• Server core installation
  • Server Core Configuration
  • To Join Domain or specific workgroup
  • Managing Windows Server core
  • MMC snap-in Rule group
  • Hardware installation and Driver installation
  • Configure memory dump on server core
  • Step 2: Configure the destination path for a memory dump
  • Edit > New > String Value Name the new value DedicatedDumpFile
  • DumpFileSize
  • Step 3: Set the type of memory dump
  • Step 4: Configure the server to restart automatically after generating a memory dump
  • AutoReboot
  • Step 5: Configure the server to overwrite the existing memory dump file
  • Step 6: Set an administrative alert
  • Step 7: Set the memory dumps page file size
  • Step 8: Configure the server to generate a manual memory dump
  • Working with Services
  • Patch Server Core automatically with Windows Update
  • Patch the server manually
  • Windows Server core




    Download 48.15 Kb.
    Sana25.12.2019
    Hajmi48.15 Kb.

    Windows Server core: -

    Windows Server core is minimal installation option for windows server. It has a small footprint which benefits smaller attack surface. There is no GUI in server core and there are many windows features which is not supported in Server core. Windows Server core is more stable as there are few updates needs to be install and less memory, CPU, disk space required to run server core.

    Server core doesn’t include below GUI shell packages: -


    • Microsoft-Windows-Server-Shell-Package

    • Microsoft-Windows-Server-Gui-Mgmt-Package

    • Microsoft-Windows-Server-Gui-RSAT-Package

    • Microsoft-Windows-Cortana-PAL-Desktop-Package

    Here is list of available roles and features which are available in server core: -

    https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services

    List of Roles and features which is not included in server core: -

    https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-removed-roles



    Server core installation: -

    Installation of Server core is straight forward.



    1. Boot using windows server iso file.

    2. In Setup wizard select windows server 2019 standard or Datacenter (Without Desktop Experience)

    3. Select Drive

    4. Installation process will start, and it will take some time to get windows server ready.

    5. After installation you will prompted for Administrator password change. You must provide complex password else it will keep asking you to change administrator password.

    6. After completing password change, server installation process completes.

    Server Core Configuration: -

    After completing installation, you must configure server for e.g. renaming server, network configuration, domain joining etc.

    There are many ways of doing it. You can use powershell or sconfig command to configure basic server settings.

    If you are using sconfig which is easiest way to then you will get 15 options. Be default Windows provides command prompt after installation. You can change it to powershell.

    To use sconfig just type sconfig in command window.

    To Change computer name, select option 2. After chaning computer name, you have to reboot server, so settings can take place.

    To get server domain joined select option1. It will ask for domain name which you want to join on your network and credentials, so you can add computer to AD.

    To Add local administrator, select option 3.

    You can select other option based on your requirement.

    One main setting is network setting. You can select option 8 (network setting) to configure network settings like IP Address, subnet, gateway and DNS servers.

    Apart from sconfig you can choose powershell to change these settings.

    Here are few important powershell commands which you can choose.



    1. To rename Computer use rename-computer

    2. To Change IP Address, use New-NetIPaddress

    E.g.

    New-NetIPaddress -InterfaceIndex 12 -IPAddress 192.168.100.1 -PrefixLength 24 -DefaultGateway 192.168.100.2

    To Set DNS servers: -

    Set-DNSClientServerAddress –InterfaceIndex 12 -ServerAddresses 192.0.2.4,192.0.2.5

    To Check configuration use, Get-Netipinterface

    To Check if IPV6 is enabled on NIC use

    Get-NetAdapterBinding -ComponentID ms_tcpip6

    To Disable IPv6 use

    Disable-NetAdapterBinding -Name "Adapter Name" -ComponentID ms_tcpip6

    To re-enable it use

    Enable-NetAdapterBinding -Name "Adapter Name" -ComponentID ms_tcpip6

    To Join Domain or specific workgroup: -

    Powershell: - Use Add-computer

    Note: - If you are not sure about how to use powershell command then always use get-help command. You can provide -examples switch which as well help you in understanding that how you can use command with correct syntax.

    To Add domain account on local administrator group you can use

    net localgroup administrators /add \

    Server activation: -

    Again, you can use sconfig or windows inbuild slmgr vbscipt to active your windows.

    In Sconfig you have to select option 11 and with slmgr use below command

    cscript windows\system32\slmgr.vbs
    :-ato

    Managing Windows Server core: -

    There are many methods to manage server core. Here is lit of few: -



    1. Windows Admin Center

    2. RSAT Tools

    3. Windows PowerShell

    4. Server Manager

    5. MMC Snap-In

    6. RDP

    Run Multiple CMD or PowerShell windows: -

    By default, only one command or PowerShell open in Server core.

    I found out a way to open multiple CMD or PowerShell windows. I used taskmgr which open task manager and from there I go to file and run new task. In window type PowerShell or cmd which open new window. By doing this you can have multiple windows.

    To enable your local server to be managed by Server Manager running on a remote server, you must enable smremoting. Run below powershell command to enable it on server core: -

    Configure-SMRemoting.exe –Enable

    You can also use MMC Snap-In to manage server core remotely. MMC Like Computer management allow you to manage server core remotely. For domain joined computer it works fine without doing any extra efforts. But non-domain joined server need some additional steps. You need alternate credential, so you can access server remotely. Use below command to provide alternate credential on remote server and then you can manage server core through MMC.

    cmdkey /add: /user: /pass:

    If you want to be prompted for a password, omit the /pass option.

    You also must allow windows firewall to enable remote management on server core, so you can use remote management tool to manage it remotely.

    To Check status of Windows remote management group run below: -

    Get-NetFirewallRule -DisplayGroup "Windows Remote management" | ft displaygroup, action

    It will show you if remote management group rule is allowed or not. If not, then run below: -

    get-netfirewallrule -displaygroup 'Windows Remote management' | enable-netwfirewallrule

    To disable it again run below

    get-netfirewallrule -displaygroup 'Windows Remote management' | Disable-netwfirewallrule

    You can configure firewall rules on per profile basis as well.

    To Check what rules are associated with profile run below: -

    Get-NetFirewallProfile -Name Public | Get-NetFirewallRule

    To Disable a firewall profile run below: -

    get-netfirewallprofile | set-netfirewallprofile -enabled $false

    There are many rule group for different task. You can enable firewall rules for these rule groups.

    Here are few: -



    MMC snap-in

    Rule group

    Event Viewer

    Remote Event Log Management

    Services

    Remote Service Management

    Shared Folders

    File and Printer Sharing

    Task Scheduler

    Performance Logs and Alerts, File and Printer Sharing

    Disk Management

    Remote Volume Management

    Windows Firewall and Advanced Security

    Windows Firewall Remote Management

    You can also manage server core through remote desktop. To enable remote desktop on Server core rune below: -

    cscript C:\Windows\System32\Scregedit.wsf /ar 0



    Hardware installation and Driver installation: -

    Most of hardware comes with plug and play. Also installing hardware comes with installation instructions from hardware vendors.

    Here are manual steps for hardware drivers which doesn’t come with plug and play.

    You must download driver for hardware which you intend to install on server. Copy drivers on server and run below command

    Pnputil -I -a

    Here driverinf is file the .inf file for the driver

    To check what all drivers installed o server run below: -

    Sc query type=driver

    To disable a device driver run below: -

    Sc delete

    Here service name is name of service which you get by running sc query type=driver

    Making powershell default option on server core: -

    By default, when login on server core you get command prompt to work on. But most of time you work with powershell. To make powershell as default you can use modify registry.

    Here are steps: -

    $path='HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'

    Set-ItemProperty -path $path -Name Shell -value 'Powershell.exe -noexit'



    Configure memory dump on server core: -

    Here are steps to configure memory dump on server core: -



    Step 1: Disable the automatic system page file management

    The first step is to manually configure your system failure and recovery options. We must disable automatic managed file option. To do this run follow: -

    wmic computersystem set AutomaticManagedPagefile=False

    Step 2: Configure the destination path for a memory dump

    It is recommended to have page file on partition where OS is installed. To Put page file on another partition we need to modify registry value. Here are steps to configure registry: -



    1. Open the command prompt and type regedit. It will open registry editor

    2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

    3. Click Edit > New > String Value

    4. Name the new value DedicatedDumpFile, and then press ENTER

    5. Right-click DedicatedDumpFile, and then click Modify.

    6. In Value data type :\, and then click OK. For e.g. E:\dumpfile.dmp

    7. Click Edit > New > DWORD Value.

    8. Type DumpFileSize, and then press ENTER

    9. Right-click DumpFileSize, and then click Modify.

    10. In Edit DWORD Value, under Base, click Decimal.

    11. In Value data, type the appropriate value, and then click OK. The size of the dump file is in megabytes (MB).

    12. Exit the Registry Editor.

    To view the current destination path for the page file, run the following command:

    wmic RECOVEROS get DebugFilePath

    The default destination for DebugFilePath is %systemroot%\memory.dmp. To change the current destination path, run the following command:

    wmic RECOVEROS set DebugFilePath =

    et to the destination path. For example, the following command sets the memory dump destination path to C:\WINDOWS\MEMORY.DMP:

    wmic RECOVEROS set DebugFilePath = C:\WINDOWS\MEMORY.DMP



    Step 3: Set the type of memory dump

    Determine the type of memory dump to configure for your server. To view the current memory dump type, run the following command:

    wmic RECOVEROS get DebugInfoType

    To change the current memory dump type, run the following command:

    wmic RECOVEROS set DebugInfoType =

    can be 0, 1, 2, or 3, as defined below.


    • 0: Disable the removal of a memory dump.

    • 1: Full memory dump. Records all the contents of system memory when your computer stops unexpectedly. A full memory dump may contain data from processes that were running when the memory dump was collected.

    • 2: Kernel memory dump (default). Records only the kernel memory. This speed up the process of recording information in a log file when your computer stops unexpectedly.

    • 3: Small memory dump. Records the smallest set of useful information that may help identify why your computer stopped unexpectedly.

    • 7: Automatic memory Dump. This is new to windows 10 and new family of windows server.

    Step 4: Configure the server to restart automatically after generating a memory dump

    By default, the server automatically restarts after it generates a memory dump. To view the current configuration, run the following command:

    wmic RECOVEROS get AutoReboot

    If the value for AutoReboot is TRUE, the server will restart automatically after generating a memory dump. No configuration is needed and you can proceed to the next step.

    If the value for AutoReboot is FALSE, the server will not restart automatically. Run the following command to change the value:

    wmic RECOVEROS set AutoReboot = true



    Step 5: Configure the server to overwrite the existing memory dump file

    By default, the server overwrites the existing memory dump file when a new one is created. To determine if existing memory dump files are already configured to be overwritten, run the following command:

    wmic RECOVEROS get OverwriteExistingDebugFile

    If the value is 1, the server will overwrite the existing memory dump file. No configuration is needed, and you can proceed to the next step.

    If the value is 0, the server won't overwrite the existing memory dump file. Run the following command to change the value:

    wmic RECOVEROS set OverwriteExistingDebugFile = 1



    Step 6: Set an administrative alert

    Determine whether an administrative alert is appropriate and set SendAdminAlert accordingly. To view the current value for SendAdminAlert, run the following command:

    wmic RECOVEROS get SendAdminAlert

    The possible values for SendAdminAlert are TRUE or FALSE. To modify the existing SendAdminAlert value to true, run the following command:

    wmic RECOVEROS set SendAdminAlert = true

    Step 7: Set the memory dump's page file size

    To check the current page file settings, run one of the following commands:

    wmic.exe pagefile

    or

    wmic.exe pagefile list /format:list



    run the following command to configure the initial and maximum sizes of your page file:

    For e.g.


    wmic pagefileset where name="c:\pagefile.sys" set InitialSize=1000,MaximumSize=5000

    Step 8: Configure the server to generate a manual memory dump

    You can manually generate a memory dump by using a PS/2 keyboard. This feature is disabled by default, and it is not available for Universal Serial Bus (USB) keyboards.

    To enable manual memory dumps by using a PS/2 keyboard, run the following command:

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters /v CrashOnCtrlScroll /t REG_DWORD /d 1 /f

    To determine if the feature has been enabled properly, run the following command:

    Reg query HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ i8042prt \ Parameters / v CrashOnCtrlScroll

    You must restart the server for the changes to take effect. You can restart the server by running the following command:

    Shutdown / r / t 0

    You can generate manual memory dumps with a PS/2 keyboard that is connected to your server by holding the RIGHT CTRL key while pressing the SCROLL LOCK key two times. This makes the computer bug check with error code 0xE2.

    Roles and feature on Server core: -

    Another most important task on server is to install windows server role and features.

    Get-windowsfeature, Install-windowsfeature and uninstall-windowsfeature are major command to manage roles and feature on windows server core.

    Here are few examples of these commands:

    To get installed roles and feature run below:

    get-windowsfeature

    get-windowsfeature | where-object{$_.installed -eq $true}

    get-windowsgeature | where installed -EQ $true

    get-windowsfeature *framework*

    To Install .net framework using side by side folder

    install-windowsfeature net-framework-core -source D:\Sources\sxs

    To Uninstall .net framework

    uninstall-windowsfeature net-framework-core

    Check if it is removed.

    get-windowsfeature *framework*

    To restart Computer forcefully

    restart-computer -force

    To remove binaries as well

    When you uninstall windows feature or role, binaries do not remove by default. These unnecessary binaries can take a lot of space. So, if you want to remove these binaries as well then use remove switch as well.

    uninstall-windowsfeature net-framework-core -remove

    Downloading from internet: -

    To download files from internet you can use bits transfer in server core.

    Here are few examples: -

    To download a file from internet.

    start-bitstransfer -source "Download link" -destination C:\

    To check status

    get-bitstransfer

    To suspend a downloading

    suspend-bitstransfer

    To resume suspended downloading

    resume-bitstransfer



    Working with Services: -

    Another important task of windows administrators is managing services. Here are few examples to manage services on server core

    How to list services

    PowerShell Command:

    Get-service | Format-table -autosize

    How to view a single service

    Get-service | where name -eq BITS |Format-list

    How to start a single service

    Start-Service -name BITS

    How to stop a service

    Stop-Services -name BITS

    How view a Service Startup Type

    Get-wmiobject win32_service | where Name -eq bits

    How to change the Service Startup Type

    Set-Service -name bits -StartupType Automatic

    Working with Disk and Volumes: -

    To manage disks, we can use get-disk and get-volume commands on server core.

    To check available disk

    Get-disk

    To check volume

    Get-Volume

    To Install New Disk follow these: -

    Check available Disk

    Get-Disk


    To Initialize a disk

    get-disk 0 | initialize-disk

    Note: - Here 0 is disk number

    After initialization disk will show online.

    Create partition

    get-disk 0 | new-partition -size 5GB

    If you want to assign full space on new partition of disk, then use

    get-disk 0 | new-partition -usemaximumsize

    To Format new Disk

    get-partition -disknumber 0 -partitionnumber 2 | format-volume-filesystem ntfs

    To Assign a drive letter

    get-partition -disknumber 0 -partitionnumber 2 | set-partition -newdriveletter F

    Patch Server core: -

    To View Installed update you can use

    Get-hotfix or

    Systeminfo.exe or

    Wmic qfe list

    Patch Server Core automatically with Windows Update

    Verify the current Windows Update setting:

    %systemroot%\system32\Cscript scregedit.wsf /AU /v

    To enable automatic updates:

    Net stop wuauserv

    %systemroot%\system32\Cscript scregedit.wsf /AU 4

    Net start wuauserv

    To disable automatic updates, run:

    Net stop wuauserv

    %systemroot%\system32\Cscript scregedit.wsf /AU 1

    Net start wuauserv

    To force Windows Update to immediately detect and install any available updates

    Wuauclt /detectnow

    Patch the server manually

    Download the update and make it available to the Server Core installation

    Wusa .msu /quiet

    Without Server Restart

    wusa path /quiet /norestart

    To uninstall an update manually, run the following command:

    Wusa /uninstall .msu /quiet

    To Uninstall specific KB

    wusa /uninstall /kb:kb4295699 /norestart /quiet

    You Can also use sconfig to manage update settings.

    Option 5 and 6 are there to manage updates on server core in sconfig command.

    Note: - To download a patch from internet use bits transfer commands.

    Working with Files: -

    To get all availale commands for Item and Content which is used to manage files and file contents

    get-command *-item*

    get-command *-Content*

    To get all items within a directory

    get-childitem

    To Create new Directory

    new-item -itemtype directory -name test -path .\

    To Create new file and putting value in that file

    new-item -itemtype file -name hello.txt -value "hello world" -path .\test

    To get Content of file

    get-content -path .\test\hello.txt

    To remove item

    remove-item -path .\test



    To remove all items within a directory

    remove-item -path .\test -recurse


    Download 48.15 Kb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa


    Windows Server core

    Download 48.15 Kb.