Server Core – Initial Configuration

I’ve gotten a lot of questions, both in the mail and at the Ask The Experts-booth at Microsoft TechEd IT Forum in Barcelona in November about Windows Server 2008 Core. Most of these questions are how to configure and manage your Server Core-installation. Secondly the question usually is “What can you run on it?”. In a series of articles I thought we’d take a closer look on these subjects and we’re starting off with initial configuration. These are the steps taken right after installation to configure the firewall, remote administration and network settings for example.

 The below list of commands are not in any particular order and I might edit it for usability in the future…

Configure networking

To list all the interfaces:

Netsh interface ipv4 show interfaces

Look at the output and in the IDX-column find the corresponding adapter.

To configure your adapter, type the following:

Netsh interface ipv4 set address name=[id] source=static address=[static ip] mask=[subnet mask] gateway=[default gateway] (substitute [text] with your desired configuration, ie 192.168.1.10 for IP)

To set the DNS-server address:

Netsh interface ipv4 add dnsserver name=[id] address=[dnsip] index=1

To set the administrative password:

Net user administrator *

Then type your desired password twice.

Changing the server name

Determine the current server name by typing: hostname

Then type:

Netdom renamecomputer [currentcomputername] /NewName:[newcomputername]

Activating your server locally:

Slmgr.vbs -ato

Note the lack of confirmation upon successful activation!

Activating your server remotely:

Cscript slmgr.vbs -ato [servername] [username] [password]

Retrieve the GUID:

Cscript slmgr.vbs -did

Activate

Cscript slmgr.vbs -dli [GUID]

Joining your server to the domain

Netdom join [computername] /domain:[DomainName] /userd:[UserName] /password:*

Restart your computer:

Shutdown /r /t 0

Remove your server from the domain

Netdom remove

Shutdown /r /t 0 

Terminal Services

Enable administration mode RDP-connections:

Cscript c:windowssystem32scregedit.wsf /ar 0

(to disable, change the 0 to a 1)

To view your current RDP settings:

Cscript c:windowssystem32scregedit.wsf /ar /v

1=disable, 0=enabled

To turn off the higher security level for compability with earlier versions of the RDP-client:

Cscript c:windowssystem32scregedit.wsf /cs 0

Enable remote management through the firewall

Netsh advfirewall firewall set rule group=”Remote Desktop” new enable=yes

Date and Time

Control timedate.cpl

Edit settings and press ok to close the applet.

In a domain environment, you can sync with the PDC-emulator:

W32tm /config /update /syncfromflags:DOMHIER

To force sync:

W32tm /resync /nowait

This will set your Core-server to sync its time from the domain.

To enable Windows Remote Shell

WinRM quickconfig

(this will enable WinRM to accept Windows Remote Shell connections)

To connect to this server from a remote computer:

Winrs -r:[servername] cmd

Configure Automatic Updates

Cscript c:windowssystem32 scregedit.wsf /au /4

Disable Automatic Update

Cscript c:windowssystem32 scregedit.wsf /au /1

To view your current settings

Cscript c:windowssystem32 scregedit.wsf /au /v

Configure Error Reporting

Automatically send detailed reports: serverWeroptin /detailed

Automatically send summary reports: serverWeroptin /summary

Disable error reporting: serverWerOptin /disable

To view your current settings: serverWerOptin /query

To add hardware to your Core-server

Pnputil -i -a [driverinf]

Run this command in the folder where the driver is located.

To list the installed drivers

Sc query type= driver (the space is intentional and must be there)

To remove a driver

Sc delete [service_name]

Adding a user to the local Administrators group

net localgroup Administrators /add [domain][username]

Removing a user from the local Administrators group

Net localgroup Administrators /delete [domain][username]

Event logs

List:

Wevtutil el

Query events in a specified log:

Wevtutil qe /f:text [log name]

Export:

Wevtutil epl [log name]

Clear:

Wevtutil cl [log name]

List running services

Sc query

Or

Net start

Starting a service

Sc start [service name]

Or

Net start [service name]

Stopping a service

Sc stop [service name]

Or

Net stop [service name]

To force a process stop

Type tasklist to get all the running processes and note the PID (Process ID)

Then run taskkill /PID [process id]

Configuring the firewall

To, for example, enable remote management from any MMC snap-in:

Netsh advfirewall firewall set rule group “Remote Administration” new enable=yes

To enable remote management of the firewall from another machine:

Netsh advfirewall set currentprofile settings remotemanagement enable

Configure the paging file

Wmic pagefileset where name=[path/filename] set Initialsize=[initialsize],MaximumSize=[maxsize]

Note that the values are in bytes

Installing rules / features

To see which roles/features are available:

Oclist

To install a role/feature:

Start /w ocsetup [featurename]

If you leave out the /w the command prompt will return immediately, and you have no way of knowing if the installation is complete or not.

To install remote admin tools, in this case for bitlocker:

Start /w ocsetup BitLocker-RemoteAdminTool

Removing a role:

Start /w ocsetup [rolename] /uninstall

Reboot / Shutdown

Shutdown -r -t 0 (r = reboot)

Shutdown -s -t 0 (s = shutdown)

Leave a Reply

Your email address will not be published. Required fields are marked *