Jorge 's Quest For Knowledge!

You probably already know it by now. If you don't, where the heck have you been lately? Windows Server 2008 provides two installation options. The first is Windows Server WITH a GUI (Full Server) and the second one is Windows Server WITHOUT a GUI (Server Core). Although it only shows a command prompt after logon, it supports very limited GUI functionality (e.g. NOTEPAD, REGEDIT, etc.). It could however be called "Windows without Windows".

So, if you want to manage Server Core locally your knowledge of command line utilities must be quite good. If you want manage it remotely, you can use MMCs and WinRS. To summarize, these are notes I made once during betatest. Enjoy!

REMARK: Make sure you go to the end of this post as it contains a reference to another very interesting post!

Windows Server Core Characteristics:

• Minimal server installation for running specific server roles
• Reduces servicing, management and hardware requirements and attack surface!!!
  • No Windows/Internet Explorer
  • No .NET Framework
  • No Powershell
  • No features or whatever depending on the features listed above this one like for example notifications and balloons
• Disk space required for a normal server: approx (min.) 7-8 GB
• Disk space required for a server core server: approx (min.) 2-3 GB
• Supported server roles (OCLIST.EXE): IIS (without ASP.NET), Print Server, Hyper-V, ADDS, ADLDS, DHCP Server, DNS, File Server (incl. NTFRS, DFS-R and DFS)
  REMARK: available roles may depend on Server Edition (standard, enterprise, datacenter, web)
• Supported server features (OCLIST.EXE): Bitlocker, Clustering, NLB, Subsystem for UNIX apps, Windows Server Backup, Multipath IO, Removable Storage Management, SNMP, WINS (why the heck is this a feature and not a role?)
• Install and Upgrade:
  • Not possible to upgrade from whatever windows version to server core
  • Manual install and after the server still needs to be configured (initial configuration tasks)
  • Unattended install using a UNATTEND.XML file where it is possible to configure the "initial configuration tasks" and other settings (e.g. enabling TS, configuring screen resolution, enabling and configuring WinRM/WinRS) during unattended install.
    • UNATTEND.XML file can be created with the "Windows System Image Manager"
    • Boot using WinPE and execute SETUP /unattend:<path>\unattend.xml
      OR
    • Place UNATTEND.XML in a default location (e.g. floppy)
• Can be managed through
  • Locally and remotely via the Command Prompt (tools and scripts)
  • Remotely via Terminal Server --> admin mode must be enabled first!
  • Remotely via Windows Remote Shell --> remote management must be enabled first!
  • Remotely via MMC --> watch out for the firewall on the server which is enabled by default!

Command Line Utilities:

• Command Line Reference
  (This setting displays a list of common tasks and how to perform them from the command line)
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /CLI
• Viewing installed roles/features
  • OCLIST.EXE
• Install/Uninstall component (roles/features)
  (To get a list of component names use OCLIST and copy the name into the command line. The name of the components is CASE-SENSITIVE!!!)
  • Start /W OCSETUP <component>
  • Start /W OCSETUP <component> /Uninstall
  • To install AD either one of the following IS required:
    • DCPROMO /UNATTEND:<answer file>
    • DCPROMO /ANSWER:<answer file>
    • DCPROMO /UNATTEND /OPTION1:<value1> /OPTION2:<value2> /OPTION1:<value3> /OPTION1:<value3> …..
• Managing Registry
  • REGEDIT.EXE
  • REG.EXE
• Creating notes/text files
  • NOTEPAD.EXE
  • EDIT.EXE
  • EDLIN.EXE
• Disk/partition management:
  • DISKPART.EXE
  • FORMAT.EXE
  • CHKDSK.EXE
  • DEFRAG.EXE
• Performance Related Stuff
  • DISKPERF.EXE
  • RELOG.EXE
  • LOGMAN.EXE
  • tracerpt.exe
  • typeperf.exe
• Managing Power Related Options
  • POWERCFG.EXE
• Managing Auditing on the local server
  • AUDITPOL.EXE
• Network management (incl. firewall):
  • IPCONFIG.EXE
  • PATHPING.EXE
  • PING.EXE
  • TRACERT.EXE
  • NSLOOKUP.EXE
  • NBTSTAT.EXE
  • NETSTAT.EXE
  • NETSH.EXE (http://go.microsoft.com/fwlink/?LinkId=49654)
• Service and driver management:
  • SC.EXE (http://www.ss64.com/nt/sc.html)
  • NET STOP and NET START
  • DRVLOAD.EXE
  • PNPUTIL.EXE
  • PRINTUI.EXE (for printer drivers only)
  • driverquery.exe
• Backup and Restore
  • WBADMIN.EXE
• Windows Management Interface (for all kinds of things to manage)
  • WMIC.EXE
• Local User and group management:
  (http://support.microsoft.com/?id=251394 & http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_group.mspx?mfr=true)
  • NET.EXE USER …
  • NET.EXE LOCALGROUP…
• Domain and computer name/account management:
  (http://technet2.microsoft.com/WindowsServer/en/Library/460e3705-9e5d-4f9b-a139-44341090cfd41033.mspx?mfr=true)
  • NETDOM.EXE
  • NLTEST.EXE
• To change the time zone:
  • CONTROL.EXE TIMEDATE.CPL
• To change international settings:
  • CONTROL.EXE INTL.CPL
• To manage other CUSTOM CPLs (when available)
  • CONTROL.EXE <NAME>.CPL
• Shutdown/reboot/restart server
  • SHUTDOWN.EXE
• Manage Activation
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SLMGR.VBS
• Manage Automatic Updates
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /AU [/v][value]
• Allow Remote Administration Connections
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /AR [/v][value]
• Allow connections from previous versions of Windows
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /CS [/v][value]
• IP Security (IPSEC) Monitor - allow remote management
  • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /IM [/v][value]
• Windows Remote Management/Shell
  • WINRM.CMD
  • WINRS.EXE
• Applying a patch
  • Wusa.exe <patchname>.msu [/quiet] [/norestart]
• Managing the Event Viewer
  • wecutil.exe
  • eventcreate.exe
  • wevtutil.exe
• Managing CA & Certificates stuff
  • CERTREQ.EXE
  • CERTUTIL.EXE
• File Server Management (role may need to be installed first):
  • NET.EXE SHARE …
  • NTFRSUTL.EXE (http://technet2.microsoft.com/WindowsServer/en/Library/3673b5af-26ff-4902-bf53-18abe5b9dc781033.mspx?mfr=true)
  • DFSCMD.EXE (http://go.microsoft.com/fwlink/?LinkId=49658)
  • DFSUTIL.EXE
  • FSUTIL.EXE (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/fsutil.mspx?mfr=true)
  • XCACLS.EXE
  • ICACLS.EXE
  • CACLS.EXE
  • dfsrdiag.exe
  • dfsradmin.exe
  • DFSDIAG.EXE
• DNS Management:
  • DNSCMD.EXE (http://go.microsoft.com/fwlink/?LinkId=49656)
  • DNS SRV priority - changes the priority for DNS SRV records (only useful on Domain Controllers)
    • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /DP [/v][value]
  • DNS SRV weight - changes the weight for DNS SRV records (only useful on Domain Controllers)
    • CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /DW [/v][value]
• DHCP Management:
  • NETSH.EXE DHCP (http://go.microsoft.com/fwlink/?LinkId=49654)
• AD Management
  • NTDSUTIL.EXE
  • DSAMAIN
  • dsadd.EXE
  • dsget.EXE
  • dsmod.EXE
  • dsmove.EXE
  • dsquery.EXE
  • dsrm.EXE
  • LDIFDE.EXE
  • GPUPDATE.EXE
  • GPRESULT.EXE
  • dcgpofix.exe
  • dfsrmig.exe
  • REPADMIN.EXE
  • redircmp.exe
  • redirusr.exe
  • gpfixup.exe
  • rendom.exe
  • DCDIAG.EXE
  • DSACLS.EXE
• AD LDS Management
  • adaminstall.exe
  • adamuninstall.exe
  • adamsync.exe

More information about Server Core:

• http://blogs.technet.com/server_core/default.aspx
• http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2007/05/04/installing-server-core-domain-controllers.aspx
• http://blog.joeware.net/2007/05/12/877/

As you can see a lot of command line utilities. And this is not the complete list that is available. Besides that a lot of people were used to configure a Window Server through some GUI, but with Server Core you may need to use command line utilities like specified above. For some admins that can be a pain, especially if they are not used to use command line utilities. Like I said before in a previous blogpost, some people are crazy enough to create kick a$$ tooling for people to use that is even free to use. Regarding Server Core tooling, Guy Teverovsky, also a Windows Server –Directory Services MVP created a GUI that allows the configuration of basic stuff on a Server Core. Now how cool is that?!?!?! Trust me, it is damn cool!

That tool (Server Core - CoreConfigurator) has the following features:

• Product Activation
• Configuration of display resolution
• Clock and time zone configuration
• Remote Desktop configuration
• Management of local user accounts (creation, deletion, group membership, passwords)
• Firewall configuration
• WinRM configuration
• IP configuration
• Computer name and domain/workgroup membership
• Installation of Server Core features/roles

Enough blablabla, this Server Core tool can be found here.

Cheers,

Jorge

--------------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
--------------------------------------------------------------------------------------------------
############### Jorge's Quest For Knowledge ###############
######## http://blogs.dirteam.com/blogs/jorge/default.aspx #########
--------------------------------------------------------------------------------------------------