Configuring and managing windows 2012 core systems

Άρθρο από Lefteris Karafilis Thu, 25/07/2013 - 10:17

Since windows 2008, windows core has become a valuable option for deploying more secure and more stable windows servers. Although it is quite easy, many administrators avoid to deploy such solutions because they feel unsure on how to configure and manage such systems.

  

The main idea is to set up the essential things of the system, like IP settings, firewall rules, domain membership; and use a management station to further monitor and manage your server.

  

The remote Desktop

Let's take a look on how we can start setting up a windows 2012 core environment. By default, in win12, remote desktop is disabled and you are probably going to need the ability to remotely connect to your server. So, to enable remote desktop:

  

Enable remote desktop

cscript %windir%\system32\scregedit.wsf /ar 0

  

View remote desktop setting

cscript %windir%\system32\scregedit.wsf /ar /v

0=enabled

1=disabled

  

The IP settings

To configure the IP settings of a server core system you can use the net shell (netSH) utility. But first, you need to identify your network interfaces:

  

Netsh interface ipv4 show addresses

  

  

For example, to change the ipaddress of the "ethernet" interface to IP 172.16.1.41 with default gateway of 172.16.1.1:

netsh interface ipv4 set address ethernet static 172.16.1.41 255.255.255.0 172.16.1.1

  

To set the DNS server on interface "ethernet" of 172.16.1.10 as primary and 172.16.1.15 as secondary:

netsh interface ipv4 set dnsservers ethernet static 172.16.1.10

netsh interface ipv4 add dnsservers ethernet 172.16.1.15 index=2

  

The hostname and domain Join

To change the computer name, ex Win2012-LAB1:

Netdom renamecomputer %computername% /newname:Win2012-LAB1 /reboot

  

To join to a domain, ex "domain.local":

Netdom join %computername% /domain:domain.local /userD:administrator passwordD:*

  

Restart:

Shutdown /r /t 0 

  

The firewall rules and the remote management

In windows 2012, windows remote management is enabled by default as opposed to previous windows OS. But there is a caveat: appropriate firewall rules are not, so access is blocked. But first things first, let's take a look on how we can get the status of all the firewall profiles:

  

netsh advfirewall show allprofiles

  

If you want to get the status of all the rules:

netsh advfirewall firewall show rule name=all profile=any

  

Before start making your life miserable, figuring out the netsh utility to manipulate firewall rules, you can use powershell instead. New to windows 2012 is a set of cmdlets that manipulate windows firewall:

  

To get the status of firewall profiles:

Get-NetFirewallProfiles

  

To get the status of firewall rules:

Get-NetFirewallRule

  

The above commands have the same functionality as the netsh commands we checked previously. In case you are not using a pre-win12 core system, go for powershell instead of netsh.

  

As I stated earlier, while winrm is enabled by default in Win12 systems, firewall rules are not. To enable the appropriate firewall rules:

  

Enable-NetFirewallRule -DisplayGroup "Remote Server Management"

Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management"

Enable-NetFirewallRule -DisplayGroup "Remote Firewall Management"

  

To completely take advantage and manage your windows 2012 core system, go and download RSAT utilities from Microsoft download center and install it to a windows desktop machine. There forward, you can use server manager and various MMC snap-ins to connect and further configure your core system.

   

The Sconfig.exe utility

You can configure many of the areas I explained earlier, by using a menu based utility called Sconfig; just type sconfig in your windows core system and configure the appropriate options:

  

Switching between modes (Core, MSI, Full)

New to windows 2012 is the ability to switch between different server modes even after Windows OS installation. Just by installing/un-installing specific windows features, you can switch between server core, MSI and full windows UI.

  

Server Core

The server core system does not contain a UI; just a command line prompt. You can manage a windows core system locally by using the command line and remotely by using RSAT

  

Minimal server interface (MSI)

New to windows 2012 is the MSI mode. MSI contains basic UI functionality that can execute MMC snap-ins and server manager. You can manage such system locally using MMC and Server manager and remotely using RSAT

  

Full

This mode contains the Full UI functionality of the windows server system.

  

Switch between windows core to Full Windows UI

Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

Install-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

  

Switch between windows Full to Minimal Server Interface

Uninstall-windowsfeature Server-Gui-Shell

  

Switch between Minimal Server Interface to core:

Uninstall-windowsfeature Server-Gui-Mgmt-Infra

  

Switch between Full Windows GUI to server Core:

Uninstall-WindowsFeature Server-Gui-Shell -source wim:d:\sources\install.wim:2

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

  

Switch between Server core to Minimal Server Interface

Install-WindowsFeature Server-Gui-Mgmt-Infra -source wim:d:\sources\install.wim:2

  

Did you notice the -source switch in the above definitions? If you have installed the Windows Core system, the appropriate feature binaries are not present in your windows OS; so, you use the -source switch to direct feature installation process to use a source media (ex CDROM in D drive). By default, install.wim is in \sources directory of your windows setup media.

  

To identify the correct index number of the windows OS version you want to use as a source reference, use the get-WindowsImage cmdlet.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options