inf307 server core: running a minimal server andrew mason program manager
TRANSCRIPT
![Page 1: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/1.jpg)
INF307Server Core:Running a Minimal Server
Andrew Mason
Program Manager
![Page 2: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/2.jpg)
Agenda
• Today’s Challenges
• Server Core Overview and Benefits
• Server Core Architecture
• Server Core Installation and Initial Configuration
• Adding Server Roles
• Administering Server Core
• Demo
![Page 3: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/3.jpg)
Today’s Challenges
• Windows® ServerTM is frequently deployed to support a single role or a fixed workload
• In this scenario, administrators are required to deploy and service all of Windows Server
• These non-value add features (wrt fixed workload server) present a servicing and security burden
• Administrators think of servers in terms of server roles
![Page 4: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/4.jpg)
Today’s Challenges (continued)
• Value Proposition
• Reduce the attack and servicing surface area for certain server roles by only installing what is required and administrators use
• Servers optimized by role are easier to service and manage
• Fewer patches
• Server management lifecycle oriented around roles
• IT Staff can specialize on their role(s)• Increased reliability and security
• Less installed and less running
![Page 5: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/5.jpg)
Server Core Overview
• Server Core is:
• A minimal installation option for Longhorn Server
• Included with Standard, Enterprise, and Datacenter
• Available for x86 and x64
![Page 6: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/6.jpg)
Server Core Overview (continued)
• Server Core
• Provides minimal server OS functionality
• Boots and operates stand-alone in headless scenarios
• Low surface area server for targeted roles
• Includes
• A set of server roles
• DHCP, File, AD, DNS, and WINS
• The following optional features:
• Failover Clustering, Subsystem for UNIX-based applications, Backup, Multipath IO, Removable Storage Management, Bitlocker Drive Encryption, SNMP, Telnet Client
• Command Line interface, no GUI Shell
![Page 7: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/7.jpg)
Server Core Desktop
![Page 8: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/8.jpg)
Benefits of Server Core
• Fewer Patches
• Server Core reduces # of patches by ~60%
• Based on all Windows 2000 patches
• Servicing burden is reduced by removing components that are most often serviced
• More Secure, Reliable and Less Management
• Removal of non-value add legacy & client components from server
![Page 9: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/9.jpg)
Server Core Architecture
Server Core Server Roles
Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
DNS DHCP File AD
ServerWith .NetFx, Shell, Tools, etc.
TS IASWeb
ServerSharePoint
Etc…
GUI, CLR, Shell, IE,
Media, OE, Etc.
Server, Server Roles (for example only)
WINS
![Page 10: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/10.jpg)
Server Core
Core Subsystems
Security (Logon scenarios) Networking (TCP/IP)File SystemsRPCWinlogonNecessary dependencies
Resolved category dependenciesHALKernelVGALogonetc.
HW Support componentsDiskNet cardetc.
DHCP server role
Infrastructure features
Command shellDomain joinEvent LogPerf counter infra.WS-ManagementWMI infrastructureLicensing serviceWFPHTTP supportIPSec
“Thin” Management tools (Local and remote)Configure IP addressJoin a domainCreate usersetc.
DNS server role
File server role
Domain Controller
role
WINS server role
![Page 11: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/11.jpg)
Deploying Server Core
• There is a screen in Setup to select either:
• Server with the shell and all Server Roles
• Server Core with Command Prompt and supported roles
• Server Core initial configuration can be done either
• Manually using the command line tools
• Using an unattend file
![Page 12: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/12.jpg)
Unattended Install
• Same unattend and options as Vista and Server
• Can set options that otherwise require editing the registry on Server Core• Display Resolution and Color Depth
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">
<Display>
<HorizontalResolution>1024</HorizontalResolution>
<VerticalResolution>768</VerticalResolution>
<ColorDepth>16</ColorDepth>
</Display>
</component>
</settings>
![Page 13: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/13.jpg)
Unattended Install (cont)
• To enable Terminal Services remote admin mode
• In the <settings pass="specialize"> section add:
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
• To enable support for pre-Vista/Longhorn Terminal Services clients
• In the <settings pass="specialize"> section add:
<component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">
<UserAuthentication>0</UserAuthentication>
</component>
![Page 14: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/14.jpg)
Selecting Server Core in Unattend
• After the </InstallTo> section, add the appropriate <InstallFrom> section
• Server Core:
<InstallFrom>
<MetaData>
<Key>/IMAGE/Name</Key>
<Value>Windows Longhorn Server Core</Value>
</MetaData>
</InstallFrom>
• Server
<InstallFrom>
<MetaData>
<Key>/IMAGE/Name</Key>
<Value>Windows Longhorn Server</Value>
</MetaData>
</InstallFrom>
![Page 15: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/15.jpg)
No Server Core Upgrades
• Only a clean install is supported
• Cannot upgrade from a previous version of Windows Server
• Cannot upgrade from Server Core to Windows Server "Longhorn“
• If you need the Explorer Shell or a Server Role that is not supported on Server Core, you will need to reinstall
• Cannot upgrade from Windows Server "Longhorn" to Server Core
![Page 16: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/16.jpg)
Server Core Initial Configuration
• Set Administrator Password• CTRL+ALT+DEL and click Change password• net user administrator *
• Activate• Slmgr.vbs –ato
• Configure Static IP Address (if required)• Netsh interface ipv4
• show interfaces• set address name="ID" source=static
address=StaticIP mask=SubnetMask gateway=DefaultGateway
• add dnsserver name="ID" address=DNSIP index=1 • Join a domain (if required)
• Netdom
![Page 17: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/17.jpg)
Adding Server Roles• Command line only, no Server Manager
• Start /w Ocsetup RolePackage
• DHCP = DHCPServerCore
• DNS = DNS-Server-Core-Role
• File = File-Server-Core-Role
• File Replication service = FRS-Infrastructure
• Distributed File System service = DFSN-Server
• Distributed File System Replication = DFSR-Infrastructure-ServerEdition
• Network File System = ServerForNFS-Base
• Single Instance Store = SIS
• Active Directory
• Dcpromo /unattend:Unattendfile
• Dcpromo now installs Active Directory
• Ocsetup not supported for Active Directory
![Page 18: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/18.jpg)
Adding Optional Features
• Start /w ocsetup OptionalFeaturePackage
• Failover Cluster = FailoverCluster-Core
• Network Load Balancing = NetworkLoadBalancingHeadlessServer
• Subsystem for UNIX-bases applications = SUA
• Multipath IO = Microsoft-Windows-MultipathIO
• Removable Storage Management = Microsoft-Windows-RemovableStorageManagementCore
• Bitlocker Drive Encryption = BitLocker
• Backup = WindowsServerBackup
• Simple Network Management Protocol (SNMP) = SNMP-SC
• Telnet Client = TelnetClient
![Page 19: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/19.jpg)
Uninstalling Roles and Features
• Start /w Ocsetup Package /uninstall
• Except for Active Directory
• You must use DCPromo and demote
• This will also remove the Active Directory binaries
• No Remote GUI for installing or uninstalling roles and features
![Page 20: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/20.jpg)
Managing Server Core
• CMD for local command execution
• Terminal Server using CMD
• WS-Management and Windows Remote Shell for remote command execution
• WMI
• Task Scheduler for scheduling jobs and tasks
• Event Logging and Event Forwarding
• RPC and DCOM for remote MMC support
• SNMP
![Page 21: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/21.jpg)
Managing with Windows Remote Shell
• Windows Remote Management (WinRM)
• WS-Management - secure firewall friendly mgmt protocol
• WinRM.exe configures the server side
• Can also be configured using GPO or unattend install
• Windows Remote Shell (WinRS)
• Must configure WinRM first
• WinRS.exe remotely execute commands
• Requires Windows Vista or Longhorn Server
• Only command line tools or scripts without UI can be executed
• Prompts are problematic, full interactive mode not supported• For example, “press any key”
![Page 22: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/22.jpg)
Configuring WinRM on Server Core
• The Server side of WS-Management
• From the command line
• WinRM quickconfig
• Through an unattend file
• In the <settings pass="specialize"> section add:
<component name="Microsoft-Windows-Web-Services-for-Management-Core" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">
<ConfigureWindowsRemoteManagement>true</ConfigureWindowsRemoteManagement>
</component>
![Page 23: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/23.jpg)
Using WinRS
• The Client side of WS-Management
• WinRS –r:<remote endpoint> command
• Remote endpoint can be
• -r:https://myserver.com
• -r:myserver
• -r:http://127.0.0.1
• -r:http://169.51.2.101:80
• For example
• Winrs –r:myserver dir c:\windows\system32\*.dll
• WinRS -? for help
![Page 24: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/24.jpg)
WinRS examples
• Turn on Terminal Services remote admin
• winrs -r:myserver cscript \windows\system32\scregedit.wsf /ar 0
• Allow pre-Vista/Longhorn TS clients
• winrs -r:myserver cscript \windows\system32\scregedit.wsf /cs 0
• Join a domain
• winrs -r:myserver netdom add myserver /domain:testdomain /userd:administrator /passwordd:<password>
• Add domain admin to local admins
• winrs -r:myserver net localgroup administrators testdomain\administrator /add
![Page 25: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/25.jpg)
SCRegEdit.wsf
• Not all tasks can be performed from the command line or remotely
• SCRegEdit.wsf is included in Server Core to:
• Configure the pagefile
• Enable automatic updates
• Set the time zone
• Enable error reporting
• Enable Terminal Server Remote Admin Mode
• Enable remote IPSec Monitor management
• Configure DNS SRV record weight and priority
• Located in \Windows\System32
![Page 26: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/26.jpg)
Hardware on Server Core
• Plug and Play is included in Server Core
• If you add hardware with an inbox driver, PnP will “silently” install the driver
• If the driver is not included, but you have a PnP driver for the hardware
• Copy the driver files to the Server Core box
• Execute: Pnputil –i –a driverinf
• To list installed drivers
• sc query type= driver
• To remove a driver
• sc delete service_name
![Page 27: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/27.jpg)
Control Panel in Server Core?
• Limited functionality for specific scenarios
• Time zone, to change
• Control timedate.cpl
• Keyboards and/or language, to change
• Control intl.cpl
![Page 28: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/28.jpg)
Notepad in Server Core
• Included, but with limitations
• On the File menu, only Exit works
• Help does not work
• To work with files:
• Notepad <filename>, make change, exit, and when prompted click save
• No “Save As”, need to rename the file before opening and making changes
• Copy, Paste, Find, Replace, etc all work
![Page 29: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/29.jpg)
Restarting CMD.EXE
• If you close the command prompt window
• Locally, you can either:
• Press ctrl-alt-del, click Start Task Manager, click File, click Run, and enter cmd.exe
• Log off and back on again
• In a Terminal Services session:
• You can use the Terminal Services MMC snapin to remotely logoff
• You can use the Terminal Serivces command line tools remotely:
• query session /server:<servername>
• logoff <session_id> /server:<servername>
![Page 30: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/30.jpg)
Limitations of Server Core
• No support for Managed Code
• No balloon notifications, such as for activation
• Password expiration is now a balloon notification, so it will not appear on Server Core
• Runonce is not supported on Server Core
![Page 31: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/31.jpg)
Server Core Development
• Server Core is not an application platform
• Server Core does support development of Management tools, utilities, and agents
• Remote Management tools should not require changes
• Need to use one of the protocols supported in Server core, such as RPC
![Page 32: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/32.jpg)
Server Core Development (cont)
• Management agents may require changes to work on Server Core
• Agents cannot have shell or gui dependencies
• Agents cannot use managed code
• Test your agents on Server Core
• Beta SDK includes a list of APIs supported in Server Core
![Page 33: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/33.jpg)
Demo
• Server Core
• Server Role on Server Core
![Page 34: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/34.jpg)
Server Core Feedback and Questions
• Newsgroups
• http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=582&SiteID=17
• Server Core Blog
• http://blogs.technet.com/server_core/default.aspx
• “Command-line reference A-Z” in Help is very helpful
• Online at: http://go.microsoft.com/fwlink/?LinkId=20331
![Page 35: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/35.jpg)
Ask The ExpertsGet Your Questions Answered
You can find me at the Microsoft Ask the Experts area, located in the Exhibition Hall:
Wednesday 15 November Lunch
Thursday 16 November 10:15 – 10:45
Thursday 17 November 14.45 – 15.45
![Page 36: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/36.jpg)
![Page 37: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/37.jpg)
![Page 38: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/38.jpg)
![Page 39: INF307 Server Core: Running a Minimal Server Andrew Mason Program Manager](https://reader035.vdocuments.us/reader035/viewer/2022062315/5697bfd91a28abf838cafb58/html5/thumbnails/39.jpg)
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.