• Windows 2012 Core Survival Guide – Remote Desktop

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    Remote Desktop

    This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

    fDenyTSConnections = 1

    Remote Desktop application firewall rule is disabled

    If "UserAuthentication" has a value of 1 indicates that only secured connections will be used. 

    How view current Remote Desktop settings

    fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

    PowerShell Command:

    get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

    If you receive an error it indicates the property does not exist or you typed the command in correctly.

     

    UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

    PowerShell Command:

    get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"

    Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

      

    If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

    PowerShell Command:

    get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize

    The screen shot below show that the firewall rules are correct for remote desktop.

     

    How to enable Remote Desktop settings

    Setting fDenyTSConnections registry key.

    PowerShell Command:

    set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

    If key does not exist this is the command to use.

    New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword

    In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

     

    How to enable Remote Desktop Firewall Rules.

    PowerShell Command:

    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

    In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

     

    How to enable Secured Remote Desktop Session

    This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

    PowerShell Command:

    set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1   

    If key does not exist this is the command to use.

    New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword

    The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

     

    How to Disable Remote Desktop

    Setting fDenyTSConnections registry key

    PowerShell Command:

    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1

    If the key did not exist you can use this command to create the key and set the value.

    PowerShell Command:

    Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword

    The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

     

    How to disable Remote Desktop Firewall Rules

    PowerShell Command:

    Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

    In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

     

    I hope you found this useful.  Please leave me a comment

    Bruce

  • Windows 2012 Core Survival Guide – Changing the GUI type

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    Changing the GUI type

    Windows Server 2012 has three different GUI installations, Core, Minimal, and Full GUI.  I am going to assume in this blog you installed Core and wish to temporarily install one of the other two GUIs.  More information about the installation types can be found at:

    http://technet.microsoft.com/en-us/library/hh831786.aspx 

    When deploying server core you may want to consider installing the full GUI during your installation and removing as part of your deployment process.  This will allow you to add and remove the GUI later if needed without having to have access to the source files.

    How to install the Minimal Server Interface

    The Minimal Server Interface provides you with access to Server Manager, the MMC, PowerShell and the command windows.  I use the Install-WindowsFeature cmdlet to install the GUI.

    PowerShell Command:

    Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart

    This command will require a reboot to complete. 

     

    After the installation of the Minimal interface and rebooting you still come up in an command prompt.  In order to launch Server Manager you must type ServerManager like in the below screen shot.  The same holds true for the MMC.

     

    How to install the Full Gui Interface

    The Full GUI Server Interface provides you with the full GUI of Windows Server 2012.

    PowerShell Command:

    Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart

    This command too requires a reboot.

       

    How to remove the GUI

    To return your Server back to a Core installation you can remove the GUI interface by using the command below.

    PowerShell Command:

    Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -restart

    This command will require a reboot.

     

    GUI installation when source media is required

    If you try to install the GUI and receive the following error.  It simply means you do not have access to the source files.  You have two options at this point.  Locate a copy of the installation CD or use a cached copy that is on your network.

     

    Once you have access to the source files you need to determine the index number for an Image with Windows Server 2012 GUI.

    PowerShell Command:

    Get-WindowsImage -ImagePath d:\sources\install.wim

    The command below list the different images store in the source directory.  You will need to note which index number to use in the following command. 

     

    Now that we know the index number we can modify our installation command to include the source directory and index.

    PowerShell Command:

    Run Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart –Source wim:D:\source\install.wim:4

    The command below shows a successful installation using the source directory and index

     

    I hope you found this useful.  Please leave me a comment

    Bruce

     

     

  • Windows 2012 Core Survival Guide – PowerShell Remote Management

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    PowerShell Remote Management

    Windows Server 2012 has PowerShell remoting enabled by default.  In order to manage PowerShell Remote Management correctly you will need to logon with an account that is a member of the local administrators account.

    How to determine if remoting is configured correctly

    You can determine if remoting is configured by creating a new PowerShell session.  If the session is created successfully then remoting is configured correctly.  The cmdlet we use to create a new PowerShell session is New-PSSession.

    PowerShell Command:

    New-PSSession

    In the screen shot below remoting is configured correctly.

     

    In the screen shot below remoting is not configured correctly.  This is just one of the possible errors depending on what is not configured correctly.

     

    How to enable remote management

    The Scripting Guy wrote a good blog on remoting so I will share the link with you.  No reason to recreate the wheel.

    http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/30/understanding-powershell-remote-management.aspx

    There is a simple PowerShell cmdlet (Enable-PSRemoting) to enable remoting.  This command does the following:

    1. Starting or restarting the WinRM Service
    2. Setting the WinRM service to startup type to Automatic
    3. Creating a listener to accept requests on any IP address
    4. Enabling Windows Firewall inbounds rules exceptions for wm-management traffic

     PowerShell Command:

    Enable-PSRemoting

    Below you can see it quite simple. 

     

    How to disable remote management

    By default on Windows Server 2012 remote management is enabled.  It is NOT a best practice to disable this setting.  With that said this is how it can be done.  It will requires several steps to complete.

    PowerShell Command:

    Disable-PSRemoting

     

    To stop the WinRM service use the following command

    Stop-Service -name WinRM

     

    How to disable the WinRM service

    Set-Service -Name WinRM -StartupType Disable

     

    To restore the value of LocalAccountTokenFilterPolicy to zero use the following:

    PowerShell Command:

    set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" -name "LocalAccountTokenFilterPolicy" -Value 0

     

    To disable the Windows Remote Management firewall rules use the following:

    PowerShell Command:

    Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"

     

    I hope you found this useful.  Please leave me a comment

    Bruce

     

  • Windows 2012 Core Survival Guide – Computer Name Setting

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    Computer Name Setting

    This blog is going to cover the basic of viewing and changing your computer name.  Setting the computer name is an option when you are installing the OS, or you can let the installer auto name your server.  If for some reason you need to rename your computer it can be done using PowerShell.

    How to view computer name

    I view the computer name by looking at the environment variable "ComputerName".

    PowerShell Command:

    Get-Content ENV:Computername

    In the sample output below I see that this computer name is "CORETEST1"

    How to change computer name

    I change the computer name by using the Rename-Computer cmdlet.  

    PowerShell Command:

    Rename-Computer -NewName MyCoreBox -restart

    In the output below we see that this computer is rename from "CORETEST1" to MyCoreBox.  Since the box reboots with this command I have to capture a second screen shot after the reboot to confirm the setting.

     

    Screen shot after reboot

     

    I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

    Bruce

     

  • Windows 2012 Core Survival Guide – MacAddress, LinkSpeed and view single NICs

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    MacAddress, LinkSpeed and view single NICs

    There are a few more commands I want to add to wrap up this section about IPv4 settings.  This will give you all the cmdlet you need to get the same data as IPconfig /all.

    Viewing MAC Address and NIC Link Speed

    To view the MAC Address and NIC link speed I am going to use the Get-NetAdapter cmdlet  

    PowerShell Command:

    Get-NetAdapter | format-table interfaceindex, interfacealias, MacAddress, LinkSpeed –autosize

    This command show the Network Adaptor settings Mac Address and LinkSpeed. 

     

    Viewing just one Network Interface.

    In order to view just a single network interface all of my previous post’s cmdlet can be filter.  You must know the "Interfaceindex" or the “InterfaceAlias” of the network interface you wish to output.  I am only going to show you how to use the InterfaceIndex in this post.

    In each command you can add the following " Where Interfaceindex -eq <interfaceindex value> |" which will filter the output to only display one index selected.  Below is an example:

    PowerShell Command:

    Get-NetAdapter | Where Interfaceindex -eq 12 | format-table interfaceindex, interfacealias, MacAddress, LinkSpeed -autosize

    This command allows us to display the properties on just one interface port.

     

    If you wish to see all of the possible properties on this interface port you can use the following command.

    PowerShell Command:

    Get-NetIPAddress | Where Interfaceindex -eq 12 | format-list *

     

    I hope you found this useful.  Please leave me a comment

    Bruce