It’s possible to configure a Hyper-V host running core to be fully managed remotely.  I have read various suggestions on the web saying it’s better and more secure to leave the Hyper-V host in a workgroup, but the effort required when doing that just doesn’t make it worth it in my opinion.
And we actually want 1st and 2nd line technicians to be able to do as much troubleshooting as possible before escalating, rather than adding complexity.
OK if you haven’t already run the following on the core server do it now:


If you don’t know the hostname, run the command now.


All being well, that should be the last time we need to run commands locally on the core server.  The machine you use to administer the core server must have the required Remote Server Administration Tools installed and, for ease of access, be a member of the domain.

So let’s connect to the host (obviously switch “oobehostname” for whatever the hostname of your machine is).

Enter-PSSession "oobehostname"

Next, rename it specifying your credentials

Rename-Computer -NewName "contosohv012" -DomainCredential contoso\admdel.griffith -Restart

Once the server has restarted, reconnect.  Then you can either do

Enter-PSSession contosohv012
Install-WindowsFeature -Name Hyper-V -Restart

Or to execute the command remotely

Install-WindowsFeature -Name Hyper-V -ComputerName "contosohv012" -Restart

If you aren’t sure whether Hyper-V is installed or not, you can run

Get-WindowsFeature -Name Hyper-V -ComputerName "contosohv012"

Next comes the firewall settings.  This Microsoft document explains that to enable remote management of a 2016 core server you should run:

Enable-NetFirewallRule -DisplayGroup "Remote Administration"

But this group was removed starting with Windows Server 2012.  So instead I ran:

Get-NetFirewallRule | select-object -expand DisplayGroup

to find the names of the services I needed. To allow access for each follow these steps:

Windows Firewall with Advanced Security

(I preferred just setting this on the Domain profile so I edited the rule first)

Set-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" -Profile Domain
Enable-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management"


Enable-NetFirewallRule -DisplayGroup "Remote Service Management"

Event Viewer

Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"

Shared Folders

Enable-NetFirewallRule -DisplayGroup "File and Printer Sharing"

Performance Logs and Alerts

There are rules on each of the different profiles, so just the regular -DisplayGroup won’t cut the mustard here

Get-NetFirewallRule | Where {$_.DisplayGroup -eq "Performance Logs and Alerts" -and $_.Profile -eq "Domain"} | Enable-NetFirewallRule

Disk Management

Disk Management is also a little more complicated.  First run this on the remote machine:

Enable-NetFirewallRule -DisplayGroup "Remote Volume Management"

Then run the same command on the local machine.  Next, we need to start the virtual disk service.

Set-Service -Name vds -StartupType Automatic
Set-Service -Name vds -Status Running -PassThru

Now you should be able to connect computer management, and all other required mmc consoles by right clicking and choosing “Connect to another computer”.