Windows Server 2008 Server Core R2 Reboot Avoidance

I’ve been a fan of Server Core since I heard about it and you can see by the 20+ posts I have on the product.  Server Core has been out since Windows 2008 which is just under 40 months.  Server Core R2 has been out for about 20 months.  One of the selling points that Microsoft made on server core was that it would have a reduced attack surface and thus you would have fewer reboots due to patches.  While preparing for a talk on Server Core I wanted to investigate this a bit more.  I reached out for some help to Andrew Mason (if you don’t know that name you aren’t a Server Core hard core freak like me).  Andrew runs the official Server Core blog over on TechNet.  Andrew sent me some wonderful information on the subject that I’d like to share with you.

Take a look at these numbers.  I’ll explain in more detail below.

Core

We are comparing both Server Core 2008 and R2.  The Reduction column is % reduced based off the hotfixes Microsoft released during their existing lifespan.  Critical Only is just that, the reduction of patches Microsoft rated Critical for both versions of Server Core.

Now lets look at the rows starting with All applicable patches.
  • All roles are all available roles for those versions of Server Core.
  • Months without a reboot is really cool.  It shows how many months went by with no reboots required on Server Core.  Although it is not consecutive months it is still pretty impressive that Server Core R2 has not needed a reboot during half its existence!
  • Next we see the reduction of patches with the basic OS installed an none of the major features and roles installed.

Now we see the area called Necessary patches only.  What does that mean?  That is referencing the patches that are really needed for Server Core.  There are some vulnerabilities that show Server Core as vulnerable but its not exploitable.  That is what is called out on the bottom of the graphic.  Microsoft does this because it has changed the file and would probably prefer you to update the file eventually too.  IMHO I’d patch these but would bundle them with the necessary patches.

I remember reading an article from David Cross on TechNet stating the following “In some cases, customers can see up to a 60% reduction in patch requirements and the number of reboots on a monthly basis”  These are the numbers that back up statements such as that.

Those are some pretty impressive numbers. Great job to the whole Server Core team.  I really hope Microsoft continues with this product and from recent announcements on the next version of SQL it looks like they are sticking with it.

*Numbers updated through the May 2011 patch Tuesday

Tech Immersion 2011

Last week I was a speaker at Tech Immersion 2011 here in Phoenix Arizona.  I gave four talks on a range of topics that covered Active Directory, PowerShell and Server Core.  Hopefully I have some new followers since the conference and if so make sure to say hi in the comments.

The highlight for myself was meeting Jeffrey Snover.  If you don’t know who he is then you better Bing or Google him now.  This is the father of PowerShell and now the Lead Architect for the Windows Server Division.  He was really great to talk, in fact there were a lot of great presenters there including, PowerShell gurus Don Jones & James Brundage, Microsoft Certified Master’s Miguel Wood & Mike Pfeiffer, MVPs and MCTs such as Simon Allardice, Scott Cate, Jeff Jones, Spike Xavier as well as Microsoft employees Michael Palermo, Harold Wong, Tony Harris & Kathrine Lord and ITIL/COBIT Master Mark Thomas.  I left one person out and that was on purpose.  Jason Helmick…what can I say.  He along with the rest of Interface Technical Training put on an excellent conference that will only grow more and more as time goes on.  Great job Jason and Lynn from Interface as well as everyone else that supported this event.

Brian_Snover_Pic

Here is a pic of Jeffrey and I after the event hanging out at Dick’s Hideaway.

I can’t wait for Interface to host another great event like this.

New Server Core Guide

Just saw over on the Server Core blog that Andrew posted some links to a couple excellent resources.  The first one is what I consider to be the Server Core Bible.  It has just about everything you can think of when it comes to configuring Server Core.  The next link is to a couple job aids that give you a quick look at some common commands. 

These job aids actually gives me some ideas on some things I’d like to create…now if I only had more time. 

Microsoft Clustering Resources

This has to be the mother of all resource collections on Microsoft clustering and high availability.  I’ve copied over the links directly from the MS Cluster blog so that I have quick access to them in the future.

General Resources

Core

Exchange Server

File Server

Hyper-V

Multi-Site Clustering

Network Load Balancing

SQL Server

Windows Server 2008 Server Core Default Services

Quite a few people have asked recently about services in Server Core.  They want to know what’s running and what’s not running.  Below you will find a listing that intended to help those out that need to know the status of Services on Server Core.  It is sorted by Service Name.


Another useful item to note on Server Core (or the CMD Prompt on Server) is that you can still use the SC command.  In particular you should run SC Query, this little useful command will tell you which services are running.  If you want to view the ones that are not running just run sc query state=inactive.  There is a bunch of stuff you can do with the SC command and you should really check out the help. 


A great tip for using commands is to append | more to the end of the command.  This should only display one page at a time.


Service Name Display Name Startup Mode Account
AeLookupSvc Application Experience Auto LocalSystem
AppMgmt Application Management Manual LocalSystem
BFE Base Filtering Engine Auto LocalService
BITS Background Intelligent Transfer Service Auto LocalSystem
Browser Computer Browser Manual LocalSystem
CertPropSvc Certificate Propagation Manual LocalSystem
COMSysApp COM+ System Application Manual LocalSystem
CryptSvc Cryptographic Services Auto Network-Service
DcomLaunch DCOM Server Process Launcher Auto LocalSystem
Dhcp DHCP Client Auto LocalService
Dnscache DNS Client Auto Network-Service
DPS Diagnostic Policy Service Auto LocalService
Eventlog Windows Event Log Auto LocalService
EventSystem COM+ Event System Auto LocalService
FCRegSvc Microsoft Fibre Channel Platform Registration Service Manual LocalService
gpsvc Group Policy Client Auto LocalSystem
hidserv Human Interface Device Access Manual LocalSystem
hkmsvc Health Key and Certificate Management Manual LocalSystem
IKEEXT IKE and AuthIP IPsec Keying Modules Auto LocalSystem
iphlpsvc IP Helper Auto LocalSystem
KeyIso CNG Key Isolation Manual LocalSystem
KtmRm KtmRm for Distributed Transaction Coordinator Auto Network-Service
LanmanServer Server Auto LocalSystem
LanmanWorkstation Workstation Auto LocalService
lltdsvc Link-Layer Topology Discovery Mapper Manual LocalService
lmhosts TCP/IP NetBIOS Helper Auto LocalService
MpsSvc Windows Firewall Auto LocalService
MSDTC Distributed Transaction Coordinator Auto Network-Service
MSiSCSI Microsoft iSCSI Initiator Service Manual LocalSystem
msiserver Windows Installer Manual LocalSystem
napagent Network Access Protection Agent Manual Network-Service
Netlogon Netlogon Manual LocalSystem
netprofm Network List Service Auto LocalService
NlaSvc Network Location Awareness Auto Network-Service
nsi Network Store Interface Service Auto LocalService
pla Performance Logs & Alerts Manual LocalService
PlugPlay Plug and Play Auto LocalSystem
PolicyAgent IPsec Policy Agent Auto Network-Service
ProfSvc User Profile Service Auto LocalSystem
ProtectedStorage Protected Storage Manual LocalSystem
RemoteRegistry Remote Registry Auto LocalService
RpcSs Remote Procedure Call (RPC) Auto Network- Service
RSoPProv Resultant Set of Policy Provider Manual LocalSystem
sacsvr Special Administration Console Helper Manual LocalSystem
SamSs Security Accounts Manager Auto LocalSystem
SCardSvr Smart Card Manual LocalService
Schedule Task Scheduler Auto LocalSystem
SCPolicySvc Smart Card Removal Policy Manual LocalSystem
seclogon Secondary Logon Auto LocalSystem
SENS System Event Notification Service Auto LocalSystem
SessionEnv Terminal Services Configuration Manual LocalSystem
slsvc Software Licensing Auto Network-Service
SNMPTRAP SNMP Trap Manual LocalService
swprv Microsoft Software Shadow Copy Provider Manual LocalSystem
TBS TPM Base Services Manual LocalService
TermService Terminal Services Auto Network-Service
TrustedInstaller Windows Modules Installer Auto LocalSystem
UmRdpService Terminal Services UserMode Port Redirector Manual LocalSystem
vds Virtual Disk Manual LocalSystem
VSS Volume Shadow Copy Manual LocalSystem
W32Time Windows Time Auto LocalService
WcsPlugInService Windows Color System Manual LocalService
WdiServiceHost Diagnostic Service Host Manual LocalService
WdiSystemHost Diagnostic System Host Manual LocalSystem
Wecsvc Windows Event Collector Manual Network-Service
WinHttpAuto-ProxySvc WinHTTP Web Proxy Auto-Discovery Service Auto LocalService
Winmgmt Windows Management Instrumentation Auto LocalSystem
WinRM Windows Remote Management (WS-Management) Auto Network-Service
wmiApSrv WMI Performance Adapter Manual LocalSystem
wuauserv Windows Update Auto LocalSystem

Admin”s Guide to Server Core Commands

Repost from AdminPrep.com…I will be moving several of the articles over to this blog.



Before all this starts, credit must go where credit is due.  I did not come up with all of the info within this article.  A lot of people have felt my pain and have contributed in their own ways.  One place you should know about is the Official Server Core Blog, as it is where I learned my all time favorite command which embeds the time into the Command Prompt (read on to see that one!).  As I”ve collected my own list internally and blogged on for about a year now I see a lot of the same commands there.  The Windows Server 2008 Administrator”s Companion has a nice chapter on Server Core but by far the best resource are the scripts that accompany the book.  They allow you to very easily configure common settings.  One last area you should look into is of course Guy Teverovsky”s Server Core Configurator…if you haven”t see it check it out now!


Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI).  I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager.  One thing that definitely doesn”t run on Server Core is the Explorer process.  If you”re unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens…don”t freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run…) and then type explorer.exe.


The purpose of this article is not to give you every last detail to Server Core but to provide you with what you need to know it get it up and running in your environment.


Server Core has a limited amount of roles that can be installed on it, which include:


  • Active Directory Domain Services (AD DS) and AD Lightweight Directory Services (AD LDS)
  • DNS Server
  • Internet Information Services (IIS) (No ASP.NET support)
  • DHCP Server
  • File Services
  • Print Services
  • Streaming Media Services
  • Hyper V

Now that doesn”t mean that Server Core can”t do other things.  In fact it can, but Microsoft calls those other items Features and not Roles.


  • Microsoft Failover Cluster (not available in Standard Edition)
  • Network Load Balancing
  • Subsystem for UNIX-based applications
  • Backup
  • Multipath IO
  • Removable Storage Management
  • Bitlocker Drive Encryption
  • Simple Network Management Protocol (SNMP)
  • WINS
  • Telnet

Later on in the article I will explain how to install these services.  But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.


Server Core Common Networking and Firewall Commands


Here is the start of you Networking and Firewall related commands for Server Core:


Server Core Common Networking Commands


To configure the IP address we will have to remember (or learn) Netsh.


Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary


Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp


Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”


Server Core Common Windows Firewall Commands:


The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.


Disable firewall:
netsh firewall set opmode disable


Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely.  The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.


MMC Snap-in – Event Viewer
Windows Firewall Rule Group - Remote Event Log Management


MMC Snap-in – Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing


MMC Snap-in – Task Scheduler
Windows Firewall Rule Group –
Remote Scheduled Tasks Management


MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing


MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management


MMC Snap-in – Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management


To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes


To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes


Server Core Common Domain Management Commands

Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.


Remove from domain:
netdom remove


Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*


Rename Administrator:
wmic UserAccount where Name=”Administrator” call Rename Name=”new-name”


Add User to a Local Group
net localgroup GroupName /add


Remove User from a Local Group
net localgroup GroupName /delete


Confirm Domain and/ New Computer name
Set


Update User Passwords:
Net user [/domain] *


Server Core Common Server Management Commands


Toggle Remote Desktop on and off:
Cscript windowssystem32scregedit.wsf /ar 0


Enable reduced security for RDP connections:
Cscript windowssystem32scregedit.wsf /cs 0


Active Server Core:
Local method – Slmgr.vbs –ato
Remote method – Cscript windowssystem32slmgr.vbsServerName UserName password:-ato


Rename a Stand-Alone Member:
netdom renamecomputer /NewName:


List of installed patches:
wmic qfe list


Install Updates:
wusa .msu /quiet


Configure for AutoUpdates:
cscript scregedit.wsf /AU /4


Disable AutoUpdates:
cscript scregedit.wsf /AU /1


View AutoUpdate Setting:
cscript scregedit.wsf /AU /v


Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=


Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :


All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat


List Running Services:
sc query


Start and/or Stop a Service:
sc start
sc stop


Task Manager: (Ctrl+Shift+Esc)
taskmgr


Manage Disk Volumes:
Diskpart /?


Defrag a Volume:
defrag /?


Change Time and Time Zone:
control timedate.cpl


Change the Desktop Resolution: (requires you to log off and back on)
Regedit – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlVideo
000DefaultSettings.XResolution
000DefaultSettings.YResolution


Display the Time in the Command Prompt:
prompt [$t]$s$p$g


Log off:
shutdown /l


Restart Now:
shutdown /r /t 0


 


 


 


To get the Roles and Features installed you are going to need to use the ocsetup.exe command.  The OC is short for Optional Components.  The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete.  Below you will find a list of the commands that are required to install Roles and Features on Server Core.


DNS
start /w ocsetup DNS-Server-Core-Role


DHCP
start /w ocsetup DHCPServerCore


File Services (Server service is installed by default) but there are other role features


File Replication Service
start /w ocsetup FRS-Infrastructure


Distributed File System
start /w ocsetup DFSN-Server


Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition


Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base


Hyper V
start /w ocsetup Microsoft-Hyper-V


Print Server feature
start /w ocsetup Printing-ServerCore-Role


Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService


Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore


Active Directory Domain Services
dcpromo /unattend:


Streaming Media Services
Follow directions found in Article ID 934518


IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel


NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.


Now let”s take a look at how we install Features on Server Core:


Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core


Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer


Subsystem for UNIX-based applications
start /w ocsetup SUACore


Multipath IO
start /w ocsetup MultipathIo


Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore


Bitlocker Drive Encryption
start /w ocsetup BitLocker


Backup
start /w ocsetup WindowsServerBackup


Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC


Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC


Telnet client
start /w ocsetup TelnetClient


NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.


Having the Role or Feature installed doesn”t do much without going in and configuring the service.  The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista. 


Take a look here for more info on how to manage DNS with DNSCMD and then head over here for installing Active Directory via an answer file on Server Core.


I know this isn”t a complete listing of the commands but I really believe this should help you get started in the right direction.  One of the best resources out there is from the Windows Server 2008 Step-by-Step Guides.. For this case you will want to download the Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc guide.

Display Your Computer Name on Server Core

In my Administrator’s Guide to Server Core Commands article on AdminPrep I showed you how to display the time on the command prompt of your Server Core command window.  I just read that Daniel Petri has some other cool shortcuts on what you can display on the command window of Server Core.  The one that I really like is the computer name.  If manage multiple Server Core servers then you already know how difficult it can be to manage different sessions…especially since they all look the same.

To display the computer name (among other things listed on Daniel’s article) you need to modify the registry.  If you don’t already know please modify the registry carefully

1. Navigate to the HKLMSystemCurrentControlSetControlSession ManagerEnvironment key.

2. Create or Edit a key called Prompt (it should be an Expandable String Value)           image

3. Add the the following for the data – $_Server:%computername%_$p$g

image

You will have to log off and log back on to see the change but once you do it is a pleasant addition to the command window.  Daniel’s example shows how you can the Date, Time and User…very cool so make sure you check it out.

What I Love About Server Core

Sometimes a picture is worth a thousand words…

PreparingYourDesktop_ServerCore

Posted in Server Core. No Comments »

Configure Shadow Copies on Server Core

This article is intended to help those people that have a need to configure Shadow Copies on a Server Core install.  Server Core installs by default with the File Server role enabled.  Because of this you don’t have to install any additional role or feature.  vssadmin is the command that is used to configure Shadow Copies.

As far as I can tell once this is enabled it does not create any scheduled tasks to reoccur.  Which means you have to either create a manual snapshot (pretty easy) or schedule the task to occur (not as easy in Server Core).

To turn on Shadow Copies for a volume:

vssadmin add shadowstorage /for=c: /on=c: /maxsize=1gb
/for= which volume you want to enable Shadow Copies on /on= which volume you want to store Shadow Copies on /maxsize= this is how much space you are going to use for Shadow Copies (300MB min and KB, MB, GB, TB, PB and EB can all be used)

To create a manual snapshot:

vssadmin create shadow /for=c:

To remove Shadow Copies for a volume:

vssadmin delete shadowstorage /for=c: /on=c:

If you need to schedule this type of event (and you really should) you will want to create a new task in Server Core.  To do so you must use the schtasks command.  I’m by no means an expert in using that command but below I have a sample command that I use to schedule a daily snapshot to occur at 13:30 every day.

schtasks /create /SC daily /TN Afternoon_Snapshot /TR “c:vssadmin create shadow /for=c” /ST 13:30

————————————————————————————————

Below you find more of the commands that are associated with the vssadmin command:

List Providers

This lists Volume Shadow Copy providers configured on the system.

List Shadows

This lists volume shadow copies that are stored on a system.

List ShadowStorage

This statement lists Volume Shadow Copy storage areas.

List Writers

List Writers lists Volume Shadow Copy writers known to the system.

List Volumes

This command lists system volumes that are eligible for shadow copies.

Query Reverts

This command queries the status of in-progress revert operations.

Revert Shadow

This command reverts a volume to a shadow copy. It uses the following:
  • “Shadow=ShadowId [/Quiet]” specifies a shadow to be reverted.
  • “ForceDismount” forces the volume to be dismounted if files are in use when the revert process is tried.

Delete Shadows

This option deletes one or more volume shadow copies.
  • “For=ForVolumeSpec [/Oldest] [/Quiet]” deletes shadow copies for a specified volume. /Oldest choose the oldest shadow copy. /Quiet performs the deletion with no visible messages or warnings.
  • “Shadow=ShadowId [/Quiet]” specifies a shadow to be deleted. You will need to specify the full shadow ID (a very long string of Hexadecimal numbers, which can be obtained from the List Shadows command.
  • “All” deletes all shadow copies on the system.

Resize ShadowStorage

This command resizes a Volume Shadow Copy storage area and has the following options:
  • “For” specifies the volume for which the designated shadow copy storage area is maintained.
  • “On” designates the storage area that is to be resized.
  • “MaxSize” sets the maximum size for the shadow copy storage area. Specify MB, GB, TB, PB,,, or EB.
Posted in Server Core. 2 Comments »

Process Explorer on Server Core

While I’ve always been a fan of Task Manager but lets face the facts…its has its limitations.  Mark Russinovich has rolled up his wonderful Sysinternal Troubleshooting Utilities into a single download that can be found here.

In there you will find the ultra popular Process Explorer.  Well I wanted to test out some stuff on Server Core…like what type of tools will really work on it.  I copied over Process Explorer and it ran like a champ!  Now all I need to do is go into the Options menu and select Replace Task Manager and now when I enter taskmgr or hit CTRL-Shift-ESC Process Explorer opens instead of Task Manager.

…I wonder how many other Sysinternal tools work on Server Core…

Posted in Server Core, Tools. No Comments »