This post will help you get started with IIS remote management, so you no longer need to RDP into each server. If the target IIS server runs a GUI-less OS (e.g., Server Core), the IIS Manager for Remote Administration is the tool of choice.
Avatar

Web Management Service

The Web Management Service is a feature of IIS that allows users to securely manage multiple IIS servers from a Windows client computer (e.g., Windows 10 or Windows 11). Before you can manage an IIS server remotely, you need to enable the Web Management Service (WMSVC) on it with Server Manager or PowerShell. To do so, connect the remote server and follow these steps.

Enable IIS remote management

Using Server Manager

  1. Launch Server Manager, and click the Add roles and features link.
    Launch the Add Roles and Features Wizard

    Launch the Add Roles and Features Wizard

    This will launch the Add Roles and Features Wizard.

  2. Click Next and make sure the Role-based or feature-based installation option is selected on the Select installation type page. Then click Next.

    Select the installation type in the Add Roles and Features Wizard

    Select the installation type in the Add Roles and Features Wizard

  3. Select the destination server, and click Next.

    Select the destination server to enable the role

    Select the destination server to enable the role

  4. On the Select server roles page, expand Web Server (IIS), then Management Tools, and check the Management Service box.

    Enable the management service role on the IIS server

    Enable the management service role on the IIS server

  5. Click Next twice, and then click the Install button.
    Install the management service on the IIS server

    Install the management service on the IIS server

    The Web Management Service will now be installed.

  6. Now, launch the Internet Information Services (IIS) manager.
  7. In the IIS Manager, expand the server name. You will notice various IIS management options under the Management section, as shown in the screenshot below.

    Enable the Web Management Service in the IIS Manager

    Enable the Web Management Service in the IIS Manager

  8. To enable the Web Management Service, double-click the Management Service icon.
  9. Now, check the Enable remote connections box. Here, you can also adjust other settings:
    • Identity Credentials—Define whether only Windows credentials can be used for remote management. If you choose Windows credentials or IIS Manager credentials, you can use the IIS Manager Users option to create additional users solely for the remote management task.
    • Connections—Configure the IP address and port number on which the Web Management Service will listen for the new connections.
    • SSL certificate—Specify the SSL certificate for encrypting the remote management session. By default, a self-signed certificate is used, but you can use the Server Certificates option to add additional SSL certificates.
    • IP Address Restrictions—By default, the Web Management Service allows remote management requests from anywhere. This option lets you allow or deny requests from particular IP address ranges. You can also deny requests from unspecified IP addresses.

    Enable remote connections and other settings for the Web Management Service

    Enable remote connections and other settings for the Web Management Service

  10. After enabling the remote connections and making the necessary changes, click Apply in the Actions pane, and then click Start to start the Web Management Service (WMSVC) on the web server.
  11. Now, open the Services console, locate the Web Management Service, open its properties, and change the startup type to Automatic to ensure the service starts automatically after the server reboot.

    Change the Web Management Service startup type to Automatic

    Change the Web Management Service startup type to Automatic

Your IIS server is now ready for remote management.

Using PowerShell

To configure the Web Management Service with PowerShell, open a remoting session to the target web server, and follow these steps.

  1. To enable the Web Management Service, run the following command:
    Install-WindowsFeature Web-Mgmt-Service
    

    Installing the Web Management Service with PowerShell

    Installing the Web Management Service with PowerShell

  2. To enable remote connections with Windows credentials only, run the following commands:
    Set-ItemProperty HKLM:SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1 -Type DWORD -Force
    		Set-ItemProperty HKLM:SOFTWARE\Microsoft\WebManagement\Server -Name RequiresWindowsCredentials -Value 1 -Type DWORD -Force
    
    Enable remote connections with Windows credentials only

    Enable remote connections with Windows credentials only

    The second command enables the use of Windows credentials only. To use IIS Manager credentials along with Windows credentials, you can skip the second command.

  3. To change the startup mode of the Web Management Service (WMSVC) to Automatic and start it, run the following command:
    Set-Service WMSVC -StartupType Automatic -PassThru | Start-Service -Verbose -PassThru
    
    Change the startup mode and start the Web Management Service with PowerShell

    Change the startup mode and start the Web Management Service with PowerShell

    You can see that the service is now running.

  4. To add a firewall rule, run this command:
    New-NetFirewallRule -DisplayName 'IIS Remote Management' -Profile @('Domain', 'Private') -Direction Inbound -Action Allow -Service 'WMSVC'
    

    Add a firewall exception for the Web Management Service with PowerShell

    Add a firewall exception for the Web Management Service with PowerShell

That's it. Your IIS server is now ready for remote management.

Install the IIS management console

The next step is to install two components on the client computer (running Windows 10 or 11) from where you want to manage your IIS servers remotely: the IIS Management Console and the IIS Manager for Remote Administration.

The IIS management console can be installed on Windows 10/11 using either the GUI or PowerShell.

Using the GUI

To install the IIS management console through the GUI, open Settings > Apps > Optional features, and then click More Windows features at the bottom.

Add optional features in Windows 10 or Windows 11

Add optional features in Windows 10 or Windows 11

Now scroll down and expand Internet Information Services > Web Management Tools, check the IIS Management Console box, and click OK.

Enable the IIS Management Console optional feature in Windows

Enable the IIS Management Console optional feature in Windows

Using PowerShell

Alternatively, you can run the following command to install the IIS management console with PowerShell:

Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerManagementTools -All -NoRestart
Enable the IIS Management Console optional feature with PowerShell

Enable the IIS Management Console optional feature with PowerShell

the IIS Manager for Remote Administration

After installing the management console, you need to download the IIS Manager for Remote Administration for your Windows version and language. Without this, you will not see any option in the IIS Manager to connect to a remote server.

Download the IIS Manager for Remote Administration

Download the IIS Manager for Remote Administration

Now, run the MSI file to install the IIS Manager for Remote Administration.

Install the IIS Manager for Remote Administration

Install the IIS Manager for Remote Administration

Connect the remote IIS server

Now, you can add your remote web server to the IIS Manager console to manage it remotely. To do so, follow these steps:

  1. Launch the Internet Information Services console through the start menu or type inetmgr in the Run dialog box.

    Launch the IIS management console

    Launch the IIS management console

  2. In the Internet Information Services (IIS) Manager, click File > Connect to a Server.

    Connect to a remote IIS server from the IIS Manager

    Connect to a remote IIS server from the IIS Manager

  3. Type the name of the remote IIS server to which you want to connect, and click Next.

    Specify the server connection to connect in the IIS Manager

    Specify the server connection to connect in the IIS Manager

  4. Type the credentials for the remote IIS server, and click Next.
    Specify the credentials for the remote IIS server

    Specify the credentials for the remote IIS server

    If the remote IIS server uses a self-signed certificate, you will see an alert, as shown below.

    Server certificate alert

    Server certificate alert

    You can click View Certificate to view the certificate details, and then click Connect to establish a connection.

  5. You will see a success message when the connection is successful, as shown in the screenshot below.
    IIS Manager Created a new connection successfully

    IIS Manager Created a new connection successfully

    If you get a connection timeout error, make sure you have added a firewall exception to the remote server.

  6. When you click Finish, you might see a popup to enable new features. Here, you can select the checkbox next to each feature and click OK to install the assemblies required for the new features. These assemblies help you manage the additional features (such as URL rewrite and PHP manager) supported remotely by your IIS server.If you see a security warning, click the Run button.

    IIS manager security warning

    IIS manager security warning

  7. You will now see a connection to your IIS server (WebServer, in our case) in the left pane. Click the connection name to securely manage your IIS server and sites remotely.

    Manage the IIS server remotely

    Manage the IIS server remotely

Follow the same steps and add other web servers to start managing them centrally from one computer.

Subscribe to 4sysops newsletter!

Conclusion

You just learned how to perform remote IIS management using a Windows 10 or Windows 11 machine. The initial configuration can be time-consuming, but trust me, it will save a lot of time and effort, particularly if you need to manage many IIS servers regularly. When combined with feature delegation, remote IIS management can allow regular users to manage sites and applications remotely without having to add them to the built-in Administrators group.

2 Comments
  1. Avatar

    Hi there,
    thanks for your guide.
    before going down this legacy route. Please reconsider the following:

    security concerns:
    This one use one more open port through Windows Firewall

    complexity:
    you need to care for the service is running
    the role installed
    a certificate for this dedicated service that is independent from the IIS certificate, best offered via AD CS (autoenrollment possible)

    caveats
    one cannot manage IIS certificates with this solution remotely.

    I can just recommend using Windows Admin Center and the IIS management plug-in, which took a while but is now clearly a good successor, and it can manage certificates remotely.

    You can spare the URL rewrite module. WS 2019 and later support http to https redirection (HSTS) and the WAC extension offers more.

  2. Avatar

    adding PowerShell cert management for IIS Remote service

    https://mcpmag.com/articles/2014/10/21/enabling-iis-remote-management.aspx

    Import-Module WebAdministration
    #Show all own certs
    $cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where {$_.subject -like "*"}
    
    #select own certs
    $cert = Get-ChildItem -Path  Cert:\LocalMachine\My | Where {$_.subject -like "*company*"} |  Select-Object -ExpandProperty Thumbprint
    
    
    get-Item -Path IIS:\\0.0.0.0!8172
    Get-Item -Path  "cert:\localmachine\my\$cert" | New-Item -Path IIS:\SslBindings\0.0.0.0!8172

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account