One way to reduce your hosts' exposure to risks is to simply stay off them. The more the local consoles are used, the more likely is the administrator to become complacent and start using poor practices such as surfing the Internet from a mission-critical host. Risks such as this also serve as another reason to use Hyper-V Server or Windows Server in Core mode.
When the host is in the same domain as the remote management system, most remote tools work without modification. The firewall defaults to allowing most of the MMC-based management tools. The only restriction is that the user account must have the proper rights on the host. If the machines are in different domains, more work must be done. As these tools cross the network, and security is checked at that point, we'll revisit this subject and provide direction in Chapter 5, Securing the Network.