Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2008-03-26) A New Gang In Town – Server Core (W2K8)

Posted by Jorge on 2008-03-26


You probably already know it by now. If you don’t, where the heck have you been lately? Windows Server 2008 provides two installation options. The first is Windows Server WITH a GUI (Full Server) and the second one is Windows Server WITHOUT a GUI (Server Core). Although it only shows a command prompt after logon, it supports very limited GUI functionality (e.g. NOTEPAD, REGEDIT, etc.). It could however be called "Windows without Windows".

So, if you want to manage Server Core locally your knowledge of command line utilities must be quite good. If you want manage it remotely, you can use MMCs and WinRS. To summarize, these are notes I made once during beta test. Enjoy!

REMARK: Make sure you go to the end of this post as it contains a reference to another very interesting post!

Windows Server Core Characteristics:

  • Minimal server installation for running specific server roles
  • Reduces servicing, management and hardware requirements and attack surface!!!
    • No Windows/Internet Explorer
    • No .NET Framework
    • No Powershell
    • No features or whatever depending on the features listed above this one like for example notifications and balloons
  • Disk space required for a normal server: approx. (min.) 7-8 GB
  • Disk space required for a server core server: approx. (min.) 2-3 GB
  • Supported server roles (OCLIST.EXE): IIS (without ASP.NET), Print Server, Hyper-V, ADDS, ADLDS, DHCP Server, DNS, File Server (incl. NTFRS, DFS-R and DFS)
    REMARK: available roles may depend on Server Edition (standard, enterprise, datacenter, web)
  • Supported server features (OCLIST.EXE): Bitlocker, Clustering, NLB, Subsystem for UNIX apps, Windows Server Backup, Multipath IO, Removable Storage Management, SNMP, WINS (why the heck is this a feature and not a role?)
  • Install and Upgrade:
    • Not possible to upgrade from whatever windows version to server core
    • Manual install and after the server still needs to be configured (initial configuration tasks)
    • Unattended install using a UNATTEND.XML file where it is possible to configure the "initial configuration tasks" and other settings (e.g. enabling TS, configuring screen resolution, enabling and configuring WinRM/WinRS) during unattended install.
      • UNATTEND.XML file can be created with the "Windows System Image Manager"
      • Boot using WinPE and execute SETUP /unattend:<path>unattend.xml
        OR
      • Place UNATTEND.XML in a default location (e.g. floppy)
  • Can be managed through
    • Locally and remotely via the Command Prompt (tools and scripts)
    • Remotely via Terminal Server –> admin mode must be enabled first!
    • Remotely via Windows Remote Shell –> remote management must be enabled first!
    • Remotely via MMC –> watch out for the firewall on the server which is enabled by default!

Command Line Utilities:

  • Command Line Reference
    (This setting displays a list of common tasks and how to perform them from the command line)
    • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /CLI
  • Viewing installed roles/features
    • OCLIST.EXE
  • Install/Uninstall component (roles/features)
    (To get a list of component names use OCLIST and copy the name into the command line. The name of the components is CASE-SENSITIVE!!!)
    • Start /W OCSETUP <component>
    • Start /W OCSETUP <component> /Uninstall
    • To install AD either one of the following IS required:
      • DCPROMO /UNATTEND:<answer file>
      • DCPROMO /ANSWER:<answer file>
      • DCPROMO /UNATTEND /OPTION1:<value1> /OPTION2:<value2> /OPTION1:<value3> /OPTION1:<value3> …..
  • Managing Registry
    • REGEDIT.EXE
    • REG.EXE
  • Creating notes/text files
    • NOTEPAD.EXE
    • EDIT.EXE
    • EDLIN.EXE
  • Disk/partition management:
    • DISKPART.EXE
    • FORMAT.EXE
    • CHKDSK.EXE
    • DEFRAG.EXE
  • Performance Related Stuff
    • DISKPERF.EXE
    • RELOG.EXE
    • LOGMAN.EXE
    • tracerpt.exe
    • typeperf.exe
  • Managing Power Related Options
    • POWERCFG.EXE
  • Managing Auditing on the local server
    • AUDITPOL.EXE
  • Network management (incl. firewall):
  • Service and driver management:
  • Backup and Restore
    • WBADMIN.EXE
  • Windows Management Interface (for all kinds of things to manage)
    • WMIC.EXE
    • NET.EXE USER …
    • NET.EXE LOCALGROUP…
    • NETDOM.EXE
    • NLTEST.EXE
  • To change the time zone:
    • CONTROL.EXE TIMEDATE.CPL
  • To change international settings:
    • CONTROL.EXE INTL.CPL
  • To manage other CUSTOM CPLs (when available)
    • CONTROL.EXE <NAME>.CPL
  • Shutdown/reboot/restart server
    • SHUTDOWN.EXE
  • Manage Activation
    • CSCRIPT.EXE %WINDIR%SYSTEM32SLMGR.VBS
  • Manage Automatic Updates
    • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /AU [/v][value]
  • Allow Remote Administration Connections
    • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /AR [/v][value]
  • Allow connections from previous versions of Windows
    • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /CS [/v][value]
  • IP Security (IPSEC) Monitor – allow remote management
    • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /IM [/v][value]
  • Windows Remote Management/Shell
    • WINRM.CMD
    • WINRS.EXE
  • Applying a patch
    • Wusa.exe <patchname>.msu [/quiet] [/norestart]
  • Managing the Event Viewer
    • wecutil.exe
    • eventcreate.exe
    • wevtutil.exe
  • Managing CA & Certificates stuff
    • CERTREQ.EXE
    • CERTUTIL.EXE
  • File Server Management (role may need to be installed first):
  • DNS Management:
    • DNSCMD.EXE (http://go.microsoft.com/fwlink/?LinkId=49656)
    • DNS SRV priority – changes the priority for DNS SRV records (only useful on Domain Controllers)
      • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /DP [/v][value]
    • DNS SRV weight – changes the weight for DNS SRV records (only useful on Domain Controllers)
      • CSCRIPT.EXE %WINDIR%SYSTEM32SCREGEDIT.WSF /DW [/v][value]
  • DHCP Management:
  • AD Management
    • NTDSUTIL.EXE
    • DSAMAIN
    • dsadd.EXE
    • dsget.EXE
    • dsmod.EXE
    • dsmove.EXE
    • dsquery.EXE
    • dsrm.EXE
    • LDIFDE.EXE
    • GPUPDATE.EXE
    • GPRESULT.EXE
    • dcgpofix.exe
    • dfsrmig.exe
    • REPADMIN.EXE
    • redircmp.exe
    • redirusr.exe
    • gpfixup.exe
    • rendom.exe
    • DCDIAG.EXE
    • DSACLS.EXE
  • AD LDS Management
    • adaminstall.exe
    • adamuninstall.exe
    • adamsync.exe

More information about Server Core:

As you can see a lot of command line utilities. And this is not the complete list that is available. Besides that a lot of people were used to configure a Window Server through some GUI, but with Server Core you may need to use command line utilities like specified above. For some admins that can be a pain, especially if they are not used to use command line utilities. Like I said before in a previous blogpost, some people are crazy enough to create kick a$$ tooling for people to use that is even free to use. Regarding Server Core tooling, Guy Teverovsky, also a Windows Server –Directory Services MVP created a GUI that allows the configuration of basic stuff on a Server Core. Now how cool is that?!?!?! Trust me, it is damn cool!

That tool (Server Core – CoreConfigurator) has the following features:

  • Product Activation
  • Configuration of display resolution
  • Clock and time zone configuration
  • Remote Desktop configuration
  • Management of local user accounts (creation, deletion, group membership, passwords)
  • Firewall configuration
  • WinRM configuration
  • IP configuration
  • Computer name and domain/workgroup membership
  • Installation of Server Core features/roles

Enough blablabla, this Server Core tool can be found here.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2008-03-26) A New Gang In Town – Server Core (W2K8)”

  1. stuartm said

    I just wanted to point out that Server Core does have a GUI, but it just doesn’t have a shell. Maybe it’s just semantics, but I think it’s an important difference – it still has a desktop, windows, and can run several GUI apps. I’m sure that MS would have preferred Server Core to have no GUI, but the complicated nature of Windows must have made it difficult to even get as far as Server Core has. Perhaps the next version of Server Core, will get to ditch the GUI completely and go truly GUI-less.

  2. […] For additional commands on Server Core click here. […]

  3. […] Server Core has limited support for GUIs. Because of that a lot of the stuff locally must be done through Command Line Tools already in the operating system or third-party (free) tools. A non-exhaustive list of command line tools in Server Core can be found here. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: