type the following, and then press Enter : net start winrm
    For remote connections in a Workgroup to Workgroup/Domain scenario, the remote computer must be added to the trusted hosts list on the source computer. To do this, run the following command on the source computer in a Command Prompt window that is opened with elevated user rights.
    winrm set winrm/config/client @{TrustedHosts=”RemoteComputerName”}
    For remote connections in a Workgroup to Workgroup/Domain scenario, if a user is not logged on by using the source computer’s built-in administrator account, the following WinRM registry key must be configured to allow remote access from the source computer. This change is required because of a User Account Control (UAC) limitation on non-administrator accounts that are members of the Administrators group. To change this registry key, run the following command on the source computer at a command prompt that is opened with elevated user rights.
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
    By default, WinRM allows for a maximum of five connections to a remote computer to be active per user. To increase the limit, run the following command on the source computer, in which X represents the number of connections that you want to allow, at a command prompt that is opened with elevated user rights.
    winrm s winrm/config/winrs @{MaxShellsPerUser=”X”}

    By the way,
    Winrs is a client, but there is still a “-machine:” key for winrm (and was “-r:” in the past). I can run winrm from server1 and the answer is the same ;-).




    0



    0
    1. Mat Kordell says:

      Andrzej is correct. It makes no sense but you actually have to add the remote machine to the trusted hosts list on the local machine. So you must run winrm on the local machine which is Server1.




      0



      0
  10. MCVZ says:

    Answer is D: Reason for running WinRM on Server1 is to add Admin credentials for Server2. So that Server1 can authenticate with Server2 admin credentials when attempting to remotely manage Server2 because it is standalone (Not part of the domain)




    0



    0
  15. David says:

    I find it confusing because if psremoting is enabled by default, which implies that WinRM also is running, then on server2 (the server-to-be-managed) nothing has to be configured?




    0



    0
  17. Mohammed says:

    I agree with David. There’s no thing to do with this question, bc winrm is enabled by default. The only two things you have to do with adding a standalone to server manager are:
    1) server 2 credentials and
    2) adding server 2 to the WS-Management TrustedHosts. Set-Item WSMan
    However, these options are not listed in the question’s choices.




    0



    0
  18. Mel says:

    The question states “The domain contains a standalone server named Server2”, so it is not in a workgroup. I agree that none of the answers make sense because PsRemoting is enabled by default with Server 2012 R2. PsRemoting runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:
    —– Starts the WinRM service.
    —– Sets the startup type on the WinRM service to Automatic.
    —– Creates a listener to accept requests on any IP address.
    —– Enables a firewall exception for WS-Management communications.
    —– Registers the Microsoft.PowerShell and Microsoft.PowerShell.Workflow session
    configurations, if it they are not already registered.
    —– Registers the Microsoft.PowerShell32 session configuration on 64-bit
    computers, if it is not already registered.
    —– Enables all session configurations.
    —– Changes the security descriptor of all session configurations to allow
    remote access.
    —– Restarts the WinRM service to make the preceding changes effective.
    [There must be something missing from the question as written.]




    0



    0
  19. Mel says:

    https://technet.microsoft.com/en-us/library/hh849694.aspx
    “On Windows Server® 2012, Windows PowerShell remoting is enabled by default. You can use Enable‑PSRemoting to enable Windows PowerShell remoting on other supported versions of Windows and to re‑enable remoting on Windows Server 2012 if it becomes disabled.”
    Also states PsRemoting enbabled by default for 2012 R2:
    http://blogs.technet.com/b/poshchap/archive/2014/07/04/powershell-remoting-considerations.aspx
    [The question states: “Both servers run Windows Server 2012 R2.”]




    0



    0
  20. Progenitor says:

    Actually folks are true, it is choice D. Look at this technet article:
    https://technet.microsoft.com/en-us/magazine/ff700227.aspx

    “In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:
    winrm s winrm/config/client ‘@{TrustedHosts=”RemoteComputer”}’

    Here, RemoteComputer should be the name of the remote computer, such as:
    winrm s winrm/config/client ‘@{TrustedHosts=”CorpServer56″}'”

    So for our scenario, on Server1 run

    winrm s winrm/config/client ‘@{TrustedHosts=”Server2″}’

    to add Server2 to your trusted hosts (which is not required, if Server1 would manage another domain joined computer)

    The Powershell approach with the same result is using
    Set-Item wsman:\\localhost\Client\TrustedHosts Server2




    0



    0

Leave a Reply