Remote Computer Management on Windows 7

I am attempting to remotely manage Windows 7 machines within a SBS2008 domain environment. When I connect to remote machines using a domain administrator account, Computer Management opens fine, but when I attempt to view Device Manager I get the error "Unable to access the computer COMPUTERNAME. Make sure that this computer is on the network, has remote administration enabled, and is running the 'Plug and Play' and 'Remote Registry' services. The error was: Access is denied." This computer is running those two listed services. I am not sure how to check for remote administration outside of RDP access (which is enabled). The domain policy disables the Windows firewall within the corporate network, so I wouldn't expect exceptions are needed. I verified that the Domain Administrators group is a part of the computer's local admin group. I am able to connect to XP machines using the same method without error. What can I do to enable this access or is this locked in Win7?
LVL 2
GISCOOBYDirector of Information TechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

alechevCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GISCOOBYDirector of Information TechnologyAuthor Commented:
I checked this document, but it doesn't apply in this situation. The firewall is disabled through group policy when the machine is connected to the "Domain network." I tried to add the policy rule anyway, but it generated the message: "No rules match the specified criteria." Also, the MMC snap-in chart from the link does not include a reference for Device Manager. All other items on this chart can be managed remotely.
0
pnorris99Commented:
Hi, this may sound stupid but is the Firewall disabled for the correct connection, you can have a firewall enabled for each connection type, Home, Office and Public Network.

I stupidly made this mistake before, however aswell as disabling the firewall I also included exceptions for the ports 'Remote Management' uses then forced a GP update on all of the machines. This enabled me to remotley manage the Windows 7 machines, I still cannot 'Fully' remotley manage XP machines in this manner.

Hope you find a solution.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

GISCOOBYDirector of Information TechnologyAuthor Commented:
Thank you for the input. To ensure that this wasn't the case, I did verify the machines Windows Firewall with Advanced Security profile settings. The Windows Firewall is set to turn on, on all profiles except the Domain Profile, which is the active profile. Is it even possible to view the Windows 7 Device Manager remotely?
0
GISCOOBYDirector of Information TechnologyAuthor Commented:
I was able to find the final solution based on ALECHEV's link. The final solution was based on the article "http://blogs.technet.com/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-of-a-workgroup-server-core-installation.aspx", which indicated that I needed to add a Group Policy as follows:
To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
1.    On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
2.    Connect to the Server Core installation
3.    Navigate to Computer Configuration\Administrative Templates\Device Installation
4.    Enable “Allow remote access to the PnP interface”
5.    Restart the Server Core installation
0
GISCOOBYDirector of Information TechnologyAuthor Commented:
I was able to find the final solution based on ALECHEV's link. The final solution was based on the article "http://blogs.technet.com/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-of-a-workgroup-server-core-installation.aspx", which indicated that I needed to add a Group Policy as follows:

To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office"

1.    On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in

2.    Connect to the Server Core installation

3.    Navigate to Computer Configuration\Administrative Templates\Device Installation

4.    Enable “Allow remote access to the PnP interface”

5.    Restart the Server Core installation
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.