Server Core:

Running a Minimal Server

Andrew Mason
Program Manager
Agenda
Today’s Challenges
Server Core Overview and Benefits
Server Core Architecture
Server Core Installation and Initial Configuration
Adding Server Roles
Administering Server Core
Today’s Challenges
Windows Server® is frequently deployed to support
a single role or a fixed workload
In this scenario, administrators are required to deploy and
service all of Windows Server
These non-value add features (wrt fixed workload server)
present a servicing and security burden
Administrators think of servers in terms of server
roles
Today’s Challenges (cont.)
Value Proposition
Reduce the attack and servicing surface area for certain
server roles by only installing what is required and
administrators use
Servers optimized by role are easier to service and
manage
Fewer patches
Server management lifecycle oriented around
roles
IT Staff can specialize on their role(s)
Increased reliability and security
Less installed and less running
Server Core Overview
Server Core is:
A minimal installation option for Windows Server 2008
Included in the general purpose Windows Server 2008
SKUs
Available for x86 and x64
Server Core Overview (cont.)
Server Core
Provides minimal server OS functionality
Low surface area server for targeted roles
In Server Core includes
A set of server roles
DHCP, File, Print, AD, AD LDS, Media Services, DNS, IIS, and
Hyper-V
The following optional features:
WINS, Failover Clustering, Subsystem for UNIX-based
applications, Backup, Multipath IO, Removable Storage
Management, Bitlocker Drive Encryption, SNMP, Telnet Client,
QoS
Command Line interface, no GUI Shell
Server Core Desktop
Benefits of Server Core
Fewer Patches
Server Core reduces # of patches by
~60% based on all Windows 2000 patches
~40% based on Windows Server 2003 patches through the end
of 2006
Servicing burden is reduced by removing components
that are most often serviced
More Secure, Reliable and Less Management
Removal of non-value add legacy & client components
from server
 Server Core Architecture
Server, Server Roles
(for example only)
Web Shar
Etc
TS IAS Serv e
…
er Point

Server Core Server Roles Server

Med With .NetFx, Shell, Tools, etc.
AD Pri
DN DH ia IIS WV
AD File LD nt
S CP Serv 7 S
S
er

GUI, CLR,
Server Core
Shell, IE,
Security, TCP/IP, File Systems, RPC,
Media, OE,
plus other Core Server Sub-Systems
Etc.
 DHCP DNS File server Domain WINS
Optional
Server
server role Roles
server role role Controller server role
Features
role

Server Core
“Thin” Management tools(Local and remote)
Configure IP address
Join a domain
Create users
etc.

Core Subsystems Infrastructure features

Security(Logon scenarios) Command shell

Networking(TCP/IP) Domain join
File Systems Event Log
RPC Perf counter infra.
Winlogon WS-Management
Necessary dependencies WMI infrastructure
Licensing service
WFP
HTTP support
IPSec

Resolved category dependencies

HAL
Kernel
VGA
Logon
etc.
Deploying Server Core
There is a screen in Setup to select either:
Server with the shell and all Server Roles
Server Core with Command Prompt and supported roles
Server Core initial configuration can be done either
Manually using the command line tools
Using an unattend file
Unattended Install
Same unattend and options as Vista and Server
Can set options that otherwise require editing the
registry on Server Core
Display Resolution and Color Depth
 <settings pass="oobeSystem">
 <component name="Microsoft-Windows-Shell-Setup"
publicKeyToken="31bf3856ad364e35" language="neutral"
versionScope="nonSxS" processorArchitecture="x86">
 <Display>
 <HorizontalResolution>1024</HorizontalResolution>
 <VerticalResolution>768</VerticalResolution>
 <ColorDepth>16</ColorDepth>
 </Display>
 </component>
 </settings>
Selecting Server Core in Unattend
After the </InstallTo> section, add the appropriate <InstallFrom>
section
Server Core:
 <InstallFrom>
 <MetaData>
 <Key>/IMAGE/Name</Key>
 <Value>Windows Longhorn Server Core</Value>
 </MetaData>
 </InstallFrom>
Server
 <InstallFrom>
 <MetaData>
 <Key>/IMAGE/Name</Key>
 <Value>Windows Longhorn Server</Value>
 </MetaData>
 </InstallFrom>
No Server Core Upgrades
Only a clean install is supported
Cannot upgrade from a previous version of Windows
Server
Cannot upgrade from Server Core to full Server with the
GUI shell
Cannot upgrade from full Server with the GUI shell to
Server Core
Server Core Initial Configuration
Set Administrator Password
CTRL+ALT+DEL and click Change password
net user administrator *
Activate
Slmgr.vbs –ato
Configure Static IP Address (if required)
Netsh interface ipv4
show interfaces
set address name="ID" source=static address=StaticIP
mask=SubnetMask gateway=DefaultGateway
add dnsserver name="ID" address=DNSIP index=1
Join a domain (if required)
Netdom
Adding Server Roles
Command line only, no Server Manager
Start /w Ocsetup RolePackage
DHCP = DHCPServerCore
DNS = DNS-Server-Core-Role
File = File-Server-Core-Role
File Replication service = FRS-Infrastructure
Distributed File System service = DFSN-Server
Distributed File System Replication = DFSR-Infrastructure-ServerEdition
Network File System = ServerForNFS-Base
Media Server = MediaServer
Active Directory
Dcpromo /unattend:Unattendfile
Dcpromo now installs Active Directory
Ocsetup not supported for Active Directory
IIIS 7 on Server Core
Not included:
Management Service and GUI Tools
ASP.NET support
PowerShell cmdlets
Can be managed remotely using IIS PowerShell
cmdlets or managed code
Same installation granularity as on Server
installations IIS-WebServerRole
Top level packages are IIS-FTPPublishingService
IIS-FTPServer
IIS-WebServerManagementTools IIS-WebServer
IIS-IIS6ManagementCompatibility IIS-ApplicationDevelopment
IIS-ManagementScriptingTools IIS-CommonHttpFeatures
WAS-WindowsActivationService IIS-HealthAndDiagnostics
WAS-ProcessModel IIS-Performance
IIS-Security
Adding Optional Features
Start /w ocsetup OptionalFeaturePackage
Failover Cluster = FailoverCluster-Core
Network Load Balancing =
NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-bases applications = SUA
Multipath IO = Microsoft-Windows-MultipathIO
Removable Storage Management = Microsoft-Windows-
RemovableStorageManagementCore
Bitlocker Drive Encryption = BitLocker
Backup = WindowsServerBackup
Simple Network Management Protocol (SNMP) = SNMP-
SC
Telnet Client = TelnetClient
WINS = WINS-SC
Uninstalling Roles and Features
Start /w Ocsetup Package /uninstall
Except for Active Directory
You must use DCPromo and demote
This will also remove the Active Directory binaries
No Remote GUI for installing or uninstalling roles
and features
OCList.exe
Server Core only command line tool
Lists the Server Role and Optional Feature
package names for use with OCSetup
Lists whether the packages are installed or not
Managing Server Core
CMD for local command execution
Terminal Server using CMD
WS-Management and Windows Remote Shell for
remote command execution
WMI
Can use WMI based PowerShell scripts and cmdlets
remotely
Task Scheduler for scheduling jobs and tasks
Event Logging and Event Forwarding
RPC and DCOM for remote MMC support
SNMP
Scripting host
 SCRegEdit.wsf
Not all tasks can be performed from the command
line or remotely
SCRegEdit.wsf is included in Server Core to:

 Enable automatic updates

 Enable Terminal Server Remote Admin Mode
 Enable remote IPSec Monitor management
 Configure DNS SRV record weight and priority
/cli switch that lists common command line tools and
switches
Located in \Windows\System32
 Managing with Windows Remote Shell
Windows Remote Management (WinRM)


 WS-Management - secure firewall friendly mgmt

protocol
Windows Remote Shell (WinRS)


 Requires Windows Vista or Windows Server 2008

 Only command line tools or scripts without UI can be
executed
 Prompts are problematic, full interactive mode not
supported
 For example, “press any key”
 Configuring WinRM on Server Core
The Server side of WS-Management
From the command line

 WinRM quickconfig
Through an unattend file


 In the <settings pass=“specialize”> section add:

 <component name=“Microsoft-Windows-Web-Services-for-
Management-Core” publicKeyToken=“31bf3856ad364e35”
language=“neutral” versionScope=“nonSxS”
processorArchitecture=“x86”>


<ConfigureWindowsRemoteManagement>true</ConfigureW
indowsRemoteManagement>
 </component>
Can also be configured using Group Policy

 Using WinRS
The Client side of WS-Management
WinRS –r:<remote endpoint> command

 Remote endpoint can be

 -r:https://myserver.com
 -r:myserver
 -r:http://127.0.0.1
 -r:http://169.51.2.101:80
 For example
 Winrs –r:myserver dir c:\windows\system32\*.dll
WinRS examples

Turn on Terminal Services remote admin



 winrs -r:myserver cscript

\windows\system32\scregedit.wsf /ar 0
Allow pre-Vista/Longhorn TS clients


 winrs -r:myserver cscript

\windows\system32\scregedit.wsf /cs 0
Join a domain


 winrs -r:myserver netdom add myserver

/domain:testdomain /userd:administrator
/passwordd:<password>
Add domain admin to local admins


 winrs -r:myserver net localgroup administrators

testdomain\administrator /add
 Hardware on Server Core
Plug and Play is included in Server Core


 If you add hardware with an inbox driver, PnP will

“silently” install the driver
If the driver is not included, but you have a PnP


driver for the hardware

 Copy the driver files to the Server Core box
 Pnputil –i –a driverinf
To list installed drivers


 sc query type= driver

To remove a driver


 sc delete service_name
 Control Panel in Server Core?
Limited functionality for specific scenarios
Time zone, to change

 Control timedate.cpl
Keyboards and/or language, to change


 Control intl.cpl
 Notepad and Regedit
Notepad


 Has the following limitations

 Help does not work
 Open, Save and Save As work in Beta 3
 Copy, Paste, Find, Replace, etc all work
Regedit


 Help does not work


Restarting CMD.EXE
If you close the command prompt window
Locally, you can either:

 Press ctrl-alt-del, click Start Task Manager, click File,

click Run, and enter cmd.exe
 Log off and back on again
In a Terminal Services session:


 You can use the Terminal Services MMC snapin to

remotely logoff
 You can use the Terminal Serivces command line tools
remotely:
 query session /server:<servername>
 logoff <session_id> /server:<servername>
 Limitations of Server Core
No support for Managed Code
No balloon notifications, such as for activation

 Password expiration is now a balloon notification, so it

will not appear on Server Core
Runonce is not supported on Server Core

 Mgmt Tools on Server Core
Server Core is not an application platform
Server Core does support development of

Management tools, utilities, and agents

 Remote Management tools should not require changes
 Need to use one of the protocols supported in Server core,
such as RPC
 Mgmt Tools on Server Core (cont)
Management agents may require changes to work


on Server Core
 Agents cannot have shell or gui dependencies
 Agents cannot use managed code
 Test your agents on Server Core
 Beta SDK includes a list of APIs supported in Server
Core
Demo
Server Core Resources
Step by Step Guide
Online at
http://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54

Download in Word Document in the Download Center

http://download.microsoft.com/
Newsgroups
http://forums.microsoft.com/TechNet/ShowForum.aspx?
ForumID=582&SiteID=17
Server Core Blog
http://blogs.technet.com/server_core/default.aspx
Email
srvcfdbk@microsoft.com
“Command-line reference A-Z” in Help is very helpful
Online at: http://go.microsoft.com/fwlink/?LinkId=20331