Configuring remote management

Remote management is a very effective and useful way for Windows administrators to access their (or others') computers and all of their contents remotely. It offers access functionality for a variety of computers and is optimized for remote Personal Computer (PC) control.

You can use a variety of tools to manage Windows 10 devices remotely. The five built-in tools for remote management are as follows:

• Quick Assist: This is the successor of the Remote Assistance tool. It provides interaction with a remote user, which you them to view or take control of a user's computer remotely. To initiate a session, you have to exchange a six-digit security code.
• Remote Assistance: This is a built-in tool that provides interaction with a remote user. By using this tool, you can view or take control of a user's computer remotely and perform remote management on its system.
• Remote Desktop: This is a built-in tool that you can use to access a computer remotely over the Remote Desktop Protocol (RDP). It does not provide user interaction and requires the user of the computer to sign out before you can access the computer remotely.
• PowerShell: PowerShell is a powerful command-line management tool used to script environments. You can use it to perform management functions on Windows 10. You can also use PowerShell to manage remote computers. This is known as PowerShell Remoting.
• Microsoft Management Console (MMC): This is an extensive interface for management applications. To perform management tasks with MMC, a specific tool—a snap-in—is loaded to the console. You can use MMC snap-ins to manage Windows 10 devices remotely.

Depending on the remote management tool you have decided on, you will almost certainly need to configure the target computer and, possibly, the local management computer to use the selected remote management tool.

In the next section, we will see how you can configure the firewall to allow remote management before we can use one of these tools.

Configuring the firewall to allow remote management

Before you start using remote management, you have to enable it through Windows Defender Firewall. You can do this by taking the following steps:

1. In Control Panel, click System and Security | Windows Defender Firewall option.
2. Then, in Windows Defender Firewall, click on the Allow an app or feature through Windows Defender Firewall option.
3. After that, in the Allowed applications window, click on the Change Settings option.
4. Then, in the Allowed apps and features list, scroll down and select the appropriate management feature. For example, we selected Remote Assistance, which enables the chosen management feature, as shown:
   

   Figure 9.1 - The Allowed apps dialog box

   In the preceding screenshot, you can also see the Private and Public checkboxes. In this example, if you also want to allow Remote Assistance over the internet, then you have to check the Public checkbox as well as the Private checkbox.

5. Lastly, click OK.

The available remote management features that you can turn on in the firewall are as follows:

• Remote Assistance
• Remote Desktop
• Remote Event Log Management
• Remote Event Monitor
• Remote Scheduled Tasks Management
• Remote Shutdown
• Remote Volume Management
• Virtual Machine Monitoring
• Windows Defender Firewall Remote Management
• Windows Management Instrumentation
• Windows Remote Management

It takes a lot of work to configure these settings manually on each computer and enable the appropriate remote management features. Instead of doing so manually, you can set these options with Group Policy Objects (GPOs) in an Active Directory domain.

You now know which services you have to allow on the Windows Defender Firewall to perform remote management. First, we will enable the Remote Desktop tool.

Enabling Remote Desktop

Remote Desktop is a useful Windows feature that allows you to access another computer from a PC on your network or from the internet. This function requires both computers to be connected to the internet and turned on. If these conditions are met, you can remotely use your PC to fix problems on any other computer. This feature also gives you full access to all the files stored on the other computer, as well as the live desktop.

You can use Remote Desktop on your Windows 10 PC or on your Android or iOS devices to connect to a PC that is far away.

Before you can use Remote Desktop, you will need to set up the remote PC to allow remote connections by taking the following steps:

1. On the remote PC, open Settings and select System | Remote Desktop option.
2. Click on the switch to change it from Off to On.
3. In the pop-up dialog box, click on Confirm:

Figure 9.2 - The Remote Desktop services enabled on the remote computer

As you can see in the previous screenshot, the Remote Desktop services are enabled on the remote computer. From this moment onward, you can initiate a Remote Desktop connection to the remote computer.

So far, we have seen how to enable Remote Desktop. The next section shows us how we can configure Remote Assistance to map remote management.

Configuring Remote Assistance

A network administrator can access a device on a network with remote management tools and technologies to take control of and perform tasks on it, without needing to be physically present in front of the computer.

Reducing the number of trips required to service problem computers saves both time and money. Users can also use and operate on their machines/systems. Remote Assistance is a bundled Windows 10 service that helps a technician take control of a computer to troubleshoot and carry out maintenance tasks without having to travel directly to that machine.

This helps the technician solve any problems without having to leave their home or office. To allow this, the end user must be present and the user can terminate the session at any time. A system such as this is usually only used to troubleshoot remote computers and is not used to telecommute or access files or directories.

Remote Assistance connections are, by default, enabled for Windows 10 computers. If this is not the case on your computer, you can change this in the System Properties dialog box, as shown:

Figure 9.3 - Checkbox to enable or disable Remote Assistance

In the previous screenshot, you can configure the settings for Remote Assistance and Remote Desktop to allow or block another person from taking over your computer remotely.

There are a few ways of getting to the dialog box shown in the previous screenshot. One of the methods is as follows:

1. Right-click on the Start icon.
2. Then, select System | System info on the right-hand side of the window.
3. Click on Remote Settings in the left pane.
4. Check the box for Allow Remote Assistance connections to this computer and then click the OK button.

In this section, you learned how to take control of a remote computer by configuring Remote Assistance or by enabling Remote Desktop. Next up, we will show you how you can use MMC to perform management tasks on a remote computer.

Using MMC

You can use the RDP protocol to connect to a remote computer with both Remote Desktop and Remote Assistance. You can perform any management tasks after you have established a connection in the same way as if you had physical access to that remote computer. This, however, is not the case when using either the Windows Management Console or PowerShell Remoting.

For MMC, by changing the Windows Defender Firewall configuration, you need to give permission to the proper remote management functionality that you wish to take advantage of. You can then load the correct management console snap-in and select the desired remote computer.

The MMC snap-in is used to handle remote computers in a straightforward manner. Some management snap-ins allow you to specify additional computers from the console to connect to. You can right-click on the uppermost node in the navigation pane and then click on the Connect to another computer… option, as shown:

Figure 9.4 - Connect to another computer with MMC

If the management snap-in that you want to use does not allow you to connect to a remote computer by running mmc.exe and attaching the correct snap-in to the empty console, then you can create a new management console by choosing Another computer, as shown:

Figure 9.5 - The Computer Management window

It is essential that you realize that you will be recognized by the remote computer. This means you must authenticate your connection using a username and password on a target computer that has the appropriate management rights. This is easy to do because you can use the domain admin credentials in an Active Directory Domain Services (AD DS) domain environment. In a non-domain-joined environment, such as a workgroup computer, it is more difficult to connect remotely to a computer. Generally speaking, you must be able to provide the credentials of a local administrator of the target computer.

After you have activated the correct remote management features in Windows Defender Firewall and changed your MMC to use the appropriate credentials to connect to a remote computer, remote management is no different than local management.

So, we have now configured and enabled the required tools—namely, Remote Desktop, Remote Assistance, and MMC—for remote management tasks. In the next section, you will learn how you can use these tools to connect to a computer and perform remote management tasks.