WELCOME TO

TECH | IMMERSION

Track: Getting your Server Core Up and Running

Presenter: Brian McCann

Global Platforms Engineer - Brian@Intel.com

Agenda

o Server Core 2008 R2 Updates

o Essential commands to get your server

online

o Best Practices

o Advanced commands and tools for

managing Server Core

What We Won’t Cover

o Marketing Slides

o Installation of the OS

Server Core Additions in R2

o .NET Framework in Server Core– Subset of .NET 2.0

– Subset of .NET 3.0

• Windows Communication Framework (WCF)

• Windows Workflow Framework (WF)

– Subset of .NET 3.5

• WF additions from 3.5

• LINQ

o Subset of ASP.NET support for IIS

o PowerShell– Server Manager cmdlets

– Best Practice Analyzer (BPA) cmdlets

Server Core Additions in R2 (cont)

o File Server Resource Manager (FSRM)

o Certificate Server

o WoW64 as an optional feature

– If running all 64-bit, no need to have

WoW64 installed

– Installed by default

– If removed from the image, reduces

disk footprint by ~150MB

o New command line add/remove tool (dism.exe)

Server Core Footprint

Windows Server 2008 R2 CoreHD ~3.0 GBRAM 512 MB for install

Windows Server 2008 R2HD ~7.0 GBRAM 512 MB for install

”The memory footprint in RAM for Server Core has been reduced to less

than 100MB, compared to roughly 130MB for Windows Server 2008 and

244MB for Windows Server 2003, which didn’t have a Server Core install

option.” (Ward Ralston, http://www.windowsitpro.com/article/virtualization/why-you-need-windows-server-2008-r2.aspx)

Server 2008 R2 Server Core

Architecture

Server Core Server Roles and Optional Features

Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems

DNS DHCP FileAD

ServerWith .NetFx, Shell,

Tools, etc.

TS ADFS WDS Etc…

Server, Server Roles

(for example only)

ADLDS

MediaServer

IIS Hyper-VPrint

ASP.NETPS.NET3/3.5

.NET2.0

WoW64

GUI, Shell, IE, Media, Mail, Etc.

Cert Server

.NET Framework Architecture

CLR 2.0

LINQ

CLR 3.0Additions

CLR 3.5Additions

WPF ASP.NETWCF WF

.NET Framework in Server Core

ASP.NET

CLR 2.0

WPF LINQ

CLR 3.0Additions

CLR 3.5Additions

WPFWCF WFASP.NET

CLR 2.0

Patching

”Over time, the number of reboots for patching

or security updates is significantly reduced for

a Server Core installation of which the benefits

are obvious. In some cases, customers can

see up to a 60% reduction in patch

requirements and the number of reboots on a

monthly basis.”

(David B Cross, http://blogs.technet.com/b/windowsserver/archive/2010/05/07/server-core-best-

practice-for-applications-on-windows-server.aspx )

Patching Server Core

WS08 R2 Server Core ReductionCritical Only

All applicable patchesAll roles 39% 51%

Months without reboots 10 10Necessary patches only

All roles 41% 58%Months without reboots 10 10

Necessary patches are: Where binary is in Server Core, but vulnerability isn’t exploitable – Called out as such in the Security Bulletins (e.g. MS08-052):

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Administrator

Join existing domain

Activate the server

Configure the firewall

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Administrator

Join existing domain

Activate the server

Configure the firewall

Netsh to the rescueNetsh int ipv4 set address "Local Area Connection"

static 10.1.1.5 255.255.255.0 10.1.1.1

Netsh int ipv4 add dnsserver name="local area

connection" address=4.2.2.2 index=1

Netsh int ipv4 add winsservers name=“local area

connection" address=10.10.10.10 index=1

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Admininistrator

Join existing domain

Activate the server

Configure the firewall

1. Rename the Administrator account

wmic UserAccount where Name=“Administrator”

call Rename Name=“Admin”

2. Now update the password

Net user [/domain] *

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Administrator

Join existing domain

Activate the server

Configure the firewall

netdom join ComputerName

/domain:DomainName /userd:UserName

/passwordd:*

* Yes, /passwordd:* needs to have that second d at the end of it.

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Administrator

Join existing domain

Activate the server

Configure the firewall

1. Local method - Slmgr.vbs /ato

2. Remote method –

slmgr.vbs ServerName UserName password /ato

Disable – netsh firewall set opmode disable

Or

Netsh advfirewall firewall set rule group=“remote administration” new enable=yesEvent Viewer - Windows Firewall Rule Group - Remote Event Log ManagementServices - Windows Firewall Rule Group - Remote Services ManagementShared Folders - Windows Firewall Rule Group - File and Printer SharingTask Scheduler - Windows Firewall Rule Group - Remote Scheduled Tasks ManagementDisk Management - Windows Firewall Rule Group - Remote Volume ManagementWindows Firewall with Advanced Security - Windows Firewall Rule Group -Windows Firewall Remote Management

5 Essential Tasks

Set static IP address192.168.0.1

Secure the Administrator

Join existing domain

Activate the server

Configure the firewall

Now What???

o Turn on Remote Desktop

– Toggle Remote Desktop on and off:

Cscript \windows\system32\scregedit.wsf /ar 0

o Adding Roles and Features…

Deployment Image Servicing and

Management (dism.exe)

o New Command Line Tool to Add/Remove Roles and Features– Shows install status

– Better error reporting than Ocsetup

o Allows multiple features to be installed from a single command line– Dism /online /enable-feature

/featurename:MicrosoftWindowsPowerShell/featurename:ServerManager-PSH-Cmdlets

o Included in client and server

o Works online and with images

Finding Installed Roles and Features

o Dism /online /get-features

– Equivalent of Oclist

– No dependency hierarchy

o Shows if a package is

– Enabled

– Disabled

– Reboot pending

Best Practices

o There is help

– Sconfig

– Core Configurator

– Core Configurator Console R2

– Smart-X Core Configurator

– Custom BuildScript

o Apply Policy to just Server Core

Sconfig

Pros

o Developed by Microsoft

o Actively maintained

o Part of the OS

Cons

o Not all roles

Core Configurator

Pros

o Actively maintained

o GUI

o Shotgun interface

Download:

http://coreconfig.codeplex.com

Cons

o Must install

o Needs .Net / PowerShell

Core Configuration Console R2

Pros

o Standard commands

o Free

o No installation / features needed

o Easily extended

Download:

http://ccc.codeplex.com

Cons

o No support

o Privately developed

o Not all roles supported

Smart-X Core Configurator

Pros

o Shutgun interface

o GUI

Download:

http://www.smart-x.com

Cons

o Needs install

o Not free

Use the Power of Group Policy

SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE

OperatingSystemSKU = 12 OR OperatingSystemSKU = 39 OR

OperatingSystemSKU= 14 OR OperatingSystemSKU = 41 OR

OperatingSystemSKU = 13 OR OperatingSystemSKU = 40 OR

OperatingSystemSKU = 29

Which Core is it?

Separate SKUs to help identify them

o 0C Datacenter (core installation)

o 27 Server Datacenter without Hyper-V (core installation)

o 0E Server Enterprise (core installation)

o 29 Server Enterprise without Hyper-V (core installation)

o 0D Server Standard (core installation)

o 28 Server Standard without Hyper-V (core installation)

o 1D Web Server (core installation)

wmic os get operatingsystemsku

(gwmi win32_operatingsystem).operatingsystemsku

o Name and time on cmd line…

– prompt [%computername%]$s[$t]$s$p$g

– HKLM-System-Current-ControlSet-Control-

Session Manager-Environment

o Replace Task Manager

– Use Process Explorer

Advanced Commands & Tools

Reducing the Footprint

o Can remove roles and features from the

Server Core image

– One-way process; once removed, it is gone

unless you reinstall

o Largest footprint savings

– .Net Support ~500MB

– IME Support ~200MB

– WoW64 Support ~150MB

Removing Packages

o Change to \windows\servicing\packages

o Dir *coreedition*.mum /w

o Copy file name up to extension– For example: Microsoft-Windows-

ServerEnterpriseCoreEdition~31bf3856ad364e35~amd64~~6.1.7100.0

o Dism /online /get-features /packagename: <core edition package>

o Dism /online /disable-feature /packagename: <core edition package> /featurename:<name_from_previous_step_to _remove>

Thank You

Backup

.NET Framework 2.0 in Server Core

o Subset of .NET 2 on Server Core

– .NET functionality aligns with functionality in Server Core

– Not installed by default

o To install

– Dism /online /enable-feature /featurename:NetFx2-ServerCore

– If 32-bit support is needed:• Dism /online /enable-feature /featurename:NetFx2-

ServerCore-WOW64

.NET Framework 3 in Server Core

o .NET 3 functionality– No WPF in Server Core

o .NET 3.5 functionality– LINQ

o .NET 3 and 3.5 functionality is installed with a single package– Dism /online /enable-feature /

featurename:NetFx3-ServerCore

– If 32-bit support is needed:• Dism /online /enable-feature /

featurename:NetFx3-ServerCore-WOW64

.NET Namespaces not in Server Core

o System.Data.Design

o System.Deployment.Application

o System.Diagnostics.Design

o System.Media

o System.Messaging.*

o System.Speech.*

o System.Web.UI.Design.*

– Design time support is unavailable,

runtime support for expression

builders is supported

o System.Windows.*

o UIAutomationClientsideProviders

o Microsoft.Aspnet.Snapin

o Microsoft.Ink

o Microsoft.ManagementConsole.*

o Microsoft.StylusInput.*

o Microsoft.VisualBasic.Compatibility.VB6

o Microsoft.Windows.Themes

o Microsoft.WindowsCE.Forms

o Microsoft.WindowsMobile.DirectX.*

o System.ComponentModel.Design.*

IIS Additions to Server Core in R2

o IIS-ASPNET– Enables hosting of ASP.NET applications

o IIS-NetFxExtensibility– Enables hosting of .NET framework managed module extensions

o IIS-ManagementService– Allows remote management via the Web server Management Console

o IIS-PowerShellProvider– IIS PowerShell cmdlets

o IIS-FTPExtensibility– Supports FTP feature extensions, such as custom providers

o IIS-WebDAV– WebDAV extension module

o WCF-HTTP-Activation– Process activation via HTTP support

ASP.NET

o Included with IIS

o Same package as full Server: IIS-ASPNET

o Limitations

– System.Web.Mail classes will fail because

CDOSYS

• Use System.Net.Mail instead

– Web Application Tool (WAT) not available

Remotely Managing IIS on Server Core

o Install the IIS Management Service

– Dism /online /enable-feature /featurename:IIS-ManagementService

o Enable Remote Management

– Set EnableRemoteManagement to 1 under HKLM\Software\Microsoft\WebManagement\Server

o Start the Management Service

– Net start wmsvc

PowerShell in Server Core

o Full Command Line PowerShell

o Scripts and cmdlets are limited like any other code or script

o Installing PowerShell

– Dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell

– If 32-bit support is needed:• Dism /online /enable-feature /featurename:

NetFx2-ServerCore-WOW64

• Dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell-WOW64

WOW64 in Server Core R2

o Installed by default

o Dism /online /disable-feature

/featurename:ServerCore-WOW64

o Required for and must be installed for

– Active Directory

– Active Directory Lightweight Directory Services

Potential Issues with WoW64

o Installers Requiring WoW64

– When an MSI requires WoW64, it will return:• Error 1719. The Windows Installer Service could not

be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

o Applications Requiring WoW64

– When trying to run a 32-bit application, you will receive the following error:

• The subsystem needed to support the image type is not present.