Enabling Remote Access to Device Manager on Server Core

You’ve added hardware to a Windows Server 2008 R2 Core installation machine and you want to check the status of it through the GUI by using Device Manager on a remote computer. The following process allows you to access Device Manager remotely in “Read Only” mode and it assumes that you’ve already configured remote management on your core server through option 4 of sconfig. You’re already able to access the event logs and/or services using Computer Management on a remote computer. When you attempt to access Device Manager remotely, you receive the following error:

“Unable to access the computer Make sure that this computer is on the network, has remote administration enabled, and is running the “Plug and Play” and “Remote registry” services. The error was: Access is denied.”


By default, remote access to the plug and play interface is disabled and needs to be enabled with either a GPO or through the local security policy on the core server. If you have multiple server core machines that you want to enable this on and they’re all in a domain, it’s a best practice to create an OU in your domain for the server core machines, create a GPO, and apply it to the OU. In this example since I’m in a test environment or if your server core machines are not part of a domain, you’ll need to modify the local security policy. To remotely access the local security policy on your server core machine, launch an mmc console on a remote computer, add the “Group Policy Object Editor” mmc snap-in. Select browse:


Enter the server name of you core machine:


Go to the following location: Computer Configuration > Administrative Templates > System > Device Installation

Select the “Allow remote access to the Plug and Play interface”:


Set it to Enabled:


Run “gpupdate.exe” on the core server. You should now be able to use computer management on a remote computer to access “Device Manager” on your server core machine. You will receive the following message stating it is in “Read-Only” mode: