Network Administration & Consulting Services

Windows Server Core

Posted Thursday, 27 March 2008 by Misha Hanin

Windows Server Core Characteristics:

Minimal server installation for running specific server roles
Reduces servicing, management and hardware requirements and attack surface
- No Windows/Internet Explorer
- No .NET Framework
- No Powershell
- No features or whatever depending on the features listed above this one like for example notifications and balloons
Disk space required for a normal server: approx (min.) 7-8 GB
Disk space required for a server core server: approx (min.) 2-3 GB
Supported server roles (OCLIST.EXE): IIS (without ASP.NET), Print Server, Hyper-V, ADDS, ADLDS, DHCP Server, DNS, File Server (incl. NTFRS, DFS-R and DFS)
REMARK: available roles may depend on Server Edition (standard, enterprise, datacenter, web)
Supported server features (OCLIST.EXE): Bitlocker, Clustering, NLB, Subsystem for UNIX apps, Windows Server Backup, Multipath IO, Removable Storage Management, SNMP, WINS

Install and Upgrade:

Not possible to upgrade from whatever windows version to server core
Manual install and after the server still needs to be configured (initial configuration tasks)
Unattended install using a UNATTEND.XML file where it is possible to configure the "initial configuration tasks" and other settings (e.g. enabling TS, configuring screen resolution, enabling and configuring WinRM/WinRS) during unattended install.
- UNATTEND.XML file can be created with the "Windows System Image Manager"
- Boot using WinPE and execute SETUP /unattend:<path>\unattend.xml
  OR
- Place UNATTEND.XML in a default location (e.g. floppy)
Can be managed through
- Locally and remotely via the Command Prompt (tools and scripts)
- Remotely via Terminal Server --> admin mode must be enabled first!
- Remotely via Windows Remote Shell --> remote management must be enabled first!
- Remotely via MMC --> watch out for the firewall on the server which is enabled by default!

Command Line Utilities:

Viewing installed roles/features
    OCLIST.EXE

Install/Uninstall component (roles/features)
(To get a list of component names use OCLIST and copy the name into the command line. The name of the components is CASE-SENSITIVE!!!)
    Start /W OCSETUP <component>
    Start /W OCSETUP <component> /Uninstall

To install AD either one of the following IS required:
    DCPROMO /UNATTEND:<answer file>
    DCPROMO /ANSWER:<answer file>
    DCPROMO /UNATTEND /OPTION1:<value1> /OPTION2:<value2> /OPTION1:<value3> /OPTION1:<value3> …..

Managing Registry
    REGEDIT.EXE
    REG.EXE

Creating notes/text files
    NOTEPAD.EXE
    EDIT.EXE
    EDLIN.EXE

Disk/partition management:
    DISKPART.EXE
    FORMAT.EXE
    CHKDSK.EXE
    DEFRAG.EXE

Performance Related Stuff
    DISKPERF.EXE
    RELOG.EXE
    LOGMAN.EXE
    tracerpt.exe
    typeperf.exe

Managing Power Related Options
    POWERCFG.EXE

Managing Auditing on the local server
    AUDITPOL.EXE

Network management (incl. firewall):
    IPCONFIG.EXE
    PATHPING.EXE
    PING.EXE
    TRACERT.EXE
    NSLOOKUP.EXE
    NBTSTAT.EXE
    NETSTAT.EXE
    NETSH.EXE

Service and driver management:
    SC.EXE
    NET STOP and NET START
    DRVLOAD.EXE
    PNPUTIL.EXE
    PRINTUI.EXE
    driverquery.exe

Backup and Restore
    WBADMIN.EXE

Windows Management Interface (for all kinds of things to manage)
    WMIC.EXE

Local User and group management:
(http://support.microsoft.com/?id=251394
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_group.mspx?mfr=true)
    NET.EXE USER …
    NET.EXE LOCALGROUP…

Domain and computer name/account management:
(http://technet2.microsoft.com/WindowsServer/en/Library/460e3705-9e5d-4f9b-a139-44341090cfd41033.mspx?mfr=true)
    NETDOM.EXE
    NLTEST.EXE

To change the time zone:
    CONTROL.EXE TIMEDATE.CPL

To change international settings:
    CONTROL.EXE INTL.CPL

To manage other CUSTOM CPLs (when available)
    CONTROL.EXE <NAME>.CPL

Shutdown/reboot/restart server
    SHUTDOWN.EXE

Manage Activation
    CSCRIPT.EXE %WINDIR%\SYSTEM32\SLMGR.VBS

Manage Automatic Updates
    CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /AU [/v][value]

Allow Remote Administration Connections
    CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /AR [/v][value]

Allow connections from previous versions of Windows
    CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /CS [/v][value]

IP Security (IPSEC) Monitor - allow remote management
    CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /IM [/v][value]

Windows Remote Management/Shell
    WINRM.CMD
    WINRS.EXE

Applying a patch
    Wusa.exe <patchname>.msu [/quiet] [/norestart]

Managing the Event Viewer
    wecutil.exe
    eventcreate.exe
    wevtutil.exe

Managing CA & Certificates stuff
    CERTREQ.EXE
    CERTUTIL.EXE

File Server Management (role may need to be installed first):
    NET.EXE SHARE …
    NTFRSUTL.EXE
    DFSCMD.EXE
    DFSUTIL.EXE
    FSUTIL.EXE
    XCACLS.EXE
    ICACLS.EXE
    CACLS.EXE
    dfsrdiag.exe
    dfsradmin.exe
    DFSDIAG.EXE

DNS Management:
    DNSCMD.EXE (http://go.microsoft.com/fwlink/?LinkId=49656)
    DNS SRV priority - changes the priority for DNS SRV records (only useful on Domain Controllers)

CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /DP [/v][value]

DNS SRV weight - changes the weight for DNS SRV records (only useful on Domain Controllers)

CSCRIPT.EXE %WINDIR%\SYSTEM32\SCREGEDIT.WSF /DW [/v][value]

DHCP Management:
NETSH.EXE DHCP (http://go.microsoft.com/fwlink/?LinkId=49654)

AD Management
    NTDSUTIL.EXE
    DSAMAIN
    dsadd.EXE
    dsget.EXE
    dsmod.EXE
    dsmove.EXE
    dsquery.EXE
    dsrm.EXE
    LDIFDE.EXE
    GPUPDATE.EXE
    GPRESULT.EXE
    dcgpofix.exe
    dfsrmig.exe
    REPADMIN.EXE
    redircmp.exe
    redirusr.exe
    gpfixup.exe
    rendom.exe
    DCDIAG.EXE
    DSACLS.EXE

AD LDS Management
    adaminstall.exe
    adamuninstall.exe
    adamsync.exe