Configuring Server Core

This post describes the best/easiest method to configure and manage Server Core.

There are numerous posts and articles explaining how to enable a particular feature on Server Core and there are even more on how to configure Server Core so that it can be managed remotely.  Well, this is the best method I have come across so far:

The minimum you need to do after a Server Core installation is rename the server and get it to join a domain (if you're not using DHCP then you'll also need to configure your IP stack).

To rename your server:

netdom renamecomputer %ComputerName% /NewName:<NewComputerName>

To join a domain:

netdom join %ComputerName% /domain:<DomainName> /userd:<UserName> /passwordd:*

To configure your IP stack (do this before trying to join a domain if not using DHCP):

netsh interface ipv4 show interfaces (you're looking for the ID of your corporately connected NIC)
netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>
netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1

That's it - everything else can now be done remotely (once you've done this bit):

Using Group Policy to configure Server Core.

The hardest/messiest part of configuring Server Core, is all the Firewall rules you need for each of the remote administration tasks you might want to perform.  We can 'cheat'!   Logon to a Full installation of Windows Server 2008.  Open up Windows Firewall with Advanced Security.  Right click on the Firewall and select Export Policy (save this somewhere - we'll use it later).

Export Policy

Open up Group Policy Management Console (gpmc.msc) and create a new Policy Object (I've called mine "Server Core Configuration Policy Object")

Disable the User Configuration Settings and set the Security Filtering to only apply to a particular group (I have a security group defined with all my Server Core machines as members).

Link this new Policy Object to your domain (now all Server Core machines in your domain will get the configuration settings we're about to apply).

Edit the Policy Object.

Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, System Services, and set the following to automatically start:

  • Plug and Play
  • Remote Registry
  • Virtual Disk

Now for the 'clever' bit.  Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security.   Right click and select Import Policy and select the Firewall Policy we just saved from a Full installation).

Import Policy

This policy includes pretty much every rule you'll ever need to set.  Scroll down the Inbound Rules and enable all the rules you need/want (I've merely enabled anything that mentions Remote).

Remote

That's it.   As soon as a Server Core machine joins your domain, add it to the Server Core security group (that we've filtered the Group Policy object on) and you'll now be able to perform every remote management task you like - including everything in Computer Manager (Device Manager, Disk Management, etc) as well as WINRM & WINRS (from which you can run all your OCSETUP tasks).  The only gotcha is that for Volume management, you need the Firewall rules enabled on the device your performing the management from.

Enjoy,

Dave.

Share this post : Technet! del.icio.us it! digg it! live it! reddit! technorati!

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://diggwow.info/tags/101/200812/dhcp-server-5.html

  • Anonymous
    December 05, 2008
    Any chance the Core team will implement something like the CMD based wizard that's in Hyper-V Server 2008?  It makes managing the machine a breeze .... ... until you have to start dealing with the complexities of the h/w vendor's management s/w which relies on a GUI. :(

  • Anonymous
    August 20, 2014
    Actually you can to this a lot easier by using the "sconfig.cmd" command in the command prompt. Much easier