There are numerous posts and articles explaining how to enable a particular feature on Server Core and there are even more on how to configure Server Core so that it can be managed remotely. Well, this is the best method I have come across so far:
The minimum you need to do after a Server Core installation is rename the server and get it to join a domain (if you're not using DHCP then you'll also need to configure your IP stack).
To rename your server:
netdom renamecomputer %ComputerName% /NewName:<NewComputerName>
To join a domain:
netdom join %ComputerName% /domain:<DomainName> /userd:<UserName> /passwordd:*
To configure your IP stack (do this before trying to join a domain if not using DHCP):
netsh interface ipv4 show interfaces (you're looking for the ID of your corporately connected NIC) netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway> netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1
That's it - everything else can now be done remotely (once you've done this bit):
The hardest/messiest part of configuring Server Core, is all the Firewall rules you need for each of the remote administration tasks you might want to perform. We can 'cheat'! Logon to a Full installation of Windows Server 2008. Open up Windows Firewall with Advanced Security. Right click on the Firewall and select Export Policy (save this somewhere - we'll use it later).
Open up Group Policy Management Console (gpmc.msc) and create a new Policy Object (I've called mine "Server Core Configuration Policy Object")
Disable the User Configuration Settings and set the Security Filtering to only apply to a particular group (I have a security group defined with all my Server Core machines as members).
Link this new Policy Object to your domain (now all Server Core machines in your domain will get the configuration settings we're about to apply).
Edit the Policy Object.
Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, System Services, and set the following to automatically start:
Now for the 'clever' bit. Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security. Right click and select Import Policy and select the Firewall Policy we just saved from a Full installation).
This policy includes pretty much every rule you'll ever need to set. Scroll down the Inbound Rules and enable all the rules you need/want (I've merely enabled anything that mentions Remote).
That's it. As soon as a Server Core machine joins your domain, add it to the Server Core security group (that we've filtered the Group Policy object on) and you'll now be able to perform every remote management task you like - including everything in Computer Manager (Device Manager, Disk Management, etc) as well as WINRM & WINRS (from which you can run all your OCSETUP tasks). The only gotcha is that for Volume management, you need the Firewall rules enabled on the device your performing the management from.
PingBack from http://diggwow.info/tags/101/200812/dhcp-server-5.html
Any chance the Core team will implement something like the CMD based wizard that's in Hyper-V Server 2008? It makes managing the machine a breeze ....
... until you have to start dealing with the complexities of the h/w vendor's management s/w which relies on a GUI. :(