Windows Server 2008 Core Eyal Malach Senior Instructor - Hi-Tech College Infrastructure Consultant - Calanit Carmon Email: [email protected].

Windows Server 2008 Core

Eyal MalachSenior Instructor - Hi-Tech CollegeInfrastructure Consultant - Calanit CarmonEmail: [email protected]

Session Objectives and Agenda• Why server core ?• Server Core Overview• Server Core Benefits • Deploying and Configuring Server Core locally• Remote Management of Server Core• Q & A• SUMMARY

Why Server Core?

• Windows Server is frequently deployed to support a single role or a fixed workload• However, you must deploy and service all of Windows

Server

• Value Proposition and challenges • Reduce the attack and servicing surface area• Servers optimized by role are easier to manage and

maintain• Increased reliability and security• Less installed and less running

Server Core Overview

• Server Core is:• A minimal installation option for Windows

Server 2008• Command Line interface, no GUI Shell

Server Core Overview (cont.)

• Server Core includes• A set of server roles

• DHCP, File, Print, AD, AD LDS, Media Services, DNS, and IIS

• The following optional features:• WINS, Failover Clustering, Subsystem for

UNIX-based applications, Backup, Multipath IO, Removable Storage Management, Bitlocker Drive Encryption, SNMP, Telnet Client, QoS

• Server Core also include Hyper-V

Server Core Benefits

Easier to Secure, Manage, and Maintain

Supports Key Infrastructure Roles

Minimal Server Installation

Supports Unattended Installation

Server Core Benefits (cont.)

Reduced attack surface

Less disk space required

Reduced software maintenance

Reduced management

Server Core Benefits (cont.)

Save as money !!! Save as time

Give as Security and peace of mind

Deploying Server Core

• Manual installation using Setup• Unattended installation using

• Setup Unattended• New WDS and MDT

• Only a clean install is supported no Upgrades• Cannot upgrade from a previous version of Windows Server• Cannot upgrade from Server Core to full Server with the

GUI shell• Cannot upgrade from full Server with the GUI shell to

Server Core

Managing Server Core

• Local management• Command Prompt and command line tools• Limited GUI tools (Notepad, Regedit, Task

Manager, Intl.cpl and Timedate.cpl)

Configuring Server Core

• Set admin password• Set static IP address• Join existing domain• Activate the Server• Configure the

firewall• Installing Roles and

Features

How do I start ?

Local management Basic configurationInstalling and configuring server roles

Managing Server Core

• Remote Management• Terminal Server• WS-Management and Windows Remote Shell for

remote command execution • MMC Snap-ins• Power Shell• Third Party Management Tools

Enabling Terminal Services

• Command Line• Remote Admin mode

• Cscript scregedit.wsf /ar 0• Allow pre-Vista/Windows Server 2008 clients

• Cscript scregedit.wsf /cs 0• You can also use Group Policy • Not necessary to have the full desktop for only

CMD.exe• You can configure only cmd.exe in RemoteApp

Terminal server 2008

Managing with Windows Remote Shell

• Windows Remote Management (WinRM) • WS-Management - secure firewall friendly mgmt protocol

• Windows Remote Shell (WinRS)• Requires Windows Vista or Windows Server 2008• Only command line tools or scripts without UI can be

executed • Prompts are problematic, full interactive mode not

supported• For example, “press any key”

Configuring WinRM on Server Core

• The Server side of WS-Management• From the command line

• WinRM quickconfig

• Can also be configured using Group Policy• The client side of WS-Management

• WinRS –r:ServerName cmd

Managing Server Core using MMC

• Once Server Core is installed and roles are installed• Server Core can be fully managed remotely

using MMC• No need to use the command line

Server Role Snap-ins for Remote Management

• Server Role MMCs are not installed by default in full Server installations• Remote Server Administration Tools (RSAT) makes these

available

• RSAT for Windows Vista is finally available • Server Role installation opens appropriate Firewall

ports for remote management

Using Remote Desktop to manage the server remotely Using WinRM to manage the server remotelyUsing MMC to manage the server remotely

Configuring the Firewall on Server Core

• Use netsh advfirewall• To view current profile • To see rules and current configuration• To enable a rule

• Use the Windows Firewall with Advanced Security MMC snap-in

• Must first enable firewall remote management firewall rule on the Server Core installation• Netsh advfirewall firewall set rule group=“Windows

Firewall Remote Management” new enable=yes

Which Rules for Which MMC?

• There isn’t a rule group for every MMC snap-in• There is overlap between the rules• Some MMC snap-ins require additional configuration

MMC Snap-in Rule GroupEvent Viewer Remote Event Log Management

Services Remote Service Management

Shared Folders File and Printer Sharing

Task Scheduler Remote Scheduled Tasks Management

Reliability and Performance “Performance Logs and Alerts” and “File and Printer Sharing”

Some MMCs Require Additional Configuration

• Device Manager• Must enable the "Allow remote access to the PnP

interface" policy

• Disk Management• Enable the “remote volume management” firewall group• Start the Virtual Disk Service (VDS)

• IPSec Mgmt• Cscript \windows\system32\scregedit /im 1

PowerShell

• Not supported locally on Server Core• Can use PowerShell to remotely manage Server

Core via WMI• The IIS 7 PowerShell cmdlets are all WMI based

• To remotely use WMI through PowerShell• Get-WMIObject <wmi class> -computername <server>

• To obtain a list of WMI Classes• Get-WMIObject –list –computername <server>

Creating a DC

• DCPromo is used to install/remove the associated Active Directory Domain Services

• Must be run in unattended mode• Specify the configuration via an

unattended file• The Active Directory Domain Services

Installation Wizard running on the full server can be used to create a suitable unattended

Configuring the firewall in Server CoreInstalling active directory on Server CoreUsing CoreConfigurator

summary

• Why server core ?• Server Core Overview• Server Core Benefits • Deploying and Configuring Server Core locally• Remote Management of Server Core• Your next step

! משוב למלא כדאי? ממלאים איך

•, יום כל בסיום שישלח מייל בעקבות, HPבמתחם Business Centerב-•ודן • הילטון במלונות האינטרנט בעמדות

? חולצת לך מגיעה משוב !Live Itמילאת? הכנס ימי בשלושת משוב מלאת

ב לזכות הזדמנות לך לתאילנד יש טיסה מתנת כרטיס' , BTCסוכנות ק ג בלאק , מכשיר סמסונג מכשיר מתנת

HTC , ניופאן סנטר מתנת ...DataSafeמתנת מדיה ועוד

Eyal MalachSenior Instructor - Hi-Tech CollegeInfrastructure Consultant - Calanit CarmonEmail: [email protected]

Thank you very much for

participating

© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.