Configuring Server Core

  • Article

This post describes the best/easiest method to configure and manage Server Core.

There are numerous posts and articles explaining how to enable a particular feature on Server Core and there are even more on how to configure Server Core so that it can be managed remotely.  Well, this is the best method I have come across so far:

The minimum you need to do after a Server Core installation is rename the server and get it to join a domain (if you're not using DHCP then you'll also need to configure your IP stack).

To rename your server:

netdom renamecomputer %ComputerName% /NewName:<NewComputerName>

To join a domain:

netdom join %ComputerName% /domain:<DomainName> /userd:<UserName> /passwordd:*

To configure your IP stack (do this before trying to join a domain if not using DHCP):

netsh interface ipv4 show interfaces (you're looking for the ID of your corporately connected NIC)
netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>
netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1

That's it - everything else can now be done remotely (once you've done this bit):

Using Group Policy to configure Server Core.

The hardest/messiest part of configuring Server Core, is all the Firewall rules you need for each of the remote administration tasks you might want to perform.  We can 'cheat'!   Logon to a Full installation of Windows Server 2008.  Open up Windows Firewall with Advanced Security.  Right click on the Firewall and select Export Policy (save this somewhere - we'll use it later).

Export Policy

Open up Group Policy Management Console (gpmc.msc) and create a new Policy Object (I've called mine "Server Core Configuration Policy Object")

Disable the User Configuration Settings and set the Security Filtering to only apply to a particular group (I have a security group defined with all my Server Core machines as members).

Link this new Policy Object to your domain (now all Server Core machines in your domain will get the configuration settings we're about to apply).

Edit the Policy Object.

Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, System Services, and set the following to automatically start:

  • Plug and Play
  • Remote Registry
  • Virtual Disk

Now for the 'clever' bit.  Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security.   Right click and select Import Policy and select the Firewall Policy we just saved from a Full installation).

Import Policy

This policy includes pretty much every rule you'll ever need to set.  Scroll down the Inbound Rules and enable all the rules you need/want (I've merely enabled anything that mentions Remote).

Remote

That's it.   As soon as a Server Core machine joins your domain, add it to the Server Core security group (that we've filtered the Group Policy object on) and you'll now be able to perform every remote management task you like - including everything in Computer Manager (Device Manager, Disk Management, etc) as well as WINRM & WINRS (from which you can run all your OCSETUP tasks).  The only gotcha is that for Volume management, you need the Firewall rules enabled on the device your performing the management from.

Enjoy,

Dave.

Share this post : Technet! del.icio.us it! digg it! live it! reddit! technorati!