MS Mason Server Core

8/8/2019 MS Mason Server Core

1/35

Andrew MasonAndrew Mason

Program ManagerProgram Manager

Server Core:

Running a Minimal Server


2/35

Agenda

Todays ChallengesServer Core Overview and Benefits

Server Core Architecture

Server Core Installation and Initial Configuration

Adding Server Roles

Administering Server Core


3/35

Todays Challenges

Windows Server is frequently deployed to supporta single role or a fixed workloadIn this scenario, administrators are required to deploy andservice all of Windows Server

These non-value add features (wrt fixed workload server)present a servicing and security burden

Administrators think of servers in terms of serverroles


4/35

Todays Challenges (cont.)

Value PropositionReduce the attack and servicing surface area for certainserver roles by only installing what is required andadministrators use

Servers optimized by role are easier to service andmanage

Fewer patches

Server management lifecycle oriented aroundroles

IT Staff can specialize on their role(s)Increased reliability and security

Less installed and less running


5/35

Server Core Overview

Server Core is:A minimal installation option for Windows Server 2008

Included in the general purpose Windows Server 2008SKUs

Available for x86 and x64


6/35

Server Core Overview (cont.)

Server CoreProvides minimal server OS functionality

Low surface area server for targeted roles

In Server Core includes

A set of server rolesDHCP, File, Print, AD, AD LDS, Media Services, DNS, IIS, andHyper-V

The following optional features:WINS, Failover Clustering, Subsystem for UNIX-based

applications, Backup, Multipath IO, Removable StorageManagement, Bitlocker Drive Encryption, SNMP, Telnet Client,QoS

Command Line interface, no GUI Shell


7/35

Server Core Desktop


8/35

Benefits of Server Core

Fewer PatchesServer Core reduces # of patches by

~60% based on all Windows 2000 patches

~40% based on Windows Server 2003 patches through the endof 2006

Servicing burden is reduced by removing componentsthat are most often serviced

More Secure, Reliable and Less ManagementRemoval of non-value add legacy & client components

from server


9/35

Server Core Architecture

Server Core Server Roles

Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems

DNS

DHCP

FileAD

ServerWith .NetFx, Shell, Tools, etc.

TS IASWebServ

er

Share

Point

Etc

GUI, CLR,Shell, IE,

Media, OE,Etc.

Server, Server Roles

(for example only)

ADLDS

Media

Server

IIS7

WVS

Print


10/35

Server Core

Core Subsystems

Security(Logon scenarios)

Networking(TCP/IP)File Systems

RP CWinlogonNecessary dependencies

Resolved category dependenciesHAL

KernelVGALogon

etc.

DHCPserver role

Infrastructure features

Command shell

Domain joinEvent Log

Perf counter infra.WS-ManagementWMI infrastructure

Licensing serviceWFP

HTTP supportIPSec

Thin Management tools(Local and remote)

Configure IP addressJoin a domain

Create usersetc.

DN Sserver role

File serverrole

DomainController

role

WINSserver roleServer Roles

OptionalFeatures


11/35

Deploying Server Core

There is a screen in Setup to select either:Server with the shell and all Server Roles

Server Core with Command Prompt and supported roles

Server Core initial configuration can be done either

Manually using the command line toolsUsing an unattend file


12/35

Unattended Install

Same unattend and options as Vista and Server

Can set options that otherwise require editing theregistry on Server Core

Display Resolution and Color Depth

1024 768

16


13/35

Selecting Server Core in UnattendAfter the section, add the appropriate

sectionServer Core:

/IMAGE/Name

Windows Longhorn Server Core

Server

/IMAGE/Name Windows Longhorn Server


14/35

No Server Core Upgrades

Only a clean install is supportedCannot upgrade from a previous version of WindowsServer

Cannot upgrade from Server Core to full Server with theGUI shell

Cannot upgrade from full Server with the GUI shell toServer Core


15/35

Server Core Initial ConfigurationSet Administrator Password

CTRL+ALT+DEL and click Change password

net user administrator *

ActivateSlmgr.vbs ato

Configure Static IP Address (if required)Netsh interface ipv4

show interfaces

set address name="ID" source=static address=StaticIP

mask=SubnetMask gateway=DefaultGatewayadd dnsserver name="ID" address=DNSIP index=1

Join a domain (if required)Netdom


16/35

Adding Server RolesCommand line only, no Server Manager

Start /w Ocsetup RolePackageDHCP = DHCPServerCore

DNS = DNS-Server-Core-Role

File = File-Server-Core-Role

File Replication service = FRS-Infrastructure

Distributed File System service = DFSN-ServerDistributed File System Replication = DFSR-Infrastructure-ServerEdition

Network File System = ServerForNFS-Base

Media Server = MediaServer

Active Directory

Dcpromo /unattend:UnattendfileDcpromo now installs Active Directory

Ocsetup not supported for Active Directory


17/35

IIIS 7 on Server Core

Not included:Management Service and GUI Tools

ASP.NET support

PowerShell cmdlets

Can be managed remotely using IIS PowerShellcmdlets or managed code

Same installation granularity as on Serverinstallations

Top level packages areIIS-WebServerManagementTools

IIS-IIS6ManagementCompatibilityIIS-ManagementScriptingTools

WAS-WindowsActivationService

WAS-ProcessModel

IIS-WebServerRole

IIS-FTPPublishingServiceIIS-FTPServerIIS-WebServer

IIS-ApplicationDevelopmentIIS-CommonHttpFeaturesIIS-HealthAndDiagnosticsIIS-PerformanceIIS-Security


18/35

Adding Optional Features

Start /w ocsetup OptionalFeaturePackage

Failover Cluster = FailoverCluster-CoreNetwork Load Balancing =NetworkLoadBalancingHeadlessServer

Subsystem for UNIX-bases applications = SUA

Multipath IO = Microsoft-Windows-MultipathIORemovable Storage Management = Microsoft-Windows-RemovableStorageManagementCore

Bitlocker Drive Encryption = BitLocker

Backup = WindowsServerBackup

Simple Network Management Protocol (SNMP) = SNMP-SC

Telnet Client = TelnetClient

WINS = WINS-SC


19/35

Uninstalling Roles and Features

Start /w Ocsetup Package /uninstallExcept for Active Directory

You must use DCPromo and demote

This will also remove the Active Directory binaries

No Remote GUI for installing or uninstalling rolesand features


20/35

OCList.exe

Server Core only command line toolLists the Server Role and Optional Featurepackage names for use with OCSetup

Lists whether the packages are installed or not


21/35

Managing Server Core

CMD for local command executionTerminal Server using CMD

WS-Management and Windows Remote Shell forremote command execution

WMICan use WMI based PowerShell scripts and cmdletsremotely

Task Scheduler for scheduling jobs and tasks

Event Logging and Event ForwardingRPC and DCOM for remote MMC support

SNMP

Scripting host


22/35

SCRegEdit.wsf

Not all tasks can be performed from the commandline or remotelySCRegEdit.wsf is included in Server Core to:

Enable automatic updates

Enable Terminal Server Remote Admin Mode Enable remote IPSec Monitor management

Configure DNS SRV record weight and priority

/cli switch that lists common command line tools andswitches

Located in \Windows\System32


23/35

Managing with Windows Remote Shell

Windows Remote Management (WinRM) WS-Management - secure firewall friendly mgmt

protocol

Windows Remote Shell (WinRS)

Requires Windows Vista or Windows Server 2008 Only command line tools or scripts without UI can be

executed

Prompts are problematic, full interactive mode not

supported For example, press any key


24/35

Configuring WinRM on Server Core

The Server side of WS-ManagementFrom the command line

WinRM quickconfig

Through an unattend file In the section add:

true

Can also be configured using Group Policy


25/35

Using WinRS

The Client side of WS-ManagementWinRS r: command

Remote endpoint can be -r:https://myserver.com

-r:myserver -r:http://127.0.0.1

-r:http://169.51.2.101:80

For example

Winrs r:myserver dir c:\windows\system32\*.dll


26/35

WinRS examples

Turn on Terminal Services remote admin winrs -r:myserver cscript

\windows\system32\scregedit.wsf /ar 0

Allow pre-Vista/Longhorn TS clients winrs -r:myserver cscript

\windows\system32\scregedit.wsf /cs 0

Join a domain

winrs -r:myserver netdom add myserver/domain:testdomain /userd:administrator/passwordd:

Add domain admin to local admins

winrs -r:myserver net localgroup administratorstestdomain\administrator /add


27/35

Hardware on Server Core

Plug and Play is included in Server Core If you add hardware with an inbox driver, PnP will

silently install the driver

If the driver is not included, but you have a PnP

driver for the hardware Copy the driver files to the Server Core box

Pnputil i a driverinf

To list installed drivers sc query type= driver

To remove a driver sc delete service_name


28/35

Control Panel in Server Core?

Limited functionality for specific scenariosTime zone, to change

Control timedate.cpl

Keyboards and/or language, to change Control intl.cpl


29/35

Notepad and Regedit

Notepad Has the following limitations

Help does not work

Open, Save and Save As work in Beta 3

Copy, Paste, Find, Replace, etc all workRegedit

Help does not work


30/35

Restarting CMD.EXE

If you close the command prompt windowLocally, you can either:

Press ctrl-alt-del, click Start Task Manager, click File,click Run, and enter cmd.exe

Log off and back on againIn a Terminal Services session:

You can use the Terminal Services MMC snapin toremotely logoff

You can use the Terminal Serivces command line toolsremotely: query session /server:

logoff /server:


31/35

Limitations of Server Core

No support for Managed CodeNo balloon notifications, such as for activation

Password expiration is now a balloon notification, so itwill not appear on Server Core

Runonce is not supported on Server Core


32/35

Mgmt Tools on Server Core

Server Core is not an application platformServer Core does support development of

Management tools, utilities, and agents Remote Management tools should not require changes

Need to use one of the protocols supported in Server core,such as RPC


33/35


34/35

Demo


35/35

Server Core Resources

Step by Step GuideOnline athttp://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54

Download in Word Document in the Download Center

http://download.microsoft.com/

Newsgroupshttp://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=582&SiteID=17

Server Core Blog

http://blogs.technet.com/server_core/default.aspxEmail

[email protected]

Command-line reference A-Z in Help is very helpfulOnline at: http://go.microsoft.com/fwlink/?LinkId=20331
http://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=truehttp://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Server%20Core%20Installation%20Option%20of%20Windows%20Server%20Longhorn%20Step-By-Step%20Guide.dochttp://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Server%20Core%20Installation%20Option%20of%20Windows%20Server%20Longhorn%20Step-By-Step%20Guide.dochttp://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true

Documents

MS Mason Server Core