Server Core

  • Reducing the Server Core disk footprint

    In the Server Core installation option, there is a way to remove the server roles and optional features from the disk, to free up more space. In addition to reducing disk usage, this could be used to ensure an administrator doesn’t add a role or feature to a server that is supposed to perform a fixed function.

    Warning: This is a one way operation, once you remove a role or feature there is NO way to bring it back. If you realize later that you need the role or feature the only option is to reinstall.

    To do this:

    1.       Run: pkgmgr /up:<package to remove>

    2.       Reboot – you can remove multiple packages before rebooting.

    3.       Wait about 30 minutes for the disk cleanup to occur.

    You will then see the disk space used by the role or feature is freed up, oclist will no longer show the role or feature as being available, and trying to install it using ocsetup will result in an error. Once again, read the warning above – there is no way to put the role or feature back, it is permanently gone from the system.

    The role and feature packages available for removal are:

    ·         Microsoft-Hyper-V-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-BLB-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DFSN-ServerCore~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DFSR-ServerEdition-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DhcpServerCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DirectoryServices-ADAM-SrvFnd-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DirectoryServices-DomainController-SrvFnd-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-DNS-Server-Core-Role-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-FailoverCluster-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-FileReplication-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-IIS-WebServer-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Internet-Naming-Service-SC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-MultipathIo-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-NetworkLoadBalancingHeadlessServer-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-NFS-ServerFoundation-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Printing-ServerCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-QWAVE-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-RemovableStorageManagementCore-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SecureStartup-OC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SNMP-SC-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-SUA-Core-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    If you are running on an x86 box, change the amd64 above to x86.

    In addition to the roles and features listed in oclist, it is also possible to remove IME support as well as the supporting fonts by removing the following packages:

    ·         Microsoft-Windows-ServerCore-EA-IME-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    ·         Microsoft-Windows-ServerCore-EA-Fonts-Package~31bf3856ad364e35~amd64~~6.0.6001.18000

    Removing these will reduce the on disk footprint by ~200MB.

     

    Andrew

    p.s. - don't forget about the warning above

    Posted Wednesday, April 16, 2008 9:42 AM by amason | 6 Comments

  • Ramblings on Server Core

    I did a TechNet Edge interview on Server Core a couple of weeks ago. If you want to hear my ramblings, you can check it out at: http://edge.technet.com/Media/567/

    Andrew

    Posted Monday, February 25, 2008 1:21 PM by amason | 0 Comments

  • New Server Core Tips

    A couple of quick tips this time around.

    If you want to determine if you are running on Server Core from a script, you can do this via WMI. The command line way is:

    wmic path win32_operatingsystem get OperatingSystemSKU /value

    The value can then be converted to hex and mapped to the list at: http://msdn2.microsoft.com/en-us/library/ms724358.aspx

     

    Here is a tip I received from the HP Windows Server Academy team. If you don’t want to include all of the many IIS options in the output of Oclist, run:

    Oclist | find “Installed” | find /v “IIS”

     

    Posted Tuesday, January 29, 2008 4:46 PM by amason | 1 Comments

  • Configuring the Firewall for Remote Management of a Workgroup Server Core installation

    To follow up my last post, this one will go into more details on option 3 in that post.

     

    As mentioned you can simply enable the Remote Administration firewall rules to allow pretty much any MMC to connect (a few require additional configuration as discussed below). However, there may be situations where you only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:

     

    MMC Snap-in

    Rule Group

    Event Viewer

    Remote Event Log Management

    Services

    Remote Service Management

    Shared Folders

    File and Printer Sharing

    Task Scheduler

    Remote Scheduled Tasks Management

    Reliability and Performance

    “Performance Logs and Alerts” and “File and Printer Sharing”

    Disk Management

    Remote Volume Management

    Windows Firewall with Advanced Security

    Windows Firewall Remote Management

     

    On the Server Core box you can enable these by running:

    Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes

    Where <rule group> is the name in the above table.

     

    You can remotely enable these using the Windows Firewall with Advanced Security MMC snap-in, after you have locally on the Server Core box enabled the rule group to allow it to connect.

     

    MMC Snap-ins without a Rule Group

    Not every MMC snap-in has a rule group to allow it access through the firewall, however many of them use the same ports for management as those that do. Therefore, you will find that enabling the rules for Event Viewer, Services, or Shared Folders will allow most other MMC snap-ins to connect. Of course, you can also simply enable the remote administration rule group (see my last post).

     

    MMC Snap-ins that Require Addition Configuration

    In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:

    • Device Manager

    To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy

    1.    On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in

    2.    Connect to the Server Core installation

    3.    Navigate to Computer Configuration\Administrative Templates\Device Installation

    4.    Enable “Allow remote access to the PnP interface”

    5.    Restart the Server Core installation

     

     

    • Disk Management

    You must first start the Virtual Disk Service (VDS) on the Server Core installation

     

    • IPSec Mgmt

    On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script:

    Cscript \windows\system32\scregedit.wsf /im 1

     

    Posted Monday, January 14, 2008 3:14 PM by amason | 2 Comments

  • Configuring the Firewall on Server Core for Remote Management

    Just like on a full server installation, the firewall is on by default in a Server Core installation and most inbound traffic is blocked at the end of setup. There are then three scenarios for remote management via MMC: 

    1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, you can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
    2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
    3. Workgroup server – This is the scenario in which you may need to make firewall configuration changes to allow remote management. If you just want all remote management to work you can use:

    Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
     
    However, it is possible to be more granular and only allow certain MMC snap-ins to remotely manage the box. I’ll talk more about that in my next post.

     

    Note that the other methods of remote management are either enabled out of the box, such as WMI, or when enabled the firewall is configured to allow them, such as Terminal Server remote administration mode.

    Posted Wednesday, January 02, 2008 4:41 PM by amason | 4 Comments

  • Server Core at ITForum

    Hi,

     For those that are attending ITForum next week, there will be a couple of Server Core sessions:

    • SRV304 - Deploying and Remotely Administering Server Core
    • SRV316 - Configuring and Managing Windows Server 2008 Server Core

    304 focuses on remote management via MMC and PowerShell, including firewall configuration to allow these. While 316 focuses on managing from the command line.

    There will also be a Q&A session: SRV07- Q&A: Server Core

    In addition, there will be a Server Core booth in the Ask the Experts area, where you'll be able to frequently find me. Stop by to say hi and ask me lots of questions!

    Andrew

    Posted Thursday, November 08, 2007 11:16 AM by amason | 1 Comments

  • Server Core in RC0

    RC0 of Windows Server 2008 is out and there are a few changes in Server Core:

    ·        Runonce now works

    ·        IIS is included as a role – see this blog posting for lots of useful IIS on Server Core information: http://blogs.iis.net/metegokt/archive/2007/06/26/administering-iis7-on-server-core-installations-of-windows-server-2008.aspx

     

    Andrew

     
    Posted Tuesday, October 02, 2007 9:11 AM by amason | 3 Comments

  • Server Core TechNet Webcast

    I did a TechNet Web cast on Server Core yesterday. If you missed it, it is now available at: http://www.microsoft.com/events/EventDetails.aspx?CMTYSvcSource=MSCOMMedia&Params=%7eCMTYDataSvcParams%5e%7earg+Name%3d%22ID%22+Value%3d%221032341828%22%2f%5e%7earg+Name%3d%22ProviderID%22+Value%3d%22A6B43178-497C-4225-BA42-DF595171F04C%22%2f%5e%7earg+Name%3d%22lang%22+Value%3d%22en%22%2f%5e%7earg+Name%3d%22cr%22+Value%3d%22US%22%2f%5e%7esParams%5e%7e%2fsParams%5e%7e%2fCMTYDataSvcParams%5e

    There were a couple of questions at the end regarding networking technologies that I didn’t know off the top of my head. Here are the answers:

    What version of SNMP is supported in Windows Server 2008?

    SNMPv1 and SNMPv2c see http://msdn2.microsoft.com/en-us/library/aa379141.aspx for more info.

    How to enable/disable the Scalable Networking Pack (SNP) functionality in Windows Server 2008?
    You can use     netsh interface tcp set global

    Andrew

     

    Posted Friday, June 29, 2007 1:18 PM by amason | 0 Comments

  • IIS in Server Core

    For those of you at TechEd recently or who saw the articles, IIS is now a role included in the Server Core installation option. If you have access to the recently released CTP build, IIS is available for you to start testing.

    Because Server Core does not currently have any managed code support, IIS does not support ASP.NET when used on Server Core.

    The IIS PowerShell cmdlets are all based on WMI, so they can be used to remotely manage IIS running on a Server Core installation.

    Andrew

    Posted Tuesday, June 26, 2007 8:11 AM by amason | 8 Comments

  • Step by Step guide for Server Core

    The Server Core step by step guide is now available in two locations

    1 – To read online or print from: http://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true

    2 – To download in doc format at: http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Server%20Core%20Installation%20Option%20of%20Windows%20Server%20Longhorn%20Step-By-Step%20Guide.doc

    The step by step guide covers how to do most everything with Server Core, from initial configuration, role installation to command line and remote management. Please let me know if there is additional detail that you would like to see included.

     

    There are also a set of scenarios posted and a survey on Server Core at:

    https://windowsbeta.microsoft.com/server/setup.aspx

    In the left tree, select Server Core and the first item in the list “Tell us how you deploy, manage, and configure Server Core” is a survey where you can provide feedback. The other options in the list allow you to comment on the usefulness of sections of the step by step guide.

    Note that this site does require a passport account and registration.

     

    Andrew

    Posted Thursday, May 17, 2007 10:05 AM by amason | 5 Comments

  • Server Core changes for Beta 3

    Sorry for the delays between postings lately, working on Beta 3 has been keeping us all busy. Today I’m going to talk briefly about some of the changes and additions we have made to the Server Core installation option for Beta 3. For those of you with access to the recently released build, you’ll see these things in the build. (Note a few of these were in the IDS builds leading up to Beta 3 and covered in my January 5th posting. However, for completeness I’m including everything here.)

     

    New Roles

    • Active Directory Lightweight Directory Services (AD LDS, formerly ADAM)
    • Print Server
    • Media Services

     

    New Optional features

    • WINS
    • QoS (Qwave)

     

    Command line changes

    • We have removed a few options from scregedit.wsf since there are better command line solutions. For example, enabling Windows Error Reporting now has a command line tool serverweroptin.exe
    • Scregedit.wsf now has a /cli switch which dumps out a long list of various command line ways to do things, such as setting your pagefile. Most of these have been covered in my blog, but now they are available on the box.
    • Oclist.exe is included, which will list all the packages to use with ocsetup.exe to add/remove a role or feature. This also tells you if something is installed or not.

     

    Tool changes

    • Notepad File|Open, Save, and Save As now work (anyone recognize those dialog boxes?)
    • Regedit.exe is now included

     

    Let me know what you think once you get the bits and have a chance to give it a try.

     

    I’m going to predict right now that my next posting will not, unfortunately, be until some time in early May.

     

    Andrew

     

    Posted Thursday, April 12, 2007 2:51 PM by amason | 11 Comments

  • Cmd.exe as a Terminal Services Remote Program

    It has been too long since I last posted, I’ll try to get back on a more regular schedule. Today’s topic will be how to use Terminal Server Remote Programs to publish cmd.exe and allow you to run the Server Core cmd.exe in a window on your Vista or Longhorn Server installation.

    You will need a Longhorn Server installation with the Terminal Services role installed. Once the administrative tools replacement is available in the builds you will be able to just install the Terminal Services tools.

    To configure cmd.exe as the remote program:

    1.      Start MMC and add the Terminal Services Remote Programs snap-in, and then connect it to the Server Core server.

    2.      In the Action pane of the snap-in, click Add Remote Programs and then navigate to \\<ServerName>\c$\windows\system32\cmd.exe (where ServerName is the name of the Server Core server).

    3.      In the Allow list, select Remote cmd.exe, and then select Create RDP package.

    You can then use the RDP package to connect to the Server Core server using the RDP package.

    Posted Wednesday, March 07, 2007 2:48 PM by amason | 2 Comments

  • Windows Update and More WMIC samples

    I’m a little behind on my regularly scheduled blog posting, I’ll try to keep up with posting every couple of weeks.

     

    You can use Windows Update to patch Server Core, but you first need to turn it one using the following commands:

    Cscript c:\windows\system32\scregedit.wsf /au 4

    Net stop wuauserv

    Net start wuauserv

     

    This will use the default time of 3am to check for patches. If you want to force an update check, you can run:

    Wuauclt /detectnow

     

    Some more WMIC command samples that were passed along are at: http://blogs.technet.com/jhoward/archive/2005/02/23/378726.aspx

     

    Andrew
    Posted Friday, January 26, 2007 5:29 PM by amason | 0 Comments

  • Server Core changes in the December build

    For those that have access to the new build released in December, this post will cover some new items in Server Core. The build is supposed to be available as part of the January MSDN, so hopefully more of you will have access when that comes out.

     

    There are two new command line tools in the latest Server Core build:

    • Serverweroptin.exe – This allows you to configure the Windows Error Reporting settings and replaces the /er option in scregedit.wsf (although I don’t think that change is in the build yet).
    • Oclist.exe – This tool displays the list of Server Roles and optional features that can be installed on Server Core, along with the package name that you need to use with ocsetup for installation. In addition, this displays the state (installed or not) of each package so you can easily tell which Server Roles or optional features are installed.

     

    There is a new optional feature included: WINS. The package name for installation is WINS-SC.

     

    Active Directory Lightweight Directory Services (AD LDS, formerly ADAM) is now a role supported on Server Core. 

     

    We have a few more changes in the works for Beta 3.

     

    Andrew

    Posted Friday, January 05, 2007 5:16 PM by amason | 3 Comments

  • Tips and Tricks Vol. 4

    Some of these may be repeats, but this is a pretty complete list of common tasks an administrator might need to do that either don't have a well known command line tool or a tool at all. A few of these may not work in current builds, such as oclist, but should be in the next build available.

     

    To activate:

    Cscript slmgr.vbs –ato

     

    Determining the computer name, any of the following:

                Set c

                Ipconfig /all

                Systeminfo

     

    Rename the Server Core computer:

    Domain joined:

    Netdom renamecomputer %computername% /NewName:new-name /UserD:domain-username /PasswordD:*

                Not domain joined:

    Netdom renamecomputer %computername% /NewName:new-name

     

    Changing workgroups:

    Wmic computersystem where name=”<computer name>” call  joindomainorworkgroup name=”<new workgroup name>”

     

    Install a role or optional feature:

    Start /w Ocsetup <packagename>

    Note: For Active Directory, run Dcpromo

     

    View role and optional feature package names and current installation state:

    oclist

     

    Start task manager hot-key:

    ctrl-shift-esc

     

    Logoff of a Terminal Services session:

                Logoff

     

    To set the pagefile size:

    Disable system pagefile management:

    wmic computersystem where name=”<computername>” set AutomaticManagedPagefile=False

    Configure the pagefile:

    wmic pagefileset where name=”C:\\pagefile.sys” set InitialSize=500,MaximumSize=1000

     

    Manually installing a management tool or agent:

    Msiexec.exe /i <msipackage>

     

    List installed msi applications:

    Wmic

                product

     

    Uninstall msi applications:

    Wmic product get name /value

    Wmic product where name=”<name>” call uninstall

     

    To list installed drivers:

    Sc query type= driver

     

    Installing a driver that is not included:

    Copy the driver files to Server Core

    Pnputil –i –a <path>\<driver>.inf

     

    Determining a file’s version:

    wmic datafile where name="d:\\windows\\system32\\ntdll.dll" get version

     

    List of installed patches:

    wmic qfe list

     

    Installing a patch:

    Wusa.exe <patchname>.msu /quiet

     

    Posted Monday, December 18, 2006 5:08 PM by amason | 5 Comments
More Posts Next page »

This Blog

Syndication

Tags

No tags have been created or used yet.

© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
 Microsoft
Page view tracker