ServerCore in Windows 2008 R2

Leveraging the GUI-less Version of Windows for Better Security

Microsoft released ServerCore with Windows Server 2008 as a GUI-less version of the Windows Server operating system, and while many of us fiddled with ServerCore, it really didn’t take off for installation in the enterprise.  The biggest challenge administrators had was doing basic administrative tasks with ServerCore.  Since there was no GUI, doing basic mundane tasks like changing the IP address of the server, joining a domain, loading on a feature or server role, even doing something that we’ve always just gone to the Control Panel to do was a challenge because there is no Control Panel on the GUI-less ServerCore version. After doing “net user administrator…”, “netdom rename computer…”, “netdom join..” commands to even get a ServerCore system assigned an IP address and joined to a domain before you could even do anything, most of us gave up on ServerCore in Windows 2008.

With the release of Windows 2008 R2, Microsoft added in a single utility that DRAMATICALLY improved our ability to use ServerCore.  The utility Microsoft added is call SConfig.exe.  Now from the DOS prompt thing, you just type Sconfig and a “menu” (text based) shows up on screen.  You walk the menu to name your server, give it an IP address, join a domain, and most importantly set it so you can run Remote Server Manager to remotely manage the server system.  So you can now have a simple menu to get the basics going, and then remote into the system and use the Server Manager GUI to do the rest!

Where I can count the number of original Windows 2008 ServerCore systems we put into production on a single hand, now with Windows 2008 R2 ServerCore, we’re implementing ServerCore on at least half if not more of the common “utility servers” for enterprise environments.  A “utility server” as I describe it is what you used to put on a thin (1U) “pizza box” type server that acted as an Active Director Global Catalog server, or a DNS server, or a DHCP server.  We’re now even setting up Hyper-V R2 hosts and IIS Web Servers as ServerCore systems for security purposes so that applications are better protected on a system with a limited attack surface operating system.

Performing a Server Core Installation

When installing Windows Server 2008 R2 Server Core, the actual installation process is very similar to a regular server install. As in a normal Windows Server installation, an administrator agrees to the licensing terms, supplies configuration responses, and the Windows Server 2008 R2 Install Windows Wizard copies the files and configures the server. However, unlike a traditional installation of Windows, when the installation is complete and you log on, there isn't a GUI to configure the server. The server can only be configured and managed via the command prompt.

The Server Core installation will reboot your machine or virtual server a couple of times when device detection and the installation takes place. Eventually, you'll be presented with the logon screen.

Follow these steps to conduct a Windows Server 2008 R2 Server Core installation:

1.            Insert the Windows Server 2008 R2 media. The Install Windows page will automatically be launched; otherwise, click on Setup.exe.

2.            Specify the Language to Install, Time and Currency Format, and Keyboard or Input Method, and then click Next.

3.            Click Install Now to begin the installation process.

4.            On the Select the Operating System You Want to Install page, select the Windows Server 2008 R2 Server Core. Click Next to continue.

5.            Review the license terms and select the I Accept the License Terms option, and then click Next.

6.            On the Which Type of Installation Do You Want page, select Custom (Advanced). Because you cannot upgrade a legacy Windows operating system to Server Core, the Upgrade option will not work.

7.            On the Where Do You Want to Install Windows page, select the disk where you plan to install the Windows system files. Alternatively, you can click on the Drive (Options) to create, delete, extend, or format partitions. In addition, click Load Driver to install drivers for the Windows Server 2008 R2 installation that are not available on the media.

NOTE

If the only drive available is Unallocated Space, Windows Server 2008 R2 will automatically create a partition based on the largest size and format the partition with NTFS.

The installation process will commence by copying the files, installing the Windows operating system, and configuring features. After this process is complete, the server will automatically reboot itself and require the installer to change the administrator password for the system. Enter and confirm the administrator password to change the password and log on. You will now be presented with a Command Prompt window, the only GUI available in Server Core.

Managing and Configuring a Server Core Installation

The following sections cover general tasks associated with managing and configuring a Server Core system after the installation is complete via the command prompt.  As an alternative, an administrator can use the SCONFIG utility to configure general settings.  From SConfig, you can walk through the process of changing the IP Address of the server, renaming the server, joining the server to Active Directory, and most important enable Remote Administration for the ServerCore system.

In the SConfig menu, the options that need to be configure (in order):

#3 Network Settings:  give your server an IP Address so it is live on the network

#2 Computer Name:  give your ServerCore system a server name, this will require a system reboot

After the system has rebooted:

#1 Domain/Workgroup;  use SConfig and join your ServerCore system to the domain.  This will require another system reboot

After the system has rebooted:

#5 Change the Windows Update settings so the ServerCore system gets updates regularly (unless you plan to install something like a System Center Configuration Manager or configure Windows Server Update Services (WSUS) policies to automatically update the system

#6 Download and Install Updates: this is the next logical step of making sure the server is patched and updated

Then, #7 to enable Remote Administration and Remote Desktop.

Server Manager Remote Management

Server Manager Remote Management is disabled by default. This is a security feature, much like Remote Desktop, and so Windows Server 2008 R2 defaults to a more secure state out of the box. To enable the Server Manager Remote Management, execute the following steps:

1.            Run SConfig on the ServerCore host system

2.            Choose #7 “Remote Desktop”

3.            Choose to Enable remote server administration through Server Manager

Now the system is ready to accept connections from remote Server Manager consoles. To connect to a remote computer with the Server Manager console from another (GUI-enabled) Windows 2008 R2 server, right-click on the Server Manager root and select Connect to Another Computer. Enter the computer name of the ServerCore system and click OK.

With remote administration enabled, with the ServerCore system is “live” on the network, an administrator can sit on another server and remotely access the ServerCore system.  Despite the ServerCore system itself NOT having a GUI, the remote system you are working on can be a GUI version of Windows and your remoting into the ServerCore system gives you access to make configuration changes from the Server Manager GUi interface.

With the basic server operating, you can now install server roles (DNS, DHCP, GC, IIS/Web, HyperV, etc) onto the ServerCore system.  Couple ways you can do this.  You can run the OCSetup command that is provided with ServerCore to setup the server system with server roles, or there’s a 3rd party product called “Core Configurator” that you can download and install on the ServerCore system.  Core Configurator is a great utility where it provides you a GUI to be able to do additional server tasks such as adding server roles and activating the server with Microsoft.

If you want to use the OCSetup from the command line, the command-line options use the following syntax:

ocsetup.exe [/?] [/h] [/help] component [/log:file] [/norestart] [/passive] [/quiet] [/unattendfile:file] [/uninstall] [/x: parameter]

/?, /h, /help       Explains all the options available for OCSetup

component        Represents the name of the component you plan on installing, such as DNS, DHCP, Web Server (IIS), and more

/log:file                Specifies the log file location if you do not want to take advantage of the default location

/norestart           Does not reboot the computer after the installation

/passive               Suppresses unnecessary noise and only includes progress status

/quiet   Does not require user interaction

/unattendfile:file             Requires additional configurations

/uninstall             Removes server components

/x: parameter    Supplies additional configuration parameters

Performing a server role installation for the following roles use the following commands:

DNS Server role                ocsetup DNS-Server-Core-Role

DHCP Server role             ocsetup DHCPServerCore

File Server role  ocsetup FRS-Infrastructure

Print Server role               ocsetup Printing-ServerCore-Role

Active Directory Lightweight Directory Server role            ocsetup DirectoryServices-ADAM-ServerCore

Windows Deployment Server (Windows DS) role              ocsetup Microsoft-Windows-Deployment-Services

Web Server (IIS) role      ocsetup IIS-WebServerRole

Streaming Media Services role   ocsetup MediaServer

Hyper-V role      ocsetup Microsoft-Hyper-V

Fiddle with ServerCore, we’ve found that we’ve been implementing more and more ServerCore in environments because of the SConfig, the remote Server Manager, and 3rd party utilities like Core Configurator make setting up ServerCore “easy”, and once you setup a DNS Server, DHCP Server, IIS Web Server and can remotely administrator, configure, or manage the system, it doesn’t really matter that the core operating system ON the server itself is GUI-less.

A portion of the above excerpt came from my book “Windows Server 2008 R2 Unleashed”, a 1550-page hardcover book covering everything from Active Driectory Design and migration, to Remote Desktop Services (“terminal services”), to Windows administration, to configuring DHCP/DNS, to Hyper-V R2, and more.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in