Server Core Installation Option Of Windows Server 2008 Step-by-step Guide

Server Core Installation Option of Windows Server 2008 Step-By-Step Guide Microsoft Corporation Published: February 2008 Author: Jaime Ondrusek

Abstract This step-by-step guide provides the instructions you need to build a server in your test lab based on the Server Core installation option of the Windows Server® 2008 operating system. This includes installing and performing the initial configuration of the Server Core installation, installing server roles or features, and managing a server that is running a Server Core installation.

Copyright Information Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2008 Microsoft Corporation. All rights reserved. Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

Contents Server Core Installation Option of Windows Server 2008 Step-By-Step Guide..............................5 What is a Server Core installation?.............................................................................................. 5 What’s new in the Server Core installation option?.............................................. ....................5 Who should use this guide?............................................................................... ......................5 Benefits of a Server Core installation.................................................................... ...................6 In this guide................................................................................................................... ...........6 Deploying a Server Core installation: Overview....................................................................... ....6 Prerequisites for deploying a Server Core installation...................................................... ........6 Known issues for deploying a Server Core installation.......................................................... ...7 Steps for manually installing a Server Core installation......................................................... ...7 Using an unattend file to install a Server Core installation.......................................................7 Configuring a Server Core installation: Overview.................................................. ......................8 Administrative credentials............................................................................. ...........................8 Known issues for configuring a Server Core installation................................ ..........................8 Steps for configuring a Server Core installation................................................ .......................8 Installing a server role on a server running Server Core installation: Overview.........................11 Prerequisites for installing a server role on a server running Server Core installation............12 Known issues for installing a server role on a Server Core installation..................................12 Steps for installing a server role on a Server Core installation.............................. .................13 Available server roles.................................................................................................... ......13 DNS Server role.......................................................................................................... ........13 DHCP Server role......................................................................................... ......................13 File Services role....................................................................................... .........................14 Print Services role...................................................................................................... .........14 Active Directory Lightweight Directory Services role.................................................. .........15 Active Directory Domain Services role...................................................................... ..........15 Streaming Media Services role........................................................................ ...................16 Web Server (IIS) role................................................................................... .......................16 Installing Windows Features: Overview....................................................................... ..............17 Prerequisites for installing an optional feature on a server running a Server Core installation ................................................................................................................................... .........17 Known issues for installing an optional feature on a server running a Server Core installation ................................................................................................................................... .........18 Steps for installing an optional feature on a server running a Server Core installation...........18 Available optional features.................................................................................... ..............18 Managing a Server Core installation: Overview.............................................................. ...........19 Prerequisites for managing a server running Server Core installation.................................. ..19 Known issues for managing a server running a Server Core installation...............................20 Steps for managing a Server Core installation...................................................... .................21

Administering a Server Core installation............................................................................ ........27 Prerequisites for administering a Server Core installation............................................ ..........27 Known issues for administering a Server Core installation................................................. ....27 Steps for administering a Server Core installation................................................................ ..28 Configuration and installation....................................................................................... .......28 Networking and firewall............................................................................................ ...........31 Updates, error reporting, and feedback................................................... ...........................32 Services, processes, and performance..................................................................... ..........33 Event logs......................................................................................................... ..................34 Disk and file system............................................................................................. ...............34 Hardware..................................................................................................... .......................35 Logging bugs and feedback................................................................................................... ....36 Additional references.................................................................................................... .............36 Appendix A: Sample Server Core installation - Unattend.xml..................................... ...............38

Server Core Installation Option of Windows Server 2008 Step-By-Step Guide This step-by-step guide provides instructions for building a server in your test lab that is based on the Server Core installation option of the Windows Server® 2008 operating system. It includes information about installation, initial configuration, and managing a server that is running a Server Core installation.

What is a Server Core installation? The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles. A server running a Server Core installation supports the following server roles: •

Active Directory Domain Services (AD DS)

•

Active Directory Lightweight Directory Services (AD LDS)

•

DHCP Server

•

DNS Server

•

File Services

•

Print Services

•

Streaming Media Services

•

Web Server (IIS)

To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a server running a Server Core installation is the command prompt.

What’s new in the Server Core installation option? The Server Core installation option of Windows Server 2008 requires initial configuration at a command prompt. A Server Core installation does not include the traditional full graphical user interface. Once you have configured the server, you can manage it locally at a command prompt or remotely using a Terminal Server connection. You can also manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.

Who should use this guide? The target audience for the Server Core installation option of Windows Server 2008 includes: •

IT planners and analysts who are technically evaluating the product. 5

•

Enterprise IT planners and designers for organizations.

• IT professionals who are managing the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, Streaming Media Services, and Web Server (IIS) roles.

Benefits of a Server Core installation The Server Core installation option of Windows Server 2008 provides the following benefits: • Reduced maintenance. Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008. • Reduced attack surface. Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface. • Reduced management. Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage. • Less disk space required. A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.

In this guide •

Deploying a Server Core installation: Overview

•

Configuring a Server Core installation: Overview

•

Installing a server role on a server running a Server Core installation: Overview

•

Installing Windows Features: Overview

•

Managing a Server Core installation: Overview

•

Administering a Server Core installation

•

Logging bugs and feedback

•

Additional references

•

Appendix A: Sample Server Core installation - Unattend.xml

Deploying a Server Core installation: Overview In this scenario, you will create a server running a Server Core installation. There are no special settings or differences between installing Windows Server 2008 and a Server Core installation.

Prerequisites for deploying a Server Core installation To complete this task, you will need the following: •

The Windows Server 2008 installation media

•

A valid product key

•

A computer on which you can perform a clean Server Core installation 6

Known issues for deploying a Server Core installation • There is no way to upgrade from a previous version of the Windows Server operating system to a Server Core installation. Only a clean installation is supported. • There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core installation. Only a clean installation is supported. • There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows® user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.

Steps for manually installing a Server Core installation Follow this procedure to install a Server Core installation of Windows Server 2008. To install a Server Core installation 1. Insert the appropriate Windows Server 2008 installation media into your DVD drive. 2. When the auto-run dialog box appears, click Install Now. 3. Follow the instructions on the screen to complete Setup. 4. After Setup completes, press CTRL+ALT+DELETE, click Other User, type Administrator with a blank password, and then press ENTER. You will be prompted to set a password for the Administrator account.

Using an unattend file to install a Server Core installation Using an unattend file for a Server Core installation enables you to perform most of the initial configuration tasks during Setup. Performing an unattended Server Core installation provides the following benefits: •

There is no need to perform the initial configuration by using command-line tools.

• You can include the settings in the unattend file to enable remote administration (when Setup is complete). • You can configure settings that cannot be easily modified at a command prompt, such as display resolution. To install a Server Core installation by using an unattend file 1. Create a .xml file titled Unattend.xml by using a text editor or Windows System Image Manager. 2. Copy the Unattend.xml file to a local drive or shared network resource. 3. Boot your computer to Windows Preinstallation Environment (Windows PE), Windows Server 2003, or Windows XP. 4. Insert the media disk with the Server Core installation of Windows Server 2008 7

into your disk drive. If the auto-run Setup window appears, click Cancel. 5. At a command prompt, change to the drive that contains the installation media. 6. Type the following at a command prompt: setup /unattend:<path>\unattend.xml where path is the path to your Unattend.xml file. 7. Allow Setup to complete. Note Appendix A of this document contains a sample unattend file with comments that explain the settings in the sample configuration. This sample can be modified for use in your environment.

Configuring a Server Core installation: Overview Because a Server Core installation does not include the Windows user interface, there is no "outof-box experience" to help you complete the server configuration. Instead you must manually complete the configuration using the command-line tools as outlined in the following steps. Note You can use an unattended setup to configure these settings during installation. For more information about unattended settings, see the Windows Automated Installation Kit (Windows AIK) (http://go.microsoft.com/fwlink/?LinkId=81030).

Administrative credentials If you are going to join a server running a Server Core installation to an existing Windows domain, you need a user name and password for an account that has the administrative credentials to join a computer to the domain.

Known issues for configuring a Server Core installation • If you close all command prompts, you will have no way to manage the Server Core installation. To recover, you can press CTRL+ALT+DELETE, click Start Task Manager, click File, click Run, and type cmd.exe. Alternatively, you can log off and log back on again. • Because there is no Web browser, you cannot activate a Server Core installation or access the Internet through a firewall that requires users to log on.

Steps for configuring a Server Core installation The following procedures explain how to configure a computer running a Server Core installation. The steps include: •

Setting the administrative password

•

Setting a static IP address 8

Note A DHCP address is provided by default. You should perform this procedure only if you need to set a static IP address. •

Joining a domain

•

Activating the server

•

Configuring the firewall

To set the administrative password 1. When your computer starts for the first time after the installation completes, press CTRL+ALT+DELETE. Type Administrator for the user name and leave the password blank. 2. The system will inform you that the password has expired and will prompt you to enter a new password. 3. Type an appropriate password. To set a static IP address 1. At a command prompt, type the following: netsh interface ipv4 show interfaces 2. Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address. 3. At the command prompt, type: netsh interface ipv4 set address name="" source=static address=<StaticIP> mask=<SubnetMask> gateway= Where: ID is the number from step 2 above StaticIP is the static IP address that you are setting SubnetMask is the subnet mask for the IP address DefaultGateway is the default gateway 4. At the command prompt, type: netsh interface ipv4 add dnsserver name="" address=index=1 Where: ID is the number from step 2 above DNSIP is the IP address of your DNS server 5. Repeat step 4 for each DNS server that you want to set, incrementing the index= number each time.

9

Notes • If you set the static IP address on the wrong network adapter, you can change back to using the DHCP address supplied by using the following command: •

netsh interface ipv4 set address name="" source=dhcp

•

where ID is the number of the network adapter from Step 2.

To join a domain 1. At a command prompt, type: netdom join /domain: /userd:<UserName> /password:* Where: ComputerName is the name of the server that is running the Server Core installation. DomainName is the name of the domain to join. UserName is a domain user account with permission to join the domain. 2. When prompted to enter the password, type the password for the domain user account specified by UserName. 3. If you need to add a domain user account to the local Administrators group, type the following command: net localgroup administrators /add \<UserName> 4. Restart the computer. You can do this by typing the following at a command prompt: shutdown /r /t 0 To rename the server 1. Determine the current name of the server with the hostname or ipconfig command. 2. At a command prompt, type: netdom renamecomputer /NewName: 3. Restart the computer. To activate the server •

At a command prompt, type:

slmgr.vbs -ato If activation is successful, no message will return in the command prompt.

10

Notes • You can also activate by phone, using a Key Management Service (KMS) server, or remotely by typing the following command at a command prompt of a computer that is running Windows Vista or Windows Server 2008: • cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>:-ato To configure the firewall • Use the netsh advfirewall command. For example, to enable remote management from any MMC snap-in, type the following: netsh advfirewall firewall set rule group="Remote Administration" new enable=yes Notes • You can also use the Windows Firewall snap-in from a computer running Windows Vista or Windows Server 2008 to remotely manage the firewall on a server running a Server Core installation. To do this, you must first enable remote management of the firewall by running the following command on the computer running a Server Core installation: •

netsh advfirewall set currentprofile settings remotemanagement enable

Installing a server role on a server running Server Core installation: Overview After the Server Core installation is complete and the server is configured, you can install one or more server roles. The Server Core installation of Windows Server 2008 supports the following server roles: •

Active Directory Domain Services (AD DS)

•

Active Directory Lightweight Directory Services (AD LDS)

•

DHCP Server

•

DNS Server

•

File Services

•

Print Services

•

Streaming Media Services

•

Web Server (IIS)

More information about the command-line tools for configuring the server roles is available in the Additional references section at the end of this guide. Note This section includes a procedure for each server role in the previous list. You need to complete the procedure(s) for only the server roles that you want to install.

11

Prerequisites for installing a server role on a server running Server Core installation To complete this task, you need the following: • A computer on which you have installed and configured a Server Core installation of Windows Server 2008. • An administrator user account and password for the server running the Server Core installation. • If installing and configuring a print server, another computer running Windows Vista or Windows Server 2008 on which you can run the Print Management Console to remotely configure the print server. • If installing and configuring a DHCP server, the information required to configure a DHCP scope. • If installing and configuring a DHCP server, you must configure the server running the Server Core installation to use a static IP address. • If installing and configuring a DNS server, the information required to configure a DNS zone. • If installing and configuring an Active Directory environment, the information required to either join an existing domain or to create a new domain. • If you are going to promote the server running the Server Core installation to be a domain controller in an Active Directory domain, a domain administrator user name and password.

Known issues for installing a server role on a Server Core installation • You cannot use the Active Directory Domain Controller Installation Wizard (Dcpromo.exe) on a server running Server Core installation. You must use an unattend file with Dcpromo.exe to install or remove the domain controller role. Alternately, you can run Dcpromo.exe on another computer running Windows Server 2008 and use the wizard to save an unattend file that you can then use on the server running Server Core installation. • Dcpromo.exe will restart the computer immediately when the installation is complete or when Active Directory is removed unless RebootOnCompletion=No is included in the answer file. • The Web Server (IIS) role does not support ASP.NET in Server Core installations. Because there is no support for managed code, the following IIS features are not available in Server Core installations: •

IIS-ASPNET

•

IIS-NetFxExtensibility

•

IIS-ManagementConsole

•

IIS-ManagementService 12

•

IIS-LegacySnapIn

•

IIS-FTPManagement

•

WAS-NetFxEnvironment

•

WAS-ConfigurationAPI

Steps for installing a server role on a Server Core installation To install a server role on a Server Core installation of Windows Server 2008, perform the procedure for the desired role as follows. Note Ocsetup.exe syntax is case sensitive so be sure to follow the examples explicitly.

Available server roles To discover the available server roles, open a command prompt and type the following: oclist This command lists the server roles and optional features that are available for use with Ocsetup.exe. It also lists the server roles and optional features that are currently installed.

DNS Server role To install the DNS Server role 1. At a command prompt, type: start /w ocsetup DNS-Server-Core-Role Note Using /w prevents the command prompt from returning until the installation completes. Without /w, there is no indication that the installation completed. 2. Configure a DNS zone at the command prompt by typing dnscmd or by remotely using the DNS MMC snap-in. Note Typing start /w ocsetup DNS-Server-Core-Role /uninstall at the command prompt will uninstall the DNS Server role.

DHCP Server role To install the DHCP Server role 1. At a command prompt, type: start /w ocsetup DHCPServerCore 2. Configure a DHCP scope at the command prompt by using netsh, or by remotely using the DHCP snap-in from Windows Server 2008. 13

3. If the DHCP server is installed in an Active Directory domain, you must authorize it in Active Directory. The DHCP Server service does not start automatically by default. Use the following procedure to configure it to start automatically and to start the service for the first time. To configure and start the DHCP Server service 1. At a command prompt, type: sc config dhcpserver start= auto 2. Start the service by typing: net start dhcpserver Note Typing start /w ocsetup DHCPServerCore /uninstall at the command prompt will uninstall the DHCP Server role.

File Services role The Server service is installed by default to provide administrative share support for management tools. To install additional file server features use the following commands: To install File Services role features •

For File Replication Service, type the following at a command prompt:

start /w ocsetup FRS-Infrastructure •

For Distributed File System service, type:

start /w ocsetup DFSN-Server •

For Distributed File System Replication, type:

start /w ocsetup DFSR-Infrastructure-ServerEdition •

For Services for Network File System (NFS), type:

start /w ocsetup ServerForNFS-Base start /w ocsetup ClientForNFS-Base Note Uninstall any file server role options by using these commands with the /uninstall option.

Print Services role To install Print Services role features •

For the Print Server feature, type the following at a command prompt:

start /w ocsetup Printing-ServerCore-Role •

For the Line Printer Daemon (LPD) service, type: 14

start /w ocsetup Printing-LPDPrintService To add a printer to the print server 1. Determine the IP address or host name of the printer. This may be on the printer's test or printer configuration page or you might need to refer to the manufacturer's documentation for instructions. 2. Verify that the print server can communicate with the printer through the network by pinging the printer from the print server. 3. On another computer running Windows Vista or Windows Server 2008, open the Print Management console and add the server running the Server Core installation. 4. Expand the entry for the print server running a Server Core installation, right-click Drivers, and then click Add Driver. The Add Printer Driver Wizard starts. 5. Complete the wizard to install the printer driver for your printer. 6. In the Print Management console, right-click Printers and then click Add Printer. The Network Printer Installation Wizard starts. 7. Click Add a TCP/IP or Web Services printer by IP address or hostname and then click Next. 8. Enter the printer's host name or IP address (the port name will be the same by default), and then click Next. 9. Make any necessary changes to the printer name, contact information, or sharing status, and then click Next.

Active Directory Lightweight Directory Services role To install the AD LDS role •

At a command prompt, type:

start /w ocsetup DirectoryServices-ADAM-ServerCore Notes •

Uninstall the AD LDS role by typing the following at a command prompt:

•

start /w ocsetup DirectoryServices-ADAM-ServerCore /uninstall

Active Directory Domain Services role This command installs the Active Directory Domain Services role and promotes the server to a domain controller by using the settings in the unattend file. For links to information about using an unattend file with Dcpromo.exe, see the Additional References section at the end of this document. To install the Active Directory Domain Services role •

At a command prompt, type: 15

dcpromo /unattend: Where unattendfile is the name of a Dcpromo.exe unattend file. Note Dcpromo.exe can also be used to demote a domain controller to a server.

Streaming Media Services role To install the Streaming Media Services role 1. On another computer, download the Streaming Media Services role installer file from article 934518 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=88046). 2. Copy the appropriate Microsoft Update Standalone package (.msu file) to your Server Core installation. 3. Run the .msu file. 4. At a command prompt, type: start /w ocsetup MediaServer 5. On a different computer, use the Streaming Media Services MMC snap-in to remotely configure Streaming Media Services.

Web Server (IIS) role To install the Web Server role 1. For the default installation, type the following at a command prompt and press ENTER: start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WASProcessModel 2. For an installation that includes all of the options, type the following at a command prompt and press ENTER: start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IISStaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IISHttpRedirect;IIS-ApplicationDevelopment;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IISISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IISLoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IISODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IISDigestAuthentication;IIS-ClientCertificateMappingAuthentication;IISIISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IISIPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IISHttpCompressionDynamic;IIS-WebServerManagementTools;IISManagementScriptingTools;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS16

WMICompatibility;IIS-LegacyScripts;IIS-FTPPublishingService;IIS-FTPServer;WASWindowsActivationService;WAS-ProcessModel Notes •

To uninstall the Web Server (IIS) role, use the following command:

• start /w pkgmgr /uu:IIS-WebServerRole;WASWindowsActivationService;WAS-ProcessModel

Installing Windows Features: Overview After the Server Core installation is complete and the server is configured, you can install one or more optional features. The Server Core installation of Windows Server 2008 supports the following optional features: •

Failover Clustering

•

Network Load Balancing

•

Subsystem for UNIX-based applications

•

Backup

•

Multipath IO

•

Removable Storage

•

Bitlocker Drive Encryption

•

Simple Network Management Protocol (SNMP)

•

Windows Internet Name Service (WINS)

•

Telnet client

The following procedure describes how to install these features on a server running a Server Core installation. Note Failover Clustering is not available in Windows Server 2008 Standard Edition.

Prerequisites for installing an optional feature on a server running a Server Core installation The following optional features require appropriate hardware: •

Failover Clustering

•

Network Load Balancing

•

Multipath IO

•

Removable Storage

•

Bitlocker Drive Encryption

17

Note For more information about the hardware that is required for optional features, see the Additional References section at the end of this document. There are no prerequisites for the following optional features: •

Subsystem for UNIX-based applications

•

Backup

•

Simple Network Management Protocol (SNMP)

•

Windows Internet Name Service (WINS)

•

Telnet client

Known issues for installing an optional feature on a server running a Server Core installation There are no known issues for installing an optional feature on a Server Core installation of Windows Server 2008.

Steps for installing an optional feature on a server running a Server Core installation To install an optional feature on a Server Core installation of Windows Server 2008, perform the following procedure. Note The Ocsetup.exe syntax is case sensitive so be sure to follow the examples explicitly.

Available optional features To discover the available optional features, open a command prompt and type the following: Oclist This command lists the server roles and optional features that are available for use with Ocsetup.exe. It also lists the server roles and optional features that are currently installed.

To install an optional feature •

At a command prompt, type:

start /w ocsetup Where featurename is the name of a feature from the following list: •

Failover Clustering: FailoverCluster-Core

•

Network Load Balancing: NetworkLoadBalancingHeadlessServer

•

Subsystem for UNIX-based applications: SUACore

•

Multipath IO: MultipathIo 18

• Removable Storage: Microsoft-WindowsRemovableStorageManagementCore •

Bitlocker Drive Encryption: BitLocker

Notes To install the remote administration tool for BitLocker, type the following at a command prompt: start /w ocsetup BitLocker-RemoteAdminTool •

Backup: WindowsServerBackup

•

Simple Network Management Protocol (SNMP): SNMP-SC

•

Windows Internet Name Service (WINS): WINS-SC

•

Telnet client: TelnetClient

Note To remove an optional feature, use start /w ocsetup with the appropriate role name and the /uninstall switch.

Managing a Server Core installation: Overview You can manage a server running Server Core installation in the following ways: • Locally and remotely using a command prompt. By using the Windows command-line tools at a command prompt, you can manage servers running a Server Core installation. • Remotely using Terminal Server. By using another computer running Windows, you can use the Terminal Server client to connect to a server running a Server Core installation, and manage it remotely. The shell in the Terminal Server session will be the command prompt. • Remotely using Windows Remote Shell. By using another computer running Windows Vista or Windows Server 2008, you can use Windows Remote Shell to run command-line tools and scripts on a server running a Server Core installation. • Remotely using an MMC snap-in. By using an MMC snap-in from a computer running Windows Vista or Windows Server 2008, you can connect to a server running Server Core installation in the same way that you would connect to any computer running Windows.

Prerequisites for managing a server running Server Core installation To manage a server running Server Core installation, you need: • A computer that has a Server Core installation of Windows Server 2008 installed and configured.

19

• An administrator user account and password for a server running a Server Core installation.

Known issues for managing a server running a Server Core installation • Not all tasks can be performed at a command prompt or remotely through an MMC snap-in. There is a script included with the Server Core installation of Windows Server 2008 that you can use to configure the following settings: •

Enable automatic updates

•

Enable Remote Desktop for Administration

• Enable Terminal Server clients on previous versions of Windows to connect to a server running a Server Core installation •

Configure DNS SRV record weight and priority

•

Manage IPsec Monitor remotely

The script is located in the \Windows\System32 folder of a server running a Server Core installation. At a command prompt, open the folder, and then use the following command to display the usage instructions for the previous options: cscript scregedit.wsf /? Note You can use this command with the /cli option to display a list of common command-line tools and their usage. • If you close all Command Prompt windows and want to open a new Command Prompt window, press CTRL+ALT+DELETE, click Start Task Manager, click File, click Run, and then type cmd.exe. Alternatively, you can log off and log back on. • Any command or tool that attempts to launch Windows Explorer will not work. For example, start . used from a command prompt will not work. •

TheRunonce feature is not supported in Server Core installations.

•

There is no support for HTML rendering or HTML help in Server Core installations.

• Server Core installations do not support running managed code. Any management tools and utilities that run locally on a server running a Server Core installation must be written in native Win32 code. • Server Core installations do not generate any notifications for activation, new updates, or password expiration because these notifications require the Windows Explorer shell, which is not part of the Server Core installation. • If you need to write a script for managing a server running a Server Core installation, which requires the secure inclusion of an administrative password, see the scripting column on Microsoft TechNet (http://go.microsoft.com/fwlink/?LinkID=56421). • Server Core installations support Windows Installer in quiet mode so that you can install tools and utilities from Windows Installer files. 20

• Windows Firewall can be configured at a command prompt by using netsh advfirewall. • When installing Windows Installer packages on a server running a Server Core installation, use the /qb option to display the basic user interface. • To change the time zone on a computer running a Server Core installation of Windows Server 2008, run control timedate.cpl. • To change international settings on a computer running a Server Core installation of Windows Server 2008, run control intl.cpl. • To use the Disk Management MMC snap-in remotely, start the Virtual Disk Service on a server running a Server Core installation. To do this, type the following at a command prompt: net start VDS •

Control.exe will not run on its own. You must run it with either Timedate.cpl or Intl.cpl.

• Winver.exe is not available in Server Core installations. To obtain version information use Systeminfo.exe.

Steps for managing a Server Core installation The following procedures explain methods for managing a server running a Server Core installation, including: •

Managing a server running a Server Core installation locally at a command prompt

•

Managing a server running a Server Core installation remotely at a command prompt

• Managing a server running a Server Core installation by using Windows Remote Shell • Managing a server running a Server Core installation by using Microsoft Management Console (MMC) •

Adding hardware to a server running a Server Core installation

•

Obtaining a list of drivers installed on a server running a Server Core installation

•

Installing the DNS server role

To manage a server running a Server Core installation locally at a command prompt 1. Start a server running a Server Core installation. 2. Log on using an administrator account. 3. At the command prompt, use the appropriate command-line tool for the task you want to complete. Notes • For more information about command-line tools, see "Steps for administering a Server Core installation" later in this document. •

You can find further information at the Command-Line Reference A-Z (). 21

To manage a server running a Server Core installation by using a terminal server 1. On the server running a Server Core installation, type the following command at a command prompt: cscript C:\Windows\System32\ Scregedit.wsf /ar 0 This enables the Remote Desktop for Administration mode to accept connections. 2. On another computer, click Start, click Run, type mstsc, and then click OK. 3. In Computer, enter the name of the server running a Server Core installation, and click Connect. 4. Log on using an administrator account. 5. When the command prompt appears, you can manage the computer using the Windows command-line tools. 6. When you have finished remotely managing the computer, type logoff in the command prompt to end your Terminal Server session. Notes • If you are running the Terminal Services client on a previous version of Windows, you must turn off the higher security level that is set by default in Windows Server 2008. To do this, after step 1, type the following command at the command prompt: •

cscript C:\Windows\System32\Scregedit.wsf /cs 0

Notes • For more information about command-line tools, see "Steps for administering a Server Core installation" later in this document. •

You can find further information at the Command-Line Reference A-Z ().

Often it is useful to run Cmd.exe in a Command Prompt window on your local computer, rather than in the Terminal Services client. To do this, you need a standard Windows Server 2008 installation and the latest Terminal Services client. To use TS RemoteApp to publish Cmd.exe to your local computer 1. Add the Terminal Services role to the computer running Windows Server 2008 using Server Manager. 2. Start MMC on the computer running Windows Server 2008, add the TS RemoteApp Manager snap-in, and then connect the snap-in to a server running a Server Core installation. 3. In the Results pane of the snap-in, click RemoteApp Programs, and then navigate to \\<ServerName>\c$\windows\system32\cmd.exe (where ServerName is the name of the server running a Server Core installation). 4. In the Allow list, click Remote cmd.exe, and then click Create RDP package. 5. Connect to the server running a Server Core installation by using the Remote Desktop Protocol package. 22

To manage a server running a Server Core installation by using the Windows Remote Shell 1. To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt: WinRM quickconfig 2. On another computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type: winrs -r:<ServerName> dir c:\windows Where: ServerName is the name of the server running a Server Core installation. Note The WinRM quickconfig setting enables a server running a Server Core installation to accept Windows Remote Shell connections. This setting can also be set in an unattend file. See the example in Appendix A at the end of this document. Important • For more information about using different security credentials to run commands, see the command-line help for WinRS.exe by typing winrs -? at a command prompt. To manage a server that is running a Server Core installation and is a domain member using an MMC snap-in 1. Start an MMC snap-in, such as Computer Management. 2. In the left pane, right-click the top of the tree and click Connect to another computer. (In the Computer Management example, you would right-click Computer Management (Local).) 3. In Another computer, type the computer name of the server running a Server Core installation and click OK. 4. You can now use the MMC snap-in to manage the server running a Server Core installation as you would any other computer running a Windows Server operating system. To manage a server that is running a Server Core installation and is not a domain member using an MMC snap-in 1. If the server running a Server Core installation is not a member of a domain, establish alternate credentials to use to connect to the Server Core installation by typing the following command at a command prompt on your client computer: cmdkey /add:<ServerName> /user:<UserName> /pass:<password> 23

Where: ServerName is the name of the server running a Server Core installation. UserName is the name of an administrator account. To be prompted for a password, omit the /pass option. 2. When prompted, type the password for the user name that is specified in the previous step. 3. If the firewall on the computer running a Server Core installation is not already configured to allow MMC snap-ins to connect, follow the steps in "To configure Windows Firewall to allow MMC snap-in(s) to connect." Then return to this procedure. 4. On a different computer, start an MMC snap-in, such as Computer Management. 5. In the left pane, right-click the top of the tree and click Connect to another computer. (In the Computer Management example, you would right-click Computer Management (Local).) 6. In Another computer, type the computer name of the server running a Server Core installation and click OK. 7. You can now use the MMC snap-in to manage the server running a Server Core installation as you would any other computer running a Windows Server operating system. To configure Windows Firewall to allow MMC snap-in(s) to connect •

To allow all MMC snap-ins to connect, at a command prompt, type:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes •

To allow only specific MMC snap-ins to connect, at a command prompt, type:

Netsh advfirewall firewall set rule group=“” new enable=yes Where: Rulegroup is one of the values from the table below, depending on which snap-in you want to connect.

24

MMC snap-in Rule group

Event Viewer Remote Event Log Management Services Remote Services Management Shared Folders File and Printer Sharing Task Scheduler Remote Scheduled Tasks Management Reliability and Performance •

Performance Logs and Alerts

•

File and Printer Sharing

Disk Management Remote Volume Management Windows Firewall with Advanced Security Windows Firewall Remote Management

25

Notes • Some MMC snap-ins do not have a corresponding rule group that allows them to connect through the firewall. However, enabling the rule groups for Event Viewer, Services, or Shared Folders will allow most other snap-ins to connect. • Additionally, certain snap-ins require further configuration before they can connect through the firewall: • Device Manager. You must first enable the Allow remote access to the PnP interface policy setting. To do this, on a computer running Windows Vista or a full installation of Windows Server 2008, open the Local Group Policy Editor MMC snap-in, connect to the computer running a Server Core installation, navigate to Computer Configuration\Administrative Templates\Device Installation, and then enable Allow remote access to the PnP interface. Restart the computer running a Server Core installation. Note that when Device Manager is used remotely, it is read-only. • Disk Management. You must first start the Virtual Disk Service (VDS) on the computer running a Server Core installation. • IP Security Monitor. You must first enable remote management of this snap-in. To do this, at a command prompt, type: Cscript \windows\system32\scregedit.wsf /im 1 • Reliability and Performance. The snap-in does not require any further configuration, but when you use it to monitor a computer running a Server Core installation, you can only monitor performance data. Reliability data is not available. To add hardware to a server running a Server Core installation 1. Follow the instructions provided by the hardware vendor for installing new hardware: • If the driver for the hardware is included in Windows Server 2008, Plug and Play will start and install the driver. • If the driver for the hardware is not included, proceed with the steps 2 and 3. 2. Copy the driver files to a temporary folder on the server running a Server Core installation. 3. At a command prompt, open the folder where the driver files are located, and then run the following command: pnputil -i -a Where: driverinf is the file name of the .inf file for the driver. 4. If prompted, restart the computer.

26

To obtain a list of drivers that are installed on the server running a Server Core installation •

At a command prompt, type:

sc query type= driver Note You must include the space after the equal sign for the command to complete successfully. To disable a device driver on a server running a Server Core installation •

At a command prompt, type:

sc delete <service_name> Where: service_name is the name of the service that you obtain by running sc query type= driver.

Administering a Server Core installation This section focuses on common administrative tasks that are performed locally or remotely from a command prompt. The commands are grouped into the following sections: •

Configuration and installation

•

Networking and firewall

•

Updates and error reporting

•

Services, processes and performance

•

Event logs

•

Disk and file system

•

Hardware

•

Remote administration

Prerequisites for administering a Server Core installation To complete this task, you need: • A computer on which you have installed and configured a Server Core installation of Windows Server 2008 • An administrator user account and password for the server running a Server Core installation

Known issues for administering a Server Core installation • Server Core installation supports Windows Installer in quiet mode so that you can install tools and utilities from Windows Installer files. 27

• To use the Disk Management MMC snap-in remotely, start the Virtual Disk Service on a server running a Server Core installation. To do this, type the following at a command prompt: net start VDS • If you need to write a script for managing a server running a Server Core installation, which requires the secure inclusion of an administrative password, see the scripting column on Microsoft TechNet (http://go.microsoft.com/fwlink/?LinkID=56421).

Steps for administering a Server Core installation The following procedures summarize common administrator tasks for a server running a Server Core installation.

Configuration and installation Task

Steps

Set the local administrative password

At a command prompt, type: net user administrator *

Join a computer to a domain

1. At a command prompt, type on one line: netdom join %computername% /domain:<domain> /userd:<domain>\username> /password:* 2. Restart the computer.

Confirm that the domain has changed

At a command prompt, type: set

Remove a computer from a domain

At a command prompt, type: netdom remove

Add a user to the local Administrators group.

At a command prompt, type:

Remove a user from the local Administrators group

At a command prompt, type:

Add a user to the local computer

At a command prompt, type:

net localgroup Administrators /add <domain>\<username>

net localgroup Administrators /delete <domain\username>

net user <domain\user name> /add * Add a group to the local computer

At a command prompt, type: net localgroup /add

28

Task

Steps

Change the name of a domain-joined computer

At a command prompt, type:

Confirm the new computer name

At a command prompt, type:

netdom renamecomputer %computername% /NewName: /userd:<domain\username> /password:*

set Change the name of a computer in a work group

1. At a command prompt, type: netdom renamecomputer <currentcomputername> /NewName: 2. Restart the computer.

Disable paging file management

At a command prompt, type: wmic computersystem where name="" set AutomaticManagedPagefile=False

Configure the paging file

At a command prompt, type: wmic pagefileset where name=”<path/filename>” set InitialSize=,MaximumSize=<maxsize> Where: path/filename is the path to and name of the paging file initialsize is the starting size of the paging file in bytes. maxsize is the maximum size of the page file in bytes.

Change to a static IP address.

1. At a command prompt, type: ipconfig /all 2. Record the relevant information or redirect it to a text file (ipconfig /all >ipconfig.txt). 3. At a command prompt, type: netsh interface ipv4 show interfaces 4. Verify that there is an interface list. 5. At a command prompt, type: netsh interface ipv4 set address name
Task

Steps

from interface list> source=static address=<preferred IP address> gateway= 6. Verify by typing ipconfig /all at a command prompt and checking that DHCP enabled is set to No. Set a static DNS address.

1. At a command prompt, type: netsh interface ipv4 add dnsserver name= address= index=1 2. At a command prompt, type: netsh interface ipv4 add dnsserver name= address= index=2 3. Repeat as appropriate to add additional servers. 4. Verify by typing ipconfig /all and checking that all the addresses are correct.

Change to a DHCP-provided IP address from a static IP address.

1. At a command prompt, type: netsh interface ipv4 set address name= source=DHCP 2. Verify by typing Ipconfig /all and checking that DCHP enabled is set to Yes.

Activate the server locally.

At a command prompt, type: slmgr.vbs -ato

Activate the server remotely.

1. At a command prompt, type: cscript slmgr.vbs -ato <servername> <username> <password> 2. Retrieve the GUID of the computer by typing cscript slmgr.vbs -did 3. Type cscript slmgr.vbs -dli 4. Verify that License status is set to Licensed (activated).

30

Note If Slmgr.vbs fails to activate the computer, the resulting error message advises you to run Slui.exe, along with the error code for more information. Slui.exe is not included in Server Core installations—it is available in Windows Vista and full installations of Windows Server 2008.

Networking and firewall Task

Steps

Configure your server to use a proxy server.

At a command prompt, type: netsh Winhttp set proxy <servername>:<port number> Note Server Core installations cannot access the Internet through a proxy that requires a password to allow connections.

Configure your server to bypass the proxy for internet addresses.

At a command prompt, type:

Display or modify IPSEC configuration.

At a command prompt, type:

netsh winttp set proxy <servername>:<port number>bypass-list=""

netsh ipsec Display or modify NAP configuration.

At a command prompt, type: netsh nap

Display or modify IP to physical address translation.

At a command prompt, type:

Display or configure the local routing table.

At a command prompt, type:

arp

route View or configure DNS server settings.

At a command prompt, type: nslookup

Display protocol statistics and current TCP/IP network connections.

At a command prompt, type: netstat

Display protocol statistics and current TCP/IP At a command prompt, type: connections using NetBIOS over TCP/IP (NBT). nbtstat Display hops for network connections.

At a command prompt, type: 31

Task

Steps

pathping Trace hops for network connections.

At a command prompt, type: tracert

Display the configuration of the multicast router. At a command prompt, type: mrinfo Enable remote administration of the firewall.

At a command prompt, type: netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable=yes

Updates, error reporting, and feedback Task

Steps

Install an update.

At a command prompt, type: wusa .msu /quiet

List installed updates

At a command prompt, type: systeminfo

Remove an update.

1. Type at a command prompt: expand /f:* .msu c:\test 2. Navigate to c:\test\ and open .xml in a text editor. 3. In .xml, replace Install with Remove and save the file. 4. At a command prompt, type: pkgmgr /n:.xml

Configure automatic updates.

At a command prompt: •

To verify the current setting, type:

cscript scregedit.wsf /AU /v •

To enable automatic updates, type:

cscript scregedit.wsf /AU /4 •

To disable automatic updates, type:

cscript scregedit.wsf /AU /1 Enable error reporting.

At a command prompt: •

To verify the current setting, type: 32

Task

Steps

serverWerOptin /query • To automatically send detailed reports, type: serverWerOptin /detailed • To automatically send summary reports, type: serverWerOptin /summary • To disable error reporting, type: serverWerOptin /disable Participate in the Customer Experience Improvement Program (CEIP).

At a command prompt: •

To verify the current setting, type:

serverCEIPOptin /query •

To enable CEIP, type:

serverCEIPOptin /enable •

To disable CEIP, type:

serverCEIPOptin /disable

Services, processes, and performance Task

Steps

List the running services.

At a command prompt, type either of the following:

Start a service.

Stop a service.

Retrieve a list of running applications and associated processes.

•

sc query

•

net start

At a command prompt, type either of the following: •

sc start <service name>

•

net start <service name>

At a command prompt, type either of the following: •

sc stop <service name>

•

net stop <service name>

At a command prompt, type: tasklist

33

Task

Steps

Stop a process forcibly.

1. Use the tasklist command to retrieve the process ID (PID). 2. At a command prompt, type: taskkill /PID <process ID>

Start Task Manager.

At a command prompt, type: taskmgr

Manage the performance counters and logging with commands such as typeperf, logman, relog, tracerprt.

See http://go.microsoft.com/fwlink/?LinkId=84872

Event logs Task

Steps

List event logs.

At a command prompt, type: wevtutil el

Query events in a specified log.

At a command prompt, type: wevtutil qe /f:text

Export an event log.

At a command prompt, type: wevtutil epl

Clear an event log.

At a command prompt, type: wevtutil cl

Disk and file system Task

Steps

Manage disk partitions.

For a complete list of commands, at a command prompt, type: diskpart /?

Manage software RAID.

For a complete list of commands, at a command prompt, type: diskraid /?

Manage volume mount points.

For a complete list of commands, at a command prompt, type: 34

Task

Steps

mountvol /? Defragment a volume.

For a complete list of commands, at a command prompt, type: defrag /?

Convert a volume to the NTFS file system.

At a command prompt, type: convert /FS:NTFS

Compact a file.

For a complete list of commands, at a command prompt, type: compact /?

Administer open files.

For a complete list of commands, at a command prompt, type: openfiles /?

Administer VSS folders.

For a complete list of commands, at a command prompt, type: vssadmin /?

Administer the file system.

For a complete list of commands, at a command prompt, type: fsutil /?

Verify a file signature.

At a command prompt, type: sigverif /?

Take ownership of a file or folder.

For a complete list of commands, at a command prompt, type: icacls /?

Hardware Task

Add a driver for a new hardware device.

Steps

1. Copy the driver to a folder at %homedrive%\. 2. At a command prompt, type: pnputil -i -a %homedrive%\\.inf

Remove a driver for a hardware device.

1. For a list of loaded drivers, at a command prompt, type: 35

Task

Steps

sc query type= driver 2. At the command prompt, type: sc delete <service_name>

Logging bugs and feedback Your feedback is important to help us improve the Server Core installation option of Windows Server 2008 in future releases of Windows Server 2008. Please provide feedback regarding: • Your experience using the Server Core installation of Windows Server 2008, including issues that you encounter and whether this document was helpful. • Feature requests and general feedback about the Server Core installation of Windows Server 2008. • Feedback about this step-by-step guide. To provide feedback about this guide, follow the instructions on the Microsoft Web site (http://go.microsoft.com/fwlink/?linkid=55105). Note that in the comment area on the Web site, you need to provide the name of this step-by-step guide.

Additional references The following resources provide additional information about the Server Core installation of Windows Server 2008: • If you need product support, see the Microsoft Connect Web site (http://go.microsoft.com/fwlink/?LinkId=49779) • To access newsgroups for Server Core installation, follow the instructions that are provided on the Microsoft Connect Web site (http://go.microsoft.com/fwlink/?LinkId=50067). • If you are a beta tester and part of the special Technology Adoption Program (TAP) beta program, you can contact your appointed Microsoft development team member for assistance. The following resources provide additional information about some of the commands that are used to install and configure Server Core installations and server roles: Active Directory Windows Server 2003 Active Directory (http://go.microsoft.com/fwlink/?LinkID=19802) Backup Backing Up and Recovering Data (http://go.microsoft.com/fwlink/?LinkID=22347) 36

BitLocker Drive Encryption BitLocker Drive Encryption Overview (http://go.microsoft.com/fwlink/?LinkID=62724) Failover Clustering Clustering Services (http://go.microsoft.com/fwlink/?LinkID=50520) Dcpromo unattend files Performing an Unattended Installation of Active Directory (http://go.microsoft.com/fwlink/?LinkId=49661) DHCP Dynamic Host Configuration Protocol (http://go.microsoft.com/fwlink/?LinkID=56423) Dfscmd Dfscmd Overview (http://go.microsoft.com/fwlink/?LinkId=49658) Distributed File System Distributed File System (DFS) (http://go.microsoft.com/fwlink/?LinkId=58131) Distributed File System Replication Distributed File System Replication (http://go.microsoft.com/fwlink/?LinkID=62725) DNS Windows Server 2003 Domain Name System (DNS) (http://go.microsoft.com/fwlink/?LinkID=56422) Dnscmd Dnscmd Overview (http://go.microsoft.com/fwlink/?LinkId=49656) Dnscmd Syntax (http://go.microsoft.com/fwlink/?LinkId=49659) Dnscmd Examples (http://go.microsoft.com/fwlink/?LinkId=49660) File Replication Service What is FRS? (http://go.microsoft.com/fwlink/?LinkID=62726) 37

File Server File and Storage Services (http://go.microsoft.com/fwlink/?LinkID=26716) Multipath I/O Microsoft Storage Technologies: Multipath I/O (http://go.microsoft.com/fwlink/?LinkId=50521) Netsh Netsh Overview (http://go.microsoft.com/fwlink/?LinkId=49654) Network File System Performance Tuning Guidelines for Services for Network File System (http://go.microsoft.com/fwlink/?LinkID=62727) Removable Storage Removable Storage (http://go.microsoft.com/fwlink/?LinkID=62728) Subsystem for UNIX-based Applications Welcome to Subsystem for UNIX-based Applications (http://go.microsoft.com/fwlink/?LinkID=57768)

Appendix A: Sample Server Core installation Unattend.xml Copy this sample code into a text editor and save it as Unattend.xml. Note See the unattend file documentation for more information about unattend file settings. Windows System Image Manager, which is provided as part of the Windows Automated Installation Kit, provides an excellent environment for authoring unattend files. <settings pass="windowsPE"> 38

<UserData> true MyFullName MyOrganizationName <WillShowUI>OnError Sensitive*Data*Deleted <WillShowUI>Never 0 <PartitionID>1 <MetaData> /IMAGE/Name Windows Longhorn SERVERSTANDARDCORE <settings pass="specialize"> MyCompName

39

<UserAuthentication>0 false true UserDomain <Username>UserName <Password>UserPassword <JoinDomain>DomainToBeJoined <settings pass="oobeSystem"> 40

1024 768 16 <UserAccounts> DOMAIN TestAccount1 Administrators

Note For , if you use * the name will be randomly generated.

41