WELCOME TO TECH | IMMERSION
Track: Getting your Server Core Up and Running Presenter: Brian McCann Global Platforms Engineer - Brian@Intel.com Agenda o Server Core 2008 R2 Updates o Essential commands to get your server online o Best Practices o Advanced commands and tools for managing Server Core What We Won’t Cover o Marketing Slides o Installation of the OS Server Core Additions in R2 o .NET Framework in Server Core – Subset of .NET 2.0 – Subset of .NET 3.0 • Windows Communication Framework (WCF) • Windows Workflow Framework (WF) – Subset of .NET 3.5 • WF additions from 3.5 • LINQ o Subset of ASP.NET support for IIS o PowerShell – Server Manager cmdlets – Best Practice Analyzer (BPA) cmdlets Server Core Additions in R2 (cont)
o File Server Resource Manager (FSRM) o Certificate Server o WoW64 as an optional feature – If running all 64-bit, no need to have WoW64 installed – Installed by default – If removed from the image, reduces disk footprint by ~150MB o New command line add/remove tool (dism.exe) Server Core Footprint
Windows Server 2008 R2 Core Windows Server 2008 R2 HD ~3.0 GB HD ~7.0 GB RAM 512 MB for install RAM 512 MB for install
”The memory footprint in RAM for Server Core has been reduced to less than 100MB, compared to roughly 130MB for Windows Server 2008 and 244MB for Windows Server 2003, which didn’t have a Server Core install option.” (Ward Ralston, http://www.windowsitpro.com/article/virtualization/why-you-need-windows-server-2008-r2.aspx) Server 2008 R2 Server Core Architecture Server, Server Roles (for example only)
TS ADFS WDS Etc…
Server Core Server Roles and Optional Features .NET .NET Cert WoW64 PS ASP.NET 2.0 3/3.5 Server Server With .NetFx, Shell, AD Print Media Tools, etc. DNS DHCP AD File IIS Hyper-V LDS Server
Server Core GUI, Shell, Security, TCP/IP, File Systems, RPC, IE, Media, plus other Core Server Sub-Systems Mail, Etc. .NET Framework Architecture
WCF WF WPF ASP.NET LINQ
CLR 3.0 CLR 3.5 CLR 2.0 Additions Additions .NET Framework in Server Core
WCF WF WPF ASP.NET LINQ ASP.NET
CLR 3.0 CLR 3.5 CLR 2.0CLR 2.0 Additions Additions Patching
”Over time, the number of reboots for patching or security updates is significantly reduced for a Server Core installation of which the benefits are obvious. In some cases, customers can see up to a 60% reduction in patch requirements and the number of reboots on a monthly basis.”
(David B Cross, http://blogs.technet.com/b/windowsserver/archive/2010/05/07/server-core-best- practice-for-applications-on-windows-server.aspx ) Patching Server Core Critical WS08 R2 Server Core Reduction Only All applicable patches All roles 39% 51% Months without reboots 10 10 Necessary patches only All roles 41% 58% Months without reboots 10 10
Necessary patches are: Where binary is in Server Core, but vulnerability isn’t exploitable – Called out as such in the Security Bulletins (e.g. MS08-052): 5 Essential Tasks
192.168.0.1 Set static IP address
Secure the Administrator
Join existing domain
Activate the server
Configure the firewall 5 Essential Tasks
192.168.0.1 Set static IP address
Netsh to the rescueSecure the Administrator Netsh int ipv4 set address "Local Area Connection" static 10.1.1.5 255.255.255.0Join existing 10.1.1.1 domain Netsh int ipv4 add dnsserver name="local area connection" address=4.2.2.2 index=1 Netsh int ipv4 add winsserversActivate the servername=“local area connection" address=10.10.10.10 index=1 Configure the firewall 5 Essential Tasks
192.168.0.1 Set static IP address
1. Rename the AdministratorSecure the Admininistrator account wmic UserAccount where Name=“Administrator” call Rename Name=“Admin”Join existing domain 2. Now update the password Net user [/domain]Activate * the server
Configure the firewall 5 Essential Tasks
192.168.0.1 Set static IP address netdom join ComputerNameSecure the Administrator /domain:DomainName /userd:UserName /passwordd:* Join existing domain
Activate the server
* Yes, /passwordd:* needsConfigure to have the that firewall second d at the end of it. 5 Essential Tasks
192.168.0.1 Set static IP address
1. Local method Secure- Slmgr.vbs the Administrator /ato 2. Remote method – slmgr.vbs ServerNameJoin existingUserName domain password /ato
Activate the server
Configure the firewall 5 Essential Tasks
192.168.0.1 Set static IP address
Disable – netsh firewall set opmode disable Secure the Administrator Or Netsh advfirewall firewall set rule group=“remote administration” new enable=yesJoin existing domain Event Viewer - Windows Firewall Rule Group - Remote Event Log Management Services - Windows Firewall Rule Group - Remote Services Management Shared Folders - Windows FirewallActivate Rule Group the server- File and Printer Sharing Task Scheduler - Windows Firewall Rule Group - Remote Scheduled Tasks Management Disk Management - Windows Firewall Rule Group - Remote Volume Management Windows Firewall with AdvancedConfigure Security the - Windows firewall Firewall Rule Group - Windows Firewall Remote Management Now What??? o Turn on Remote Desktop – Toggle Remote Desktop on and off: Cscript \windows\system32\scregedit.wsf /ar 0 o Adding Roles and Features… Deployment Image Servicing and Management (dism.exe) o New Command Line Tool to Add/Remove Roles and Features – Shows install status – Better error reporting than Ocsetup o Allows multiple features to be installed from a single command line – Dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell /featurename:ServerManager-PSH-Cmdlets o Included in client and server o Works online and with images Finding Installed Roles and Features o Dism /online /get-features – Equivalent of Oclist – No dependency hierarchy o Shows if a package is – Enabled – Disabled – Reboot pending Best Practices o There is help – Sconfig – Core Configurator – Core Configurator Console R2 – Smart-X Core Configurator – Custom BuildScript o Apply Policy to just Server Core Sconfig
Pros Cons o Developed by Microsoft o Not all roles o Actively maintained o Part of the OS Core Configurator
Pros Cons o Actively maintained o Must install o GUI o Needs .Net / PowerShell o Shotgun interface
Download: http://coreconfig.codeplex.com Core Configuration Console R2
Pros Cons o Standard commands o No support o Free o Privately developed o No installation / features needed o Not all roles supported o Easily extended
Download: http://ccc.codeplex.com Smart-X Core Configurator
Pros Cons o Shutgun interface o Needs install o GUI o Not free
Download: http://www.smart-x.com Use the Power of Group Policy
SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 12 OR OperatingSystemSKU = 39 OR OperatingSystemSKU= 14 OR OperatingSystemSKU = 41 OR OperatingSystemSKU = 13 OR OperatingSystemSKU = 40 OR OperatingSystemSKU = 29 Which Core is it?
Separate SKUs to help identify them o 0C Datacenter (core installation) o 27 Server Datacenter without Hyper-V (core installation) o 0E Server Enterprise (core installation) o 29 Server Enterprise without Hyper-V (core installation) o 0D Server Standard (core installation) o 28 Server Standard without Hyper-V (core installation) o 1D Web Server (core installation) wmic os get operatingsystemsku (gwmi win32_operatingsystem).operatingsystemsku Advanced Commands & Tools o Name and time on cmd line… – prompt [%computername%]$s[$t]$s$p$g – HKLM-System-Current-ControlSet-Control- Session Manager-Environment o Replace Task Manager – Use Process Explorer Reducing the Footprint o Can remove roles and features from the Server Core image – One-way process; once removed, it is gone unless you reinstall o Largest footprint savings – .Net Support ~500MB – IME Support ~200MB – WoW64 Support ~150MB Removing Packages o Change to \windows\servicing\packages o Dir *coreedition*.mum /w o Copy file name up to extension – For example: Microsoft-Windows- ServerEnterpriseCoreEdition~31bf3856ad364e35~ amd64~~6.1.7100.0 o Dism /online /get-features /packagename: