If machines are in a workgroup, you also need to configure the following:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v
LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Hyper-V Manager in Windows 10/2016 enables a different credential to be specified
when connecting to remote servers that are running Windows Server 2016 or
Windows 10 (as does Server Manager). The use of alternate credentials is enabled by
the switch to WS-MAN for remote communication, which enables the use of CredSSP,
Kerberos, or NTLM for authentication. Down-level versions of Hyper-V to Windows
Server 2012/Windows 8 can be managed from the Windows Server 2016 version of
Hyper-V Manager. Constrained Delegation of credentials will be required in certain
scenarios, and this is discussed in Chapter 7, “Failover Clustering and Migration
Technologies.”
Another management option that is new to Windows Server 2016 (but support for
Windows Server 2012 and Windows Server 2012 R2 will be enabled through the
automated deployment of Windows Management Framework 5 and a special SMT
provider) is the new Server Management Tools (SMT). Hosted in Azure, these
graphical tools provide most of the common configurations and actions required for
Windows Server management in addition to providing a PowerShell console. While
these tools are currently hosted in Azure, I would expect them also to be available in
Microsoft Azure Stack at some point in the future, enabling the same capabilities
without leveraging the Azure public-cloud service, which will be useful for
environments that either don’t have Internet connectivity or are required to not
connect to the Internet.
Even though SMT is hosted in Azure, there is no requirement for the on-premises
servers to connect directly to the Internet nor to have firewall ports open for inbound
connections from Azure on the perimeter firewall. This is enabled through an SMT
gateway that is deployed on-premises and establishes an outbound connection to
Azure using HTTPS, which is then leveraged for the management activity
communications. The gateway pulls requests from Azure. This can be seen in Figure
5.6. Each gateway can support connections to multiple target servers.