Repost from AdminPrep.com…I will be moving several of the articles over to this blog.
Before all this starts, credit must go where credit is due. I did not come up with all of the info within this article. A lot of people have felt my pain and have contributed in their own ways. One place you should know about is the Official Server Core Blog, as it is where I learned my all time favorite command which embeds the time into the Command Prompt (read on to see that one!). As I've collected my own list internally and blogged on for about a year now I see a lot of the same commands there. The Windows Server 2008 Administrator's Companion has a nice chapter on Server Core but by far the best resource are the scripts that accompany the book. They allow you to very easily configure common settings. One last area you should look into is of course Guy Teverovsky's Server Core Configurator...if you haven't see it check it out now!
Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI). I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager. One thing that definitely doesn't run on Server Core is the Explorer process. If you're unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens...don't freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run...) and then type explorer.exe.
The purpose of this article is not to give you every last detail to Server Core but to provide you with what you need to know it get it up and running in your environment.
Server Core has a limited amount of roles that can be installed on it, which include:
- Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
- DNS Server
- Internet Information Services (IIS) (No ASP.NET support)
- DHCP Server
- File Services
- Print Services
- Streaming Media Services
- Hyper V
Now that doesn't mean that Server Core can't do other things. In fact it can, but Microsoft calls those other items Features and not Roles.
- Microsoft Failover Cluster (not available in Standard Edition)
- Network Load Balancing
- Subsystem for UNIX-based applications
- Backup
- Multipath IO
- Removable Storage Management
- Bitlocker Drive Encryption
- Simple Network Management Protocol (SNMP)
- WINS
- Telnet
Later on in the article I will explain how to install these services. But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.
Server Core Common Networking and Firewall Commands
Here is the start of you Networking and Firewall related commands for Server Core:
Server Core Common Networking Commands
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
Server Core Common Windows Firewall Commands:
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
Disable firewall:
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management
MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Task Scheduler
Windows Firewall Rule Group - Remote Scheduled Tasks Management
MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management
MMC Snap-in - Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Server Core Common Domain Management Commands
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
netdom remove
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"
Add User to a Local Group
net localgroup GroupName /add \
Remove User from a Local Group
net localgroup GroupName /delete \
Confirm Domain and/ New Computer name
Set
Update User Passwords:
Net user [/domain] *
Server Core Common Server Management Commands
Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0
Active Server Core:
Local method - Slmgr.vbs –ato
Remote method - Cscript windows\system32\slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
Install Updates:
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
Disable AutoUpdates:
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat
List Running Services:
sc query
Start and/or Stop a Service:
sc start
sc stop
Task Manager: (Ctrl+Shift+Esc)
taskmgr
Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?
Change Time and Time Zone:
control timedate.cpl
Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution
Display the Time in the Command Prompt:
prompt [$t]$s$p$g
Log off:
shutdown /l
Restart Now:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
DNS
start /w ocsetup DNS-Server-Core-Role
DHCP
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
Hyper V
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
dcpromo /unattend:
Streaming Media Services
Follow directions found in Article ID 934518
IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let's take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
Multipath IO
start /w ocsetup MultipathIo
Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
Backup
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
Telnet client
start /w ocsetup TelnetClient
NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Having the Role or Feature installed doesn't do much without going in and configuring the service. The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.
Take a look here for more info on how to manage DNS with DNSCMD and then head over here for installing Active Directory via an answer file on Server Core.
I know this isn't a complete listing of the commands but I really believe this should help you get started in the right direction. One of the best resources out there is from the Windows Server 2008 Step-by-Step Guides.. For this case you will want to download the Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc guide.
Please don’t just read this post…participate by answering the questions I ask using the comments. Don’t worry you don’t have to register. :)
One of the things that I’ve been waiting awhile for, was a Windows operating system that is smart enough to not have to reboot as much as previous versions. I thought that wait would end with Windows Server 2008 but unless someone can prove me wrong I think there is actually potential for more reboots.
The first and obvious one that we still have to deal with is patching. Didn’t Microsoft mention that reboots after patching would be much fewer? I can’t seem to find anything from the early hype days but, the excellent ASKPERF blog does go into some detail as why there should be fewer reboots. The problem is system DLL's such as NTDLL.DLL and Kernel32.DLL still require a reboot when they are updated. Have you seen fewer reboots because of patching?
My next big complaint about Server 2008 reboots has to do with Features and Roles. I first experienced this after installing the limp Windows Server Backup. I know many people don’t like the old built in tool but if you manage an AD environment it was perfect for doing AD backups while not allowing domain Backup Operators the ability to restore your AD to their desktop. I know other ways to do this in Server 2008 but that is not my point of this post.
I installed the Windows Server Backup and quickly decided to uninstall it. What do you know…I have to reboot my server to uninstall backup software. I couldn’t believe that. During some testing I had to uninstall AD and DNS on a DC. I go and run DCPROMO on the DC and of course afterwards I have to reboot. So I do. Next I go to uninstall DNS from Server Manager (also removed the AD Binaries) and sure enough not 5 mins after rebooting for DCPROMO I had to reboot again. This was not an issue with Server 2003.
COME ON MICROSOFT!!! The last time I had to reboot this frequently was with Windows NT. Heck I was surprised after a right-click it didn’t ask me to reboot…Okay, so maybe it isn’t that bad but it definitely seems to be more now than it was in Server 2003, especially with Services. Have you experienced reboots doing tasks that didn’t require them in Server 2003? Are you happy with that?
The problem with this is when I want to install an additional Feature or Role it won’t let me because it is pending an uninstall. I’d love to hear what others think of this.
How many of you have heard of this? This is the new “Premier Technical Credential” from Microsoft. The program will be required to obtain the Microsoft Certified Architect program. Kind of weird having the “Premier Technical Credential” in there if it is a prerequisite for another cert…but all the same it looks pretty nice. In fact the only thing it is missing from the MCA is the review board portion. The Master program is a three week long hands-on training that only takes place in Redmond WA and then you must pass three written exams and a lab-based exam.
There are currently three speciality areas, Exchange, SQL, and Directory with OCS and SharePoint to be added in the future. The cost is pretty high. A $125 non-refundable application fee and then $18,500 program fee (which includes the exams). Retakes are $250 for the written and $1,500 for the lab.
If you take the first run (beta) of either of the specialities you can get a 50% discount. Each speciality has it’s own prerequisites that can be found on the links below.
Here are the running times:
Exchange
October 6–October 25, 2008 (50% off)
January 5–January 24, 2009
March 16–April 4, 2009
SQL
October 20–November 8, 2008 (50% off)
January 12–January 31, 2009
March 16–April 4, 2009
Directory
November 3–November 22, 2008 (50% off)
February 16–March 6, 2009
May 4–May 23, 2009
More info can be found on this blog too.
Good luck to anyone that attends, I wish I could but that cost and time commitment is tough.