Introducing Server management tools
I am Kriti Jindal, a program manager on the Server management tools team.
At last year's Ignite and Build conferences, Jeffrey Snover (Technical Fellow) and Andrew Mason (Principal PM Manager) first demoed the Server management tools. Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. Today, we are announcing the public preview of Server management tools!
For a quick overview of the features supported, checkout my demo video: https://channel9.msdn.com/Series/Nano-Server-Team/Remote-Server-Management-Tools-on-Nano-Server.
For those of you interested in a deeper dive, continue reading!
Server management tools overview
As I mentioned above, Server management tools offers a set of web-based GUI and command line tools to manage Windows Servers. This is especially useful when managing headless servers such as Nano Server and Server Core. These tools also provide rapid access to your on premises infrastructure alongside your Azure resources. In this first release, the tools can only be used to manage Windows Server 2016 Technical Preview SKUs running on-premises as well as in Azure. The tools are hosted in Microsoft Azure.
Currently, the tools offer the following capabilities:
- View and change system configuration
- View performance across various resources and manage processes and services
- Manage devices attached to the server
- View event logs
- View the list of installed roles and features
- Use a PowerShell console to manage and automate
This is a preliminary set of tools that are required for basic server diagnostics. If you have specific requests on what tools would be most valuable to you, please let us know using the Windows Server Management Tools UserVoice feedback site.
Setup and deployment 
A Server management tools gateway is required to enable communication between the Microsoft Azure portal and your Windows Server 2016 machines. A gateway is typically deployed and configured on the same local network as the Windows Server machine(s) you wish to manage. The machine must have an internet connection.
If the machine hosting the gateway is a Windows Server 2012 R2 machine, please install WMF 5.0. This is required to use PowerShell to manage Windows Server 2016 Technical Preview or Nano Server machines from Windows Server 2012 R2. Use the following link to install WMF 5.0: https://aka.ms/wmf5download
If the machine hosting the gateway is a Windows Server 2016 Technical Preview machine, no additional preparation is required.
You will also need an Azure subscription to use Server management tools.
Now let's discuss how you can setup the Server management tools gateway and start managing your machine(s).
Step 1: Create a new Server management tools connection
Ok so you have a machine that you want to be able to manage via Server management tools. To begin your deployment, log in to your Azure portal account and search for "Server management tools" in Marketplace or navigate to it: Marketplace -> Management -> More -> Server management tools.
Select the Server management tools, read the description, review the terms of this Preview release, and click “Create”.
This will open a form prompting you to fill out the information for the connection you are establishing.
Please provide the NAME/IP/FQDN of the machine you want to connect to. If you have an existing resource group and gateway, you may opt to select them here rather than to create a new group or gateway.
If this is the first Server management tools connection you are creating, you will also need to choose to create a new Server management tools gateway and give it a name. You will be prompted to complete the gateway configuration after the Server management tools connection is created.
Once the form has been completed, click create at the bottom of the screen and you will be taken back to the Azure Startboard. Assuming “Pin to Startboard” was checked, you will see a tile appear that will indicate the deployment is in progress. Please note that you are not actually creating the connection to the machine but just a resource in Azure. The connection to the machine is initiated once you provide the credentials on the main Server management tools blade.
Once the deployment succeeds, you will be taken to the Server management tools blade where you can provide the credentials and connect to the machine. The User Name and Password are not being created by the connection, and must already exist on the machine and have proper permissions. I.e. use a user account which is a member of the local Administrators group on the target server you are connecting to.
Step 2: Configuring a new Server management tools Gateway
If you are creating a new gateway, you will see the following status:
Click to open the Gateway Configuration page and read carefully and follow the directions to set up your on-premises machine or Azure VM as the gateway.
Note: Please unzip the zip file and run the gateway MSI installer from the folder you unzipped to. If you run the MSI from the zip file without unzipping first, you will need to also specify the profile.json file.
After installing the gateway MSI, return to the Azure portal, and click Refresh. You will now be prompted to enter the credentials to start managing the machine. You will see the following status:
Congratulations! You have established a remote connection to your resource and are now able to perform management tasks on it through the Azure Portal.
Managing Workgroup machines
In order to manage workgroup machines (e.g. non-domain-joined Nano Servers), run this command as an administrator on the Server management tools gateway machine:
winrm set winrm/config/client @{ TrustedHosts="<<IP address>>" }
When creating a Server management tools connection to the workgroup machine, use the machine’s IP address as the computer name.
Additional connectivity requirements
If you wish to connect using the local Administrator account, you will need to enable this policy on the target machine by running the following command in an administrator session on the target machine:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
If you wish to connect to a workgroup machine which is not on the same subnet as the gateway, run the following command in an administrator session on the target machine:
NETSH advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
The Server management tools team is looking forward to your feedback on the public preview. You can provide feedback on the tools directly via the feedback button in the Azure portal. We also routinely monitor the Windows Server Management Tools UserVoice feedback site for suggestions on improvements and encourage you to submit your ideas there.
Thanks,
Kriti