2008 Server Core Configuration

The Server Core feature of Windows Server 2008 is a long awaited installation option of the Windows Server OS. As with a non-Server Core setup, the default install leaves many settings in need of customization, however there are different methods for changing these settings. This post covers the requirements to configure a new Server Core installation.

Boasting a lightweight, basically GUI-less environment, Server Core installs only essential components to support a number of server roles and features. Server Core’s benefits include a reduced attack surface, lower disk space requirements, less management overhead, and a fewer number of reboots due to patching. The installation process is lightning fast, partially due to the lack of configuration during the install. Below I’ve listed some of the basic areas that need to be configured post-install, and how to do so.

Change the administrator password. This is done on your first logon to the machine. The default administrator password is blank, and upon logon you are required to change it.

Change the computer name. The initial computer name is typically something along the lines of “WIN-L3JCYDGR14H”. To change this to something more useful, you will use the familiar netdom command:

netdom renamecomputer <machine> /NewName:<new-name>

Configure date & time. Certain control panel features are available in Server Core, this is one of them, and can be accessed by typing:

control timedate.cpl

Configure network settings (IP address, DNS server). These settings are configured with the powerful netsh (net shell) command. By default, the machine will use DHCP to obtain an IP. To set a static address, run the following command:

netsh interface ipv4 set address name=<interface-name> source=static address=<IP> mask=<subnet-mask> gateway=<default-gateway> <metric>

Where <interface-name> is the name of your network adapter shown by the “netsh interface ipv4 show interfaces” command. You can also use the adapter’s index number, shown in the “Idx” column.

The adapter’s DNS settings can be configured by running:

netsh interface ipv4 add dnsserver name=”<interface-name>” address=<dns-IP> index=1

The index argument specifies the DNS Server’s precedence for that adapter.

Join a domain. As with changing the machine name, the netdom command is used to join a domain:

netdom join <machine> /Domain:<domain> /UserD:<domain-user> /PasswordD:*

Activate licensing. Activating a server is accomplished by running the vbscript below.

slmgr.vbs -ato

Install server roles or features.

The “oclist” command will display available server roles or features and their installation status. Installing a role or feature is done with the ocsetup command using the following syntax:

start /w ocsetup <server-core-role>

Configure the firewall. As with other network settings, the firewall is configured with the netsh command, using the “netsh advfirewall” context. Firewall management using netsh can be somewhat complex, I suggest using this Microsoft KB as a guide. One gotcha that I’ll mention here though, disabling the firewall should be done through the firewall management MMC or using the “netsh firewall set opmode disable” command. Stopping the firewall service is not supported by Microsoft, and stopping it with net stop or via the services mmc will disable inbound communications.

Enable Remote Desktop. One of several ways Server Core can be administered is through Remote Desktop, though it isn’t enabled by default. To do so, the scregedit.wsf script is used:

cscript %windir%\system32\scregedit.wsf /AR 0

The scregedit script is used to configure many other Server Core registry settings. Run scregedit.wsf /? for more details.

Enable WinRM remote management shell. This new feature of Server 2008 is another way to administer the OS. It enables remote command management, sort of like a SSH for Windows. On the server side, WinRM can be quickly enabled by typing the following:

WinRM quickconfig

On the client side, you can get a remote command prompt by running “winrs -r:<server> cmd”. A quick note about the security implications, WinRM can be configured for secure authentication and certificate use, but make sure you do some research before implementing this in a non-lab environment to make sure you aren’t sending clear text.

As you can see, there are at least half a dozen different commands used in the basic configuration of a Server Core installation, some new, some old. I highly recommend getting familiar with all of them. However, once you do so, there are a number of 3rd party configuration utilities that have been put together to make these tasks a little easier. My personal favorite is the Server Core Configurator found at CodePlex.com, Microsoft’s open source project web site. Looking at the screenshot, you can see that it enables administration of all of the above settings and more, all from a convenient GUI.

Regardless of the method used to configure Server Core, this installation option of Windows Server 2008 is an exciting feature and one that is a great solution for scenarios such as branch offices, Internet facing servers, and testing & development, among others. Check back soon for a good example of how Server Core can be utilized in your environment.

TechNet: Server Core Installation Step-By-Step

Subscribe to TechScrawl via RSS

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: