Since windows 2008, server core has become a valuable option for deploying more secure and more stable windows servers. Although it is quite easy, many administrators avoid to deploy such solutions because they feel unsure on how to configure and manage such systems using windows CMD commands in the windows command prompt. The main idea is to set up the essential things of the system, like IP settings, firewall rules, domain membership; and use a management station to further monitor and manage your server.
Server core and the remote Desktop
Let’s take a look on how we can start using windows CMD commands to set up a windows 2012 server core environment. By default, in win12, remote desktop is disabled and you are probably going to need the ability to remotely connect to your server. So, to enable remote desktop:
Enable remote desktop in the windows command prompt
cscript %windir%system32scregedit.wsf /ar 0
View remote desktop settings in the windows command prompt
cscript %windir%system32scregedit.wsf /ar /v
Configuring core IP settings using windows CMD commands
To configure the IP settings of a server core system you can use the net shell (netSH) utility in the windows command prompt. But first, you need to identify your network interfaces.
Netsh interface ipv4 show addresses
For example, to change the ipaddress of the “ethernet” interface to IP 172.16.1.41 with default gateway of 172.16.1.1:
netsh interface ipv4 set address ethernet static 172.16.1.41 255.255.255.0 172.16.1.1
To set the DNS server on interface “ethernet” of 172.16.1.10 as primary and 172.16.1.15 as secondary:
netsh interface ipv4 set dnsservers ethernet static 172.16.1.10 netsh interface ipv4 add dnsservers ethernet 172.16.1.15 index=2
The hostname and domain Join in server core
To change the computer name, ex Win2012-LAB1, using NetDom windows CMD commands:
Netdom renamecomputer %computername% /newname:Win2012-LAB1 /reboot
To join to a domain, ex “domain.local”:
Netdom join %computername% /domain:domain.local /userD:administrator passwordD:*
Shutdown /r /t 0
The firewall rules and the remote management in the windows command prompt
In windows 2012, windows remote management is enabled by default as opposed to previous windows OS. But there is a caveat: appropriate firewall rules are not, so access is blocked. But first things first, let’s take a look on how we can get the status of all the firewall profiles:
netsh advfirewall show allprofiles
If you want to get the status of all the rules:
netsh advfirewall firewall show rule name=all profile=any
Before start making your life miserable, figuring out the netsh utility to manipulate firewall rules, you can use powershell instead of the windows command prompt. New to windows 2012 is a set of cmdlets that manipulate windows firewall:
To get the status of firewall profiles:
To get the status of firewall rules:
The above commands have the same functionality as the netsh commands we checked previously. In case you are not using a pre-win12 core system, go for powershell instead of netsh. As I stated earlier, while winrm is enabled by default in Win12 systems, firewall rules are not.
To enable the appropriate firewall rules:
Enable-NetFirewallRule -DisplayGroup "Remote Service Management" Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management" Enable-NetFirewallRule -DisplayGroup "Remote Firewall Management"
To completely take advantage and manage your windows 2012 core system, go and download RSAT utilities from Microsoft download center and install it to a windows desktop machine. There forward, you can use server manager and various MMC snap-ins to connect and further configure your core system.
Menu based configuration in server core (Sconfig.exe)
Instead of using windows CMD commands, you can configure many of the areas I explained earlier, by using a menu based utility called Sconfig; just type sconfig.exe in the windows command prompt of the server core system and configure the appropriate options:
Switching between modes (Core, MSI, Full)
New to windows 2012 is the ability to switch between different server modes even after Windows OS installation. Just by installing/un-installing specific windows features, you can switch between server core, MSI and full windows UI.
The server core system does not contain a UI; just the windows command prompt. You can manage a server core system locally by using the windows command prompt or remotely by using RSAT
Minimal server interface (MSI)
New to windows 2012 is the MSI mode. MSI contains basic UI functionality that can execute MMC snap-ins and server manager. You can manage such systems locally by using the windows command prompt, MMC and Server manager or remotely by using RSAT
This mode contains the Full UI functionality of the windows server system.
Switch between server core to Full Windows UI
Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:sourcesinstall.wim:2 Install-WindowsFeature Server-Gui-Shell -source wim:d:sourcesinstall.wim:2
Switch between windows Full to Minimal Server Interface
Switch between Minimal Server Interface to core:
Switch between Full Windows GUI to server Core:
Uninstall-WindowsFeature Server-Gui-Shell -source wim:d:sourcesinstall.wim:2 Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:sourcesinstall.wim:2
Switch between Server core to Minimal Server Interface
Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:sourcesinstall.wim:2
Did you notice the -source switch in the above definitions? If you have installed the Server Core system, the appropriate feature binaries are not present in your windows OS; so, you need the -source switch to direct feature installation process to use a source media (ex CDROM in D drive). By default, install.wim is in sources directory of your windows setup media. To identify the correct index number of the windows OS version you want to use as a source reference, use the get-WindowsImage cmdlet in the powershell command prompt.