I’ve been a fan of Server Core since I heard about it and you can see by the 20+ posts I have on the product. Server Core has been out since Windows 2008 which is just under 40 months. Server Core R2 has been out for about 20 months. One of the selling points that Microsoft made on server core was that it would have a reduced attack surface and thus you would have fewer reboots due to patches. While preparing for a talk on Server Core I wanted to investigate this a bit more. I reached out for some help to Andrew Mason (if you don’t know that name you aren’t a Server Core hard core freak like me). Andrew runs the official Server Core blog over on TechNet. Andrew sent me some wonderful information on the subject that I’d like to share with you.
Take a look at these numbers. I’ll explain in more detail below.
We are comparing both Server Core 2008 and R2. The Reduction column is % reduced based off the hotfixes Microsoft released during their existing lifespan. Critical Only is just that, the reduction of patches Microsoft rated Critical for both versions of Server Core.
Now lets look at the rows starting with All applicable patches.
Now we see the area called Necessary patches only. What does that mean? That is referencing the patches that are really needed for Server Core. There are some vulnerabilities that show Server Core as vulnerable but its not exploitable. That is what is called out on the bottom of the graphic. Microsoft does this because it has changed the file and would probably prefer you to update the file eventually too. IMHO I’d patch these but would bundle them with the necessary patches.
I remember reading an article from David Cross on TechNet stating the following “In some cases, customers can see up to a 60% reduction in patch requirements and the number of reboots on a monthly basis” These are the numbers that back up statements such as that.
Those are some pretty impressive numbers. Great job to the whole Server Core team. I really hope Microsoft continues with this product and from recent announcements on the next version of SQL it looks like they are sticking with it.
*Numbers updated through the May 2011 patch Tuesday
Last week I was a speaker at Tech Immersion 2011 here in Phoenix Arizona. I gave four talks on a range of topics that covered Active Directory, PowerShell and Server Core. Hopefully I have some new followers since the conference and if so make sure to say hi in the comments.
The highlight for myself was meeting Jeffrey Snover. If you don’t know who he is then you better Bing or Google him now. This is the father of PowerShell and now the Lead Architect for the Windows Server Division. He was really great to talk, in fact there were a lot of great presenters there including, PowerShell gurus Don Jones & James Brundage, Microsoft Certified Master’s Miguel Wood & Mike Pfeiffer, MVPs and MCTs such as Simon Allardice, Scott Cate, Jeff Jones, Spike Xavier as well as Microsoft employees Michael Palermo, Harold Wong, Tony Harris & Kathrine Lord and ITIL/COBIT Master Mark Thomas. I left one person out and that was on purpose. Jason Helmick…what can I say. He along with the rest of Interface Technical Training put on an excellent conference that will only grow more and more as time goes on. Great job Jason and Lynn from Interface as well as everyone else that supported this event.
Here is a pic of Jeffrey and I after the event hanging out at Dick’s Hideaway.
I can’t wait for Interface to host another great event like this.
Just saw over on the Server Core blog that Andrew posted some links to a couple excellent resources. The first one is what I consider to be the Server Core Bible. It has just about everything you can think of when it comes to configuring Server Core. The next link is to a couple job aids that give you a quick look at some common commands.
These job aids actually gives me some ideas on some things I’d like to create…now if I only had more time.
This has to be the mother of all resource collections on Microsoft clustering and high availability. I’ve copied over the links directly from the MS Cluster blog so that I have quick access to them in the future.
Quite a few people have asked recently about services in Server Core. They want to know what’s running and what’s not running. Below you will find a listing that intended to help those out that need to know the status of Services on Server Core. It is sorted by Service Name.
Another useful item to note on Server Core (or the CMD Prompt on Server) is that you can still use the SC command. In particular you should run SC Query, this little useful command will tell you which services are running. If you want to view the ones that are not running just run sc query state=inactive. There is a bunch of stuff you can do with the SC command and you should really check out the help.
A great tip for using commands is to append | more to the end of the command. This should only display one page at a time.
|Service Name||Display Name||Startup Mode||Account|
|BFE||Base Filtering Engine||Auto||LocalService|
|BITS||Background Intelligent Transfer Service||Auto||LocalSystem|
|COMSysApp||COM+ System Application||Manual||LocalSystem|
|DcomLaunch||DCOM Server Process Launcher||Auto||LocalSystem|
|DPS||Diagnostic Policy Service||Auto||LocalService|
|Eventlog||Windows Event Log||Auto||LocalService|
|EventSystem||COM+ Event System||Auto||LocalService|
|FCRegSvc||Microsoft Fibre Channel Platform Registration Service||Manual||LocalService|
|gpsvc||Group Policy Client||Auto||LocalSystem|
|hidserv||Human Interface Device Access||Manual||LocalSystem|
|hkmsvc||Health Key and Certificate Management||Manual||LocalSystem|
|IKEEXT||IKE and AuthIP IPsec Keying Modules||Auto||LocalSystem|
|KeyIso||CNG Key Isolation||Manual||LocalSystem|
|KtmRm||KtmRm for Distributed Transaction Coordinator||Auto||Network-Service|
|lltdsvc||Link-Layer Topology Discovery Mapper||Manual||LocalService|
|lmhosts||TCP/IP NetBIOS Helper||Auto||LocalService|
|MSDTC||Distributed Transaction Coordinator||Auto||Network-Service|
|MSiSCSI||Microsoft iSCSI Initiator Service||Manual||LocalSystem|
|napagent||Network Access Protection Agent||Manual||Network-Service|
|netprofm||Network List Service||Auto||LocalService|
|NlaSvc||Network Location Awareness||Auto||Network-Service|
|nsi||Network Store Interface Service||Auto||LocalService|
|pla||Performance Logs & Alerts||Manual||LocalService|
|PlugPlay||Plug and Play||Auto||LocalSystem|
|PolicyAgent||IPsec Policy Agent||Auto||Network-Service|
|ProfSvc||User Profile Service||Auto||LocalSystem|
|RpcSs||Remote Procedure Call (RPC)||Auto||Network- Service|
|RSoPProv||Resultant Set of Policy Provider||Manual||LocalSystem|
|sacsvr||Special Administration Console Helper||Manual||LocalSystem|
|SamSs||Security Accounts Manager||Auto||LocalSystem|
|SCPolicySvc||Smart Card Removal Policy||Manual||LocalSystem|
|SENS||System Event Notification Service||Auto||LocalSystem|
|SessionEnv||Terminal Services Configuration||Manual||LocalSystem|
|swprv||Microsoft Software Shadow Copy Provider||Manual||LocalSystem|
|TBS||TPM Base Services||Manual||LocalService|
|TrustedInstaller||Windows Modules Installer||Auto||LocalSystem|
|UmRdpService||Terminal Services UserMode Port Redirector||Manual||LocalSystem|
|VSS||Volume Shadow Copy||Manual||LocalSystem|
|WcsPlugInService||Windows Color System||Manual||LocalService|
|WdiServiceHost||Diagnostic Service Host||Manual||LocalService|
|WdiSystemHost||Diagnostic System Host||Manual||LocalSystem|
|Wecsvc||Windows Event Collector||Manual||Network-Service|
|WinHttpAuto-ProxySvc||WinHTTP Web Proxy Auto-Discovery Service||Auto||LocalService|
|Winmgmt||Windows Management Instrumentation||Auto||LocalSystem|
|WinRM||Windows Remote Management (WS-Management)||Auto||Network-Service|
|wmiApSrv||WMI Performance Adapter||Manual||LocalSystem|
Repost from AdminPrep.com…I will be moving several of the articles over to this blog.
Before all this starts, credit must go where credit is due. I did not come up with all of the info within this article. A lot of people have felt my pain and have contributed in their own ways. One place you should know about is the Official Server Core Blog, as it is where I learned my all time favorite command which embeds the time into the Command Prompt (read on to see that one!). As I”ve collected my own list internally and blogged on for about a year now I see a lot of the same commands there. The Windows Server 2008 Administrator”s Companion has a nice chapter on Server Core but by far the best resource are the scripts that accompany the book. They allow you to very easily configure common settings. One last area you should look into is of course Guy Teverovsky”s Server Core Configurator…if you haven”t see it check it out now!
Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI). I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager. One thing that definitely doesn”t run on Server Core is the Explorer process. If you”re unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens…don”t freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run…) and then type explorer.exe.
The purpose of this article is not to give you every last detail to Server Core but to provide you with what you need to know it get it up and running in your environment.
Server Core has a limited amount of roles that can be installed on it, which include:
Now that doesn”t mean that Server Core can”t do other things. In fact it can, but Microsoft calls those other items Features and not Roles.
Later on in the article I will explain how to install these services. But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.
Server Core Common Networking and Firewall Commands
Here is the start of you Networking and Firewall related commands for Server Core:
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in – Event Viewer
Windows Firewall Rule Group – Remote Event Log Management
MMC Snap-in – Services
Windows Firewall Rule Group – Remote Services ManagementMMC Snap-in – Shared Folders
Windows Firewall Rule Group – File and Printer Sharing
MMC Snap-in – Task Scheduler
Windows Firewall Rule Group – Remote Scheduled Tasks Management
MMC Snap-in – Reliability and Performance
Windows Firewall Rule Group – Performance Logs and Alerts
Windows Firewall Rule Group – File and Printer Sharing
MMC Snap-in – Disk Management
Windows Firewall Rule Group – Remote Volume Management
MMC Snap-in – Windows Firewall with Advanced Security
Windows Firewall Rule Group – Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
wmic UserAccount where Name=”Administrator” call Rename Name=”new-name”
Add User to a Local Group
net localgroup GroupName /add
Remove User from a Local Group
net localgroup GroupName /delete
Confirm Domain and/ New Computer name
Update User Passwords:
Net user [/domain] *
Toggle Remote Desktop on and off:
Cscript windowssystem32scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript windowssystem32scregedit.wsf /cs 0
Active Server Core:
Local method – Slmgr.vbs –ato
Remote method – Cscript windowssystem32slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
List Running Services:
Start and/or Stop a Service:
Task Manager: (Ctrl+Shift+Esc)
Manage Disk Volumes:
Defrag a Volume:
Change Time and Time Zone:
Change the Desktop Resolution: (requires you to log off and back on)
Regedit – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlVideo
Display the Time in the Command Prompt:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
start /w ocsetup DNS-Server-Core-Role
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
Streaming Media Services
Follow directions found in Article ID 934518
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let”s take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
start /w ocsetup MultipathIo
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
start /w ocsetup TelnetClient
NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Having the Role or Feature installed doesn”t do much without going in and configuring the service. The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.
I know this isn”t a complete listing of the commands but I really believe this should help you get started in the right direction. One of the best resources out there is from the Windows Server 2008 Step-by-Step Guides.. For this case you will want to download the Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc guide.
In my Administrator’s Guide to Server Core Commands article on AdminPrep I showed you how to display the time on the command prompt of your Server Core command window. I just read that Daniel Petri has some other cool shortcuts on what you can display on the command window of Server Core. The one that I really like is the computer name. If manage multiple Server Core servers then you already know how difficult it can be to manage different sessions…especially since they all look the same.
To display the computer name (among other things listed on Daniel’s article) you need to modify the registry. If you don’t already know please modify the registry carefully!
1. Navigate to the HKLMSystemCurrentControlSetControlSession ManagerEnvironment key.
3. Add the the following for the data – $_Server:%computername%_$p$g
You will have to log off and log back on to see the change but once you do it is a pleasant addition to the command window. Daniel’s example shows how you can the Date, Time and User…very cool so make sure you check it out.
This article is intended to help those people that have a need to configure Shadow Copies on a Server Core install. Server Core installs by default with the File Server role enabled. Because of this you don’t have to install any additional role or feature. vssadmin is the command that is used to configure Shadow Copies.
As far as I can tell once this is enabled it does not create any scheduled tasks to reoccur. Which means you have to either create a manual snapshot (pretty easy) or schedule the task to occur (not as easy in Server Core).
To turn on Shadow Copies for a volume:
vssadmin add shadowstorage /for=c: /on=c: /maxsize=1gb
/for= which volume you want to enable Shadow Copies on
/on= which volume you want to store Shadow Copies on
/maxsize= this is how much space you are going to use for Shadow Copies (300MB min and KB, MB, GB, TB, PB and EB can all be used)
To create a manual snapshot:
vssadmin create shadow /for=c:
To remove Shadow Copies for a volume:
vssadmin delete shadowstorage /for=c: /on=c:
If you need to schedule this type of event (and you really should) you will want to create a new task in Server Core. To do so you must use the schtasks command. I’m by no means an expert in using that command but below I have a sample command that I use to schedule a daily snapshot to occur at 13:30 every day.
schtasks /create /SC daily /TN Afternoon_Snapshot /TR “c:vssadmin create shadow /for=c” /ST 13:30
Below you find more of the commands that are associated with the vssadmin command:
This lists Volume Shadow Copy providers configured on the system.
This lists volume shadow copies that are stored on a system.
This statement lists Volume Shadow Copy storage areas.
List Writers lists Volume Shadow Copy writers known to the system.
This command lists system volumes that are eligible for shadow copies.
This command queries the status of in-progress revert operations.
This command reverts a volume to a shadow copy. It uses the following:
This option deletes one or more volume shadow copies.
This command resizes a Volume Shadow Copy storage area and has the following options:
While I’ve always been a fan of Task Manager but lets face the facts…its has its limitations. Mark Russinovich has rolled up his wonderful Sysinternal Troubleshooting Utilities into a single download that can be found here.
In there you will find the ultra popular Process Explorer. Well I wanted to test out some stuff on Server Core…like what type of tools will really work on it. I copied over Process Explorer and it ran like a champ! Now all I need to do is go into the Options menu and select Replace Task Manager and now when I enter taskmgr or hit CTRL-Shift-ESC Process Explorer opens instead of Task Manager.
…I wonder how many other Sysinternal tools work on Server Core…