Connect using Windows RSAT with a Non-Domain Joined Machine

When deploying your first Windows Server Core installation, you may find yourself having difficulty managing the server using Windows RSAT. This may be because there is no DOMAIN and one or both the server and workstation are part of a WORKGROUP. Below is the method I use to ensure initial access from a workstation using Windows RSAT Tools.

The demo connects a Windows 10 Pro workstation to manage a Microsoft Hyper-V Server 2012 R2 installation. Remember that you’ll at least need to be running Windows 8.1 to properly remotely manage a Windows 2012 server.


winrm quickconfig
  • Firewall rules have been configured. If you are just testing, you can easily turn of the firewall by running the following:
netsh advfirewall set allprofiles state off


You’ll need to start by opening the Component Services MMC, or Run… dcomcnfg. Expand Component Services, then Computers.

  1. Right-click My Computer and select Properties
  2. Select the COM Security tab
  3. Under the Access Permissions section, click Edit Limits…
  4. Highlight ANONYMOUS LOGIN
  5. Check the box next to Remote Access; by default it should be unchecked
RSAT dcomcnfg settings

Next, you’ll want to run PowerShell as an Administrator. The name of my lab server is “2012CORE” and the user is “2012CORE\Administrator“. You’ll want to replace these with your own values.

The first line will add credentials for your server to Windows Credential Manager. The second line adds your server’s DNS hostname to the TrustedHosts list. You cannot use an IP for this. If your workstation cannot reach the server via hostname, you may need to update the hosts file manually. Finally, the third line is used to verify that your server now appears in the TrustedHosts list.

cmdkey /add:2012CORE /user:2012CORE\Administrator /pass
Set-Item "WSMan:\localhost\Client\TrustedHosts" 2012CORE
Get-Item -Path WSMan:\localhost\Client\TrustedHosts | fl Name, Value
RSAT PowerShell

Hopefully, this will help you remotely manage that core server outside of your domain using Windows RSAT.

Enable Remote Disk Management on Windows Server 2012 R2 Core

Remote Disk Management

Microsoft recommends using Windows Server Core for many critical server roles, but that means you need to be a black belt with PowerShell. Even simple things, such as managing disks can be difficult. When you first connect, it is common to get errors such as “Disk Management could not start Virtual Disk Service (VDS) on…” or “The RPC server is unavailable.

This will help you configure Windows Firewall to enable remote disk management on Windows Server 2012 core installations.

Enable Firewall Exceptions on the Client and Server

You will need to enable the exceptions on both the machine you are trying to access (the Server) and the machine you are accessing from (the Client). You can do so with the following command in an elevated Command Prompt or PowerShell:

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
Note: My client machine updated 6 rules, but my server only updated 3 rules (as seen in the next screenshot.

On the Server, you can check if all the appropriate exceptions are enabled with the following PowerShell command:

Get-NetFirewallRule | Where { $_.DisplayGroup -Eq "Remote Volume Management" } | Format-Table

Make sure that all three items are enabled (True). If they are not, try running the netsh command again. Also, make sure that the VDS service is running on the Server. It is also a good idea to set the VDS service to start automatically.

Enable-NetFirewallRule -DisplayGroup "Remote Volume Management"

You can also try the commands recommended by Microsoft. They do the same thing as the netsh command above. If you want to see the individual exceptions that are updated, you can run it with the -verbose flag as I did in the screenshot.

Enable-NetFirewallRule -DisplayGroup "Remote Volume Management"

I hope these commands help you manage your Server Core installation.