Admin”s Guide to Server Core Commands

Repost from AdminPrep.com…I will be moving several of the articles over to this blog.



Before all this starts, credit must go where credit is due.  I did not come up with all of the info within this article.  A lot of people have felt my pain and have contributed in their own ways.  One place you should know about is the Official Server Core Blog, as it is where I learned my all time favorite command which embeds the time into the Command Prompt (read on to see that one!).  As I”ve collected my own list internally and blogged on for about a year now I see a lot of the same commands there.  The Windows Server 2008 Administrator”s Companion has a nice chapter on Server Core but by far the best resource are the scripts that accompany the book.  They allow you to very easily configure common settings.  One last area you should look into is of course Guy Teverovsky”s Server Core Configurator…if you haven”t see it check it out now!


Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI).  I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager.  One thing that definitely doesn”t run on Server Core is the Explorer process.  If you”re unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens…don”t freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run…) and then type explorer.exe.


The purpose of this article is not to give you every last detail to Server Core but to provide you with what you need to know it get it up and running in your environment.


Server Core has a limited amount of roles that can be installed on it, which include:


  • Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
  • DNS Server
  • Internet Information Services (IIS) (No ASP.NET support)
  • DHCP Server
  • File Services
  • Print Services
  • Streaming Media Services
  • Hyper V

Now that doesn”t mean that Server Core can”t do other things.  In fact it can, but Microsoft calls those other items Features and not Roles.


  • Microsoft Failover Cluster (not available in Standard Edition)
  • Network Load Balancing
  • Subsystem for UNIX-based applications
  • Backup
  • Multipath IO
  • Removable Storage Management
  • Bitlocker Drive Encryption
  • Simple Network Management Protocol (SNMP)
  • WINS
  • Telnet

Later on in the article I will explain how to install these services.  But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.


Server Core Common Networking and Firewall Commands


Here is the start of you Networking and Firewall related commands for Server Core:


Server Core Common Networking Commands


To configure the IP address we will have to remember (or learn) Netsh.


Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary


Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp


Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”


Server Core Common Windows Firewall Commands:


The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.


Disable firewall:
netsh firewall set opmode disable


Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely.  The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.


MMC Snap-in – Event Viewer
Windows Firewall Rule Group - Remote Event Log Management


MMC Snap-in – Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing


MMC Snap-in – Task Scheduler
Windows Firewall Rule Group –
Remote Scheduled Tasks Management


MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing


MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management


MMC Snap-in – Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management


To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes


To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes


Server Core Common Domain Management Commands

Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.


Remove from domain:
netdom remove


Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*


Rename Administrator:
wmic UserAccount where Name=”Administrator” call Rename Name=”new-name”


Add User to a Local Group
net localgroup GroupName /add


Remove User from a Local Group
net localgroup GroupName /delete


Confirm Domain and/ New Computer name
Set


Update User Passwords:
Net user [/domain] *


Server Core Common Server Management Commands


Toggle Remote Desktop on and off:
Cscript windowssystem32scregedit.wsf /ar 0


Enable reduced security for RDP connections:
Cscript windowssystem32scregedit.wsf /cs 0


Active Server Core:
Local method – Slmgr.vbs –ato
Remote method – Cscript windowssystem32slmgr.vbsServerName UserName password:-ato


Rename a Stand-Alone Member:
netdom renamecomputer /NewName:


List of installed patches:
wmic qfe list


Install Updates:
wusa .msu /quiet


Configure for AutoUpdates:
cscript scregedit.wsf /AU /4


Disable AutoUpdates:
cscript scregedit.wsf /AU /1


View AutoUpdate Setting:
cscript scregedit.wsf /AU /v


Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=


Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :


All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat


List Running Services:
sc query


Start and/or Stop a Service:
sc start
sc stop


Task Manager: (Ctrl+Shift+Esc)
taskmgr


Manage Disk Volumes:
Diskpart /?


Defrag a Volume:
defrag /?


Change Time and Time Zone:
control timedate.cpl


Change the Desktop Resolution: (requires you to log off and back on)
Regedit – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlVideo
000DefaultSettings.XResolution
000DefaultSettings.YResolution


Display the Time in the Command Prompt:
prompt [$t]$s$p$g


Log off:
shutdown /l


Restart Now:
shutdown /r /t 0


 


 


 


To get the Roles and Features installed you are going to need to use the ocsetup.exe command.  The OC is short for Optional Components.  The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete.  Below you will find a list of the commands that are required to install Roles and Features on Server Core.


DNS
start /w ocsetup DNS-Server-Core-Role


DHCP
start /w ocsetup DHCPServerCore


File Services (Server service is installed by default) but there are other role features


File Replication Service
start /w ocsetup FRS-Infrastructure


Distributed File System
start /w ocsetup DFSN-Server


Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition


Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base


Hyper V
start /w ocsetup Microsoft-Hyper-V


Print Server feature
start /w ocsetup Printing-ServerCore-Role


Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService


Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore


Active Directory Domain Services
dcpromo /unattend:


Streaming Media Services
Follow directions found in Article ID 934518


IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel


NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.


Now let”s take a look at how we install Features on Server Core:


Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core


Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer


Subsystem for UNIX-based applications
start /w ocsetup SUACore


Multipath IO
start /w ocsetup MultipathIo


Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore


Bitlocker Drive Encryption
start /w ocsetup BitLocker


Backup
start /w ocsetup WindowsServerBackup


Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC


Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC


Telnet client
start /w ocsetup TelnetClient


NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.


Having the Role or Feature installed doesn”t do much without going in and configuring the service.  The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista. 


Take a look here for more info on how to manage DNS with DNSCMD and then head over here for installing Active Directory via an answer file on Server Core.


I know this isn”t a complete listing of the commands but I really believe this should help you get started in the right direction.  One of the best resources out there is from the Windows Server 2008 Step-by-Step Guides.. For this case you will want to download the Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc guide.

How to Configure Conditional Forwarders in Windows Server 2008



Conditional Forwarders was a new feature within the Microsoft DNS server for Windows Server 2003.  It was a great addition that allowed you to specify a specific DNS server for clients trying to resolve hosts in a specific domain.  This way you could tell the DNS server to always go to a specific DNS server for specific domain names.

One of the things that you will find different in Windows Server 2008’s DNS is how it displays Conditional Forwarders.  Previously you needed to view the Forwarders tab in the DNS server’s properties. Here is shot of the old way.

 

The new way is in plain site…but it still seems like people miss it.



Now here is a look at what type of options you have for it:



You just place the DNS domain name in the top section and the IP address of the DNS server that is authoritative for that domain below.  Notice you also can store this Conditional Forwarder in Active Directory if you want.  It is NOT the default.  Behind that drop down is the amount of time the DNS server will wait before it times out…which is 5 seconds by default.

Hopefully that helps you figure out how DNS Conditional Forwarders are set up in Windows Server 2008

DNSCMD Reference

Fellow Directory Services MVP Mark Minasi has a great table that shows a ton DNS commands using dnscmd. For those of you getting ready to use Server Core here is yet another list of commands that will come in handy. All I can say is WOW!!!


Function

DNSCMD option

Example

Comments

Do any dnscmd command on a remote system

dnscmd servername command

dnscmd main.bigfirm.com /zoneprint bigfirm.com

   

Create a primary zone

dnscmd /zoneadd zonename /primary

dnscmd /zoneadd bigfirm.com /primary

   

Create a secondary zone

dnscmd /zoneadd zonename /secondary master IP address

dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1

   

Host a zone on a server based on an existing (perhaps restored) zone file

dnscmd /zoneadd zonename /primary /file filename /load

dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load

   

Delete a zone from a server

dnscmd /zonedelete zonename [/f]

dnscmd /zonedelete bigfirm.com /f

(without the /f, dnscmd asks you if you really want to delete the zone)

Show all of the zones on a DNS server

dnscmd /enumzones

dnscmd /enumzones

   

Dump (almost) all of the records in a zone

dnscmd /zoneprint zonename

dnscmd /zoneprint bigfirm.com

Doesn”t show glue records.

Add an A record to a zone

dnscmd /recordadd zonename hostname A ipaddress

dnscmd /recordadd bigfirm.com mypc A 192.168.1.33

   

Add an NS record to a zone

dnscmd /recordadd zonename @ NS servername

dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com

   

Delegate a new child domain, naming its first DNS server

dnscmd /recordadd zonename childname NS dnsservername

dnscmd /recordadd bigfirm.com test NS main.bigfirm.com

This would create the “test.bigfirm.com” DNS child domain unter the bigfirm.com DNS domain

Add an MX record to a zone

dnscmd /recordadd zonename @ MX priority servername

dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com

   

Add a PTR record to a reverse lookup zone

dnscmd /recordadd zonename lowIP PTR FQDN

dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com

This is the PTR record for a system with IP address 192.168.1.3

Modify a zone”s SOA record

dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL

dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200

Ignores the serial number if it”s not greater than the current serial number

Delete a resource record

dnscmd /recorddelete zonename recordinfo [/f]

dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f

Again, “/f” means “don”t annoy me with a confirmation request, just do it.”

Create a resource record and incorporate a nonstandard TTL

dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord

dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4

   

Reload a zone from its zone file in windowssystem32dns

dnscmd /zonereload zonename

dnscmd /zonereload bigfirm.com

Really only useful on primary DNS servers

Force DNS server to flush DNS data to zone file

dnscmd /zonewriteback zonename

dnscmd /zonewriteback bigfirm.com

   

Tell a primary whom to allow zone transfers to

dnscmd /zoneresetsecondaries zonename /nonsecure|securens

dnscmd /zoneresetsecondaries bigfirm.com /nonsecure

That example says to allow anyone who asks to get a zone transfer

Enable/disable DNS NOTIFY

dnscmd /zoneresetsecondaries zonename /notify|/nonotify

dnscmd /zoneresetsecondaries bigfirm.com /nonotify

Example disables DNS notification, which is contrary to the default settings.

Tell a secondary DNS server to request any updates from the primary

dnscmd /zonerefresh zonename

dnscmd /zonerefresh bigfirm.com

   

Enable or disable dynamic DNS on a zone

dnscmd /config zonename /allowupdate 1|0

1 enables, 0 disables, 0 is default

   

Stop the DNS service

Either net stop dns or sc stop dns

   

(No dnscmd command for this)

Start the DNS service

Either net start dns or sc start dns

   

(No dnscmd command for this)

Install the DNS service on a 2008 full install system

servermanagercmd -install dns

   

   

Install the DNS service on a 2008 Server Core system

ocsetup DNS-Server-Core-Role

   

Case matters — ocsetup dns-server-core-role would fail

Uninstall the DNS service on a 2008 Server full install system

servermanagercmd -remove dns

   

   

Uninstall the DNS service on a 2008 Server Core system

ocsetup /uninstall DNS-Server-Core-Role