Windows server Longhorn : server Core

What is Server Core?

Server core is a minimal installation option for Windows Server “Longhorn” providing a minimal environment supporting specific server roles.  Server Core reduces servicing and management requirements while providing a minimum attack surface for supported roles.

Server Roles 

·         DHCP server

·         File Server

·         DNS server

·         Active Directory®

Optional Components 

·         BitLocker

·         BitLocker Remote Admin Tool

·         Client For NFS

·         DFS Server

·         DFS Replication

·         Failover Cluster

·         FRS

·         Media Server

·         MultipathIO

·         Removable Storage Management

·         Network Load Balancing

·         LPD Print Service

·         Server For NFS

·         Single Instance Storage

·         SNMP

·         Subsystem for UNIX-based Applications

·         Telnet Client

·         Windows Server Backup

·         WINS 

Installing Server Core 

Minimum Requirements:

This will likely be your first installation of Longhorn Server Core, but tuck this away for future reference:

–          Previous version of Windows Server cannot be upgraded to Server Core, 

–          Full installations of Longhorn cannot be converted to Server Core, 

–          Server Core cannot be upgraded to a full installation of Longhorn Server

–          Server Core will be upgradable to Server Core R2. 

Installation

1.       Now throw in the DVD, wait a few minutes and click Install now… 

2.       Enter your product ID. (You do have a product ID, don’t you?)

3.       Choose the Server Core option. 

4.       Accept the license agreement.

5.       Choose Advanced 

6.       Select a disk to install to…

7.       Wait for the file copy to complete… 

Configuring Server Core 

8.       Logon with blank password. 

9.       Set local administrator password:

 net user administrator  new_password

– OR –

net user administrator  *

10.    Activate the server:

a.       Check license status: 

Cscript c:\windows\system32\slmgr.vbs -xpr

b.      Local activation:  

Cscript c:\windows\system32\slmgr.vbs -ato

c.       Remote activation: 

Cscript c:\windows\system32\slmgr.vbs dc-contoso-01 contoso\administrator p@ssw0rd -ato

d.      Activate with user provided activation code: 

Cscript c:\windows\system32\slmgr.vbs -atp

e.      Help -? 

11.   Rename the machine:

 NETDOM RENAMECOMPUTER %computername% /NewName:DC-CONTOSO-01 /REboot

12.   Set IP Properties

a.       Get interfaces:

 Netsh interface ipv4 show interfaces

b.      Note IDX number for each network adapter to be modified. 

c.     Set Static IP, subnet mask and Default Gateway

 netsh interface ipv4 set address name=3 source=static address=192.168.1.1 mask=255.255.255.0 gateway=192.168.1.2

Where:

Name is the number from step 2 above

Address is the static IP address you are setting

Mask is the subnet mask for the IP Address

DefaultGateway is the default gateway

d.      To change back to DHCP: 

netsh interface ipv4 set address name=3 source=dhcp

13.   Configuring DNS Settings:

a.       Set the DNS Server address.

netsh interface ipv4 add dnsserver name=3 address=127.0.0.1 index=1

netsh interface ipv4 add dnsserver name=3 address=192.168.0.1 index=2

Where:

Index is the interface number.

Address is the IP address of your DNS server

Index is the ordinal for the DNS address you would like to change.

b.      Repeat for each DNS server you want to set, incrementing the index= number each time. 

c.       To delete a DNS address: 

Netsh int ipv4 delete dnsserver index=3 address=192.168.1.2

14. Setting the display resolution to something useful with Regedit:
    
    
    
    1. Open Regedit,
    
    
    2. Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
       
       
       
       1. You’ll have to go fishing to find the key for your video adapter
    
    
    3. Set DefaultSettings.Xresolution & DefaultSettings.Yresolution to something you monitor will support.

Example:

DefaultSettings.Xresolution = 1152

DefaultSettings.Yresolution = 768 

Managing Server Core

Server Core may be manage as follows:

·         Locally and remotely with Command Prompt.

·         Remotely with Terminal Server.

·         Remotely using Windows Remote Shell on Vista or “Longhorn”

·         Remotely via MMC snap-ins.

15.   Check event logs with wevtutil from Vista or Longhorn:

Wevtutil qe System /f:text /c:1 /rd:true

                        NOTE: Options and values are case-sensative

16.   Complete local configuration tasks with Scregedit.wsf (1217 lines of script!) 

a.       Enable Terminal Server Remote Admin Mode:

                            cscript C:\Windows\System32\Scregedit.wsf /ar 0 

b.      Enable connection by down level TS clients:

          cscript C:\Windows\System32\Scregedit.wsf/cs 0 

c.       Configure the pagefile.

d.      Enable automatic updates.

e.      Enable error reporting.

17. Enable and use Windows Remote Shell (WinRS):

a.       Enable WinRS on Server Core 

WinRM quickconfig

b.      Connect with WinRS: 

winrs -r:dc-contoso-01 dir c:\windows

winrs -r:dc-contoso-01 wevtutil qe System /f:text /c:15 /rd:true

winrs -r:dc-contoso-01 wevtutil qe System /f:RenderedXml /e:SystemLog /c:15 /rd:true > event.xml

18.   Time and International settings:

a.       Setting Time: 

control timedate.cpl.

b.      International Settings: 

control intl.cpl

19.   Managing Server Core via MMC;

a.       If you don’t know how to do this, you are in the wrong session.

 TIP: if not domain joined, establish a session first:

Net use * \\ServerName\c$ /u:UserName

Driver Management

20.   Installing hardware with and without “in-box” drivers:

 If the driver is included in Longhorn Server Core:

a.       Add the hardware.  PNP will start and do the rest. 

Otherwise:

a.       Copy the driver files to a temp folder on Server, 

b.      Execute the following command: 

Pnputil ?i ?a <path>\<driver>.inf

c.       Restart if needed.

21.   List and delete installed drivers:

a.       List installed drivers:

sc query type= driver

NOTE:  The space after “type=” is a quirk of many tools you’ll be using.

b.      Delete specified driver: 

sc delete service_name

22.   Service Propeties

a.       Change service parmeters:

Sc config /?

Sc config “RemoteRegistry” start= auto

NOTE: space after “=” sign.

Managing Applications

23.   Installing, Viewing and Removing Applicaitons

a.       Install: 

Msiexec /I c:\install\NTBackupRestore.msi /qb 

b.      List applications by name: 

Wmic product get name /value

c.       Removing Applications 

Wmic product where name=”NTBackupRestore” call uninstall

d.      Listing hotfixes 

wmic qfe list

e.      Installing Hotfixes 

Wusa.exe <patchname>.msu /quiet 

24.   OCLIST & OCSETUP

NOTE: Ocsetup is case sensitive!!!

This will fail:

Start /w Ocsetup WindowsServerbackup

This will succeed: 

Start /w Ocsetup WindowsServerBackup

 Uninstall WindowsServerBackup

Start /w Ocsetup WindowsServerBackup /uninstall

Installing and Configuring Server Roles

 Install and Configure DNS

25.   Installing DNS Server Role – ALREADY INSTALLED!

a.       Run the following: 

Start /w Ocsetup DNS-Server-Core-Role 

26.   Configure DNS – Step By Step: 

a.       Allow auto-creation of reverse lookup zones. 

dnscmd 192.168.1.1 /config /disableautoreversezones 0

b.      Create a secondary zone: 

dnscmd 192.168.1.1 /zoneadd contoso.com /Secondary 192.168.1.2

c.       Create a Primary zone: 

dnscmd 192.168.1.1 /zoneadd contoso.net /Primary

d.      Create a new A record: 

dnscmd 192.168.1.1 /RecordAdd contoso.net dc-contoso-01 A 192.168.1.1

e.      Add CNAME: 

dnscmd 192.168.1.1 /RecordAdd contoso.net www CNAME dc-contoso-01.contoso.com

f.        Delete a zone: 

dnscmd 192.168.1.1 /zonedelete contoso.net

27.   To automate DNS configuration, put all the commands in a batch file and run:

 Start /w c:\unattend\dns\dnsunattend.cmd

Install and Configure DHCP

28.   Install DHCP Server Role using OCSETUP – Already Installed!!!

a.       At the command prompt, type:  

start /w ocsetup DHCPServerCore

29.   Authorize/Deauthorize DHCP server in Active Directory:

a.       Authorize: 

Netsh dhcp add server dc-contoso-01.contoso.com 192.168.1.1

b.      De-authorize:

Netsh dhcp delete server dc-contoso-01.contoso.com 192.168.1.1

30.   Configure a DHCP scope:

a.       Add a scope with specified IP network, subnet mask and comment: 

netsh dhcp server 192.168.1.1 add scope 192.168.1.0 255.255.255.0 LonghornScope “Longhorn Engineering”

b.      Add IP address range with ClientType set to DHCP: 

netsh dhcp server 192.168.1.1 scope 192.168.1.0 add iprange 192.168.1.1 192.168.1.254

c.       Add IP exclusion range: 

netsh dhcp server 192.168.1.1 scope 192.168.1.0 add excluderange 192.168.1.1 192.168.1.20

d.      Set router option value 003: 

netsh dhcp server 192.168.1.1 scope 192.168.1.0 set optionvalue 003 IPADDRESS 192.168.1.1 192.168.1.2

e.      Set DNS Server option value 006: 

netsh dhcp server 192.168.1.1 scope 192.168.1.0 set optionvalue 006 IPADDRESS 192.168.1.1 192.168.1.2

f.        Activate the new scope: 

netsh dhcp server 192.168.1.1 scope 192.168.1.0 set state 1 

31.   Viewing DHCP Configuration:

Netsh dhcp server show scope

32.   Removing DHCP Configurations:

a.       Delete a scope:

Netsh dhcp server delete scope 192.168.1.0 DHCPFULLFORCE

33. DHCP configuration automation is possible much the same way as DNS.  Put all the command in a batch file and run: 

c:\unattend\DHCP\DhcpUnattend.cmd 

Installing Active Directory Domain Services

34. Use DCPROMO /unattend:<filename> to install AD DS.  DON’T USE OCSETUP! 

a.       New forest: 

[DCINSTALL]

ReplicaOrNewDomain=Domain

TreeOrChild=Tree

CreateOrJoin=Create

NewDomainDNSName=contoso.com

DNSOnNetwork=yes|no (Yes mean use existing DNS, NO means install DNS)

ConfirmGC=Yes

DomainNetbiosName=contoso

AutoConfigDNS=yes

SiteName=STL

AllowAnonymousAccess=no

DatabasePath=%systemroot%\ntds

LogPath=%systemroot%\ntds

SYSVOLPath=%systemroot%\sysvol

SafeModeAdminPassword=<admin defined offline admin account password>

CriticalReplicationOnly=No

RebootOnSuccess=yes

b.      Add new DC to existing forest/domain: 

[DCINSTALL]

ReplicaOrNewDomain=Replica

CreateOrJoin=Join

DNSOnNetwork=yes|no (Yes mean use existing DNS, NO means install DNS)

ConfirmGC=Yes

DomainNetbiosName=contoso

AutoConfigDNS=yes

SiteName=STL

AllowAnonymousAccess=no

DatabasePath=%systemroot%\ntds

LogPath=%systemroot%\ntds

SYSVOLPath=%systemroot%\sysvol

SafeModeAdminPassword=<admin defined offline admin account password>

CriticalReplicationOnly=No

RebootOnSuccess=yes

c.       Add new RODC to existing forest/domain:

NOTE: Read-Only DC requires Windows Server 2003 Forest Functional Level or greater.

 [DCINSTALL]

ReplicaOrNewDomain=ReadOnlyReplica

ReplicatDomainDNSName=”contoso.com”

CreateOrJoin=Join

DNSOnNetwork=yes

InstallDNS=yes

ConfirmGC=Yes

SiteName=STL

AllowAnonymousAccess=no

DatabasePath=%systemroot%\ntds

LogPath=%systemroot%\ntds

SYSVOLPath=%systemroot%\sysvol

SafeModeAdminPassword=<admin defined offline admin account password>

CriticalReplicationOnly=Yes

RebootOnSuccess=yes

d.      Demote a domain controller: 

[DCINSTALL]

AdministratorPassword=”<password>” – Password is removed after use.

IgnoreIsLastDnsServerForZone=Yes

IgnoreIsLastDCInDomainMismatch=Yes

RebootOnSuccess=Yes

Install and Configure File Server Roles

The file server role is installed by default to provide administrative share support for management tools. To install additional file server features use the following procedure.

36. To install file server role features

1. For File Replication service, type:

       start /w ocsetup FRS-Infrastructure

2. For Distributed File System service, type:

       start /w ocsetup DFSN-Server

c.       For Distributed File System Replication, type:

start /w ocsetup DFSR-Infrastructure-ServerEdition

d.      For Network File System, type:

start /w ocsetup ServerForNFS-Base

Then type:

start /w ocsetup ClientForNFS-Base

e.      For Single Instance Store, type:

start /w ocsetup SIS

Optional Features 

37. To install an optional feature

1. At the command prompt, type: 

start /w ocsetup featurename

Where featurename is the name of a feature from the following list:

·  Failover Cluster: FailoverCluster-Core

·  Network Load Balancing: NetworkLoadBalancingHeadlessServer

·  Subsystem for UNIX-bases applications: SUA

·  Multipath IO: Microsoft-Windows-MultipathIO

·  Removable Storage Management: Microsoft-Windows-RemovableStorageManagementCore

·  Bitlocker Drive Encryption: BitLocker

·  Backup: WindowsServerBackup

·  Simple Network Management Protocol (SNMP): SNMP-SC

Additional Resources

Server Core Blog

 http://blogs.technet.com/server_core/ 

Longhorn Server Product Site

 http://www.microsoft.com/windowsserver/longhorn/ 

Command Line Reference A-Z:

 Http://go.microsoft.com/fwlink/?LinkId=20331

Configuring DHCP with NetSH

http://technet2.microsoft.com/WindowsServer/en/library/df9ecef3-7d85-49e6-a2aa-ff84a5bd3a391033.mspx?mfr=true

DNSCMD.exe

  http://technet2.microsoft.com/WindowsServer/en/library/d652a163-279f-4047-b3e0-0c468a4d69f31033.mspx

  http://technet2.microsoft.com/WindowsServer/en/library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx?mfr=true

Manage Resource Records (Console & DNSCMD)

 http://technet2.microsoft.com/WindowsServer/en/library/6432bae3-f734-48d2-9643-dfba56422a991033.mspx

 Resource Record Types

 http://technet2.microsoft.com/WindowsServer/en/library/7b005a9b-4397-4d94-a584-34c037e2457c1033.mspx

Windows Management Instrumentation Command-line (WMIC)

 http://technet2.microsoft.com/WindowsServer/en/library/ea5d7f04-07e8-4b96-bda3-a2b2cc15391e1033.mspx?mfr=true

 AD DS Unattended Promotion

  http://support.microsoft.com/kb/223757/